/** * Deactivates the vCenter, its vCenter data centers, clusters and hosts. * * @param id the URN of a ViPR vCenter to be deactivated * @prereq none * @brief Delete vCenter * @return OK if deactivation completed successfully * @throws DatabaseException when a DB error occurs */ @POST @Path("/{id}/deactivate") @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON}) @CheckPermission(roles = {Role.SYSTEM_ADMIN, Role.TENANT_ADMIN}) public TaskResourceRep deactivateVcenter( @PathParam("id") URI id, @DefaultValue("false") @QueryParam("detach-storage") boolean detachStorage) throws DatabaseException { if (ComputeSystemHelper.isVcenterInUse(_dbClient, id) && !detachStorage) { throw APIException.badRequests.resourceHasActiveReferences(Vcenter.class.getSimpleName(), id); } else { Vcenter vcenter = queryObject(Vcenter.class, id, true); // check the user permissions for this tenant org verifyAuthorizedSystemOrTenantOrgUser( _permissionsHelper.convertToACLEntries(vcenter.getAcls())); checkIfOtherTenantsUsingTheVcenter(vcenter); String taskId = UUID.randomUUID().toString(); Operation op = _dbClient.createTaskOpStatus( Vcenter.class, vcenter.getId(), taskId, ResourceOperationTypeEnum.DELETE_VCENTER); ComputeSystemController controller = getController(ComputeSystemController.class, null); controller.detachVcenterStorage(vcenter.getId(), true, taskId); auditOp(OperationTypeEnum.DELETE_VCENTER, true, null, vcenter.auditParameters()); TaskResourceRep taskResourceRep = toTask(vcenter, taskId, op); updateTaskTenant(taskResourceRep); return taskResourceRep; } }
/** * Creates a manual (fake) vcenter discover task, so that there wont be any vcenter discovery * happening because of this task. * * @param vcenter vcenter to create its manual/fake discovery task. * @return returns fake/manual vcenter discovery task. */ private TaskResourceRep createManualReadyTask(Vcenter vcenter) { // if not discoverable, manually create a ready task Operation op = new Operation(); op.setResourceType(ResourceOperationTypeEnum.DISCOVER_VCENTER); op.ready("Vcenter not discoverable."); String taskId = UUID.randomUUID().toString(); _dbClient.createTaskOpStatus(Host.class, vcenter.getId(), taskId, op); return toTask(vcenter, taskId, op); }
/** * Detaches storage from the vcenter. * * @param id the URN of a ViPR vcenter * @brief Detach storage from vcenter * @return task * @throws DatabaseException when a DB error occurs */ @POST @Path("/{id}/detach-storage") @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON}) @CheckPermission(roles = {Role.SYSTEM_ADMIN, Role.TENANT_ADMIN}) public TaskResourceRep detachStorage(@PathParam("id") URI id) throws DatabaseException { Vcenter vcenter = queryObject(Vcenter.class, id, true); ArgValidator.checkEntity(vcenter, id, true); checkIfOtherTenantsUsingTheVcenter(vcenter); String taskId = UUID.randomUUID().toString(); Operation op = _dbClient.createTaskOpStatus( Vcenter.class, vcenter.getId(), taskId, ResourceOperationTypeEnum.DETACH_VCENTER_DATACENTER_STORAGE); ComputeSystemController controller = getController(ComputeSystemController.class, null); controller.detachVcenterStorage(vcenter.getId(), false, taskId); return toTask(vcenter, taskId, op); }
/** * Add or remove individual Access Control List entry(s). When the vCenter is created with no * shared access (Vcenter.shared = Boolean.FALSE), there cannot be multiple Access Control List * Entries associated with this vCenter. * * @param changes Access Control List assignment changes. Request body must include at least one * add or remove operation * @param id the URN of a ViPR Project. * @return the vCenter discovery async task. */ @PUT @Path("/{id}/acl") @Consumes({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON}) @CheckPermission(roles = {Role.SECURITY_ADMIN, Role.SYSTEM_ADMIN}) public TaskResourceRep updateAclAssignments( @PathParam("id") URI id, ACLAssignmentChanges changes) { // Make sure the vCenter is a valid one. Vcenter vcenter = queryObject(Vcenter.class, id, true); ArgValidator.checkEntity(vcenter, id, isIdEmbeddedInURL(id)); // Validate the acl assignment changes. It is not valid when an // acl entry contains more than one privilege or privileges // other than USE. validateAclAssignments(changes); // Make sure that the vCenter with respect to the tenants // that we are removing is not in use (means the datacenters // and its clusters and hosts with the removing tenant do not // have any exports). checkVcenterUsage(vcenter, changes); _permissionsHelper.updateACLs( vcenter, changes, new PermissionsHelper.UsageACLFilter(_permissionsHelper)); _dbClient.updateAndReindexObject(vcenter); auditOp( OperationTypeEnum.UPDATE_VCENTER, true, null, vcenter.getId().toString(), vcenter.getLabel(), changes); // Rediscover the vCenter, this will update the updated // list of tenants based its latest acls to its datacenters // and hosts and clusters. return doDiscoverVcenter(queryObject(Vcenter.class, vcenter.getId(), true)); }
/** * Vcenter Discovery * * @param vcenter the Vcenter to be discovered. provided, a new taskId is generated. * @return the task used to track the discovery job */ protected TaskResourceRep doDiscoverVcenter(Vcenter vcenter) { ComputeSystemController controller = getController(ComputeSystemController.class, "vcenter"); DiscoveredObjectTaskScheduler scheduler = new DiscoveredObjectTaskScheduler(_dbClient, new DiscoverJobExec(controller)); String taskId = UUID.randomUUID().toString(); ArrayList<AsyncTask> tasks = new ArrayList<AsyncTask>(1); tasks.add(new AsyncTask(Vcenter.class, vcenter.getId(), taskId)); TaskList taskList = scheduler.scheduleAsyncTasks(tasks); TaskResourceRep taskResourceRep = taskList.getTaskList().iterator().next(); updateTaskTenant(taskResourceRep); return taskResourceRep; }
/** * Creates a new vCenter. Discovery is initiated after the vCenter is created. * * @param createParam the parameter that has the attributes of the vCenter to be created. * @param validateConnection specifies if the connection to the vCenter to be validated before * creating the vCenter or not. Default value is "false", so connection to the vCenter will * not be validated if it is not specified. * @return the vCenter discovery async task. */ @POST @Consumes({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON}) @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON}) @CheckPermission(roles = {Role.SYSTEM_ADMIN, Role.TENANT_ADMIN}) public TaskResourceRep createVcenter( VcenterCreateParam createParam, @QueryParam("validate_connection") @DefaultValue("false") final Boolean validateConnection) { validateVcenter(createParam, null, validateConnection); // create and persist the vcenter Vcenter vcenter = createNewVcenter(null, createParam); vcenter.setRegistrationStatus(DiscoveredDataObject.RegistrationStatus.REGISTERED.toString()); _dbClient.createObject(vcenter); auditOp(OperationTypeEnum.CREATE_VCENTER, true, null, vcenter.auditParameters()); return doDiscoverVcenter(queryObject(Vcenter.class, vcenter.getId(), true)); }
/** * Check if the vCenter being updated is used by any of its vCenterDataCenters or clusters or * hosts or not. This validates only with respect to the tenant that is being removed from the * vCenter acls. If the tenant that is getting removed teh vCenter has any exports with the * vCenter's vCenterDataCenter or its clusters or hosts. * * @param vcenter the vCenter being updated. * @param changes new acl assignment changes for the vCenter. */ private void checkVcenterUsage(Vcenter vcenter, ACLAssignmentChanges changes) { // Make a copy of the vCenter's existing tenant list. List<ACLEntry> existingAclEntries = _permissionsHelper.convertToACLEntries(vcenter.getAcls()); if (CollectionUtils.isEmpty(existingAclEntries)) { // If there no existing acl entries for the vCenter // there is nothing to validate if it is in user or not. _log.debug("vCenter {} does not have any existing acls", vcenter.getLabel()); return; } // If there are no tenants to be removed from the vCenter acls, // there is nothing to check for usage. if (CollectionUtils.isEmpty(changes.getRemove())) { _log.debug("There are not acls to remove from vCenter {}", vcenter.getLabel()); return; } Set<String> tenantsInUse = new HashSet<String>(); Set<URI> removingTenants = _permissionsHelper.getUsageURIsFromAclEntries(changes.getRemove()); Set<URI> existingTenants = _permissionsHelper.getUsageURIsFromAclEntries(existingAclEntries); Iterator<URI> removingTenantsIterator = removingTenants.iterator(); while (removingTenantsIterator.hasNext()) { URI removingTenant = removingTenantsIterator.next(); if (!existingTenants.contains(removingTenant)) { continue; } // Check if vCenter is in use for the removing tenant or not. // This checks for all the datacenters of this vcenter that belong to the // removing tenant and finds if the datacenter or it clusters or hosts // use the exports from the removing tenant or not. if (ComputeSystemHelper.isVcenterInUseForTheTenant( _dbClient, vcenter.getId(), removingTenant)) { TenantOrg tenant = _dbClient.queryObject(TenantOrg.class, removingTenant); tenantsInUse.add(tenant.getLabel()); } } if (!CollectionUtils.isEmpty(tenantsInUse)) { throw APIException.badRequests.cannotRemoveTenant("vCener", vcenter.getLabel(), tenantsInUse); } }