extend listusers API to filter by source

Author: bernardodemarco

api/src/main/java/org/apache/cloudstack/api/command/admin/user/ListUsersCmd.java

@@ -16,9 +16,11 @@
 // under the License.
 package org.apache.cloudstack.api.command.admin.user;
 
+import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.server.ResourceIcon;
 import com.cloud.server.ResourceTag;
 import com.cloud.user.Account;
+import com.cloud.user.User;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.api.command.user.UserCmd;
 import org.apache.cloudstack.api.response.ResourceIconResponse;
@@ -30,6 +32,7 @@
 import org.apache.cloudstack.api.ResponseObject.ResponseView;
 import org.apache.cloudstack.api.response.ListResponse;
 import org.apache.cloudstack.api.response.UserResponse;
+import org.apache.commons.lang3.EnumUtils;
 
 import java.util.List;
 
@@ -63,6 +66,10 @@ public class ListUsersCmd extends BaseListAccountResourcesCmd implements UserCmd
             description = "flag to display the resource icon for users")
     private Boolean showIcon;
 
+    @Parameter(name = ApiConstants.USER_SOURCE, type = CommandType.STRING, since = "4.21.0.0",
+            description = "List users by their authentication source. Valid values are: native, LDAP, SAML2 and SAML2DISABLED.")
+    private String userSource;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -91,6 +98,23 @@ public Boolean getShowIcon() {
         return showIcon != null ? showIcon : false;
     }
 
+    public User.Source getUserSource() {
+        if (userSource == null) {
+            return null;
+        }
+
+        User.Source source = EnumUtils.getEnumIgnoreCase(User.Source.class, userSource);
+        if (source == null || source == User.Source.OAUTH2) {
+            throw new InvalidParameterValueException(String.format("Invalid user source: %s. Valid values are: native, LDAP, SAML2 and SAML2DISABLED.", source));
+        }
+
+        if (source == User.Source.NATIVE) {
+            return User.Source.UNKNOWN;
+        }
+
+        return source;
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////

api/src/main/java/org/apache/cloudstack/api/response/UserResponse.java

@@ -67,7 +67,7 @@ public class UserResponse extends BaseResponse implements SetResourceIconRespons
     @Param(description = "the account type of the user")
     private Integer accountType;
 
-    @SerializedName("usersource")
+    @SerializedName(ApiConstants.USER_SOURCE)
     @Param(description = "the source type of the user in lowercase, such as native, ldap, saml2")
     private String userSource;
 

server/src/main/java/com/cloud/api/query/QueryManagerImpl.java

@@ -695,7 +695,7 @@ public ListResponse<UserResponse> searchForUsers(Long domainId, boolean recursiv
         String keyword = null;
 
         Pair<List<UserAccountJoinVO>, Integer> result =  getUserListInternal(caller, permittedAccounts, listAll, id,
-                username, type, accountName, state, keyword, null, domainId, recursive, null);
+                username, type, accountName, state, keyword, null, domainId, recursive, null, null);
         ListResponse<UserResponse> response = new ListResponse<UserResponse>();
         List<UserResponse> userResponses = ViewResponseHelper.createUserResponse(ResponseView.Restricted, CallContext.current().getCallingAccount().getDomainId(),
                 result.first().toArray(new UserAccountJoinVO[result.first().size()]));
@@ -723,6 +723,7 @@ private Pair<List<UserAccountJoinVO>, Integer> searchForUsersInternal(ListUsersC
         Object state = cmd.getState();
         String keyword = cmd.getKeyword();
         String apiKeyAccess = cmd.getApiKeyAccess();
+        User.Source userSource = cmd.getUserSource();
 
         Long domainId = cmd.getDomainId();
         boolean recursive = cmd.isRecursive();
@@ -731,11 +732,11 @@ private Pair<List<UserAccountJoinVO>, Integer> searchForUsersInternal(ListUsersC
 
         Filter searchFilter = new Filter(UserAccountJoinVO.class, "id", true, startIndex, pageSizeVal);
 
-        return getUserListInternal(caller, permittedAccounts, listAll, id, username, type, accountName, state, keyword, apiKeyAccess, domainId, recursive, searchFilter);
+        return getUserListInternal(caller, permittedAccounts, listAll, id, username, type, accountName, state, keyword, apiKeyAccess, domainId, recursive, searchFilter, userSource);
     }
 
     private Pair<List<UserAccountJoinVO>, Integer> getUserListInternal(Account caller, List<Long> permittedAccounts, boolean listAll, Long id, Object username, Object type,
-            String accountName, Object state, String keyword, String apiKeyAccess, Long domainId, boolean recursive, Filter searchFilter) {
+            String accountName, Object state, String keyword, String apiKeyAccess, Long domainId, boolean recursive, Filter searchFilter, User.Source userSource) {
         Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject = new Ternary<Long, Boolean, ListProjectResourcesCriteria>(domainId, recursive, null);
         accountMgr.buildACLSearchParameters(caller, id, accountName, null, permittedAccounts, domainIdRecursiveListProject, listAll, false);
         domainId = domainIdRecursiveListProject.first();
@@ -761,6 +762,7 @@ private Pair<List<UserAccountJoinVO>, Integer> getUserListInternal(Account calle
         sb.and("domainId", sb.entity().getDomainId(), Op.EQ);
         sb.and("accountName", sb.entity().getAccountName(), Op.EQ);
         sb.and("state", sb.entity().getState(), Op.EQ);
+        sb.and("userSource", sb.entity().getSource(), Op.EQ);
         if (apiKeyAccess != null) {
             sb.and("apiKeyAccess", sb.entity().getApiKeyAccess(), Op.EQ);
         }
@@ -827,6 +829,10 @@ private Pair<List<UserAccountJoinVO>, Integer> getUserListInternal(Account calle
             }
         }
 
+        if (userSource != null) {
+            sc.setParameters("userSource", userSource.toString());
+        }
+
         return _userAccountJoinDao.searchAndCount(sc, searchFilter);
     }
 

server/src/test/java/com/cloud/api/query/QueryManagerImplTest.java

@@ -505,11 +505,13 @@ public void testSearchForUsers() {
         Account.Type accountType = Account.Type.ADMIN;
         Long domainId = 1L;
         String apiKeyAccess = "Disabled";
+        User.Source userSource = User.Source.NATIVE;
         Mockito.when(cmd.getUsername()).thenReturn(username);
         Mockito.when(cmd.getAccountName()).thenReturn(accountName);
         Mockito.when(cmd.getAccountType()).thenReturn(accountType);
         Mockito.when(cmd.getDomainId()).thenReturn(domainId);
         Mockito.when(cmd.getApiKeyAccess()).thenReturn(apiKeyAccess);
+        Mockito.when(cmd.getUserSource()).thenReturn(userSource);
 
         UserAccountJoinVO user = new UserAccountJoinVO();
         DomainVO domain = Mockito.mock(DomainVO.class);
@@ -531,6 +533,7 @@ public void testSearchForUsers() {
         Mockito.verify(sc).setParameters("type", accountType);
         Mockito.verify(sc).setParameters("domainId", domainId);
         Mockito.verify(sc).setParameters("apiKeyAccess", false);
+        Mockito.verify(sc).setParameters("userSource", userSource.toString());
         Mockito.verify(userAccountJoinDao, Mockito.times(1)).searchAndCount(
                 any(SearchCriteria.class), any(Filter.class));
     }