Example 1 with PermissionDeniedException
use of com.cloud.exception.PermissionDeniedException in project CloudStack-archive by CloudStack-extras.
the class CreateSnapshotCmd method getEntityOwnerId.
@Override
public long getEntityOwnerId() {
Volume volume = _entityMgr.findById(Volume.class, getVolumeId());
if (volume == null) {
throw new InvalidParameterValueException("Unable to find volume by id=" + volumeId);
}
Account account = _accountService.getAccount(volume.getAccountId());
//Can create templates for enabled projects/accounts only
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
Project project = _projectService.findByProjectAccountId(volume.getAccountId());
if (project.getState() != Project.State.Active) {
throw new PermissionDeniedException("Can't add resources to the project id=" + project.getId() + " in state=" + project.getState() + " as it's no longer active");
}
} else if (account.getState() == Account.State.disabled) {
throw new PermissionDeniedException("The owner of template is disabled: " + account);
}
return volume.getAccountId();
}
Also used :
Account(com.cloud.user.Account)
Project(com.cloud.projects.Project)
Volume(com.cloud.storage.Volume)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
PermissionDeniedException(com.cloud.exception.PermissionDeniedException)
Example 2 with PermissionDeniedException
use of com.cloud.exception.PermissionDeniedException in project CloudStack-archive by CloudStack-extras.
the class CreateSnapshotPolicyCmd method getEntityOwnerId.
@Override
public long getEntityOwnerId() {
Volume volume = _entityMgr.findById(Volume.class, getVolumeId());
if (volume == null) {
throw new InvalidParameterValueException("Unable to find volume by id=" + volumeId);
}
Account account = _accountService.getAccount(volume.getAccountId());
//Can create templates for enabled projects/accounts only
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
Project project = _projectService.findByProjectAccountId(volume.getAccountId());
if (project.getState() != Project.State.Active) {
PermissionDeniedException ex = new PermissionDeniedException("Can't add resources to the specified project id in state=" + project.getState() + " as it's no longer active");
ex.addProxyObject(project, project.getId(), "projectId");
throw ex;
}
} else if (account.getState() == Account.State.disabled) {
throw new PermissionDeniedException("The owner of template is disabled: " + account);
}
return volume.getAccountId();
}
Also used :
Account(com.cloud.user.Account)
Project(com.cloud.projects.Project)
Volume(com.cloud.storage.Volume)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
PermissionDeniedException(com.cloud.exception.PermissionDeniedException)
Example 3 with PermissionDeniedException
use of com.cloud.exception.PermissionDeniedException in project cloudstack by apache.
the class QuotaServiceImpl method findQuotaBalanceVO.
@Override
public List<QuotaBalanceVO> findQuotaBalanceVO(Long accountId, String accountName, Long domainId, Date startDate, Date endDate) {
if ((accountId == null) && (accountName != null) && (domainId != null)) {
Account userAccount = null;
Account caller = CallContext.current().getCallingAccount();
if (_domainDao.isChildDomain(caller.getDomainId(), domainId)) {
Filter filter = new Filter(AccountVO.class, "id", Boolean.FALSE, null, null);
List<AccountVO> accounts = _accountDao.listAccounts(accountName, domainId, filter);
if (!accounts.isEmpty()) {
userAccount = accounts.get(0);
}
if (userAccount != null) {
accountId = userAccount.getId();
} else {
throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId);
}
} else {
throw new PermissionDeniedException("Invalid Domain Id or Account");
}
}
startDate = startDate == null ? new Date() : startDate;
if (endDate == null) {
// adjust start date to end of day as there is no end date
Date adjustedStartDate = computeAdjustedTime(_respBldr.startOfNextDay(startDate));
if (s_logger.isDebugEnabled()) {
s_logger.debug("getQuotaBalance1: Getting quota balance records for account: " + accountId + ", domainId: " + domainId + ", on or before " + adjustedStartDate);
}
List<QuotaBalanceVO> qbrecords = _quotaBalanceDao.lastQuotaBalanceVO(accountId, domainId, adjustedStartDate);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Found records size=" + qbrecords.size());
}
if (qbrecords.isEmpty()) {
s_logger.info("Incorrect Date there are no quota records before this date " + adjustedStartDate);
return qbrecords;
} else {
return qbrecords;
}
} else {
Date adjustedStartDate = computeAdjustedTime(startDate);
if (endDate.after(_respBldr.startOfNextDay())) {
throw new InvalidParameterValueException("Incorrect Date Range. End date:" + endDate + " should not be in future. ");
} else if (startDate.before(endDate)) {
Date adjustedEndDate = computeAdjustedTime(endDate);
if (s_logger.isDebugEnabled()) {
s_logger.debug("getQuotaBalance2: Getting quota balance records for account: " + accountId + ", domainId: " + domainId + ", between " + adjustedStartDate + " and " + adjustedEndDate);
}
List<QuotaBalanceVO> qbrecords = _quotaBalanceDao.findQuotaBalance(accountId, domainId, adjustedStartDate, adjustedEndDate);
if (s_logger.isDebugEnabled()) {
s_logger.debug("getQuotaBalance3: Found records size=" + qbrecords.size());
}
if (qbrecords.isEmpty()) {
s_logger.info("There are no quota records between these dates start date " + adjustedStartDate + " and end date:" + endDate);
return qbrecords;
} else {
return qbrecords;
}
} else {
throw new InvalidParameterValueException("Incorrect Date Range. Start date: " + startDate + " is after end date:" + endDate);
}
}
}
Also used :
Account(com.cloud.user.Account)
Filter(com.cloud.utils.db.Filter)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
QuotaBalanceVO(org.apache.cloudstack.quota.vo.QuotaBalanceVO)
PermissionDeniedException(com.cloud.exception.PermissionDeniedException)
ArrayList(java.util.ArrayList)
List(java.util.List)
QuotaAccountVO(org.apache.cloudstack.quota.vo.QuotaAccountVO)
AccountVO(com.cloud.user.AccountVO)
Date(java.util.Date)
Example 4 with PermissionDeniedException
use of com.cloud.exception.PermissionDeniedException in project cloudstack by apache.
the class ResourceManagerImpl method discoverHostsFull.
private List<HostVO> discoverHostsFull(final Long dcId, final Long podId, Long clusterId, final String clusterName, String url, String username, String password, final String hypervisorType, final List<String> hostTags, final Map<String, String> params, final boolean deferAgentCreation) throws IllegalArgumentException, DiscoveryException, InvalidParameterValueException {
URI uri = null;
// Check if the zone exists in the system
final DataCenterVO zone = _dcDao.findById(dcId);
if (zone == null) {
throw new InvalidParameterValueException("Can't find zone by id " + dcId);
}
final Account account = CallContext.current().getCallingAccount();
if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(account.getId())) {
final PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation, Zone with specified id is currently disabled");
ex.addProxyObject(zone.getUuid(), "dcId");
throw ex;
}
// Check if the pod exists in the system
if (podId != null) {
final HostPodVO pod = _podDao.findById(podId);
if (pod == null) {
throw new InvalidParameterValueException("Can't find pod by id " + podId);
}
// check if pod belongs to the zone
if (!Long.valueOf(pod.getDataCenterId()).equals(dcId)) {
final InvalidParameterValueException ex = new InvalidParameterValueException("Pod with specified podId" + podId + " doesn't belong to the zone with specified zoneId" + dcId);
ex.addProxyObject(pod.getUuid(), "podId");
ex.addProxyObject(zone.getUuid(), "dcId");
throw ex;
}
}
// Verify cluster information and create a new cluster if needed
if (clusterName != null && clusterId != null) {
throw new InvalidParameterValueException("Can't specify cluster by both id and name");
}
if (hypervisorType == null || hypervisorType.isEmpty()) {
throw new InvalidParameterValueException("Need to specify Hypervisor Type");
}
if ((clusterName != null || clusterId != null) && podId == null) {
throw new InvalidParameterValueException("Can't specify cluster without specifying the pod");
}
if (clusterId != null) {
if (_clusterDao.findById(clusterId) == null) {
throw new InvalidParameterValueException("Can't find cluster by id " + clusterId);
}
if (hypervisorType.equalsIgnoreCase(HypervisorType.VMware.toString())) {
// VMware only allows adding host to an existing cluster, as we
// already have a lot of information
// in cluster object, to simplify user input, we will construct
// neccessary information here
final Map<String, String> clusterDetails = _clusterDetailsDao.findDetails(clusterId);
username = clusterDetails.get("username");
assert username != null;
password = clusterDetails.get("password");
assert password != null;
try {
uri = new URI(UriUtils.encodeURIComponent(url));
url = clusterDetails.get("url") + "/" + uri.getHost();
} catch (final URISyntaxException e) {
throw new InvalidParameterValueException(url + " is not a valid uri");
}
}
}
if ((hypervisorType.equalsIgnoreCase(HypervisorType.BareMetal.toString()))) {
if (hostTags.isEmpty()) {
throw new InvalidParameterValueException("hosttag is mandatory while adding host of type Baremetal");
}
}
if (clusterName != null) {
final HostPodVO pod = _podDao.findById(podId);
if (pod == null) {
throw new InvalidParameterValueException("Can't find pod by id " + podId);
}
ClusterVO cluster = new ClusterVO(dcId, podId, clusterName);
cluster.setHypervisorType(hypervisorType);
try {
cluster = _clusterDao.persist(cluster);
} catch (final Exception e) {
cluster = _clusterDao.findBy(clusterName, podId);
if (cluster == null) {
final CloudRuntimeException ex = new CloudRuntimeException("Unable to create cluster " + clusterName + " in pod with specified podId and data center with specified dcID", e);
ex.addProxyObject(pod.getUuid(), "podId");
ex.addProxyObject(zone.getUuid(), "dcId");
throw ex;
}
}
clusterId = cluster.getId();
if (_clusterDetailsDao.findDetail(clusterId, "cpuOvercommitRatio") == null) {
final ClusterDetailsVO cluster_cpu_detail = new ClusterDetailsVO(clusterId, "cpuOvercommitRatio", "1");
final ClusterDetailsVO cluster_memory_detail = new ClusterDetailsVO(clusterId, "memoryOvercommitRatio", "1");
_clusterDetailsDao.persist(cluster_cpu_detail);
_clusterDetailsDao.persist(cluster_memory_detail);
}
}
try {
uri = new URI(UriUtils.encodeURIComponent(url));
if (uri.getScheme() == null) {
throw new InvalidParameterValueException("uri.scheme is null " + url + ", add nfs:// (or cifs://) as a prefix");
} else if (uri.getScheme().equalsIgnoreCase("nfs")) {
if (uri.getHost() == null || uri.getHost().equalsIgnoreCase("") || uri.getPath() == null || uri.getPath().equalsIgnoreCase("")) {
throw new InvalidParameterValueException("Your host and/or path is wrong. Make sure it's of the format nfs://hostname/path");
}
} else if (uri.getScheme().equalsIgnoreCase("cifs")) {
// Don't validate against a URI encoded URI.
final URI cifsUri = new URI(url);
final String warnMsg = UriUtils.getCifsUriParametersProblems(cifsUri);
if (warnMsg != null) {
throw new InvalidParameterValueException(warnMsg);
}
}
} catch (final URISyntaxException e) {
throw new InvalidParameterValueException(url + " is not a valid uri");
}
final List<HostVO> hosts = new ArrayList<HostVO>();
s_logger.info("Trying to add a new host at " + url + " in data center " + dcId);
boolean isHypervisorTypeSupported = false;
for (final Discoverer discoverer : _discoverers) {
if (params != null) {
discoverer.putParam(params);
}
if (!discoverer.matchHypervisor(hypervisorType)) {
continue;
}
isHypervisorTypeSupported = true;
Map<? extends ServerResource, Map<String, String>> resources = null;
processResourceEvent(ResourceListener.EVENT_DISCOVER_BEFORE, dcId, podId, clusterId, uri, username, password, hostTags);
try {
resources = discoverer.find(dcId, podId, clusterId, uri, username, password, hostTags);
} catch (final DiscoveryException e) {
throw e;
} catch (final Exception e) {
s_logger.info("Exception in host discovery process with discoverer: " + discoverer.getName() + ", skip to another discoverer if there is any");
}
processResourceEvent(ResourceListener.EVENT_DISCOVER_AFTER, resources);
if (resources != null) {
for (final Map.Entry<? extends ServerResource, Map<String, String>> entry : resources.entrySet()) {
final ServerResource resource = entry.getKey();
/*
* For KVM, if we go to here, that means kvm agent is
* already connected to mgt svr.
*/
if (resource instanceof KvmDummyResourceBase) {
final Map<String, String> details = entry.getValue();
final String guid = details.get("guid");
final List<HostVO> kvmHosts = listAllUpAndEnabledHosts(Host.Type.Routing, clusterId, podId, dcId);
for (final HostVO host : kvmHosts) {
if (host.getGuid().equalsIgnoreCase(guid)) {
if (hostTags != null) {
if (s_logger.isTraceEnabled()) {
s_logger.trace("Adding Host Tags for KVM host, tags: :" + hostTags);
}
_hostTagsDao.persist(host.getId(), hostTags);
}
hosts.add(host);
_agentMgr.notifyMonitorsOfNewlyAddedHost(host.getId());
return hosts;
}
}
return null;
}
HostVO host = null;
if (deferAgentCreation) {
host = (HostVO) createHostAndAgentDeferred(resource, entry.getValue(), true, hostTags, false);
} else {
host = (HostVO) createHostAndAgent(resource, entry.getValue(), true, hostTags, false);
}
if (host != null) {
hosts.add(host);
}
discoverer.postDiscovery(hosts, _nodeId);
}
s_logger.info("server resources successfully discovered by " + discoverer.getName());
return hosts;
}
}
if (!isHypervisorTypeSupported) {
final String msg = "Do not support HypervisorType " + hypervisorType + " for " + url;
s_logger.warn(msg);
throw new DiscoveryException(msg);
}
s_logger.warn("Unable to find the server resources at " + url);
throw new DiscoveryException("Unable to add the host");
}
Also used :
DataCenterVO(com.cloud.dc.DataCenterVO)
Account(com.cloud.user.Account)
ClusterVO(com.cloud.dc.ClusterVO)
ArrayList(java.util.ArrayList)
URISyntaxException(java.net.URISyntaxException)
URI(java.net.URI)
HostPodVO(com.cloud.dc.HostPodVO)
NoTransitionException(com.cloud.utils.fsm.NoTransitionException)
AgentUnavailableException(com.cloud.exception.AgentUnavailableException)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
ResourceInUseException(com.cloud.exception.ResourceInUseException)
URISyntaxException(java.net.URISyntaxException)
DiscoveryException(com.cloud.exception.DiscoveryException)
SshException(com.cloud.utils.ssh.SshException)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
ConfigurationException(javax.naming.ConfigurationException)
PermissionDeniedException(com.cloud.exception.PermissionDeniedException)
StoragePoolHostVO(com.cloud.storage.StoragePoolHostVO)
HostVO(com.cloud.host.HostVO)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
KvmDummyResourceBase(com.cloud.hypervisor.kvm.discoverer.KvmDummyResourceBase)
PermissionDeniedException(com.cloud.exception.PermissionDeniedException)
ClusterDetailsVO(com.cloud.dc.ClusterDetailsVO)
Map(java.util.Map)
HashMap(java.util.HashMap)
DiscoveryException(com.cloud.exception.DiscoveryException)
Example 5 with PermissionDeniedException
use of com.cloud.exception.PermissionDeniedException in project cloudstack by apache.
the class VpcManagerImpl method createVpc.
@Override
@ActionEvent(eventType = EventTypes.EVENT_VPC_CREATE, eventDescription = "creating vpc", create = true)
public Vpc createVpc(final long zoneId, final long vpcOffId, final long vpcOwnerId, final String vpcName, final String displayText, final String cidr, String networkDomain, final Boolean displayVpc) throws ResourceAllocationException {
final Account caller = CallContext.current().getCallingAccount();
final Account owner = _accountMgr.getAccount(vpcOwnerId);
// Verify that caller can perform actions in behalf of vpc owner
_accountMgr.checkAccess(caller, null, false, owner);
// check resource limit
_resourceLimitMgr.checkResourceLimit(owner, ResourceType.vpc);
// Validate vpc offering
final VpcOfferingVO vpcOff = _vpcOffDao.findById(vpcOffId);
if (vpcOff == null || vpcOff.getState() != State.Enabled) {
final InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find vpc offering in " + State.Enabled + " state by specified id");
if (vpcOff == null) {
ex.addProxyObject(String.valueOf(vpcOffId), "vpcOfferingId");
} else {
ex.addProxyObject(vpcOff.getUuid(), "vpcOfferingId");
}
throw ex;
}
final boolean isRegionLevelVpcOff = vpcOff.offersRegionLevelVPC();
if (isRegionLevelVpcOff && networkDomain == null) {
throw new InvalidParameterValueException("Network domain must be specified for region level VPC");
}
// Validate zone
final DataCenter zone = _entityMgr.findById(DataCenter.class, zoneId);
if (zone == null) {
throw new InvalidParameterValueException("Can't find zone by id specified");
}
if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) {
// See DataCenterVO.java
final PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation since specified Zone is currently disabled");
ex.addProxyObject(zone.getUuid(), "zoneId");
throw ex;
}
if (networkDomain == null) {
// 1) Get networkDomain from the corresponding account
networkDomain = _ntwkModel.getAccountNetworkDomain(owner.getId(), zoneId);
// global config variables
if (networkDomain == null) {
networkDomain = "cs" + Long.toHexString(owner.getId()) + NetworkOrchestrationService.GuestDomainSuffix.valueIn(zoneId);
}
}
final boolean useDistributedRouter = vpcOff.supportsDistributedRouter();
final VpcVO vpc = new VpcVO(zoneId, vpcName, displayText, owner.getId(), owner.getDomainId(), vpcOffId, cidr, networkDomain, useDistributedRouter, isRegionLevelVpcOff, vpcOff.getRedundantRouter());
return createVpc(displayVpc, vpc);
}
Also used :
Account(com.cloud.user.Account)
DataCenter(com.cloud.dc.DataCenter)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
PermissionDeniedException(com.cloud.exception.PermissionDeniedException)
ActionEvent(com.cloud.event.ActionEvent)
Aggregations
PermissionDeniedException (com.cloud.exception.PermissionDeniedException)82
InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)70
Account (com.cloud.user.Account)69
CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)26
ActionEvent (com.cloud.event.ActionEvent)23
ArrayList (java.util.ArrayList)22
Project (com.cloud.projects.Project)16
DB (com.cloud.utils.db.DB)15
HashMap (java.util.HashMap)15
DataCenterVO (com.cloud.dc.DataCenterVO)13
ResourceUnavailableException (com.cloud.exception.ResourceUnavailableException)13
ConfigurationException (javax.naming.ConfigurationException)13
DomainVO (com.cloud.domain.DomainVO)11
Pair (com.cloud.utils.Pair)11
List (java.util.List)11
AgentUnavailableException (com.cloud.exception.AgentUnavailableException)10
InsufficientCapacityException (com.cloud.exception.InsufficientCapacityException)10
VolumeVO (com.cloud.storage.VolumeVO)10
TransactionStatus (com.cloud.utils.db.TransactionStatus)10
OperationTimedoutException (com.cloud.exception.OperationTimedoutException)8
