示例#1
0
    @Override
    public boolean apply(Allocation allocInfo) throws MetadataException {
      Context ctx = allocInfo.getContext();
      NetworkGroups.lookup(
          ctx.getUserFullName().asAccountFullName(), NetworkGroups.defaultNetworkName());

      Set<String> networkNames = Sets.newHashSet(allocInfo.getRequest().getGroupSet());
      if (networkNames.isEmpty()) {
        networkNames.add(NetworkGroups.defaultNetworkName());
      }

      Map<String, NetworkGroup> networkRuleGroups = Maps.newHashMap();
      for (String groupName : networkNames) {
        NetworkGroup group =
            NetworkGroups.lookup(ctx.getUserFullName().asAccountFullName(), groupName);
        if (!ctx.hasAdministrativePrivileges()
            && !RestrictedTypes.filterPrivileged().apply(group)) {
          throw new IllegalMetadataAccessException(
              "Not authorized to use network group "
                  + groupName
                  + " for "
                  + ctx.getUser().getName());
        }
        networkRuleGroups.put(groupName, group);
      }
      Set<String> missingNets = Sets.difference(networkNames, networkRuleGroups.keySet());
      if (!missingNets.isEmpty()) {
        throw new NoSuchMetadataException("Failed to find security group info for: " + missingNets);
      } else {
        allocInfo.setNetworkRules(networkRuleGroups);
      }
      return true;
    }
示例#2
0
 /**
  * Resolve Group Names / Identifiers for the given permissions.
  *
  * <p>Caller must have open transaction.
  *
  * @param permissions - The permissions to update
  * @throws MetadataException If an error occurs
  */
 public static void resolvePermissions(final Iterable<IpPermissionType> permissions)
     throws MetadataException {
   for (final IpPermissionType ipPermission : permissions) {
     if (ipPermission.getGroups() != null)
       for (final UserIdGroupPairType groupInfo : ipPermission.getGroups()) {
         if (!Strings.isNullOrEmpty(groupInfo.getSourceGroupId())) {
           final NetworkGroup networkGroup =
               NetworkGroups.lookupByGroupId(groupInfo.getSourceGroupId());
           groupInfo.setSourceUserId(networkGroup.getOwnerAccountNumber());
           groupInfo.setSourceGroupName(networkGroup.getDisplayName());
         } else if (Strings.isNullOrEmpty(groupInfo.getSourceUserId())
             || Strings.isNullOrEmpty(groupInfo.getSourceGroupName())) {
           throw new MetadataException("Group ID or User ID/Group Name required.");
         } else {
           final NetworkGroup networkGroup =
               NetworkGroups.lookup(
                   AccountFullName.getInstance(groupInfo.getSourceUserId()),
                   groupInfo.getSourceGroupName());
           groupInfo.setSourceGroupId(networkGroup.getGroupId());
         }
       }
   }
 }