<feature>[header]: add AccountVO.source

Resolves: ZSV-12269

DBImpact

Change-Id: I7a6c61667a6874657376736b70767a68767a7862

Author: Zhang Wenhao

conf/db/zsv/V5.1.0__schema.sql

@@ -1,12 +1,32 @@
-CREATE TABLE IF NOT EXISTS `zstack`.`TpmKeyBackupVO` (
-    `uuid` char(32) NOT NULL UNIQUE,
-    `lastOpDate` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
-    `createDate` timestamp NOT NULL DEFAULT '1999-12-31 23:59:59',
-    PRIMARY KEY (`uuid`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-
-DELETE FROM `EncryptedResourceKeyRefVO`
-       WHERE `resourceUuid` NOT IN (SELECT `uuid` FROM `ResourceVO`);
-ALTER TABLE `EncryptedResourceKeyRefVO`
-        ADD CONSTRAINT `fkEncryptedResourceKeyRefResourceVO` FOREIGN KEY (`resourceUuid`) REFERENCES `ResourceVO`(`uuid`)
-        ON DELETE CASCADE;
+CREATE TABLE IF NOT EXISTS `zstack`.`TpmKeyBackupVO` (
+    `uuid` char(32) NOT NULL UNIQUE,
+    `lastOpDate` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    `createDate` timestamp NOT NULL DEFAULT '1999-12-31 23:59:59',
+    PRIMARY KEY (`uuid`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+DELETE FROM `EncryptedResourceKeyRefVO`
+       WHERE `resourceUuid` NOT IN (SELECT `uuid` FROM `ResourceVO`);
+ALTER TABLE `EncryptedResourceKeyRefVO`
+        ADD CONSTRAINT `fkEncryptedResourceKeyRefResourceVO` FOREIGN KEY (`resourceUuid`) REFERENCES `ResourceVO`(`uuid`)
+        ON DELETE CASCADE;
+
+-- Feature: ZCenter Account | ZSV-12257
+
+ALTER TABLE `zstack`.`AccountVO`
+    ADD COLUMN `source` varchar(32) NOT NULL DEFAULT 'Local' AFTER `type`;
+
+UPDATE `zstack`.`AccountVO` a
+INNER JOIN `zstack`.`AccountThirdPartyAccountSourceRefVO` ref ON ref.accountUuid = a.uuid
+INNER JOIN `zstack`.`LdapServerVO` ldap ON ldap.uuid = ref.accountSourceUuid
+SET a.`source` = IF(ldap.serverType IN ('OpenLdap', 'WindowsAD'), ldap.serverType, 'WindowsAD');
+
+UPDATE `zstack`.`AccountVO` a
+INNER JOIN `zstack`.`AccountThirdPartyAccountSourceRefVO` ref ON ref.accountUuid = a.uuid
+INNER JOIN `zstack`.`ThirdPartyAccountSourceVO` src ON src.uuid = ref.accountSourceUuid
+SET a.`source` = src.type
+WHERE src.type IN ('CAS', 'OAuth2');
+
+UPDATE `zstack`.`AccountVO`
+SET `type` = 'Normal'
+WHERE `type` = 'ThirdParty';

header/src/main/java/org/zstack/header/identity/AccountInventory.java

@@ -10,7 +10,6 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
-import java.util.UUID;
 
 @Inventory(mappingVOClass = AccountVO.class)
 @ExpandedQueries({
@@ -23,6 +22,7 @@ public class AccountInventory {
     private String name;
     private String description;
     private String type;
+    private String source;
     private String state;
     private Timestamp createDate;
     private Timestamp lastOpDate;
@@ -33,6 +33,7 @@ public static AccountInventory valueOf(AccountVO vo) {
         inv.setName(vo.getName());
         inv.setDescription(vo.getDescription());
         inv.setType(vo.getType().toString());
+        inv.setSource(vo.getSource().toString());
         inv.setState(vo.getState().toString());
         inv.setCreateDate(vo.getCreateDate());
         inv.setLastOpDate(vo.getLastOpDate());
@@ -55,6 +56,14 @@ public void setType(String type) {
         this.type = type;
     }
 
+    public String getSource() {
+        return source;
+    }
+
+    public void setSource(String source) {
+        this.source = source;
+    }
+
     public String getDescription() {
         return description;
     }
@@ -109,6 +118,7 @@ public static AccountInventory __example__() {
         account.setName("account1");
         account.setDescription("account1-description");
         account.setType(AccountType.Normal.toString());
+        account.setSource(AccountSource.Local.toString());
         account.setState(AccountState.Enabled.toString());
         account.setCreateDate(new Timestamp(DocUtils.date));
         account.setLastOpDate(new Timestamp(DocUtils.date));

header/src/main/java/org/zstack/header/identity/AccountInventoryDoc_zh_cn.groovy

@@ -30,6 +30,12 @@ doc {
 		type "String"
 		since "4.0.0"
 	}
+	field {
+		name "source"
+		desc "账户来源，创建时确定且不可修改"
+		type "String"
+		since "5.1.0"
+	}
 	field {
 		name "state"
 		desc "账户状态"

header/src/main/java/org/zstack/header/identity/AccountSource.java

@@ -0,0 +1,25 @@
+package org.zstack.header.identity;
+
+import org.zstack.header.configuration.PythonClass;
+
+import javax.annotation.Nullable;
+
+/**
+ * Where an account was originally created. Immutable after creation (ZSV-12257).
+ */
+@PythonClass
+public enum AccountSource {
+    Local,
+    OpenLdap,
+    WindowsAD,
+    CAS,
+    OAuth2,
+    ZCenter;
+
+    public static AccountSource fromLdapServerTypeName(@Nullable String serverType) {
+        if (OpenLdap.name().equals(serverType)) {
+            return OpenLdap;
+        }
+        return WindowsAD;
+    }
+}

header/src/main/java/org/zstack/header/identity/AccountType.java

@@ -6,5 +6,9 @@
 public enum AccountType {
     SystemAdmin,
     Normal,
+    /**
+     * @deprecated Use {@link AccountType#Normal} with {@link AccountSource} instead (ZSV-12257).
+     */
+    @Deprecated
     ThirdParty
 }

header/src/main/java/org/zstack/header/identity/AccountVO.java

@@ -31,6 +31,10 @@ public class AccountVO extends ResourceVO {
     @Enumerated(EnumType.STRING)
     private AccountType type;
 
+    @Column(nullable = false)
+    @Enumerated(EnumType.STRING)
+    private AccountSource source = AccountSource.Local;
+
     @Column
     @Enumerated(EnumType.STRING)
     private AccountState state;
@@ -72,6 +76,14 @@ public void setType(AccountType type) {
         this.type = type;
     }
 
+    public AccountSource getSource() {
+        return source;
+    }
+
+    public void setSource(AccountSource source) {
+        this.source = source;
+    }
+
     public AccountState getState() {
         return state;
     }

header/src/main/java/org/zstack/header/identity/AccountVO_.java

@@ -12,6 +12,7 @@ public class AccountVO_ extends ResourceVO_ {
     public static volatile SingularAttribute<AccountVO, String> description;
     public static volatile SingularAttribute<AccountVO, String> password;
     public static volatile SingularAttribute<AccountVO, AccountType> type;
+    public static volatile SingularAttribute<AccountVO, AccountSource> source;
     public static volatile SingularAttribute<AccountVO, AccountState> state;
     public static volatile SingularAttribute<AccountVO, Timestamp> createDate;
     public static volatile SingularAttribute<AccountVO, Timestamp> lastOpDate;

header/src/main/java/org/zstack/header/identity/CreateAccountMsg.java

@@ -13,6 +13,7 @@ public class CreateAccountMsg extends NeedReplyMessage {
     @NoLogging
     private String password;
     private String type;
+    private String source = AccountSource.Local.toString();
     private String description;
     private AccountState state;
 
@@ -48,6 +49,14 @@ public void setType(String type) {
         this.type = type;
     }
 
+    public String getSource() {
+        return source;
+    }
+
+    public void setSource(String source) {
+        this.source = source;
+    }
+
     public String getDescription() {
         return description;
     }

identity/src/main/java/org/zstack/identity/AccountManagerImpl.java

@@ -110,6 +110,7 @@ protected void scripts() {
                     vo.setName(AccountConstant.INITIAL_SYSTEM_ADMIN_NAME);
                     vo.setPassword(AccountConstant.INITIAL_SYSTEM_ADMIN_PASSWORD);
                     vo.setType(AccountType.SystemAdmin);
+                    vo.setSource(AccountSource.Local);
                     vo.setState(AccountState.Enabled);
                     persist(vo);
                     flush();
@@ -533,7 +534,21 @@ protected AccountInventory scripts() {
                 vo.setName(msg.getName());
                 vo.setDescription(msg.getDescription());
                 vo.setPassword(msg.getPassword());
-                vo.setType(msg.getType() != null ? AccountType.valueOf(msg.getType()) : AccountType.Normal);
+                AccountType accountType = msg.getType() != null ? AccountType.valueOf(msg.getType()) : AccountType.Normal;
+                if (accountType == AccountType.ThirdParty) {
+                    throw operr("account type[ThirdParty] is deprecated; use Normal with account source instead")
+                            .toException();
+                }
+                vo.setType(accountType);
+
+                try {
+                    vo.setSource(AccountSource.valueOf(msg.getSource()));
+                } catch (IllegalArgumentException e) {
+                    throw operr("invalid account source[%s]", msg.getSource())
+                            .withOpaque("allowed.values", list(AccountSource.values()))
+                            .toException();
+                }
+
                 vo.setState(msg.getState() == null ? AccountState.Enabled : msg.getState());
                 persist(vo);
                 reload(vo);
@@ -1005,6 +1020,11 @@ private void validate(APIChangeAccountTypeMsg msg) {
             ));
         }
 
+        if (AccountType.ThirdParty.toString().equals(msg.getType())) {
+            throw new ApiMessageInterceptionException(argerr(
+                    "account type[ThirdParty] is deprecated; use Normal with account source instead"));
+        }
+
         if (!AccountType.SystemAdmin.toString().equals(msg.getType())) {
             throw new ApiMessageInterceptionException(argerr(
                 "Only promoting to SystemAdmin is currently supported, got type[%s].", msg.getType()

identity/src/main/java/org/zstack/identity/rbac/RBACManagerImpl.java

@@ -177,7 +177,7 @@ public void prepareDbInitialValue() {
                 if (AccountConstant.OTHER_ROLE_UUID.equals(role.getUuid())
                         || AccountConstant.LEGACY_ROLE_UUID.equals(role.getUuid())) {
                     List<String> accountUuidList = Q.New(AccountVO.class)
-                            .in(AccountVO_.type, list(AccountType.Normal, AccountType.ThirdParty))
+                            .eq(AccountVO_.type, AccountType.Normal)
                             .select(AccountVO_.uuid)
                             .listValues();
                     for (String accountUuid : accountUuidList) {