CLOUDSTACK-3049: Implemented role update for account. (apache#3058)

Author: bwsw

.dockerignore

@@ -16,6 +16,7 @@
 # under the License.
 
 cloudstack/tools/docker/Dockerfile
+cloudstack/tools/docker/Dockerfile.smokedev
 .dockerignore
 .idea
 .git

api/src/main/java/org/apache/cloudstack/api/command/admin/account/UpdateAccountCmd.java

@@ -21,6 +21,7 @@
 
 import javax.inject.Inject;
 
+import org.apache.cloudstack.api.response.RoleResponse;
 import org.apache.log4j.Logger;
 
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
@@ -48,24 +49,27 @@ public class UpdateAccountCmd extends BaseCmd {
     //////////////// API parameters /////////////////////
     /////////////////////////////////////////////////////
     @ACL(accessType = AccessType.OperateEntry)
-    @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AccountResponse.class, description = "Account id")
+    @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = AccountResponse.class, description = "Account UUID")
     private Long id;
 
-    @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "the current account name")
+    @Parameter(name = ApiConstants.ACCOUNT, type = CommandType.STRING, description = "Current account name")
     private String accountName;
 
-    @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, entityType = DomainResponse.class, description = "the ID of the domain where the account exists")
+    @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, entityType = DomainResponse.class, description = "The UUID of the domain where the account exists")
     private Long domainId;
 
-    @Parameter(name = ApiConstants.NEW_NAME, type = CommandType.STRING, required = true, description = "new name for the account")
+    @Parameter(name = ApiConstants.ROLE_ID, type = CommandType.UUID, entityType = RoleResponse.class, description = "The UUID of the dynamic role to set for the account")
+    private Long roleId;
+
+    @Parameter(name = ApiConstants.NEW_NAME, type = CommandType.STRING, description = "New name for the account")
     private String newName;
 
     @Parameter(name = ApiConstants.NETWORK_DOMAIN,
                type = CommandType.STRING,
                description = "Network domain for the account's networks; empty string will update domainName with NULL value")
     private String networkDomain;
 
-    @Parameter(name = ApiConstants.ACCOUNT_DETAILS, type = CommandType.MAP, description = "details for account used to store specific parameters")
+    @Parameter(name = ApiConstants.ACCOUNT_DETAILS, type = CommandType.MAP, description = "Details for the account used to store specific parameters")
     private Map details;
 
     @Inject
@@ -87,6 +91,8 @@ public Long getDomainId() {
         return domainId;
     }
 
+    public Long getRoleId() { return roleId; }
+
     public String getNewName() {
         return newName;
     }

server/src/main/java/com/cloud/user/AccountManagerImpl.java

@@ -37,8 +37,10 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
+
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.QuerySelector;
+import org.apache.cloudstack.acl.Role;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
@@ -1019,8 +1021,11 @@ public UserAccount createUserAccount(final String userName, final String passwor
     @DB
     @ActionEvents({@ActionEvent(eventType = EventTypes.EVENT_ACCOUNT_CREATE, eventDescription = "creating Account"),
         @ActionEvent(eventType = EventTypes.EVENT_USER_CREATE, eventDescription = "creating User")})
-    public UserAccount createUserAccount(final String userName, final String password, final String firstName, final String lastName, final String email, final String timezone, String accountName,
-            final short accountType, final Long roleId, Long domainId, final String networkDomain, final Map<String, String> details, String accountUUID, final String userUUID,
+    public UserAccount createUserAccount(final String userName, final String password, final String firstName,
+                                         final String lastName, final String email, final String timezone,
+                                         String accountName, final short accountType, final Long roleId, Long domainId,
+                                         final String networkDomain, final Map<String, String> details,
+                                         String accountUUID, final String userUUID,
             final User.Source source) {
 
         if (accountName == null) {
@@ -1155,7 +1160,7 @@ public UserAccount updateUser(UpdateUserCmd updateUserCmd) {
         UserVO user = retrieveAndValidateUser(updateUserCmd);
         s_logger.debug("Updating user with Id: " + user.getUuid());
 
-        validateAndUpdatApiAndSecretKeyIfNeeded(updateUserCmd, user);
+        validateAndUpdateApiAndSecretKeyIfNeeded(updateUserCmd, user);
         Account account = retrieveAndValidateAccount(user);
 
         validateAndUpdateFirstNameIfNeeded(updateUserCmd, user);
@@ -1344,7 +1349,7 @@ protected Account getCurrentCallingAccount() {
      * <li>If a pair of keys is provided, we validate to see if there is an user already using the provided API key. If there is someone else using, we throw an {@link InvalidParameterValueException} because two users cannot have the same API key.
      * </ul>
      */
-    protected void validateAndUpdatApiAndSecretKeyIfNeeded(UpdateUserCmd updateUserCmd, UserVO user) {
+    protected void validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmd updateUserCmd, UserVO user) {
         String apiKey = updateUserCmd.getApiKey();
         String secretKey = updateUserCmd.getSecretKey();
 
@@ -1687,6 +1692,7 @@ public AccountVO disableAccount(String accountName, Long domainId, Long accountI
     public AccountVO updateAccount(UpdateAccountCmd cmd) {
         Long accountId = cmd.getId();
         Long domainId = cmd.getDomainId();
+        Long roleId = cmd.getRoleId();
         String accountName = cmd.getAccountName();
         String newAccountName = cmd.getNewName();
         String networkDomain = cmd.getNetworkDomain();
@@ -1700,6 +1706,8 @@ public AccountVO updateAccount(UpdateAccountCmd cmd) {
             account = _accountDao.findEnabledAccount(accountName, domainId);
         }
 
+        final AccountVO acctForUpdate = _accountDao.findById(account.getId());
+
         // Check if account exists
         if (account == null || account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
             s_logger.error("Unable to find account by accountId: " + accountId + " OR by name: " + accountName + " in domain " + domainId);
@@ -1712,25 +1720,48 @@ public AccountVO updateAccount(UpdateAccountCmd cmd) {
         }
 
         // Check if user performing the action is allowed to modify this account
-        checkAccess(getCurrentCallingAccount(), _domainMgr.getDomain(account.getDomainId()));
+        Account caller = getCurrentCallingAccount();
+        checkAccess(caller, _domainMgr.getDomain(account.getDomainId()));
 
-        // check if the given account name is unique in this domain for updating
-        Account duplicateAcccount = _accountDao.findActiveAccount(newAccountName, domainId);
-        if (duplicateAcccount != null && duplicateAcccount.getId() != account.getId()) {
-            throw new InvalidParameterValueException(
-                    "There already exists an account with the name:" + newAccountName + " in the domain:" + domainId + " with existing account id:" + duplicateAcccount.getId());
+        if(newAccountName != null) {
+
+            if (newAccountName.isEmpty()) {
+                throw new InvalidParameterValueException("The new account name for account '" + account.getUuid() + "' " +
+                        "within domain '" + domainId + "'  is empty string. Account will be not renamed.");
+            }
+
+            // check if the new proposed account name is absent in the domain
+            Account existingAccount = _accountDao.findActiveAccount(newAccountName, domainId);
+            if (existingAccount != null && existingAccount.getId() != account.getId()) {
+                throw new InvalidParameterValueException("The account with the proposed name '" +
+                        newAccountName + "' exists in the domain '" +
+                        domainId + "' with existing account id '" + existingAccount.getId() + "'");
+            }
+
+            acctForUpdate.setAccountName(newAccountName);
         }
 
         if (networkDomain != null && !networkDomain.isEmpty()) {
             if (!NetUtils.verifyDomainName(networkDomain)) {
-                throw new InvalidParameterValueException(
-                        "Invalid network domain. Total length shouldn't exceed 190 chars. Each domain label must be between 1 and 63 characters long, can contain ASCII letters 'a' through 'z', the digits '0' through '9', "
+                throw new InvalidParameterValueException("Invalid network domain or format. " +
+                        "Total length shouldn't exceed 190 chars. Every domain part must be between 1 and 63 " +
+                        "characters long, can contain ASCII letters 'a' through 'z', the digits '0' through '9', "
                                 + "and the hyphen ('-'); can't start or end with \"-\"");
             }
         }
 
-        final AccountVO acctForUpdate = _accountDao.findById(account.getId());
-        acctForUpdate.setAccountName(newAccountName);
+
+        if (roleId != null) {
+            final List<Role> roles = cmd.roleService.listRoles();
+            final boolean roleNotFound = roles.stream().filter(r -> r.getId() == roleId).count() == 0;
+            if (roleNotFound) {
+                throw new InvalidParameterValueException("Role with ID '" + roleId.toString() + "' " +
+                        "is not found or not available for the account '" + account.getUuid() + "' " +
+                        "in the domain '" + domainId + "'.");
+            }
+
+            acctForUpdate.setRoleId(roleId);
+        }
 
         if (networkDomain != null) {
             if (networkDomain.isEmpty()) {
@@ -1741,17 +1772,14 @@ public AccountVO updateAccount(UpdateAccountCmd cmd) {
         }
 
         final Account accountFinal = account;
-        success = Transaction.execute(new TransactionCallback<Boolean>() {
-            @Override
-            public Boolean doInTransaction(TransactionStatus status) {
-                boolean success = _accountDao.update(accountFinal.getId(), acctForUpdate);
-
-                if (details != null && success) {
-                    _accountDetailsDao.update(accountFinal.getId(), details);
-                }
+        success = Transaction.execute((TransactionCallback<Boolean>) status -> {
+            boolean success1 = _accountDao.update(accountFinal.getId(), acctForUpdate);
 
-                return success;
+            if (details != null && success1) {
+                _accountDetailsDao.update(accountFinal.getId(), details);
             }
+
+            return success1;
         });
 
         if (success) {

server/src/test/java/com/cloud/user/AccountManagerImplTest.java

@@ -226,7 +226,7 @@ public void updateUserTestTimeZoneAndEmailNotNull() {
 
     private void prepareMockAndExecuteUpdateUserTest(int numberOfExpectedCallsForSetEmailAndSetTimeZone) {
         Mockito.doReturn(userVoMock).when(accountManagerImpl).retrieveAndValidateUser(UpdateUserCmdMock);
-        Mockito.doNothing().when(accountManagerImpl).validateAndUpdatApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
+        Mockito.doNothing().when(accountManagerImpl).validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
         Mockito.doReturn(accountMock).when(accountManagerImpl).retrieveAndValidateAccount(userVoMock);
 
         Mockito.doNothing().when(accountManagerImpl).validateAndUpdateFirstNameIfNeeded(UpdateUserCmdMock, userVoMock);
@@ -242,7 +242,7 @@ private void prepareMockAndExecuteUpdateUserTest(int numberOfExpectedCallsForSet
         InOrder inOrder = Mockito.inOrder(userVoMock, accountManagerImpl, userDaoMock, userAccountDaoMock);
 
         inOrder.verify(accountManagerImpl).retrieveAndValidateUser(UpdateUserCmdMock);
-        inOrder.verify(accountManagerImpl).validateAndUpdatApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
+        inOrder.verify(accountManagerImpl).validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
         inOrder.verify(accountManagerImpl).retrieveAndValidateAccount(userVoMock);
 
         inOrder.verify(accountManagerImpl).validateAndUpdateFirstNameIfNeeded(UpdateUserCmdMock, userVoMock);
@@ -275,7 +275,7 @@ public void retrieveAndValidateUserTestUserIsFound() {
 
     @Test
     public void validateAndUpdatApiAndSecretKeyIfNeededTestNoKeys() {
-        accountManagerImpl.validateAndUpdatApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
+        accountManagerImpl.validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
 
         Mockito.verify(accountDaoMock, Mockito.times(0)).findUserAccountByApiKey(Mockito.anyString());
     }
@@ -284,14 +284,14 @@ public void validateAndUpdatApiAndSecretKeyIfNeededTestNoKeys() {
     public void validateAndUpdatApiAndSecretKeyIfNeededTestOnlyApiKeyInformed() {
         Mockito.doReturn("apiKey").when(UpdateUserCmdMock).getApiKey();
 
-        accountManagerImpl.validateAndUpdatApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
+        accountManagerImpl.validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
     }
 
     @Test(expected = InvalidParameterValueException.class)
     public void validateAndUpdatApiAndSecretKeyIfNeededTestOnlySecretKeyInformed() {
         Mockito.doReturn("secretKey").when(UpdateUserCmdMock).getSecretKey();
 
-        accountManagerImpl.validateAndUpdatApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
+        accountManagerImpl.validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
     }
 
     @Test(expected = InvalidParameterValueException.class)
@@ -308,7 +308,7 @@ public void validateAndUpdatApiAndSecretKeyIfNeededTestApiKeyAlreadyUsedBySomeon
         Pair<User, Account> pairUserAccountMock = new Pair<User, Account>(otherUserMock, Mockito.mock(Account.class));
         Mockito.doReturn(pairUserAccountMock).when(accountDaoMock).findUserAccountByApiKey(apiKey);
 
-        accountManagerImpl.validateAndUpdatApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
+        accountManagerImpl.validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
     }
 
     @Test
@@ -327,7 +327,7 @@ public void validateAndUpdatApiAndSecretKeyIfNeededTest() {
         Pair<User, Account> pairUserAccountMock = new Pair<User, Account>(otherUserMock, Mockito.mock(Account.class));
         Mockito.doReturn(pairUserAccountMock).when(accountDaoMock).findUserAccountByApiKey(apiKey);
 
-        accountManagerImpl.validateAndUpdatApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
+        accountManagerImpl.validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
 
         Mockito.verify(accountDaoMock).findUserAccountByApiKey(apiKey);
         Mockito.verify(userVoMock).setApiKey(apiKey);

test/integration/smoke/test_accounts.py

@@ -30,7 +30,7 @@
                              User,
                              NATRule,
                              Template,
-                             PublicIPAddress)
+                             PublicIPAddress, Role)
 from marvin.lib.common import (get_domain,
                                get_zone,
                                get_test_template,
@@ -67,6 +67,11 @@ def __init__(self):
                 # username
                 "password": "fr3sca",
             },
+            "role": {
+                "name": "MarvinFake Role",
+                "type": "User",
+                "description": "Fake Role created by Marvin test"
+            },
             "user": {
                 "email": "[email protected]",
                 "firstname": "User",
@@ -261,6 +266,53 @@ def test_01_create_account(self):
         return
 
 
+    @attr(tags=["advanced", "basic", "eip", "advancedns", "sg"],
+          required_hardware="false")
+    def test_02_update_account(self):
+        """
+        Tests that accounts can be updated with new name, network domain, dynamic role
+        :return:
+        """
+        dynamic_roles_active = self.apiclient.listCapabilities(listCapabilities.listCapabilitiesCmd()).dynamicrolesenabled
+        if not dynamic_roles_active:
+            self.skipTest("Dynamic Role-Based API checker not enabled, skipping test")
+
+        ts = str(time.time())
+        network_domain = 'mycloud.com'
+
+        account = Account.create(self.apiclient, self.services['account'])
+        self.cleanup.append(account)
+
+        role = Role.create(self.apiclient, self.services['role'])
+        self.cleanup.append(role)
+
+        account.update(self.apiclient, newname=account.name + ts)
+        account.update(self.apiclient, roleid=role.id)
+        account.update(self.apiclient, networkdomain=network_domain)
+
+        list_accounts_response = list_accounts(self.apiclient, id=account.id)
+        test_account = list_accounts_response[0]
+
+        self.assertEqual(
+            test_account.roleid, role.id,
+            "Check the role for the account is changed")
+
+        self.assertEqual(
+            test_account.networkdomain, network_domain,
+            "Check the domain for the account is changed")
+
+        self.assertEqual(
+            test_account.name, account.name + ts,
+            "Check the name for the account is changed")
+
+        try:
+            account.update(self.apiclient, newname="")
+            self.fail("Account name change to empty name succeeded. Must be error.")
+        except CloudstackAPIException:
+            pass
+
+
+
 class TestRemoveUserFromAccount(cloudstackTestCase):
 
     @classmethod