public PutMetricDataResponseType putMetricData(PutMetricDataType request)
throws CloudWatchException {
PutMetricDataResponseType reply = request.getReply();
final Context ctx = Contexts.lookup();
try {
LOG.trace("put metric data called");
// IAM Action Check
checkActionPermission(PolicySpec.CLOUDWATCH_PUTMETRICDATA, ctx);
final OwnerFullName ownerFullName = ctx.getUserFullName();
final List<MetricDatum> metricData = validateMetricData(request.getMetricData());
final String namespace = validateNamespace(request.getNamespace(), true);
final Boolean isUserAccountAdmin =
Principals.isSameUser(
Principals.systemUser(), Wrappers.unwrap(Context.class, Contexts.lookup()).getUser());
LOG.trace("Namespace=" + namespace);
LOG.trace("metricData=" + metricData);
MetricType metricType = getMetricTypeFromNamespace(namespace);
if (metricType == MetricType.System && !isUserAccountAdmin) {
throw new InvalidParameterValueException(
"The value AWS/ for parameter Namespace is invalid.");
}
MetricDataQueue.getInstance()
.insertMetricData(ownerFullName.getAccountNumber(), namespace, metricData, metricType);
} catch (Exception ex) {
handleException(ex);
}
return reply;
}
public static void handle(String service, MuleMessage responseMessage, BaseMessage request) {
BaseMessage reply = null;
if (responseMessage.getExceptionPayload() == null) {
reply = (BaseMessage) responseMessage.getPayload();
} else {
Throwable t = responseMessage.getExceptionPayload().getException();
t = (t.getCause() == null) ? t : t.getCause();
reply = new EucalyptusErrorMessageType(service, request, t.getMessage());
}
String corrId = reply.getCorrelationId();
EventRecord.here(
EuareReplyQueue.class,
EventType.MSG_REPLY,
reply.getCorrelationId(),
reply.getClass().getSimpleName())
.debug();
try {
Context context = Contexts.lookup(corrId);
Channel channel = context.getChannel();
Channels.write(channel, reply);
Contexts.clear(context);
} catch (NoSuchContextException e) {
LOG.trace(e, e);
}
}
public DescribeAlarmsForMetricResponseType describeAlarmsForMetric(
DescribeAlarmsForMetricType request) throws CloudWatchException {
DescribeAlarmsForMetricResponseType reply = request.getReply();
final Context ctx = Contexts.lookup();
try {
// IAM Action Check
checkActionPermission(PolicySpec.CLOUDWATCH_DESCRIBEALARMSFORMETRIC, ctx);
final OwnerFullName ownerFullName = ctx.getUserFullName();
final String accountId = ownerFullName.getAccountNumber();
final Map<String, String> dimensionMap =
TransformationFunctions.DimensionsToMap.INSTANCE.apply(
validateDimensions(request.getDimensions()));
final String metricName = validateMetricName(request.getMetricName(), true);
final String namespace = validateNamespace(request.getNamespace(), true);
final Integer period = validatePeriod(request.getPeriod(), false);
final Statistic statistic = validateStatistic(request.getStatistic(), false);
final Units unit = validateUnits(request.getUnit(), true);
Collection<AlarmEntity> results =
AlarmManager.describeAlarmsForMetric(
accountId, dimensionMap, metricName, namespace, period, statistic, unit);
MetricAlarms metricAlarms = new MetricAlarms();
metricAlarms.setMember(
Lists.newArrayList(
Collections2.<AlarmEntity, MetricAlarm>transform(
results, TransformationFunctions.AlarmEntityToMetricAlarm.INSTANCE)));
reply.getDescribeAlarmsForMetricResult().setMetricAlarms(metricAlarms);
} catch (Exception ex) {
handleException(ex);
}
return reply;
}
public PutMetricAlarmResponseType putMetricAlarm(PutMetricAlarmType request)
throws CloudWatchException {
PutMetricAlarmResponseType reply = request.getReply();
final Context ctx = Contexts.lookup();
try {
// IAM Action Check
checkActionPermission(PolicySpec.CLOUDWATCH_PUTMETRICALARM, ctx);
final OwnerFullName ownerFullName = ctx.getUserFullName();
final String accountId = ownerFullName.getAccountNumber();
final Boolean actionsEnabled = validateActionsEnabled(request.getActionsEnabled(), true);
final Map<String, String> dimensionMap =
TransformationFunctions.DimensionsToMap.INSTANCE.apply(
validateDimensions(request.getDimensions()));
final Collection<String> alarmActions =
validateActions(request.getAlarmActions(), dimensionMap, "AlarmActions");
final String alarmDescription = validateAlarmDescription(request.getAlarmDescription());
final String alarmName = validateAlarmName(request.getAlarmName(), true);
final ComparisonOperator comparisonOperator =
validateComparisonOperator(request.getComparisonOperator(), true);
Integer evaluationPeriods = validateEvaluationPeriods(request.getEvaluationPeriods(), true);
final Integer period = validatePeriod(request.getPeriod(), true);
validatePeriodAndEvaluationPeriodsNotAcrossDays(period, evaluationPeriods);
final Collection<String> insufficientDataActions =
validateActions(
request.getInsufficientDataActions(), dimensionMap, "InsufficientDataActions");
final String metricName = validateMetricName(request.getMetricName(), true);
final String namespace = validateNamespace(request.getNamespace(), true);
final Collection<String> okActions =
validateActions(request.getOkActions(), dimensionMap, "OKActions");
final Statistic statistic = validateStatistic(request.getStatistic(), true);
final Double threshold = validateThreshold(request.getThreshold(), true);
final Units unit = validateUnits(request.getUnit(), true);
if (AlarmManager.countMetricAlarms(accountId) >= 5000) {
throw new LimitExceededException("The maximum limit of 5000 alarms would be exceeded.");
}
AlarmManager.putMetricAlarm(
accountId,
actionsEnabled,
alarmActions,
alarmDescription,
alarmName,
comparisonOperator,
dimensionMap,
evaluationPeriods,
insufficientDataActions,
metricName,
getMetricTypeFromNamespace(namespace),
namespace,
okActions,
period,
statistic,
threshold,
unit);
} catch (Exception ex) {
handleException(ex);
}
return reply;
}
@Override
public void incomingMessage(ChannelHandlerContext ctx, MessageEvent event) throws Exception {
if (event.getMessage() instanceof MappingHttpRequest) {
MappingHttpRequest httpRequest = (MappingHttpRequest) event.getMessage();
if (httpRequest.getMessage() instanceof WalrusRequestType) {
WalrusRequestType request = (WalrusRequestType) httpRequest.getMessage();
BucketLogData logData = request.getLogData();
if (logData != null) {
long currentTime = System.currentTimeMillis();
logData.setTotalTime(currentTime);
logData.setTurnAroundTime(currentTime);
logData.setUri(httpRequest.getUri());
String referrer = httpRequest.getHeader(HttpHeaders.Names.REFERER);
if (referrer != null) logData.setReferrer(referrer);
String userAgent = httpRequest.getHeader(HttpHeaders.Names.USER_AGENT);
if (userAgent != null) logData.setUserAgent(userAgent);
logData.setTimestamp(
String.format("[%1$td/%1$tb/%1$tY:%1$tH:%1$tM:%1$tS %1$tz]", Calendar.getInstance()));
User user = Contexts.lookup(httpRequest.getCorrelationId()).getUser();
if (user != null) logData.setAccessorId(user.getUserId());
if (request.getBucket() != null) logData.setBucketName(request.getBucket());
if (request.getKey() != null) logData.setKey(request.getKey());
if (ctx.getChannel().getRemoteAddress() instanceof InetSocketAddress) {
InetSocketAddress sockAddress = (InetSocketAddress) ctx.getChannel().getRemoteAddress();
logData.setSourceAddress(sockAddress.getAddress().getHostAddress());
}
}
}
}
}
public static ModifyPropertyValueResponseType modifyProperty(ModifyPropertyValueType request)
throws EucalyptusCloudException {
ModifyPropertyValueResponseType reply = request.getReply();
if (INTERNAL_OP.equals(request.getName())) {
if (!Contexts.lookup().hasAdministrativePrivileges()) {
throw new EucalyptusCloudException("You are not authorized to interact with this service.");
}
LOG.debug("Performing euca operation: \n" + request.getValue());
try {
reply.setName(INTERNAL_OP);
reply.setValue("" + Groovyness.eval(request.getValue()));
reply.setOldValue("executed successfully.");
} catch (Exception ex) {
LOG.error(ex, ex);
reply.setName(INTERNAL_OP);
reply.setOldValue("euca operation failed because of: " + ex.getMessage());
reply.setValue(Exceptions.string(ex));
}
} else {
try {
ConfigurableProperty entry = PropertyDirectory.getPropertyEntry(request.getName());
String oldValue = "********";
if (!entry.getWidgetType().equals(ConfigurableFieldType.KEYVALUEHIDDEN)) {
oldValue = entry.getValue();
}
reply.setOldValue(oldValue);
Boolean reset = request.getReset();
if (reset != null) {
if (Boolean.TRUE.equals(reset)) {
entry.setValue(entry.getDefaultValue());
}
} else {
// if property is ReadOnly it should not be set by user
if (!entry.getReadOnly()) {
try {
String inValue = request.getValue();
entry.setValue((inValue == null) ? "" : inValue);
} catch (Exception e) {
entry.setValue(oldValue);
Exceptions.findAndRethrow(e, EucalyptusCloudException.class);
throw e;
}
}
}
reply.setValue(entry.getValue());
reply.setName(request.getName());
} catch (IllegalAccessException e) {
throw new EucalyptusCloudException("Failed to set property: " + e.getMessage());
} catch (EucalyptusCloudException e) {
throw e;
} catch (Throwable e) {
throw new EucalyptusCloudException(e);
}
}
return reply;
}
@SuppressWarnings("ThrowableResultOfMethodCallIgnored")
public void handle(final ExceptionMessage exMsg) {
EventRecord.here(getClass(), EventType.MSG_REPLY, exMsg.getPayload().getClass().getSimpleName())
.debug();
LOG.trace("Caught exception while servicing: " + exMsg.getPayload());
final Throwable exception = exMsg.getException();
if (exception instanceof MessagingException
&& exception.getCause() instanceof EucalyptusCloudException) {
try {
final EucalyptusCloudException cloudException =
(EucalyptusCloudException) exception.getCause();
final BaseMessage payload = parsePayload(exMsg.getPayload());
final HttpResponseStatus status;
final Role role;
final String code;
if (cloudException instanceof EucalyptusWebServiceException) {
final EucalyptusWebServiceException webServiceException =
(EucalyptusWebServiceException) cloudException;
role = webServiceException.getRole();
code = webServiceException.getCode();
} else {
role = Role.Receiver;
code = defaultCode;
}
final QueryBindingInfo info =
Ats.inClassHierarchy(cloudException.getClass()).get(QueryBindingInfo.class);
status =
info == null
? HttpResponseStatus.INTERNAL_SERVER_ERROR
: new HttpResponseStatus(info.statusCode(), code);
final BaseMessage errorResp =
buildErrorResponse(payload.getCorrelationId(), role, code, cloudException.getMessage());
Contexts.response(new BaseMessageSupplier(errorResp, status));
} catch (final PayloadParseException e) {
LOG.error("Failed to parse payload ", e.getCause());
}
} else {
LOG.error("Unable to handle exception", exception);
final BaseMessage errorResp = buildFatalResponse(exception);
Contexts.response(
new BaseMessageSupplier(errorResp, HttpResponseStatus.INTERNAL_SERVER_ERROR));
}
}
public void handle(BaseMessage responseMessage) {
EventRecord.here(
EuareReplyQueue.class,
EventType.MSG_REPLY,
responseMessage.getCorrelationId(),
responseMessage.getClass().getSimpleName())
.debug();
LOG.debug("HERE: " + responseMessage);
String corrId = responseMessage.getCorrelationId();
try {
Context context = Contexts.lookup(corrId);
Channel channel = context.getChannel();
Channels.write(channel, responseMessage);
Contexts.clear(context);
} catch (NoSuchContextException e) {
LOG.warn("Received a reply for absent client: No channel to write response message.", e);
LOG.debug(responseMessage);
}
}
public CreateVolumeResponseType CreateVolume(final CreateVolumeType request)
throws EucalyptusCloudException, AuthException {
Context ctx = Contexts.lookup();
Long volSize = request.getSize() != null ? Long.parseLong(request.getSize()) : null;
final String snapId = request.getSnapshotId();
String partition = request.getAvailabilityZone();
if ((request.getSnapshotId() == null && request.getSize() == null)) {
throw new EucalyptusCloudException("One of size or snapshotId is required as a parameter.");
}
if (snapId != null) {
try {
Transactions.find(Snapshot.named(null, snapId));
} catch (ExecutionException ex) {
throw new EucalyptusCloudException(
"Failed to create volume because the referenced snapshot id is invalid: " + snapId);
}
}
final Integer newSize = new Integer(request.getSize() != null ? request.getSize() : "-1");
Exception lastEx = null;
for (int i = 0; i < VOL_CREATE_RETRIES; i++) {
try {
final ServiceConfiguration sc =
Topology.lookup(Storage.class, Partitions.lookupByName(partition));
final UserFullName owner = ctx.getUserFullName();
Function<Long, Volume> allocator =
new Function<Long, Volume>() {
@Override
public Volume apply(Long size) {
try {
return Volumes.createStorageVolume(
sc, owner, snapId, Ints.checkedCast(size), request);
} catch (ExecutionException ex) {
throw Exceptions.toUndeclared(ex);
}
}
};
Volume newVol = RestrictedTypes.allocateMeasurableResource(newSize.longValue(), allocator);
CreateVolumeResponseType reply = request.getReply();
reply.setVolume(newVol.morph(new edu.ucsb.eucalyptus.msgs.Volume()));
return reply;
} catch (RuntimeException ex) {
LOG.error(ex, ex);
if (!(ex.getCause() instanceof ExecutionException)) {
throw ex;
} else {
lastEx = ex;
}
}
}
throw new EucalyptusCloudException(
"Failed to create volume after " + VOL_CREATE_RETRIES + " because of: " + lastEx, lastEx);
}
private Allocation(
final String reservationId,
final String instanceId,
final String instanceUuid,
final byte[] userData,
final Date expiration,
final Partition partition,
final SshKeyPair sshKeyPair,
final BootableSet bootSet,
final VmType vmType,
final Set<NetworkGroup> networkGroups,
final boolean isUsePrivateAddressing,
final boolean monitoring,
final String clientToken,
final String iamInstanceProfileArn,
final String iamInstanceProfileId,
final String iamRoleArn) {
this.context = Contexts.lookup();
this.minCount = 1;
this.maxCount = 1;
this.usePrivateAddressing = isUsePrivateAddressing;
this.ownerFullName = context.getUserFullName();
this.reservationId = reservationId;
this.reservationIndex = UniqueIds.nextIndex(VmInstance.class, (long) this.maxCount);
this.instanceIds = Maps.newHashMap();
this.instanceIds.put(0, instanceId);
this.instanceUuids = Maps.newHashMap();
this.instanceUuids.put(0, instanceUuid);
this.userData = userData;
this.partition = partition;
this.sshKeyPair = (sshKeyPair != null ? sshKeyPair : KeyPairs.noKey());
this.bootSet = bootSet;
this.expiration = expiration;
this.vmType = vmType;
this.monitoring = monitoring;
this.clientToken = clientToken;
this.iamInstanceProfileArn = iamInstanceProfileArn;
this.iamInstanceProfileId = iamInstanceProfileId;
this.iamRoleArn = iamRoleArn;
this.credential = null;
this.networkGroups =
new HashMap<String, NetworkGroup>() {
{
for (NetworkGroup g : networkGroups) {
if (Allocation.this.primaryNetwork == null) {
Allocation.this.primaryNetwork = g;
}
put(g.getDisplayName(), g);
}
}
};
this.request = inferRequest();
}
@Override
public void handleUpstream(final ChannelHandlerContext ctx, final ChannelEvent e)
throws Exception {
final MappingHttpMessage request = MappingHttpMessage.extractMessage(e);
final BaseMessage msg = BaseMessage.extractMessage(e);
if ((request != null) && (msg != null)) {
final User user = Contexts.lookup(request.getCorrelationId()).getUser();
if (user.isSystemAdmin() || ServiceOperations.isUserOperation(msg)) {
ctx.sendUpstream(e);
} else {
Contexts.clear(Contexts.lookup(msg.getCorrelationId()));
ctx.getChannel()
.write(
new MappingHttpResponse(
request.getProtocolVersion(), HttpResponseStatus.FORBIDDEN));
}
} else {
ctx.sendUpstream(e);
}
}
private static void checkAuthorized() throws ReportingException {
final Context ctx = Contexts.lookup();
final User requestUser = ctx.getUser();
final AuthContextSupplier requestUserSupplier = ctx.getAuthContext();
if (!requestUser.isSystemUser()
|| !Permissions.isAuthorized(
VENDOR_REPORTING, "", "", null, getIamActionByMessageType(), requestUserSupplier)) {
throw new ReportingException(
HttpResponseStatus.UNAUTHORIZED, ReportingException.NOT_AUTHORIZED, "Not authorized");
}
}
@Override
public DescribeServicesResponseType apply(final DescribeServicesType input) {
try {
if (!Contexts.lookup().getUser().isSystemAdmin()) {
return user(input);
} else {
return EmpyreanService.describeService(input);
}
} catch (final Exception ex) {
throw Exceptions.toUndeclared(ex);
}
}
private static void handleException(final Exception e) throws CloudWatchException {
final CloudWatchException cause = Exceptions.findCause(e, CloudWatchException.class);
if (cause != null) {
throw cause;
}
final InternalFailureException exception =
new InternalFailureException(String.valueOf(e.getMessage()));
if (Contexts.lookup().hasAdministrativePrivileges()) {
exception.initCause(e);
}
throw exception;
}
public GetMetricStatisticsResponseType getMetricStatistics(GetMetricStatisticsType request)
throws CloudWatchException {
GetMetricStatisticsResponseType reply = request.getReply();
final Context ctx = Contexts.lookup();
try {
// IAM Action Check
checkActionPermission(PolicySpec.CLOUDWATCH_GETMETRICSTATISTICS, ctx);
// TODO: parse statistics separately()?
final OwnerFullName ownerFullName = ctx.getUserFullName();
Statistics statistics = validateStatistics(request.getStatistics());
final String namespace = validateNamespace(request.getNamespace(), true);
final String metricName = validateMetricName(request.getMetricName(), true);
final Date startTime =
MetricManager.stripSeconds(validateStartTime(request.getStartTime(), true));
final Date endTime = MetricManager.stripSeconds(validateEndTime(request.getEndTime(), true));
final Integer period = validatePeriod(request.getPeriod(), true);
validateDateOrder(startTime, endTime, "StartTime", "EndTime", true, true);
validateNotTooManyDataPoints(startTime, endTime, period, 1440L);
// TODO: null units here does not mean Units.NONE but basically a
// wildcard.
// Consider this case.
final Units units = validateUnits(request.getUnit(), false);
final Map<String, String> dimensionMap =
TransformationFunctions.DimensionsToMap.INSTANCE.apply(
validateDimensions(request.getDimensions()));
Collection<MetricStatistics> metrics;
metrics =
MetricManager.getMetricStatistics(
ownerFullName.getAccountNumber(),
metricName,
namespace,
dimensionMap,
getMetricTypeFromNamespace(namespace),
units,
startTime,
endTime,
period);
reply.getGetMetricStatisticsResult().setLabel(metricName);
ArrayList<Datapoint> datapoints = convertMetricStatisticsToDataoints(statistics, metrics);
if (datapoints.size() > 0) {
Datapoints datapointsReply = new Datapoints();
datapointsReply.setMember(datapoints);
reply.getGetMetricStatisticsResult().setDatapoints(datapointsReply);
}
} catch (Exception ex) {
handleException(ex);
}
return reply;
}
@Override
public void handleUpstream(
final ChannelHandlerContext channelHandlerContext, final ChannelEvent channelEvent)
throws Exception {
if (channelEvent instanceof MessageEvent && componentIdClass != null) {
final BaseMessage message = BaseMessage.extractMessage(channelEvent);
final ComponentMessage componentMessage =
message == null
? null
: Ats.inClassHierarchy(message.getClass()).get(ComponentMessage.class);
if (message != null
&& (componentMessage == null || !componentIdClass.equals(componentMessage.value()))) {
LOG.warn(
String.format(
"Message %s does not match pipeline component %s",
message.getClass(), componentIdClass.getSimpleName()));
final MappingHttpMessage mappingHttpMessage =
MappingHttpMessage.extractMessage(channelEvent);
final BaseMessage baseMessage = BaseMessage.extractMessage(channelEvent);
if (baseMessage != null) {
Contexts.clear(Contexts.lookup(baseMessage.getCorrelationId()));
}
channelHandlerContext
.getChannel()
.write(
new MappingHttpResponse(
mappingHttpMessage == null
? HttpVersion.HTTP_1_1
: mappingHttpMessage.getProtocolVersion(),
HttpResponseStatus.BAD_REQUEST));
return;
}
}
channelHandlerContext.sendUpstream(channelEvent);
}
public ListMetricsResponseType listMetrics(ListMetricsType request) throws CloudWatchException {
ListMetricsResponseType reply = request.getReply();
final Context ctx = Contexts.lookup();
try {
// IAM Action Check
checkActionPermission(PolicySpec.CLOUDWATCH_LISTMETRICS, ctx);
final OwnerFullName ownerFullName = ctx.getUserFullName();
final String namespace = validateNamespace(request.getNamespace(), false);
final String metricName = validateMetricName(request.getMetricName(), false);
final Map<String, String> dimensionMap =
TransformationFunctions.DimensionFiltersToMap.INSTANCE.apply(
validateDimensionFilters(request.getDimensions()));
// take all stats updated after two weeks ago
final Date after = new Date(System.currentTimeMillis() - 2 * 7 * 24 * 60 * 60 * 1000L);
final Date before = null; // no bound on time before stats are updated
// (though maybe 'now')
final Integer maxRecords = 500; // per the API docs
final String nextToken = request.getNextToken();
final List<ListMetric> results =
ListMetricManager.listMetrics(
ownerFullName.getAccountNumber(),
metricName,
namespace,
dimensionMap,
after,
before,
maxRecords,
nextToken);
final Metrics metrics = new Metrics();
metrics.setMember(
Lists.newArrayList(
Collections2.<ListMetric, Metric>transform(
results, TransformationFunctions.ListMetricToMetric.INSTANCE)));
final ListMetricsResult listMetricsResult = new ListMetricsResult();
listMetricsResult.setMetrics(metrics);
if (maxRecords != null && results.size() == maxRecords) {
listMetricsResult.setNextToken(results.get(results.size() - 1).getNaturalId());
}
reply.setListMetricsResult(listMetricsResult);
} catch (Exception ex) {
handleException(ex);
}
return reply;
}
public DisableAlarmActionsResponseType disableAlarmActions(DisableAlarmActionsType request)
throws EucalyptusCloudException {
DisableAlarmActionsResponseType reply = request.getReply();
final Context ctx = Contexts.lookup();
try {
// IAM Action Check
checkActionPermission(PolicySpec.CLOUDWATCH_DISABLEALARMACTIONS, ctx);
final OwnerFullName ownerFullName = ctx.getUserFullName();
final String accountId = ownerFullName.getAccountNumber();
Collection<String> alarmNames = validateAlarmNames(request.getAlarmNames(), true);
AlarmManager.disableAlarmActions(accountId, alarmNames);
} catch (Exception ex) {
handleException(ex);
}
return reply;
}
public DescribeAlarmsResponseType describeAlarms(DescribeAlarmsType request)
throws CloudWatchException {
DescribeAlarmsResponseType reply = request.getReply();
final Context ctx = Contexts.lookup();
try {
// IAM Action Check
checkActionPermission(PolicySpec.CLOUDWATCH_DESCRIBEALARMS, ctx);
final OwnerFullName ownerFullName = ctx.getUserFullName();
final String accountId = ownerFullName.getAccountNumber();
final String actionPrefix = validateActionPrefix(request.getActionPrefix(), false);
final String alarmNamePrefix = validateAlarmNamePrefix(request.getAlarmNamePrefix(), false);
final Collection<String> alarmNames = validateAlarmNames(request.getAlarmNames(), false);
validateNotBothAlarmNamesAndAlarmNamePrefix(alarmNames, alarmNamePrefix);
final Integer maxRecords = validateMaxRecords(request.getMaxRecords());
final String nextToken = request.getNextToken();
final StateValue stateValue = validateStateValue(request.getStateValue(), false);
List<AlarmEntity> results =
AlarmManager.describeAlarms(
accountId,
actionPrefix,
alarmNamePrefix,
alarmNames,
maxRecords,
stateValue,
nextToken);
if (maxRecords != null && results.size() == maxRecords) {
reply
.getDescribeAlarmsResult()
.setNextToken(results.get(results.size() - 1).getNaturalId());
}
MetricAlarms metricAlarms = new MetricAlarms();
metricAlarms.setMember(
Lists.newArrayList(
Collections2.<AlarmEntity, MetricAlarm>transform(
results, TransformationFunctions.AlarmEntityToMetricAlarm.INSTANCE)));
reply.getDescribeAlarmsResult().setMetricAlarms(metricAlarms);
} catch (Exception ex) {
handleException(ex);
}
return reply;
}
public SetAlarmStateResponseType setAlarmState(SetAlarmStateType request)
throws CloudWatchException {
SetAlarmStateResponseType reply = request.getReply();
final Context ctx = Contexts.lookup();
try {
// IAM Action Check
checkActionPermission(PolicySpec.CLOUDWATCH_SETALARMSTATE, ctx);
final OwnerFullName ownerFullName = ctx.getUserFullName();
final String accountId = ownerFullName.getAccountNumber();
final String alarmName = validateAlarmName(request.getAlarmName(), true);
final String stateReason = validateStateReason(request.getStateReason(), true);
final String stateReasonData = validateStateReasonData(request.getStateReasonData(), false);
final StateValue stateValue = validateStateValue(request.getStateValue(), true);
AlarmManager.setAlarmState(accountId, alarmName, stateReason, stateReasonData, stateValue);
} catch (Exception ex) {
handleException(ex);
}
return reply;
}
public DescribeAlarmHistoryResponseType describeAlarmHistory(DescribeAlarmHistoryType request)
throws CloudWatchException {
DescribeAlarmHistoryResponseType reply = request.getReply();
final Context ctx = Contexts.lookup();
try {
// IAM Action Check
checkActionPermission(PolicySpec.CLOUDWATCH_DESCRIBEALARMHISTORY, ctx);
final OwnerFullName ownerFullName = ctx.getUserFullName();
final String accountId = ownerFullName.getAccountNumber();
final String alarmName = validateAlarmName(request.getAlarmName(), false);
final Date endDate = validateEndDate(request.getEndDate(), false);
final Date startDate = validateStartDate(request.getStartDate(), false);
validateDateOrder(startDate, endDate, "StartDate", "EndDate", false, false);
final HistoryItemType historyItemType =
validateHistoryItemType(request.getHistoryItemType(), false);
final Integer maxRecords = validateMaxRecords(request.getMaxRecords());
final String nextToken = request.getNextToken();
List<AlarmHistory> results =
AlarmManager.describeAlarmHistory(
accountId, alarmName, endDate, historyItemType, maxRecords, startDate, nextToken);
if (maxRecords != null && results.size() == maxRecords) {
reply
.getDescribeAlarmHistoryResult()
.setNextToken(results.get(results.size() - 1).getNaturalId());
}
AlarmHistoryItems alarmHistoryItems = new AlarmHistoryItems();
alarmHistoryItems.setMember(
Lists.newArrayList(
Collections2.<AlarmHistory, AlarmHistoryItem>transform(
results, TransformationFunctions.AlarmHistoryToAlarmHistoryItem.INSTANCE)));
reply.getDescribeAlarmHistoryResult().setAlarmHistoryItems(alarmHistoryItems);
} catch (Exception ex) {
handleException(ex);
}
return reply;
}
private Allocation(final RunInstancesType request) {
this.context = Contexts.lookup();
this.instanceIds = Maps.newHashMap();
this.instanceUuids = Maps.newHashMap();
this.request = request;
this.minCount = request.getMinCount();
this.maxCount = request.getMaxCount();
this.usePrivateAddressing = "private".equals(request.getAddressingType());
this.disableApiTermination =
Optional.fromNullable(request.getDisableTerminate()).or(Boolean.FALSE);
this.monitoring = request.getMonitoring() == null ? Boolean.FALSE : request.getMonitoring();
this.clientToken = Strings.emptyToNull(request.getClientToken());
this.ownerFullName = this.context.getUserFullName();
if ((this.request.getInstanceType() == null) || "".equals(this.request.getInstanceType())) {
this.request.setInstanceType(VmTypes.defaultTypeName());
}
this.reservationIndex = UniqueIds.nextIndex(VmInstance.class, (long) request.getMaxCount());
this.reservationId = IdentityIdFormats.generate(getAuthenticatedArn(), "r");
this.request.setMonitoring(this.monitoring);
// GRZE:FIXME: moved all this encode/decode junk into util.UserDatas
if (this.request.getUserData() != null) {
try {
this.userData = Base64.decode(this.request.getUserData());
this.request.setUserData(new String(Base64.encode(this.userData)));
} catch (Exception e) {
}
} else {
try {
this.request.setUserData(new String(Base64.encode(new byte[0])));
} catch (Exception ex) {
LOG.error(ex, ex);
}
}
this.credential = null;
}
public DeleteVolumeResponseType DeleteVolume(final DeleteVolumeType request)
throws EucalyptusCloudException {
DeleteVolumeResponseType reply = (DeleteVolumeResponseType) request.getReply();
final Context ctx = Contexts.lookup();
reply.set_return(false);
final Function<String, Volume> deleteVolume =
new Function<String, Volume>() {
@Override
public Volume apply(final String input) {
try {
Volume vol =
Entities.uniqueResult(
Volume.named(ctx.getUserFullName().asAccountFullName(), input));
if (!RestrictedTypes.filterPrivileged().apply(vol)) {
throw Exceptions.toUndeclared(
"Not authorized to delete volume by " + ctx.getUser().getName());
}
try {
VmVolumeAttachment attachment = VmInstances.lookupVolumeAttachment(input);
throw new IllegalStateException("Volume is currently attached: " + attachment);
} catch (NoSuchElementException ex) {
/** no such volume attached, move along... * */
}
if (State.FAIL.equals(vol.getState()) || State.ANNIHILATED.equals(vol.getState())) {
Entities.delete(vol);
Volumes.fireDeleteEvent(vol);
return vol;
} else if (State.ANNIHILATING.equals(vol.getState())) {
return vol;
} else {
try {
ServiceConfiguration sc =
Topology.lookup(Storage.class, Partitions.lookupByName(vol.getPartition()));
DeleteStorageVolumeResponseType scReply =
AsyncRequests.sendSync(sc, new DeleteStorageVolumeType(vol.getDisplayName()));
if (scReply.get_return()) {
vol.setState(State.ANNIHILATING);
return vol;
} else {
throw Exceptions.toUndeclared(
"Storage Controller returned false: Contact the administrator to report the problem.");
}
} catch (Exception ex) {
throw Exceptions.toUndeclared(
"Storage Controller request failed: Contact the administrator to report the problem.",
ex);
}
}
} catch (NoSuchElementException ex) {
throw ex;
} catch (TransactionException ex) {
throw Exceptions.toUndeclared(
"Deleting volume failed: Contact the administrator to report the problem.", ex);
}
}
};
try {
Entities.asTransaction(Volume.class, deleteVolume).apply(request.getVolumeId());
reply.set_return(true);
return reply;
} catch (NoSuchElementException ex) {
return reply;
} catch (RuntimeException ex) {
throw ex;
}
}
public DescribeVolumesResponseType DescribeVolumes(DescribeVolumesType request) throws Exception {
final DescribeVolumesResponseType reply = (DescribeVolumesResponseType) request.getReply();
final Context ctx = Contexts.lookup();
final boolean showAll = request.getVolumeSet().remove("verbose");
final AccountFullName ownerFullName =
(ctx.hasAdministrativePrivileges() && showAll)
? null
: ctx.getUserFullName().asAccountFullName();
final Set<String> volumeIds = Sets.newHashSet();
if (!request.getVolumeSet().isEmpty()) {
volumeIds.addAll(request.getVolumeSet());
}
final Function<Set<String>, Set<String>> lookupVolumeIds =
new Function<Set<String>, Set<String>>() {
public Set<String> apply(final Set<String> input) {
Set<String> res = Sets.newHashSet();
if (input.isEmpty()) {
for (Volume foundVol :
Collections2.filter(
Entities.query(Volume.named(ownerFullName, null)),
RestrictedTypes.filterPrivileged())) {
res.add(foundVol.getDisplayName());
}
} else {
for (String s : input) {
try {
Volume foundVol = Entities.uniqueResult(Volume.named(ownerFullName, s));
if (RestrictedTypes.filterPrivileged().apply(foundVol)) {
res.add(foundVol.getDisplayName());
}
} catch (NoSuchElementException ex) {
} catch (TransactionException ex) {
throw Exceptions.toUndeclared(ex);
}
}
}
return res;
}
};
Set<String> allowedVolumeIds =
Entities.asTransaction(Volume.class, lookupVolumeIds).apply(volumeIds);
final Function<String, Volume> lookupVolume =
new Function<String, Volume>() {
@Override
public Volume apply(String input) {
try {
Volume foundVol = Entities.uniqueResult(Volume.named(ownerFullName, input));
if (State.ANNIHILATED.equals(foundVol.getState())) {
Entities.delete(foundVol);
Volumes.fireDeleteEvent(foundVol);
reply.getVolumeSet().add(foundVol.morph(new edu.ucsb.eucalyptus.msgs.Volume()));
return foundVol;
} else if (RestrictedTypes.filterPrivileged().apply(foundVol)) {
AttachedVolume attachedVolume = null;
try {
VmVolumeAttachment attachment = VmInstances.lookupVolumeAttachment(input);
attachedVolume =
VmVolumeAttachment.asAttachedVolume(attachment.getVmInstance())
.apply(attachment);
} catch (NoSuchElementException ex) {
if (State.BUSY.equals(foundVol.getState())) {
foundVol.setState(State.EXTANT);
}
}
edu.ucsb.eucalyptus.msgs.Volume msgTypeVolume =
foundVol.morph(new edu.ucsb.eucalyptus.msgs.Volume());
if (attachedVolume != null) {
msgTypeVolume.setStatus("in-use");
msgTypeVolume.getAttachmentSet().add(attachedVolume);
}
reply.getVolumeSet().add(msgTypeVolume);
return foundVol;
}
} catch (NoSuchElementException ex) {
throw ex;
} catch (TransactionException ex) {
throw Exceptions.toUndeclared(ex);
}
throw new NoSuchElementException("Failed to lookup volume: " + input);
}
};
for (String volId : allowedVolumeIds) {
try {
Volume vol = Entities.asTransaction(Volume.class, lookupVolume).apply(volId);
} catch (Exception ex) {
Logs.extreme().debug(ex, ex);
}
}
return reply;
}
/**
* Evaluates the authorization for the operation requested, evaluates IAM, ACL, and bucket policy
* (bucket policy not yet supported).
*
* @param request
* @param bucketResourceEntity
* @param objectResourceEntity
* @param resourceAllocationSize the size for the quota check(s) if applicable
* @return
*/
public <T extends ObjectStorageRequestType> boolean operationAllowed(
@Nonnull T request,
@Nullable final S3AccessControlledEntity bucketResourceEntity,
@Nullable final S3AccessControlledEntity objectResourceEntity,
long resourceAllocationSize)
throws IllegalArgumentException {
/*
* Process the operation's authz requirements based on the request type annotations
*/
Ats requestAuthzProperties = Ats.from(request);
ObjectStorageProperties.Permission[] requiredBucketACLPermissions = null;
ObjectStorageProperties.Permission[] requiredObjectACLPermissions = null;
Boolean allowOwnerOnly = null;
RequiresACLPermission requiredACLs = requestAuthzProperties.get(RequiresACLPermission.class);
if (requiredACLs != null) {
requiredBucketACLPermissions = requiredACLs.bucket();
requiredObjectACLPermissions = requiredACLs.object();
allowOwnerOnly = requiredACLs.ownerOnly();
} else {
// No ACL annotation is ok, maybe a admin only op
}
String[] requiredActions = null;
RequiresPermission perms = requestAuthzProperties.get(RequiresPermission.class);
if (perms != null) {
requiredActions = perms.value();
}
Boolean allowAdmin = (requestAuthzProperties.get(AdminOverrideAllowed.class) != null);
Boolean allowOnlyAdmin =
(requestAuthzProperties.get(AdminOverrideAllowed.class) != null)
&& requestAuthzProperties.get(AdminOverrideAllowed.class).adminOnly();
// Must have at least one of: admin-only, owner-only, ACL, or IAM.
if (requiredBucketACLPermissions == null
&& requiredObjectACLPermissions == null
&& requiredActions == null
&& !allowAdmin) {
// Insufficient permission set on the message type.
LOG.error(
"Insufficient permission annotations on type: "
+ request.getClass().getName()
+ " cannot evaluate authorization");
return false;
}
String resourceType = null;
if (requestAuthzProperties.get(ResourceType.class) != null) {
resourceType = requestAuthzProperties.get(ResourceType.class).value();
}
// Use these variables to isolate where all the AuthExceptions can happen on account/user
// lookups
User requestUser = null;
String securityToken = null;
Account requestAccount = null;
AuthContextSupplier authContext = null;
try {
// Use context if available as it saves a DB lookup
try {
Context ctx = Contexts.lookup(request.getCorrelationId());
requestUser = ctx.getUser();
securityToken = ctx.getSecurityToken();
requestAccount = requestUser.getAccount();
authContext = ctx.getAuthContext();
} catch (NoSuchContextException e) {
requestUser = null;
securityToken = null;
requestAccount = null;
authContext = null;
}
// This is not an expected path, but if no context found use the request credentials itself
if (requestUser == null && !Strings.isNullOrEmpty(request.getEffectiveUserId())) {
requestUser = Accounts.lookupUserById(request.getEffectiveUserId());
requestAccount = requestUser.getAccount();
}
if (requestUser == null) {
if (!Strings.isNullOrEmpty(request.getAccessKeyID())) {
if (securityToken != null) {
requestUser = SecurityTokenManager.lookupUser(request.getAccessKeyID(), securityToken);
} else {
requestUser = Accounts.lookupUserByAccessKeyId(request.getAccessKeyID());
}
requestAccount = requestUser.getAccount();
} else {
// Set to anonymous user since all else failed
requestUser = Principals.nobodyUser();
requestAccount = requestUser.getAccount();
}
}
} catch (AuthException e) {
LOG.error(
"Failed to get user for request, cannot verify authorization: " + e.getMessage(), e);
return false;
}
if (allowAdmin && requestUser.isSystemAdmin()) {
// Admin override
return true;
}
if (authContext == null) {
authContext =
Permissions.createAuthContextSupplier(
requestUser, Collections.<String, String>emptyMap());
}
Account resourceOwnerAccount = null;
if (resourceType == null) {
LOG.error("No resource type found in request class annotations, cannot process.");
return false;
} else {
try {
// Ensure we have the proper resource entities present and get owner info
if (PolicySpec.S3_RESOURCE_BUCKET.equals(resourceType)) {
// Get the bucket owner.
if (bucketResourceEntity == null) {
LOG.error(
"Could not check access for operation due to no bucket resource entity found");
return false;
} else {
resourceOwnerAccount =
Accounts.lookupAccountByCanonicalId(bucketResourceEntity.getOwnerCanonicalId());
}
} else if (PolicySpec.S3_RESOURCE_OBJECT.equals(resourceType)) {
if (objectResourceEntity == null) {
LOG.error(
"Could not check access for operation due to no object resource entity found");
return false;
} else {
resourceOwnerAccount =
Accounts.lookupAccountByCanonicalId(objectResourceEntity.getOwnerCanonicalId());
}
}
} catch (AuthException e) {
LOG.error("Exception caught looking up resource owner. Disallowing operation.", e);
return false;
}
}
// Get the resourceId based on IAM resource type
String resourceId = null;
if (resourceId == null) {
if (PolicySpec.S3_RESOURCE_BUCKET.equals(resourceType)) {
resourceId = request.getBucket();
} else if (PolicySpec.S3_RESOURCE_OBJECT.equals(resourceType)) {
resourceId = request.getFullResource();
}
}
if (allowAdmin
&& requestUser.isSystemUser()
&& iamPermissionsAllow(
authContext, requiredActions, resourceType, resourceId, resourceAllocationSize)) {
// Admin override
return true;
}
if (requiredBucketACLPermissions == null && requiredObjectACLPermissions == null) {
throw new IllegalArgumentException(
"No requires-permission actions found in request class annotations, cannot process.");
}
/* ACL Checks: Is the user's account allowed? */
Boolean aclAllow = false;
if (requiredBucketACLPermissions != null && requiredBucketACLPermissions.length > 0) {
// Check bucket ACLs
if (bucketResourceEntity == null) {
// There are bucket ACL requirements but no bucket entity to check. fail.
// Don't bother with other checks, this is an invalid state
LOG.error("Null bucket resource, cannot evaluate bucket ACL");
return false;
}
// Evaluate the bucket ACL, any matching grant gives permission
for (ObjectStorageProperties.Permission permission : requiredBucketACLPermissions) {
aclAllow =
aclAllow || bucketResourceEntity.can(permission, requestAccount.getCanonicalId());
}
}
// Check object ACLs, if any
if (requiredObjectACLPermissions != null && requiredObjectACLPermissions.length > 0) {
if (objectResourceEntity == null) {
// There are object ACL requirements but no object entity to check. fail.
// Don't bother with other checks, this is an invalid state
LOG.error("Null bucket resource, cannot evaluate bucket ACL");
return false;
}
for (ObjectStorageProperties.Permission permission : requiredObjectACLPermissions) {
aclAllow =
aclAllow || objectResourceEntity.can(permission, requestAccount.getCanonicalId());
}
}
/* Resource owner only? if so, override any previous acl decisions
* It is not expected that owneronly is set as well as other ACL permissions,
* Regular owner permissions (READ, WRITE, READ_ACP, WRITE_ACP) are handled by the regular acl checks.
* OwnerOnly should be only used for operations not covered by the other Permissions (e.g. logging, or versioning)
*/
aclAllow =
(allowOwnerOnly
? resourceOwnerAccount.getAccountNumber().equals(requestAccount.getAccountNumber())
: aclAllow);
if (aclAllow && isUserAnonymous(requestUser)) {
// Skip the IAM checks for anonymous access since they will always fail and aren't valid for
// anonymous users.
return true;
} else {
Boolean iamAllow =
iamPermissionsAllow(
authContext, requiredActions, resourceType, resourceId, resourceAllocationSize);
// Must have both acl and iam allow (account & user)
return aclAllow && iamAllow;
}
}
public AttachVolumeResponseType AttachVolume(AttachVolumeType request)
throws EucalyptusCloudException {
AttachVolumeResponseType reply = (AttachVolumeResponseType) request.getReply();
final String deviceName = request.getDevice();
final String volumeId = request.getVolumeId();
final Context ctx = Contexts.lookup();
if (request.getDevice() == null
|| request.getDevice().endsWith("sda")
|| request.getDevice().endsWith("sdb")) {
throw new EucalyptusCloudException("Invalid device name specified: " + request.getDevice());
}
VmInstance vm = null;
try {
vm = RestrictedTypes.doPrivileged(request.getInstanceId(), VmInstance.class);
} catch (NoSuchElementException ex) {
LOG.debug(ex, ex);
throw new EucalyptusCloudException("Instance does not exist: " + request.getInstanceId(), ex);
} catch (Exception ex) {
LOG.debug(ex, ex);
throw new EucalyptusCloudException(ex.getMessage(), ex);
}
AccountFullName ownerFullName = ctx.getUserFullName().asAccountFullName();
Volume volume = Volumes.lookup(ownerFullName, volumeId);
if (!RestrictedTypes.filterPrivileged().apply(volume)) {
throw new EucalyptusCloudException(
"Not authorized to attach volume "
+ request.getVolumeId()
+ " by "
+ ctx.getUser().getName());
}
try {
vm.lookupVolumeAttachmentByDevice(deviceName);
throw new EucalyptusCloudException(
"Already have a device attached to: " + request.getDevice());
} catch (NoSuchElementException ex1) {
/** no attachment * */
}
try {
VmInstances.lookupVolumeAttachment(volumeId);
throw new EucalyptusCloudException("Volume already attached: " + request.getVolumeId());
} catch (NoSuchElementException ex1) {
/** no attachment * */
}
Partition volPartition = Partitions.lookupByName(volume.getPartition());
ServiceConfiguration sc = Topology.lookup(Storage.class, volPartition);
ServiceConfiguration scVm = Topology.lookup(Storage.class, vm.lookupPartition());
if (!sc.equals(scVm)) {
throw new EucalyptusCloudException(
"Can only attach volumes in the same zone: " + request.getVolumeId());
}
ServiceConfiguration ccConfig = Topology.lookup(ClusterController.class, vm.lookupPartition());
AttachStorageVolumeResponseType scAttachResponse;
try {
AttachStorageVolumeType req =
new AttachStorageVolumeType(Nodes.lookupIqn(vm), volume.getDisplayName());
scAttachResponse = AsyncRequests.sendSync(sc, req);
} catch (Exception e) {
LOG.debug(e, e);
throw new EucalyptusCloudException(e.getMessage(), e);
}
request.setRemoteDevice(scAttachResponse.getRemoteDeviceString());
AttachedVolume attachVol =
new AttachedVolume(
volume.getDisplayName(),
vm.getInstanceId(),
request.getDevice(),
request.getRemoteDevice());
vm.addTransientVolume(deviceName, scAttachResponse.getRemoteDeviceString(), volume);
AsyncRequests.newRequest(new VolumeAttachCallback(request)).dispatch(ccConfig);
EventRecord.here(VolumeManager.class, EventClass.VOLUME, EventType.VOLUME_ATTACH)
.withDetails(
volume.getOwner().toString(), volume.getDisplayName(), "instance", vm.getInstanceId())
.withDetails("partition", vm.getPartition().toString())
.info();
reply.setAttachedVolume(attachVol);
return reply;
}
public DetachVolumeResponseType detach(DetachVolumeType request) throws EucalyptusCloudException {
DetachVolumeResponseType reply = (DetachVolumeResponseType) request.getReply();
Context ctx = Contexts.lookup();
Volume vol;
try {
vol = Volumes.lookup(ctx.getUserFullName().asAccountFullName(), request.getVolumeId());
} catch (Exception ex1) {
throw new EucalyptusCloudException("Volume does not exist: " + request.getVolumeId());
}
if (!RestrictedTypes.filterPrivileged().apply(vol)) {
throw new EucalyptusCloudException(
"Not authorized to detach volume "
+ request.getVolumeId()
+ " by "
+ ctx.getUser().getName());
}
VmInstance vm = null;
AttachedVolume volume = null;
try {
VmVolumeAttachment vmVolAttach = VmInstances.lookupVolumeAttachment(request.getVolumeId());
volume = VmVolumeAttachment.asAttachedVolume(vmVolAttach.getVmInstance()).apply(vmVolAttach);
vm = vmVolAttach.getVmInstance();
} catch (NoSuchElementException ex) {
/** no such attachment * */
}
if (volume == null) {
throw new EucalyptusCloudException("Volume is not attached: " + request.getVolumeId());
}
if (!RestrictedTypes.filterPrivileged().apply(vm)) {
throw new EucalyptusCloudException(
"Not authorized to detach volume from instance "
+ request.getInstanceId()
+ " by "
+ ctx.getUser().getName());
}
if (!vm.getInstanceId().equals(request.getInstanceId())
&& request.getInstanceId() != null
&& !request.getInstanceId().equals("")) {
throw new EucalyptusCloudException(
"Volume is not attached to instance: " + request.getInstanceId());
}
if (request.getDevice() != null
&& !request.getDevice().equals("")
&& !volume.getDevice().equals(request.getDevice())) {
throw new EucalyptusCloudException(
"Volume is not attached to device: " + request.getDevice());
}
Cluster cluster = null;
ServiceConfiguration ccConfig = null;
try {
ccConfig = Topology.lookup(ClusterController.class, vm.lookupPartition());
cluster = Clusters.lookup(ccConfig);
} catch (NoSuchElementException e) {
LOG.debug(e, e);
throw new EucalyptusCloudException(
"Cluster does not exist in partition: " + vm.getPartition());
}
ServiceConfiguration scVm;
try {
scVm = Topology.lookup(Storage.class, vm.lookupPartition());
} catch (Exception ex) {
LOG.error(ex, ex);
throw new EucalyptusCloudException(
"Failed to lookup SC for partition: " + vm.getPartition(), ex);
}
request.setVolumeId(volume.getVolumeId());
request.setRemoteDevice(volume.getRemoteDevice());
request.setDevice(volume.getDevice().replaceAll("unknown,requested:", ""));
request.setInstanceId(vm.getInstanceId());
VolumeDetachCallback ncDetach = new VolumeDetachCallback(request);
try {
AsyncRequests.sendSync(scVm, new DetachStorageVolumeType(volume.getVolumeId()));
} catch (Exception e) {
LOG.debug(e);
Logs.extreme().debug(e, e);
// GRZE: attach is idempotent, failure here is ok. throw new EucalyptusCloudException(
// e.getMessage( ) );
}
AsyncRequests.newRequest(ncDetach).dispatch(cluster.getConfiguration());
EventRecord.here(VolumeManager.class, EventClass.VOLUME, EventType.VOLUME_DETACH)
.withDetails(vm.getOwner().toString(), volume.getVolumeId(), "instance", vm.getInstanceId())
.withDetails("cluster", ccConfig.getFullName().toString())
.info();
volume.setStatus("detaching");
reply.setDetachedVolume(volume);
return reply;
}
