make effector arguments available to entitlements checks
Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/3ff0e799 Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/3ff0e799 Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/3ff0e799 Branch: refs/heads/master Commit: 3ff0e799313f086e31346104f8600a6d0ed048b7 Parents: ddf0a44 Author: Alex Heneveld <[email protected]> Authored: Mon Dec 22 17:08:37 2014 +0000 Committer: Alex Heneveld <[email protected]> Committed: Thu Feb 5 11:56:08 2015 +0000 ---------------------------------------------------------------------- .../entitlement/EntitlementManagerAdapter.java | 5 +-- .../management/entitlement/Entitlements.java | 34 ++++++++++++-------- .../management/internal/EffectorUtils.java | 4 +-- .../internal/EntityChangeListener.java | 4 +-- .../internal/EntityManagementSupport.java | 5 +-- .../entitlement/AcmeEntitlementManagerTest.java | 3 +- .../AcmeEntitlementManagerTestFixture.java | 7 ++-- .../entitlement/EntitlementsTest.java | 8 +++-- .../entitlement/EntityEntitlementTest.java | 9 +++--- .../rest/resources/ApplicationResource.java | 7 ++-- .../rest/resources/EffectorResource.java | 5 +-- .../rest/util/BrooklynRestResourceUtils.java | 4 ++- 12 files changed, 57 insertions(+), 38 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/3ff0e799/core/src/main/java/brooklyn/management/entitlement/EntitlementManagerAdapter.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/brooklyn/management/entitlement/EntitlementManagerAdapter.java b/core/src/main/java/brooklyn/management/entitlement/EntitlementManagerAdapter.java index 6a62e36..e1c6be8 100644 --- a/core/src/main/java/brooklyn/management/entitlement/EntitlementManagerAdapter.java +++ b/core/src/main/java/brooklyn/management/entitlement/EntitlementManagerAdapter.java @@ -25,6 +25,7 @@ import com.google.common.annotations.Beta; import brooklyn.entity.Entity; import brooklyn.management.entitlement.Entitlements.EntityAndItem; +import brooklyn.management.entitlement.Entitlements.StringAndArgument; /** * provides an easy entry point to supplying entitlements, by providing the dispatch and defining the additional methods @@ -56,7 +57,7 @@ public abstract class EntitlementManagerAdapter implements EntitlementManager { return isEntitledToSeeSensor( context, (EntityAndItem<String>)entitlementClassArgument ); case ENTITLEMENT_INVOKE_EFFECTOR: - return isEntitledToInvokeEffector( context, (EntityAndItem<String>)entitlementClassArgument ); + return isEntitledToInvokeEffector( context, (EntityAndItem<StringAndArgument>)entitlementClassArgument ); case ENTITLEMENT_DEPLOY_APPLICATION: return isEntitledToDeploy( context, entitlementClassArgument ); @@ -72,7 +73,7 @@ public abstract class EntitlementManagerAdapter implements EntitlementManager { protected abstract boolean isEntitledToSeeSensor(EntitlementContext context, EntityAndItem<String> sensorInfo); protected abstract boolean isEntitledToSeeEntity(EntitlementContext context, Entity entity); - protected abstract boolean isEntitledToInvokeEffector(EntitlementContext context, EntityAndItem<String> effectorInfo); + protected abstract boolean isEntitledToInvokeEffector(EntitlementContext context, EntityAndItem<StringAndArgument> effectorInfo); protected abstract boolean isEntitledToDeploy(EntitlementContext context, Object app); protected abstract boolean isEntitledToSeeAllServerInfo(EntitlementContext context); protected abstract boolean isEntitledToRoot(EntitlementContext context); http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/3ff0e799/core/src/main/java/brooklyn/management/entitlement/Entitlements.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/brooklyn/management/entitlement/Entitlements.java b/core/src/main/java/brooklyn/management/entitlement/Entitlements.java index 5d61e4f..67fb3c7 100644 --- a/core/src/main/java/brooklyn/management/entitlement/Entitlements.java +++ b/core/src/main/java/brooklyn/management/entitlement/Entitlements.java @@ -54,7 +54,8 @@ public class Entitlements { public static EntitlementClass<Entity> SEE_ENTITY = new BasicEntitlementClassDefinition<Entity>("entity.see", Entity.class); public static EntitlementClass<EntityAndItem<String>> SEE_SENSOR = new BasicEntitlementClassDefinition<EntityAndItem<String>>("sensor.see", EntityAndItem. typeToken(String.class)); - public static EntitlementClass<EntityAndItem<String>> INVOKE_EFFECTOR = new BasicEntitlementClassDefinition<EntityAndItem<String>>("effector.invoke", EntityAndItem.typeToken(String.class)); + // string is effector name; argument may be a map or a list, depending how the args were supplied + public static EntitlementClass<EntityAndItem<StringAndArgument>> INVOKE_EFFECTOR = new BasicEntitlementClassDefinition<EntityAndItem<StringAndArgument>>("effector.invoke", EntityAndItem.typeToken(StringAndArgument.class)); public static EntitlementClass<Entity> MODIFY_ENTITY = new BasicEntitlementClassDefinition<Entity>("entity.modify", Entity.class); /** the permission to deploy an application, where parameter is some representation of the app to be deployed (spec instance or yaml plan) */ @@ -100,28 +101,33 @@ public class Entitlements { } } - public static class EntityAndItem<T> { - final Entity entity; - final T item; + protected static class Pair<T1,T2> { + protected final T1 p1; + protected final T2 p2; + protected Pair(T1 p1, T2 p2) { this.p1 = p1; this.p2 = p2; } + } + public static class EntityAndItem<T> extends Pair<Entity,T> { public static <TT> TypeToken<EntityAndItem<TT>> typeToken(Class<TT> type) { return new TypeToken<Entitlements.EntityAndItem<TT>>() { private static final long serialVersionUID = -738154831809025407L; }; } - public EntityAndItem(Entity entity, T item) { - this.entity = entity; - this.item = item; - } - public Entity getEntity() { - return entity; - } - public T getItem() { - return item; - } + public EntityAndItem(Entity entity, T item) { super (entity, item); } + public Entity getEntity() { return p1; } + public T getItem() { return p2; } public static <T> EntityAndItem<T> of(Entity entity, T item) { return new EntityAndItem<T>(entity, item); } } + + public static class StringAndArgument extends Pair<String,Object> { + public StringAndArgument(String string, Object argument) { super(string, argument); } + public String getString() { return p1; } + public Object getArgument() { return p2; } + public static StringAndArgument of(String string, Object argument) { + return new StringAndArgument(string, argument); + } + } /** * These lifecycle operations are currently treated as effectors. This may change in the future. http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/3ff0e799/core/src/main/java/brooklyn/management/internal/EffectorUtils.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/brooklyn/management/internal/EffectorUtils.java b/core/src/main/java/brooklyn/management/internal/EffectorUtils.java index d55f3a8..c14b98c 100644 --- a/core/src/main/java/brooklyn/management/internal/EffectorUtils.java +++ b/core/src/main/java/brooklyn/management/internal/EffectorUtils.java @@ -245,7 +245,7 @@ public class EffectorUtils { } ManagementContextInternal mgmtContext = (ManagementContextInternal) ((EntityInternal) entity).getManagementContext(); - mgmtSupport.getEntityChangeListener().onEffectorStarting(eff); + mgmtSupport.getEntityChangeListener().onEffectorStarting(eff, args); try { return mgmtContext.invokeEffectorMethodSync(entity, eff, args); } finally { @@ -276,7 +276,7 @@ public class EffectorUtils { // FIXME seems brittle to have the listeners in the Utils method; better to move into the context.invokeEff // (or whatever the last mile before invoking the effector is - though currently there is not such a canonical place!) - mgmtSupport.getEntityChangeListener().onEffectorStarting(eff); + mgmtSupport.getEntityChangeListener().onEffectorStarting(eff, parameters); try { return mgmtContext.invokeEffector(entity, eff, parameters); } finally { http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/3ff0e799/core/src/main/java/brooklyn/management/internal/EntityChangeListener.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/brooklyn/management/internal/EntityChangeListener.java b/core/src/main/java/brooklyn/management/internal/EntityChangeListener.java index 811092a..9828844 100644 --- a/core/src/main/java/brooklyn/management/internal/EntityChangeListener.java +++ b/core/src/main/java/brooklyn/management/internal/EntityChangeListener.java @@ -42,7 +42,7 @@ public interface EntityChangeListener { @Override public void onEnricherRemoved(Enricher enricher) {} @Override public void onFeedAdded(Feed feed) {} @Override public void onFeedRemoved(Feed feed) {} - @Override public void onEffectorStarting(Effector<?> effector) {} + @Override public void onEffectorStarting(Effector<?> effector, Object parameters) {} @Override public void onEffectorCompleted(Effector<?> effector) {} }; @@ -72,7 +72,7 @@ public interface EntityChangeListener { void onFeedRemoved(Feed feed); - void onEffectorStarting(Effector<?> effector); + void onEffectorStarting(Effector<?> effector, Object parameters); void onEffectorCompleted(Effector<?> effector); } http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/3ff0e799/core/src/main/java/brooklyn/management/internal/EntityManagementSupport.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/brooklyn/management/internal/EntityManagementSupport.java b/core/src/main/java/brooklyn/management/internal/EntityManagementSupport.java index 026cf49..fa5de94 100644 --- a/core/src/main/java/brooklyn/management/internal/EntityManagementSupport.java +++ b/core/src/main/java/brooklyn/management/internal/EntityManagementSupport.java @@ -41,6 +41,7 @@ import brooklyn.management.SubscriptionContext; import brooklyn.management.entitlement.EntitlementManager; import brooklyn.management.entitlement.Entitlements; import brooklyn.management.entitlement.Entitlements.EntityAndItem; +import brooklyn.management.entitlement.Entitlements.StringAndArgument; import brooklyn.management.internal.NonDeploymentManagementContext.NonDeploymentManagementContextMode; import brooklyn.policy.Enricher; import brooklyn.policy.Policy; @@ -456,8 +457,8 @@ public class EntityManagementSupport { getManagementContext().getRebindManager().getChangeListener().onChanged(entity); } @Override - public void onEffectorStarting(Effector<?> effector) { - Entitlements.checkEntitled(getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(entity, effector.getName())); + public void onEffectorStarting(Effector<?> effector, Object parameters) { + Entitlements.checkEntitled(getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(entity, StringAndArgument.of(effector.getName(), parameters))); } @Override public void onEffectorCompleted(Effector<?> effector) { http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/3ff0e799/core/src/test/java/brooklyn/management/entitlement/AcmeEntitlementManagerTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/brooklyn/management/entitlement/AcmeEntitlementManagerTest.java b/core/src/test/java/brooklyn/management/entitlement/AcmeEntitlementManagerTest.java index 1927f4d..e43fe4a 100644 --- a/core/src/test/java/brooklyn/management/entitlement/AcmeEntitlementManagerTest.java +++ b/core/src/test/java/brooklyn/management/entitlement/AcmeEntitlementManagerTest.java @@ -24,6 +24,7 @@ import org.testng.Assert; import org.testng.annotations.Test; import brooklyn.management.entitlement.Entitlements.EntityAndItem; +import brooklyn.management.entitlement.Entitlements.StringAndArgument; public class AcmeEntitlementManagerTest extends AcmeEntitlementManagerTestFixture { @@ -48,7 +49,7 @@ public class AcmeEntitlementManagerTest extends AcmeEntitlementManagerTestFixtur Entitlements.setEntitlementContext(entitlementContext); Assert.assertFalse(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.ROOT, null)); Assert.assertTrue(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.SEE_ENTITY, app)); - Assert.assertFalse(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, "any-eff"))); + Assert.assertFalse(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, StringAndArgument.of("any-eff", null)))); Assert.assertFalse(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.SEE_SENSOR, EntityAndItem.of(app, "any-sensor"))); // and cannot invoke methods confirmEffectorEntitlement(false); http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/3ff0e799/core/src/test/java/brooklyn/management/entitlement/AcmeEntitlementManagerTestFixture.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/brooklyn/management/entitlement/AcmeEntitlementManagerTestFixture.java b/core/src/test/java/brooklyn/management/entitlement/AcmeEntitlementManagerTestFixture.java index 24f1e52..a0fd135 100644 --- a/core/src/test/java/brooklyn/management/entitlement/AcmeEntitlementManagerTestFixture.java +++ b/core/src/test/java/brooklyn/management/entitlement/AcmeEntitlementManagerTestFixture.java @@ -40,6 +40,7 @@ import brooklyn.management.entitlement.Entitlements; import brooklyn.management.entitlement.NotEntitledException; import brooklyn.management.entitlement.WebEntitlementContext; import brooklyn.management.entitlement.Entitlements.EntityAndItem; +import brooklyn.management.entitlement.Entitlements.StringAndArgument; import brooklyn.test.entity.LocalManagementContextForTests; import brooklyn.util.config.ConfigBag; import brooklyn.util.exceptions.Exceptions; @@ -84,7 +85,7 @@ public abstract class AcmeEntitlementManagerTestFixture { Entitlements.setEntitlementContext(entitlementContext); Assert.assertFalse(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.ROOT, null)); Assert.assertFalse(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.SEE_ENTITY, app)); - Assert.assertFalse(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, "any-eff"))); + Assert.assertFalse(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, StringAndArgument.of("any-eff", null)))); Assert.assertFalse(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.SEE_SENSOR, EntityAndItem.of(app, "any-sensor"))); // and can invoke methods confirmEffectorEntitlement(false); @@ -101,7 +102,7 @@ public abstract class AcmeEntitlementManagerTestFixture { Entitlements.setEntitlementContext(entitlementContext); Assert.assertFalse(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.ROOT, null)); Assert.assertTrue(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.SEE_ENTITY, app)); - Assert.assertFalse(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, "any-eff"))); + Assert.assertFalse(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, StringAndArgument.of("any-eff", null)))); Assert.assertTrue(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.SEE_SENSOR, EntityAndItem.of(app, "any-sensor"))); // and cannot invoke methods confirmEffectorEntitlement(false); @@ -118,7 +119,7 @@ public abstract class AcmeEntitlementManagerTestFixture { Entitlements.setEntitlementContext(entitlementContext); Assert.assertTrue(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.ROOT, null)); Assert.assertTrue(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.SEE_ENTITY, app)); - Assert.assertTrue(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, "any-eff"))); + Assert.assertTrue(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, StringAndArgument.of("any-eff", null)))); Assert.assertTrue(Entitlements.isEntitled(mgmt.getEntitlementManager(), Entitlements.SEE_SENSOR, EntityAndItem.of(app, "any-sensor"))); // and can invoke methods confirmEffectorEntitlement(true); http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/3ff0e799/core/src/test/java/brooklyn/management/entitlement/EntitlementsTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/brooklyn/management/entitlement/EntitlementsTest.java b/core/src/test/java/brooklyn/management/entitlement/EntitlementsTest.java index a4f23de..3e6b207 100644 --- a/core/src/test/java/brooklyn/management/entitlement/EntitlementsTest.java +++ b/core/src/test/java/brooklyn/management/entitlement/EntitlementsTest.java @@ -32,6 +32,8 @@ import brooklyn.entity.basic.BasicApplication; import brooklyn.entity.basic.Entities; import brooklyn.entity.proxying.EntitySpec; import brooklyn.management.ManagementContext; +import brooklyn.management.entitlement.Entitlements.EntityAndItem; +import brooklyn.management.entitlement.Entitlements.StringAndArgument; import brooklyn.test.entity.LocalManagementContextForTests; @Test @@ -156,7 +158,7 @@ public class EntitlementsTest { public void testAppSpecificRootEntitlement() { EntitlementManager root = Entitlements.root(); assertTrue(root.isEntitled(null, Entitlements.SEE_ENTITY, app)); - assertTrue(root.isEntitled(null, Entitlements.INVOKE_EFFECTOR, Entitlements.EntityAndItem.of(app, "any-eff"))); + assertTrue(root.isEntitled(null, Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, StringAndArgument.of("any-eff", null)))); assertTrue(root.isEntitled(null, Entitlements.SEE_SENSOR, Entitlements.EntityAndItem.of(app, "any-sensor"))); assertTrue(root.isEntitled(null, Entitlements.SEE_SENSOR, Entitlements.EntityAndItem.of(app, "password"))); assertTrue(root.isEntitled(null, Entitlements.DEPLOY_APPLICATION, Entitlements.EntityAndItem.of(app, null))); @@ -176,7 +178,7 @@ public class EntitlementsTest { public void testAppSpecificMinimalEntitlement() { EntitlementManager minimal = Entitlements.minimal(); assertFalse(minimal.isEntitled(null, Entitlements.SEE_ENTITY, app)); - assertFalse(minimal.isEntitled(null, Entitlements.INVOKE_EFFECTOR, Entitlements.EntityAndItem.of(app, "any-eff"))); + assertFalse(minimal.isEntitled(null, Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, StringAndArgument.of("any-eff", null)))); assertFalse(minimal.isEntitled(null, Entitlements.SEE_SENSOR, Entitlements.EntityAndItem.of(app, "any-sensor"))); assertFalse(minimal.isEntitled(null, Entitlements.SEE_SENSOR, Entitlements.EntityAndItem.of(app, "password"))); assertFalse(minimal.isEntitled(null, Entitlements.DEPLOY_APPLICATION, Entitlements.EntityAndItem.of(app, null))); @@ -196,7 +198,7 @@ public class EntitlementsTest { public void testAppSpecificReadOnlyEntitlement() { EntitlementManager readOnly = Entitlements.readOnly(); assertTrue(readOnly.isEntitled(null, Entitlements.SEE_ENTITY, app)); - assertFalse(readOnly.isEntitled(null, Entitlements.INVOKE_EFFECTOR, Entitlements.EntityAndItem.of(app, "any-eff"))); + assertFalse(readOnly.isEntitled(null, Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, StringAndArgument.of("any-eff", null)))); assertTrue(readOnly.isEntitled(null, Entitlements.SEE_SENSOR, Entitlements.EntityAndItem.of(app, "any-sensor"))); assertFalse(readOnly.isEntitled(null, Entitlements.SEE_SENSOR, Entitlements.EntityAndItem.of(app, "password"))); assertFalse(readOnly.isEntitled(null, Entitlements.DEPLOY_APPLICATION, Entitlements.EntityAndItem.of(app, null))); http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/3ff0e799/core/src/test/java/brooklyn/management/entitlement/EntityEntitlementTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/brooklyn/management/entitlement/EntityEntitlementTest.java b/core/src/test/java/brooklyn/management/entitlement/EntityEntitlementTest.java index c13fe31..d380e6f 100644 --- a/core/src/test/java/brooklyn/management/entitlement/EntityEntitlementTest.java +++ b/core/src/test/java/brooklyn/management/entitlement/EntityEntitlementTest.java @@ -35,6 +35,7 @@ import brooklyn.entity.proxying.EntitySpec; import brooklyn.location.Location; import brooklyn.management.ManagementContext; import brooklyn.management.entitlement.Entitlements.EntityAndItem; +import brooklyn.management.entitlement.Entitlements.StringAndArgument; import brooklyn.management.internal.LocalManagementContext; import brooklyn.test.entity.LocalManagementContextForTests; import brooklyn.util.config.ConfigBag; @@ -66,7 +67,7 @@ public class EntityEntitlementTest { // default "root" access allows ROOT permission, and invoke effector, etc Assert.assertTrue(mgmt.getEntitlementManager().isEntitled(null, Entitlements.ROOT, null)); Assert.assertTrue(mgmt.getEntitlementManager().isEntitled(null, Entitlements.SEE_ENTITY, app)); - Assert.assertTrue(mgmt.getEntitlementManager().isEntitled(null, Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, "any-eff"))); + Assert.assertTrue(mgmt.getEntitlementManager().isEntitled(null, Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, StringAndArgument.of("any-eff", null)))); Assert.assertTrue(mgmt.getEntitlementManager().isEntitled(null, Entitlements.SEE_SENSOR, EntityAndItem.of(app, "any-sensor"))); // and can invoke methods, without any user/login registered confirmEffectorEntitlement(true); @@ -79,7 +80,7 @@ public class EntityEntitlementTest { Assert.assertTrue(mgmt.getEntitlementManager().isEntitled(null, Entitlements.ROOT, null)); Assert.assertTrue(mgmt.getEntitlementManager().isEntitled(null, Entitlements.SEE_ENTITY, app)); - Assert.assertTrue(mgmt.getEntitlementManager().isEntitled(null, Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, "any-eff"))); + Assert.assertTrue(mgmt.getEntitlementManager().isEntitled(null, Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, StringAndArgument.of("any-eff", null)))); Assert.assertTrue(mgmt.getEntitlementManager().isEntitled(null, Entitlements.SEE_SENSOR, EntityAndItem.of(app, "any-sensor"))); confirmEffectorEntitlement(true); @@ -117,7 +118,7 @@ public class EntityEntitlementTest { Assert.assertFalse(mgmt.getEntitlementManager().isEntitled(null, Entitlements.ROOT, null)); Assert.assertTrue(mgmt.getEntitlementManager().isEntitled(null, Entitlements.SEE_ENTITY, app)); - Assert.assertFalse(mgmt.getEntitlementManager().isEntitled(null, Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, "any-eff"))); + Assert.assertFalse(mgmt.getEntitlementManager().isEntitled(null, Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, StringAndArgument.of("any-eff", null)))); Assert.assertTrue(mgmt.getEntitlementManager().isEntitled(null, Entitlements.SEE_SENSOR, EntityAndItem.of(app, "any-sensor"))); confirmEffectorEntitlement(false); @@ -130,7 +131,7 @@ public class EntityEntitlementTest { Assert.assertFalse(mgmt.getEntitlementManager().isEntitled(null, Entitlements.ROOT, null)); Assert.assertFalse(mgmt.getEntitlementManager().isEntitled(null, Entitlements.SEE_ENTITY, app)); - Assert.assertFalse(mgmt.getEntitlementManager().isEntitled(null, Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, "any-eff"))); + Assert.assertFalse(mgmt.getEntitlementManager().isEntitled(null, Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, StringAndArgument.of("any-eff", null)))); Assert.assertFalse(mgmt.getEntitlementManager().isEntitled(null, Entitlements.SEE_SENSOR, EntityAndItem.of(app, "any-sensor"))); confirmEffectorEntitlement(false); http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/3ff0e799/usage/rest-server/src/main/java/brooklyn/rest/resources/ApplicationResource.java ---------------------------------------------------------------------- diff --git a/usage/rest-server/src/main/java/brooklyn/rest/resources/ApplicationResource.java b/usage/rest-server/src/main/java/brooklyn/rest/resources/ApplicationResource.java index 9511ebe..c9f42ae 100644 --- a/usage/rest-server/src/main/java/brooklyn/rest/resources/ApplicationResource.java +++ b/usage/rest-server/src/main/java/brooklyn/rest/resources/ApplicationResource.java @@ -60,6 +60,7 @@ import brooklyn.management.Task; import brooklyn.management.entitlement.EntitlementPredicates; import brooklyn.management.entitlement.Entitlements; import brooklyn.management.entitlement.Entitlements.EntityAndItem; +import brooklyn.management.entitlement.Entitlements.StringAndArgument; import brooklyn.management.internal.EntityManagementUtils; import brooklyn.management.internal.EntityManagementUtils.CreationResult; import brooklyn.rest.api.ApplicationApi; @@ -281,7 +282,8 @@ public class ApplicationResource extends AbstractBrooklynRestResource implements CreationResult<? extends Application, Void> result = EntityManagementUtils.createStarting(mgmt(), at); Application app = result.get(); - if (!Entitlements.isEntitled(mgmt().getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, Startable.START.getName()))) { + if (!Entitlements.isEntitled(mgmt().getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, EntityAndItem.of(app, + StringAndArgument.of(Startable.START.getName(), null)))) { throw WebResourceUtils.unauthorized("User '%s' is not authorized to start application %s", Entitlements.getEntitlementContext().user(), at.getType()); } @@ -358,7 +360,8 @@ public class ApplicationResource extends AbstractBrooklynRestResource implements @Override public Response delete(String application) { Application app = brooklyn().getApplication(application); - if (!Entitlements.isEntitled(mgmt().getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, Entitlements.EntityAndItem.of(app, Entitlements.LifecycleEffectors.DELETE))) { + if (!Entitlements.isEntitled(mgmt().getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, Entitlements.EntityAndItem.of(app, + StringAndArgument.of(Entitlements.LifecycleEffectors.DELETE, null)))) { throw WebResourceUtils.unauthorized("User '%s' is not authorized to delete application %s", Entitlements.getEntitlementContext().user(), app); } http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/3ff0e799/usage/rest-server/src/main/java/brooklyn/rest/resources/EffectorResource.java ---------------------------------------------------------------------- diff --git a/usage/rest-server/src/main/java/brooklyn/rest/resources/EffectorResource.java b/usage/rest-server/src/main/java/brooklyn/rest/resources/EffectorResource.java index dc76de4..1ee4cf4 100644 --- a/usage/rest-server/src/main/java/brooklyn/rest/resources/EffectorResource.java +++ b/usage/rest-server/src/main/java/brooklyn/rest/resources/EffectorResource.java @@ -37,6 +37,7 @@ import brooklyn.entity.Effector; import brooklyn.entity.basic.EntityLocal; import brooklyn.management.Task; import brooklyn.management.entitlement.Entitlements; +import brooklyn.management.entitlement.Entitlements.StringAndArgument; import brooklyn.management.internal.EffectorUtils; import brooklyn.rest.api.EffectorApi; import brooklyn.rest.domain.EffectorSummary; @@ -61,7 +62,7 @@ public class EffectorResource extends AbstractBrooklynRestResource implements Ef @Override public boolean apply(@Nullable Effector<?> input) { return Entitlements.isEntitled(mgmt().getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, - Entitlements.EntityAndItem.of(entity, input.getName())); + Entitlements.EntityAndItem.of(entity, StringAndArgument.of(input.getName(), null))); } }) .transform(new Function<Effector<?>, EffectorSummary>() { @@ -83,7 +84,7 @@ public class EffectorResource extends AbstractBrooklynRestResource implements Ef if (effector.isAbsentOrNull()) { throw WebResourceUtils.notFound("Entity '%s' has no effector with name '%s'", entityToken, effectorName); } else if (!Entitlements.isEntitled(mgmt().getEntitlementManager(), Entitlements.INVOKE_EFFECTOR, - Entitlements.EntityAndItem.of(entity, effector.get().getName()))) { + Entitlements.EntityAndItem.of(entity, StringAndArgument.of(effector.get().getName(), null)))) { throw WebResourceUtils.unauthorized("User '%s' is not authorized to invoke effector %s on entity %s", Entitlements.getEntitlementContext().user(), effector.get().getName(), entity); } http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/3ff0e799/usage/rest-server/src/main/java/brooklyn/rest/util/BrooklynRestResourceUtils.java ---------------------------------------------------------------------- diff --git a/usage/rest-server/src/main/java/brooklyn/rest/util/BrooklynRestResourceUtils.java b/usage/rest-server/src/main/java/brooklyn/rest/util/BrooklynRestResourceUtils.java index 5ddf037..b2fd4a5 100644 --- a/usage/rest-server/src/main/java/brooklyn/rest/util/BrooklynRestResourceUtils.java +++ b/usage/rest-server/src/main/java/brooklyn/rest/util/BrooklynRestResourceUtils.java @@ -59,6 +59,7 @@ import brooklyn.location.LocationRegistry; import brooklyn.management.ManagementContext; import brooklyn.management.Task; import brooklyn.management.entitlement.Entitlements; +import brooklyn.management.entitlement.Entitlements.StringAndArgument; import brooklyn.policy.Policy; import brooklyn.policy.basic.AbstractPolicy; import brooklyn.rest.domain.ApplicationSpec; @@ -438,7 +439,8 @@ public class BrooklynRestResourceUtils { public Task<?> expunge(final Entity entity, final boolean release) { if (mgmt.getEntitlementManager().isEntitled(Entitlements.getEntitlementContext(), - Entitlements.INVOKE_EFFECTOR, Entitlements.EntityAndItem.of(entity, "expunge"))) { + Entitlements.INVOKE_EFFECTOR, Entitlements.EntityAndItem.of(entity, + StringAndArgument.of("expunge", MutableMap.of("release", release))))) { return mgmt.getExecutionManager().submit( MutableMap.of("displayName", "expunging " + entity, "description", "REST call to expunge entity " + entity.getDisplayName() + " (" + entity + ")"), new Runnable() {
