Java Vcenter.getAclsの例

コード例 #1

ファイル: VcenterService.java プロジェクト: seagle0128/coprhd-controller

  /**
   * Filters the vCenters by the tenant. If the provided tenant is null or the tenant does not share
   * the vCenter than the vCenters are filtered with the user's tenant.
   *
   * @param vcenters to be filtered by the tenant.
   * @param tenantId to be used for filtering the vCenter.
   * @return the list of vCenters that belong to the tenantId or the user's tenant org.
   */
  private List<Vcenter> filterVcentersByTenant(List<Vcenter> vcenters, URI tenantId) {
    List<Vcenter> tenantVcenterList = new ArrayList<Vcenter>();
    Iterator<Vcenter> vcenterIt = vcenters.iterator();
    while (vcenterIt.hasNext()) {
      Vcenter vcenter = vcenterIt.next();
      if (vcenter == null) {
        continue;
      }

      Set<URI> tenantUris = _permissionsHelper.getUsageURIsFromAcls(vcenter.getAcls());
      if (CollectionUtils.isEmpty(tenantUris)) {
        continue;
      }

      if (!NullColumnValueGetter.isNullURI(tenantId) && !tenantUris.contains(tenantId)) {
        // The tenantId is not a null URI and it is not available in the vCenter acls,
        // so, dont add to the filtered list.
        continue;
      }

      Iterator<URI> tenantUriIt = tenantUris.iterator();
      while (tenantUriIt.hasNext()) {
        if (verifyAuthorizedInTenantOrg(tenantUriIt.next())) {
          tenantVcenterList.add(vcenter);
        }
      }
    }
    return tenantVcenterList;
  }

コード例 #2

ファイル: VcenterService.java プロジェクト: seagle0128/coprhd-controller

 /**
  * Creates a new vCenter data center.
  *
  * @param id the URN of the parent vCenter
  * @param createParam the details of the data center
  * @prereq none
  * @brief Create vCenter data center
  * @return the details of the vCenter data center, including its id and link, when creation
  *     completes successfully.
  * @throws DatabaseException when a database error occurs.
  */
 @POST
 @Consumes({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
 @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
 @CheckPermission(roles = {Role.SYSTEM_ADMIN, Role.TENANT_ADMIN})
 @Path("/{id}/vcenter-data-centers")
 public VcenterDataCenterRestRep createVcenterDataCenter(
     @PathParam("id") URI id, VcenterDataCenterCreate createParam) throws DatabaseException {
   Vcenter vcenter = queryObject(Vcenter.class, id, false);
   checkDuplicateChildName(
       id,
       VcenterDataCenter.class,
       DATAOBJECT_NAME_FIELD,
       "vcenter",
       createParam.getName(),
       _dbClient);
   VcenterDataCenter datacenter = new VcenterDataCenter();
   datacenter.setId(URIUtil.createId(VcenterDataCenter.class));
   datacenter.setLabel(createParam.getName());
   datacenter.setVcenter(id);
   if (vcenter.getTenantCreated()) {
     datacenter.setTenant(_permissionsHelper.getTenant(vcenter.getAcls()));
   } else {
     datacenter.setTenant(NullColumnValueGetter.getNullURI());
   }
   _dbClient.createObject(datacenter);
   auditOp(OperationTypeEnum.CREATE_VCENTER_DATACENTER, true, null, datacenter.auditParameters());
   return map(datacenter);
 }

コード例 #3

ファイル: VcenterService.java プロジェクト: seagle0128/coprhd-controller

  /**
   * Deactivates the vCenter, its vCenter data centers, clusters and hosts.
   *
   * @param id the URN of a ViPR vCenter to be deactivated
   * @prereq none
   * @brief Delete vCenter
   * @return OK if deactivation completed successfully
   * @throws DatabaseException when a DB error occurs
   */
  @POST
  @Path("/{id}/deactivate")
  @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
  @CheckPermission(roles = {Role.SYSTEM_ADMIN, Role.TENANT_ADMIN})
  public TaskResourceRep deactivateVcenter(
      @PathParam("id") URI id,
      @DefaultValue("false") @QueryParam("detach-storage") boolean detachStorage)
      throws DatabaseException {
    if (ComputeSystemHelper.isVcenterInUse(_dbClient, id) && !detachStorage) {
      throw APIException.badRequests.resourceHasActiveReferences(Vcenter.class.getSimpleName(), id);
    } else {
      Vcenter vcenter = queryObject(Vcenter.class, id, true);

      // check the user permissions for this tenant org
      verifyAuthorizedSystemOrTenantOrgUser(
          _permissionsHelper.convertToACLEntries(vcenter.getAcls()));

      checkIfOtherTenantsUsingTheVcenter(vcenter);

      String taskId = UUID.randomUUID().toString();
      Operation op =
          _dbClient.createTaskOpStatus(
              Vcenter.class, vcenter.getId(), taskId, ResourceOperationTypeEnum.DELETE_VCENTER);

      ComputeSystemController controller = getController(ComputeSystemController.class, null);
      controller.detachVcenterStorage(vcenter.getId(), true, taskId);

      auditOp(OperationTypeEnum.DELETE_VCENTER, true, null, vcenter.auditParameters());

      TaskResourceRep taskResourceRep = toTask(vcenter, taskId, op);
      updateTaskTenant(taskResourceRep);

      return taskResourceRep;
    }
  }

コード例 #4

ファイル: VcenterService.java プロジェクト: seagle0128/coprhd-controller

  /**
   * Updates one or more of the vCenter attributes. Discovery is initiated after the vCenter is
   * updated.
   *
   * @param id the URN of a ViPR vCenter
   * @param updateParam the parameter that has the attributes to be updated.
   * @prereq none
   * @brief Update vCenter
   * @return the vCenter discovery async task representation.
   */
  @PUT
  @Consumes({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
  @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
  @CheckPermission(roles = {Role.SYSTEM_ADMIN, Role.TENANT_ADMIN})
  @Path("/{id}")
  public TaskResourceRep updateVcenter(
      @PathParam("id") URI id,
      VcenterUpdateParam updateParam,
      @QueryParam("validate_connection") @DefaultValue("false") final Boolean validateConnection,
      @QueryParam("discover_vcenter") @DefaultValue("true") final Boolean discoverVcenter) {

    // update the host
    Vcenter vcenter = queryObject(Vcenter.class, id, true);
    validateVcenter(updateParam, vcenter, validateConnection);

    // check the user permissions for this tenant org
    verifyAuthorizedSystemOrTenantOrgUser(
        _permissionsHelper.convertToACLEntries(vcenter.getAcls()));

    populateVcenterData(vcenter, updateParam);
    _dbClient.persistObject(vcenter);
    auditOp(OperationTypeEnum.UPDATE_VCENTER, true, null, vcenter.auditParameters());

    if (discoverVcenter) {
      return doDiscoverVcenter(vcenter);
    } else {
      return createManualReadyTask(vcenter);
    }
  }

コード例 #5

ファイル: VcenterService.java プロジェクト: seagle0128/coprhd-controller

  /**
   * Gets the current acl assignments of the requested vCenter.
   *
   * @param vcenterId
   * @return the list of acl assignments of the requested vCenter.
   */
  private ACLAssignments getAclAssignmentsResponse(URI vcenterId) {
    Vcenter vcenter = queryObject(Vcenter.class, vcenterId, true);
    ArgValidator.checkEntity(vcenter, vcenterId, isIdEmbeddedInURL(vcenterId));

    ACLAssignments response = new ACLAssignments();
    response.setAssignments(_permissionsHelper.convertToACLEntries(vcenter.getAcls()));

    return response;
  }

コード例 #6

ファイル: VcenterService.java プロジェクト: seagle0128/coprhd-controller

 /**
  * Shows the information for one vCenter server.
  *
  * @param id the URN of a ViPR vCenter
  * @prereq none
  * @brief Show vCenter
  * @return All non-null attributes of the vCenter.
  * @throws DatabaseException when a DB error occurs.
  */
 @GET
 @Path("/{id}")
 @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
 public VcenterRestRep getVcenter(@PathParam("id") URI id) throws DatabaseException {
   Vcenter vcenter = queryObject(Vcenter.class, id, false);
   // check the user permissions for this tenant org
   verifyAuthorizedSystemOrTenantOrgUser(
       _permissionsHelper.convertToACLEntries(vcenter.getAcls()));
   return map(vcenter);
 }

コード例 #7

ファイル: VcenterService.java プロジェクト: seagle0128/coprhd-controller

  /**
   * Check if the vCenter being updated is used by any of its vCenterDataCenters or clusters or
   * hosts or not. This validates only with respect to the tenant that is being removed from the
   * vCenter acls. If the tenant that is getting removed teh vCenter has any exports with the
   * vCenter's vCenterDataCenter or its clusters or hosts.
   *
   * @param vcenter the vCenter being updated.
   * @param changes new acl assignment changes for the vCenter.
   */
  private void checkVcenterUsage(Vcenter vcenter, ACLAssignmentChanges changes) {
    // Make a copy of the vCenter's existing tenant list.
    List<ACLEntry> existingAclEntries = _permissionsHelper.convertToACLEntries(vcenter.getAcls());
    if (CollectionUtils.isEmpty(existingAclEntries)) {
      // If there no existing acl entries for the vCenter
      // there is nothing to validate if it is in user or not.
      _log.debug("vCenter {} does not have any existing acls", vcenter.getLabel());
      return;
    }

    // If there are no tenants to be removed from the vCenter acls,
    // there is nothing to check for usage.
    if (CollectionUtils.isEmpty(changes.getRemove())) {
      _log.debug("There are not acls to remove from vCenter {}", vcenter.getLabel());
      return;
    }

    Set<String> tenantsInUse = new HashSet<String>();

    Set<URI> removingTenants = _permissionsHelper.getUsageURIsFromAclEntries(changes.getRemove());
    Set<URI> existingTenants = _permissionsHelper.getUsageURIsFromAclEntries(existingAclEntries);

    Iterator<URI> removingTenantsIterator = removingTenants.iterator();
    while (removingTenantsIterator.hasNext()) {
      URI removingTenant = removingTenantsIterator.next();
      if (!existingTenants.contains(removingTenant)) {
        continue;
      }

      // Check if vCenter is in use for the removing tenant or not.
      // This checks for all the datacenters of this vcenter that belong to the
      // removing tenant and finds if the datacenter or it clusters or hosts
      // use the exports from the removing tenant or not.
      if (ComputeSystemHelper.isVcenterInUseForTheTenant(
          _dbClient, vcenter.getId(), removingTenant)) {
        TenantOrg tenant = _dbClient.queryObject(TenantOrg.class, removingTenant);
        tenantsInUse.add(tenant.getLabel());
      }
    }

    if (!CollectionUtils.isEmpty(tenantsInUse)) {
      throw APIException.badRequests.cannotRemoveTenant("vCener", vcenter.getLabel(), tenantsInUse);
    }
  }

コード例 #8

ファイル: VcenterService.java プロジェクト: seagle0128/coprhd-controller

  /**
   * List the vCenter data centers of the vCenter.
   *
   * @param id the URN of a ViPR vCenter
   * @param tid tenant to filter the vCenter data centers. "No-Filter" or "null" indicates, listing
   *     all the vCenters in the system. "Not-Assigned" indicates, list all the vCenters with no
   *     tenants assigned to it.
   * @prereq none
   * @brief List vCenter data centers
   * @return All the list of vCenter data centers.
   * @throws DatabaseException when a DB error occurs.
   */
  @GET
  @Path("/{id}/vcenter-data-centers")
  @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
  public VcenterDataCenterList getVcenterDataCenters(
      @PathParam("id") URI id, @QueryParam("tenant") URI tid) throws DatabaseException {
    Vcenter vcenter = queryObject(Vcenter.class, id, false);
    ArgValidator.checkEntity(vcenter, id, isIdEmbeddedInURL(id));

    // check the user permissions for this tenant org
    verifyAuthorizedSystemOrTenantOrgUser(
        _permissionsHelper.convertToACLEntries(vcenter.getAcls()));

    URI tenantId;
    if (isSecurityAdmin() || isSystemAdmin()) {
      tenantId = tid;
    } else {
      if (shouldTenantAdminUseTenantParam(tid)) {
        tenantId = tid;
      } else {
        tenantId = URI.create(getUserFromContext().getTenantId());
      }
    }

    _log.debug("Fetching the vCenterDataCenters for the tenant {}", tenantId);

    // get the vcenters
    VcenterDataCenterList list = new VcenterDataCenterList();
    List<NamedElementQueryResultList.NamedElement> elements =
        listChildren(id, VcenterDataCenter.class, DATAOBJECT_NAME_FIELD, "vcenter");

    // Filter the vCenterDataCenters based on the tenant.
    list.setDataCenters(
        map(
            ResourceTypeEnum.VCENTERDATACENTER,
            id,
            filterTenantResourcesByTenant(tenantId, VcenterDataCenter.class, elements)));
    return list;
  }

コード例 #9

ファイル: VcenterService.java プロジェクト: seagle0128/coprhd-controller

  /**
   * List the clusters in a vCenter
   *
   * @param id the URN of a ViPR vCenter
   * @prereq none
   * @brief List vCenter clusters
   * @return The list of clusters of the vCenter.
   * @throws DatabaseException when a DB error occurs.
   */
  @GET
  @Path("/{id}/clusters")
  @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
  public ClusterList getVcenterClusters(@PathParam("id") URI id) throws DatabaseException {
    Vcenter vcenter = queryObject(Vcenter.class, id, false);
    ArgValidator.checkEntity(vcenter, id, isIdEmbeddedInURL(id));

    // check the user permissions for this tenant org
    verifyAuthorizedInTenantOrg(_permissionsHelper.convertToACLEntries(vcenter.getAcls()));

    URI tenantId = URI.create(getUserFromContext().getTenantId());

    List<NamedElementQueryResultList.NamedElement> vCentersDataCenters =
        filterTenantResourcesByTenant(
            tenantId,
            VcenterDataCenter.class,
            listChildren(id, VcenterDataCenter.class, DATAOBJECT_NAME_FIELD, "vcenter"));

    ClusterList list = new ClusterList();
    Iterator<NamedElementQueryResultList.NamedElement> dataCentersIterator =
        vCentersDataCenters.iterator();
    while (dataCentersIterator.hasNext()) {
      NamedElementQueryResultList.NamedElement dataCenterElement = dataCentersIterator.next();
      list.getClusters()
          .addAll(
              map(
                  ResourceTypeEnum.CLUSTER,
                  listChildren(
                      dataCenterElement.getId(),
                      Cluster.class,
                      DATAOBJECT_NAME_FIELD,
                      "vcenterDataCenter")));
    }

    return list;
  }

コード例 #10

ファイル: VcenterService.java プロジェクト: seagle0128/coprhd-controller

 /**
  * Check if the other tenants using the vCenter before deleting it. SysAdmin deleting the vCenter
  * is always allowed whereas, if the vCenter is shared with multiple tenants then it cannot be
  * deleted by the Tenant Admin.
  *
  * @param vcenter to be deleted.
  */
 private void checkIfOtherTenantsUsingTheVcenter(Vcenter vcenter) {
   if (!isSystemAdmin() && vcenter.getAcls().size() > 1) {
     throw APIException.forbidden.tenantAdminCannotDeleteVcenter(
         getUserFromContext().getName(), vcenter.getLabel());
   }
 }