Fix lint issue in README.md and add more unit tests.

tpodowd · tpodowd · commit ef6fe4d24deb · 2024-10-01T08:44:32.000Z
diff --git a/plugins/storage/object/cloudian/README.md b/plugins/storage/object/cloudian/README.md
@@ -70,6 +70,7 @@ Details MAP
 ```
 
 The following "details" map entries are all required.
+
 - validateSSL : The ADMIN API is internal and may not have a proper SSL Certificate.
 - accesskey : Reuse of a shared configuration parameter to pass the Admin Username.
 - secretkey : Reuse of a shared configuration parameter to pass the Admin password.
@@ -97,7 +98,7 @@ The following additional resources are also created for each HyperStore User.
 | Root Credential Pair | These credentials have full access to the HyperStore User account. They are used to manage the IAM user resources listed below as well as to perform any top level bucket actions such as creating buckets, updating policies, enabling versioning etc. |
 | IAM User "CloudStack" | The "CloudStack" IAM user is created with an inline policy as-per below. The IAM user is used by the CloudStack Bucket Browser UI to manage bucket contents.|
 | IAM User Policy | This inline IAM user policy grants the "CloudStack" IAM user permission to any S3 action except `s3:createBucket` and `s3:deleteBucket`. This is mostly to ensure that all Buckets remain under CloudStack control as well as to restrict control over IAM actions.|
-| IAM User Credential Pair | The "CloudStack" IAM user credentials are also managed by the plugin and are made available to the user under the "Bucket Details" page. They are additionally used by the CloudStack Bucket Browser UI. They are restricted by the aforementioned user policy.
+| IAM User Credential Pair | The "CloudStack" IAM user credentials are also managed by the plugin and are made available to the user under the "Bucket Details" page. They are additionally used by the CloudStack Bucket Browser UI. They are restricted by the aforementioned user policy.|
 
 ## Bucket Management
 
@@ -119,6 +120,7 @@ Two "policies" are configurable using the CloudStack interface.
 
 - Private : Objects are only accessible to the bucket owner. This is the equivalent of no bucket policy (and is implemented that way).
 - Public : Objects are readable to everyone. Listing of all bucket objects is not granted so the object name must be known in order to access it.
+
   ```json
   {
     "Version": "2012-10-17",
diff --git a/plugins/storage/object/cloudian/src/main/java/org/apache/cloudstack/storage/datastore/driver/CloudianHyperStoreObjectStoreDriverImpl.java b/plugins/storage/object/cloudian/src/main/java/org/apache/cloudstack/storage/datastore/driver/CloudianHyperStoreObjectStoreDriverImpl.java
@@ -164,6 +164,16 @@ public boolean createUser(long accountId, long storeId) {
             String msg = String.format("The User id=%s group id=%s is Disabled. Consult your HyperStore Administrator.", hsUserId, hsGroupId);
             logger.error(msg);
             throw new CloudRuntimeException(msg);
+        } else {
+            // User exists and is active. We know that the group therefore exists but
+            // we should ensure that it is active or it will lead to unknown access key errors
+            // which might confuse the administrator. Checking is clearer.
+            CloudianGroup group = client.listGroup(hsGroupId);
+            if (group != null && ! group.getActive()) {
+                String msg = String.format("The group id=%s is Disabled. Consult your HyperStore Administrator.", hsGroupId);
+                logger.error(msg);
+                throw new CloudRuntimeException(msg);
+            }
         }
 
         // We either created a new account or found an existing one.
@@ -193,7 +203,7 @@ public boolean createUser(long accountId, long storeId) {
      * @return an AccessKey object for newly created IAM credentials or null if existing credentials were ok
      *    and nothing was created.
      */
-    private AccessKey createIAMCredentials(long storeId, Map<String, String> details, CloudianCredential credential) {
+    protected AccessKey createIAMCredentials(long storeId, Map<String, String> details, CloudianCredential credential) {
         AmazonIdentityManagement iamClient = getIAMClientByStoreId(storeId, credential);
         final String iamUser = CloudianHyperStoreUtil.IAM_USER_USERNAME;
 
@@ -360,7 +370,7 @@ private void createHSGroup(CloudianClient client, String hsGroupId, Domain domai
 
         // Group exists. Confirm that it is usable.
         if (! group.getActive()) {
-            String msg = String.format("The Group %s is Disabled. Consult your HyperStore Administrator.", hsGroupId);
+            String msg = String.format("The group %s is Disabled. Consult your HyperStore Administrator.", hsGroupId);
             logger.error(msg);
             throw new CloudRuntimeException(msg);
         }
diff --git a/plugins/storage/object/cloudian/src/test/java/org/apache/cloudstack/storage/datastore/driver/CloudianHyperStoreObjectStoreDriverImplTest.java b/plugins/storage/object/cloudian/src/test/java/org/apache/cloudstack/storage/datastore/driver/CloudianHyperStoreObjectStoreDriverImplTest.java
