Search in sources :

Example 46 with CallContext

use of com.cloud.context.CallContext in project cosmic by MissionCriticalCloud.

the class RulesManagerImpl method revokeStaticNatRule.

@Override
@ActionEvent(eventType = EventTypes.EVENT_NET_RULE_DELETE, eventDescription = "revoking forwarding rule", async = true)
public boolean revokeStaticNatRule(final long ruleId, final boolean apply) {
    final CallContext ctx = CallContext.current();
    final Account caller = ctx.getCallingAccount();
    final FirewallRuleVO rule = _firewallDao.findById(ruleId);
    if (rule == null) {
        throw new InvalidParameterValueException("Unable to find " + ruleId);
    }
    _accountMgr.checkAccess(caller, null, true, rule);
    if (!revokeStaticNatRuleInternal(ruleId, caller, ctx.getCallingUserId(), apply)) {
        throw new CloudRuntimeException("Failed to revoke forwarding rule");
    }
    return true;
}
Also used : Account(com.cloud.user.Account) InvalidParameterValueException(com.cloud.utils.exception.InvalidParameterValueException) CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException) CallContext(com.cloud.context.CallContext) ActionEvent(com.cloud.event.ActionEvent)

Example 47 with CallContext

use of com.cloud.context.CallContext in project cosmic by MissionCriticalCloud.

the class RulesManagerImpl method revokePortForwardingRule.

@Override
@ActionEvent(eventType = EventTypes.EVENT_NET_RULE_DELETE, eventDescription = "revoking forwarding rule", async = true)
public boolean revokePortForwardingRule(final long ruleId, final boolean apply) {
    final CallContext ctx = CallContext.current();
    final Account caller = ctx.getCallingAccount();
    final PortForwardingRuleVO rule = _portForwardingDao.findById(ruleId);
    if (rule == null) {
        throw new InvalidParameterValueException("Unable to find " + ruleId);
    }
    _accountMgr.checkAccess(caller, null, true, rule);
    if (!revokePortForwardingRuleInternal(ruleId, caller, ctx.getCallingUserId(), apply)) {
        throw new CloudRuntimeException("Failed to delete port forwarding rule");
    }
    return true;
}
Also used : Account(com.cloud.user.Account) InvalidParameterValueException(com.cloud.utils.exception.InvalidParameterValueException) CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException) CallContext(com.cloud.context.CallContext) ActionEvent(com.cloud.event.ActionEvent)

Example 48 with CallContext

use of com.cloud.context.CallContext in project cosmic by MissionCriticalCloud.

the class LdapCreateAccountCmd method execute.

@Override
public void execute() throws ServerApiException {
    final CallContext callContext = getCurrentContext();
    final String finalAccountName = getAccountName();
    final Long finalDomainId = getDomainId();
    callContext.setEventDetails("Account Name: " + finalAccountName + ", Domain Id:" + finalDomainId);
    try {
        final LdapUser user = _ldapManager.getUser(username);
        validateUser(user);
        final UserAccount userAccount = createCloudstackUserAccount(user, finalAccountName, finalDomainId);
        if (userAccount != null) {
            final AccountResponse response = _responseGenerator.createUserAccountResponse(ResponseView.Full, userAccount);
            response.setResponseName(getCommandName());
            setResponseObject(response);
        } else {
            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to create a user account");
        }
    } catch (final NoLdapUserMatchingQueryException e) {
        throw new ServerApiException(ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, "No LDAP user exists with the username of " + username);
    }
}
Also used : NoLdapUserMatchingQueryException(com.cloud.ldap.NoLdapUserMatchingQueryException) LdapUser(com.cloud.ldap.LdapUser) ServerApiException(com.cloud.api.ServerApiException) AccountResponse(com.cloud.api.response.AccountResponse) CallContext(com.cloud.context.CallContext) UserAccount(com.cloud.user.UserAccount)

Example 49 with CallContext

use of com.cloud.context.CallContext in project cosmic by MissionCriticalCloud.

the class CertServiceImpl method listSslCerts.

@Override
public List<SslCertResponse> listSslCerts(final ListSslCertsCmd listSslCertCmd) {
    final CallContext ctx = CallContext.current();
    final Account caller = ctx.getCallingAccount();
    final Long certId = listSslCertCmd.getCertId();
    final Long accountId = listSslCertCmd.getAccountId();
    final Long lbRuleId = listSslCertCmd.getLbId();
    final Long projectId = listSslCertCmd.getProjectId();
    final List<SslCertResponse> certResponseList = new ArrayList<>();
    if (certId == null && accountId == null && lbRuleId == null && projectId == null) {
        throw new InvalidParameterValueException("Invalid parameters either certificate ID or Account ID or Loadbalancer ID or Project ID required");
    }
    List<LoadBalancerCertMapVO> certLbMap = null;
    SslCertVO certVO = null;
    if (certId != null) {
        certVO = _sslCertDao.findById(certId);
        if (certVO == null) {
            throw new InvalidParameterValueException("Invalid certificate id: " + certId);
        }
        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseEntry, true, certVO);
        certLbMap = _lbCertDao.listByCertId(certId);
        certResponseList.add(createCertResponse(certVO, certLbMap));
        return certResponseList;
    }
    if (lbRuleId != null) {
        final LoadBalancer lb = _entityMgr.findById(LoadBalancerVO.class, lbRuleId);
        if (lb == null) {
            throw new InvalidParameterValueException("Found no loadbalancer with id: " + lbRuleId);
        }
        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseEntry, true, lb);
        // get the cert id
        final LoadBalancerCertMapVO lbCertMapRule;
        lbCertMapRule = _lbCertDao.findByLbRuleId(lbRuleId);
        if (lbCertMapRule == null) {
            s_logger.debug("No certificate bound to loadbalancer id: " + lbRuleId);
            return certResponseList;
        }
        certVO = _sslCertDao.findById(lbCertMapRule.getCertId());
        certLbMap = _lbCertDao.listByCertId(lbCertMapRule.getCertId());
        certResponseList.add(createCertResponse(certVO, certLbMap));
        return certResponseList;
    }
    if (projectId != null) {
        final Project project = _projectMgr.getProject(projectId);
        if (project == null) {
            throw new InvalidParameterValueException("Found no project with id: " + projectId);
        }
        final List<SslCertVO> projectCertVOList = _sslCertDao.listByAccountId(project.getProjectAccountId());
        if (projectCertVOList == null || projectCertVOList.isEmpty()) {
            return certResponseList;
        }
        _accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseEntry, true, projectCertVOList.get(0));
        for (final SslCertVO cert : projectCertVOList) {
            certLbMap = _lbCertDao.listByCertId(cert.getId());
            certResponseList.add(createCertResponse(cert, certLbMap));
        }
        return certResponseList;
    }
    // reached here look by accountId
    final List<SslCertVO> certVOList = _sslCertDao.listByAccountId(accountId);
    if (certVOList == null || certVOList.isEmpty()) {
        return certResponseList;
    }
    _accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseEntry, true, certVOList.get(0));
    for (final SslCertVO cert : certVOList) {
        certLbMap = _lbCertDao.listByCertId(cert.getId());
        certResponseList.add(createCertResponse(cert, certLbMap));
    }
    return certResponseList;
}
Also used : Account(com.cloud.user.Account) ArrayList(java.util.ArrayList) LoadBalancerCertMapVO(com.cloud.network.dao.LoadBalancerCertMapVO) LoadBalancer(com.cloud.network.rules.LoadBalancer) CallContext(com.cloud.context.CallContext) Project(com.cloud.projects.Project) InvalidParameterValueException(com.cloud.utils.exception.InvalidParameterValueException) SslCertVO(com.cloud.network.dao.SslCertVO) SslCertResponse(com.cloud.api.response.SslCertResponse)

Example 50 with CallContext

use of com.cloud.context.CallContext in project cosmic by MissionCriticalCloud.

the class LoadBalancingRulesManagerImpl method assignCertToLoadBalancer.

@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_LB_CERT_ASSIGN, eventDescription = "assigning certificate to load balancer", async = true)
public boolean assignCertToLoadBalancer(final long lbRuleId, final Long certId) {
    final CallContext caller = CallContext.current();
    final LoadBalancerVO loadBalancer = _lbDao.findById(Long.valueOf(lbRuleId));
    if (loadBalancer == null) {
        throw new InvalidParameterException("Invalid load balancer id: " + lbRuleId);
    }
    final SslCertVO certVO = _entityMgr.findById(SslCertVO.class, certId);
    if (certVO == null) {
        throw new InvalidParameterException("Invalid certificate id: " + certId);
    }
    _accountMgr.checkAccess(caller.getCallingAccount(), null, true, loadBalancer);
    // check if LB and Cert belong to the same account
    if (loadBalancer.getAccountId() != certVO.getAccountId()) {
        throw new InvalidParameterValueException("Access denied for account " + certVO.getAccountId());
    }
    final String capability = getLBCapability(loadBalancer.getNetworkId(), Capability.SslTermination.getName());
    if (capability == null) {
        throw new InvalidParameterValueException("Ssl termination not supported by the loadbalancer");
    }
    // check if the lb is already bound
    final LoadBalancerCertMapVO certMapRule = _lbCertMapDao.findByLbRuleId(loadBalancer.getId());
    if (certMapRule != null) {
        throw new InvalidParameterValueException("Another certificate is already bound to the LB");
    }
    // check for correct port
    if (loadBalancer.getLbProtocol() == null || !(loadBalancer.getLbProtocol().equals(NetUtils.SSL_PROTO))) {
        throw new InvalidParameterValueException("Bad LB protocol: Expected ssl got " + loadBalancer.getLbProtocol());
    }
    boolean success = false;
    final FirewallRule.State backupState = loadBalancer.getState();
    try {
        loadBalancer.setState(FirewallRule.State.Add);
        _lbDao.persist(loadBalancer);
        final LoadBalancerCertMapVO certMap = new LoadBalancerCertMapVO(lbRuleId, certId, false);
        _lbCertMapDao.persist(certMap);
        applyLoadBalancerConfig(loadBalancer.getId());
        success = true;
    } catch (final ResourceUnavailableException e) {
        if (isRollBackAllowedForProvider(loadBalancer)) {
            loadBalancer.setState(backupState);
            _lbDao.persist(loadBalancer);
            final LoadBalancerCertMapVO certMap = _lbCertMapDao.findByLbRuleId(lbRuleId);
            _lbCertMapDao.remove(certMap.getId());
            s_logger.debug("LB Rollback rule id: " + loadBalancer.getId() + " while adding cert");
        }
        s_logger.warn("Unable to apply the load balancer config because resource is unavaliable.", e);
    }
    return success;
}
Also used : InvalidParameterException(java.security.InvalidParameterException) InvalidParameterValueException(com.cloud.utils.exception.InvalidParameterValueException) LoadBalancerVO(com.cloud.network.dao.LoadBalancerVO) SslCertVO(com.cloud.network.dao.SslCertVO) ResourceUnavailableException(com.cloud.exception.ResourceUnavailableException) LoadBalancerCertMapVO(com.cloud.network.dao.LoadBalancerCertMapVO) CallContext(com.cloud.context.CallContext) FirewallRule(com.cloud.network.rules.FirewallRule) ActionEvent(com.cloud.event.ActionEvent) DB(com.cloud.utils.db.DB)

Aggregations

CallContext (com.cloud.context.CallContext)72 Account (com.cloud.user.Account)41 User (com.cloud.user.User)26 InvalidParameterValueException (com.cloud.utils.exception.InvalidParameterValueException)26 VmWorkJobVO (com.cloud.framework.jobs.impl.VmWorkJobVO)22 ActionEvent (com.cloud.event.ActionEvent)20 ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)19 CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)19 DB (com.cloud.utils.db.DB)12 LoadBalancerVO (com.cloud.network.dao.LoadBalancerVO)10 VMInstanceVO (com.cloud.vm.VMInstanceVO)10 NetworkRuleConflictException (com.cloud.exception.NetworkRuleConflictException)9 ServerApiException (com.cloud.api.ServerApiException)8 FirewallRule (com.cloud.network.rules.FirewallRule)8 ConcurrentOperationException (com.cloud.exception.ConcurrentOperationException)6 InsufficientAddressCapacityException (com.cloud.exception.InsufficientAddressCapacityException)6 InsufficientCapacityException (com.cloud.exception.InsufficientCapacityException)6 ResourceAllocationException (com.cloud.exception.ResourceAllocationException)6 Network (com.cloud.network.Network)6 PermissionDeniedException (com.cloud.exception.PermissionDeniedException)5