Examples with PermissionDeniedException com.cloud.legacymodel.exceptions.PermissionDeniedException used on opensource projects

Example 61 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class UUIDManagerImpl method checkUuid.

@Override
public <T> void checkUuid(final String uuid, final Class<T> entityType) {
    if (uuid == null) {
        return;
    }
    final Account caller = CallContext.current().getCallingAccount();
    // Only admin and system allowed to do this
    if (!(caller.getId() == Account.ACCOUNT_ID_SYSTEM || _accountMgr.isRootAdmin(caller.getId()))) {
        throw new PermissionDeniedException("Please check your permissions, you are not allowed to create/update custom id");
    }
    checkUuidSimple(uuid, entityType);
}

Example 62 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class StorageManagerImpl method discoverImageStore.

@Override
public ImageStore discoverImageStore(String name, final String url, String providerName, final Long zoneId, final Map details) throws IllegalArgumentException, DiscoveryException, InvalidParameterValueException {
    DataStoreProvider storeProvider = this._dataStoreProviderMgr.getDataStoreProvider(providerName);
    if (storeProvider == null) {
        storeProvider = this._dataStoreProviderMgr.getDefaultImageDataStoreProvider();
        if (storeProvider == null) {
            throw new InvalidParameterValueException("can't find image store provider: " + providerName);
        }
        // ignored passed provider name and use default image store provider name
        providerName = storeProvider.getName();
    }
    ScopeType scopeType = ScopeType.ZONE;
    if (zoneId == null) {
        scopeType = ScopeType.REGION;
    }
    if (name == null) {
        name = url;
    }
    final ImageStoreVO imageStore = this._imageStoreDao.findByName(name);
    if (imageStore != null) {
        throw new InvalidParameterValueException("The image store with name " + name + " already exists, try creating with another name");
    }
    // check if scope is supported by store provider
    if (!((ImageStoreProvider) storeProvider).isScopeSupported(scopeType)) {
        throw new InvalidParameterValueException("Image store provider " + providerName + " does not support scope " + scopeType);
    }
    // check if we have already image stores from other different providers,
    // we currently are not supporting image stores from different
    // providers co-existing
    final List<ImageStoreVO> imageStores = this._imageStoreDao.listImageStores();
    for (final ImageStoreVO store : imageStores) {
        if (!store.getProviderName().equalsIgnoreCase(providerName)) {
            throw new InvalidParameterValueException("You can only add new image stores from the same provider " + store.getProviderName() + " already added");
        }
    }
    if (zoneId != null) {
        // Check if the zone exists in the system
        final DataCenterVO zone = this._dcDao.findById(zoneId);
        if (zone == null) {
            throw new InvalidParameterValueException("Can't find zone by id " + zoneId);
        }
        final Account account = CallContext.current().getCallingAccount();
        if (AllocationState.Disabled == zone.getAllocationState() && !this._accountMgr.isRootAdmin(account.getId())) {
            final PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation, Zone with specified id is currently disabled");
            ex.addProxyObject(zone.getUuid(), "dcId");
            throw ex;
        }
    }
    final Map<String, Object> params = new HashMap();
    params.put("zoneId", zoneId);
    params.put("url", url);
    params.put("name", name);
    params.put("details", details);
    params.put("scope", scopeType);
    params.put("providerName", storeProvider.getName());
    params.put("role", DataStoreRole.Image);
    final DataStoreLifeCycle lifeCycle = storeProvider.getDataStoreLifeCycle();
    final DataStore store;
    try {
        store = lifeCycle.initialize(params);
    } catch (final Exception e) {
        if (s_logger.isDebugEnabled()) {
            s_logger.debug("Failed to add data store: " + e.getMessage(), e);
        }
        throw new CloudRuntimeException("Failed to add data store: " + e.getMessage(), e);
    }
    if (((ImageStoreProvider) storeProvider).needDownloadSysTemplate()) {
        // trigger system vm template download
        this._imageSrv.downloadBootstrapSysTemplate(store);
    } else {
        // populate template_store_ref table
        this._imageSrv.addSystemVMTemplatesToSecondary(store);
    }
    // associate builtin template with zones associated with this image store
    associateCrosszoneTemplatesToZone(zoneId);
    // duplicate cache store records to region wide storage
    if (scopeType == ScopeType.REGION) {
        duplicateCacheStoreRecordsToRegionStore(store.getId());
    }
    return (ImageStore) this._dataStoreMgr.getDataStore(store.getId(), DataStoreRole.Image);
}

Example 63 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class StorageManagerImpl method createSecondaryStagingStore.

@Override
public ImageStore createSecondaryStagingStore(final CreateSecondaryStagingStoreCmd cmd) {
    final String providerName = cmd.getProviderName();
    DataStoreProvider storeProvider = this._dataStoreProviderMgr.getDataStoreProvider(providerName);
    if (storeProvider == null) {
        storeProvider = this._dataStoreProviderMgr.getDefaultCacheDataStoreProvider();
        if (storeProvider == null) {
            throw new InvalidParameterValueException("can't find cache store provider: " + providerName);
        }
    }
    final Long dcId = cmd.getZoneId();
    ScopeType scopeType = null;
    final String scope = cmd.getScope();
    if (scope != null) {
        try {
            scopeType = Enum.valueOf(ScopeType.class, scope.toUpperCase());
        } catch (final Exception e) {
            throw new InvalidParameterValueException("invalid scope for cache store " + scope);
        }
        if (scopeType != ScopeType.ZONE) {
            throw new InvalidParameterValueException("Only zone wide cache storage is supported");
        }
    }
    if (scopeType == ScopeType.ZONE && dcId == null) {
        throw new InvalidParameterValueException("zone id can't be null, if scope is zone");
    }
    // Check if the zone exists in the system
    final DataCenterVO zone = this._dcDao.findById(dcId);
    if (zone == null) {
        throw new InvalidParameterValueException("Can't find zone by id " + dcId);
    }
    final Account account = CallContext.current().getCallingAccount();
    if (AllocationState.Disabled == zone.getAllocationState() && !this._accountMgr.isRootAdmin(account.getId())) {
        final PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation, Zone with specified id is currently disabled");
        ex.addProxyObject(zone.getUuid(), "dcId");
        throw ex;
    }
    final Map<String, Object> params = new HashMap<>();
    params.put("zoneId", dcId);
    params.put("url", cmd.getUrl());
    params.put("name", cmd.getUrl());
    params.put("details", cmd.getDetails());
    params.put("scope", scopeType);
    params.put("providerName", storeProvider.getName());
    params.put("role", DataStoreRole.ImageCache);
    final DataStoreLifeCycle lifeCycle = storeProvider.getDataStoreLifeCycle();
    final DataStore store;
    try {
        store = lifeCycle.initialize(params);
    } catch (final Exception e) {
        s_logger.debug("Failed to add data store: " + e.getMessage(), e);
        throw new CloudRuntimeException("Failed to add data store: " + e.getMessage(), e);
    }
    return (ImageStore) this._dataStoreMgr.getDataStore(store.getId(), DataStoreRole.ImageCache);
}

Example 64 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class TaggedResourceManagerImpl method createTags.

@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_TAGS_CREATE, eventDescription = "creating resource tags")
public List<ResourceTag> createTags(final List<String> resourceIds, final ResourceObjectType resourceType, final Map<String, String> tags, final String customer) {
    final Account caller = CallContext.current().getCallingAccount();
    final List<ResourceTag> resourceTags = new ArrayList<>(tags.size());
    Transaction.execute(new TransactionCallbackNoReturn() {

        @Override
        public void doInTransactionWithoutResult(final TransactionStatus status) {
            for (final String key : tags.keySet()) {
                for (final String resourceId : resourceIds) {
                    if (!resourceType.resourceTagsSupport()) {
                        throw new InvalidParameterValueException("The resource type " + resourceType + " doesn't support resource tags");
                    }
                    final long id = getResourceId(resourceId, resourceType);
                    final String resourceUuid = getUuid(resourceId, resourceType);
                    final Pair<Long, Long> accountDomainPair = getAccountDomain(id, resourceType);
                    final Long domainId = accountDomainPair.second();
                    final Long accountId = accountDomainPair.first();
                    if ((domainId != null) && (domainId == -1)) {
                        throw new CloudRuntimeException("Invalid DomainId : -1");
                    }
                    if (accountId != null) {
                        _accountMgr.checkAccess(caller, null, false, _accountMgr.getAccount(accountId));
                    } else if (domainId != null && !_accountMgr.isNormalUser(caller.getId())) {
                        // check permissions;
                        _accountMgr.checkAccess(caller, _domainMgr.getDomain(domainId));
                    } else {
                        throw new PermissionDeniedException("Account " + caller + " doesn't have permissions to create tags" + " for resource " + key);
                    }
                    final String value = tags.get(key);
                    if (value == null || value.isEmpty()) {
                        throw new InvalidParameterValueException("Value for the key " + key + " is either null or empty");
                    }
                    ResourceTagVO resourceTag = new ResourceTagVO(key, value, accountDomainPair.first(), accountDomainPair.second(), id, resourceType, customer, resourceUuid);
                    resourceTag = _resourceTagDao.persist(resourceTag);
                    resourceTags.add(resourceTag);
                }
            }
        }
    });
    return resourceTags;
}

Example 65 with PermissionDeniedException

use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.

the class TemplateAdapterBase method prepare.

@Override
public TemplateProfile prepare(final boolean isIso, final long userId, final String name, final String displayText, Integer bits, Boolean passwordEnabled, final String url, Boolean isPublic, Boolean featured, Boolean isExtractable, final String format, Long guestOSId, Long zoneId, final HypervisorType hypervisorType, final String chksum, Boolean bootable, final String templateTag, final Account templateOwner, Map details, Boolean sshkeyEnabled, final String imageStoreUuid, final Boolean isDynamicallyScalable, final TemplateType templateType, final String manufacturerString, final OptimiseFor optimiseFor, final MaintenancePolicy maintenancePolicy, Boolean isRemoteGatewayTemplate) throws ResourceAllocationException {
    if (isPublic == null) {
        isPublic = Boolean.FALSE;
    }
    if (zoneId.longValue() == -1) {
        zoneId = null;
    }
    if (isIso) {
        if (bootable == null) {
            bootable = Boolean.TRUE;
        }
        final GuestOS noneGuestOs = ApiDBUtils.findGuestOSByDisplayName(ApiConstants.ISO_GUEST_OS_NONE);
        if ((guestOSId == null || noneGuestOs == null || guestOSId == noneGuestOs.getId()) && bootable == true) {
            throw new InvalidParameterValueException("Please pass a valid GuestOS Id");
        }
        if (bootable == false) {
            // Guest os id of None.
            guestOSId = noneGuestOs.getId();
        }
    } else {
        if (bits == null) {
            bits = Integer.valueOf(64);
        }
        if (passwordEnabled == null) {
            passwordEnabled = false;
        }
    }
    if (isExtractable == null) {
        isExtractable = Boolean.FALSE;
    }
    if (sshkeyEnabled == null) {
        sshkeyEnabled = Boolean.FALSE;
    }
    if (isRemoteGatewayTemplate == null) {
        isRemoteGatewayTemplate = Boolean.FALSE;
    }
    final boolean isAdmin = _accountMgr.isRootAdmin(templateOwner.getId());
    boolean isRegionStore = false;
    final List<ImageStoreVO> stores = _imgStoreDao.findRegionImageStores();
    if (stores != null && stores.size() > 0) {
        isRegionStore = true;
    }
    if (!isAdmin && zoneId == null && !isRegionStore) {
        // domain admin and user should also be able to register template on a region store
        throw new InvalidParameterValueException("Please specify a valid zone Id. Only admins can create templates in all zones.");
    }
    // check for the url format only when url is not null. url can be null incase of form based upload
    if (url != null && url.toLowerCase().contains("file://")) {
        throw new InvalidParameterValueException("File:// type urls are currently unsupported");
    }
    // check whether owner can create public templates
    final boolean allowPublicUserTemplates = TemplateManager.AllowPublicUserTemplates.valueIn(templateOwner.getId());
    if (!isAdmin && !allowPublicUserTemplates && isPublic) {
        throw new InvalidParameterValueException("Only private templates/ISO can be created.");
    }
    if (!isAdmin || featured == null) {
        featured = Boolean.FALSE;
    }
    final ImageFormat imgfmt;
    try {
        imgfmt = ImageFormat.valueOf(format.toUpperCase());
    } catch (final IllegalArgumentException e) {
        s_logger.debug("ImageFormat IllegalArgumentException: " + e.getMessage());
        throw new IllegalArgumentException("Image format: " + format + " is incorrect. Supported formats are " + EnumUtils.listValues(ImageFormat.values()));
    }
    // Check that the resource limit for templates/ISOs won't be exceeded
    final UserVO user = _userDao.findById(userId);
    if (user == null) {
        throw new IllegalArgumentException("Unable to find user with id " + userId);
    }
    _resourceLimitMgr.checkResourceLimit(templateOwner, ResourceType.template);
    // If a zoneId is specified, make sure it is valid
    if (zoneId != null) {
        final DataCenterVO zone = _dcDao.findById(zoneId);
        if (zone == null) {
            throw new IllegalArgumentException("Please specify a valid zone.");
        }
        final Account caller = CallContext.current().getCallingAccount();
        if (AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) {
            throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: " + zoneId);
        }
    }
    final List<VMTemplateVO> systemvmTmplts = _tmpltDao.listAllSystemVMTemplates();
    for (final VMTemplateVO template : systemvmTmplts) {
        if (template.getName().equalsIgnoreCase(name) || template.getDisplayText().equalsIgnoreCase(displayText)) {
            throw new IllegalArgumentException("Cannot use reserved names for templates");
        }
    }
    if (hypervisorType.equals(HypervisorType.XenServer)) {
        if (details == null || !details.containsKey("hypervisortoolsversion") || details.get("hypervisortoolsversion") == null || ((String) details.get("hypervisortoolsversion")).equalsIgnoreCase("none")) {
            final String hpvs = _configDao.getValue(Config.XenServerPVdriverVersion.key());
            if (hpvs != null) {
                if (details == null) {
                    details = new HashMap<String, String>();
                }
                details.put("hypervisortoolsversion", hpvs);
            }
        }
    }
    // When template contains Win, it should be set to OptimiseFor Windows
    OptimiseFor correctedOptimiseFor = optimiseFor;
    if (name != null && name.toLowerCase().contains("win") && optimiseFor != OptimiseFor.Windows) {
        s_logger.debug("Template name '" + name + "' contains 'win' so setting OptimiseFor to Windows");
        correctedOptimiseFor = OptimiseFor.Windows;
    }
    final Long id = _tmpltDao.getNextInSequence(Long.class, "id");
    CallContext.current().setEventDetails("Id: " + id + " name: " + name);
    return new TemplateProfile(id, userId, name, displayText, bits, passwordEnabled, url, isPublic, featured, isExtractable, imgfmt, guestOSId, zoneId, hypervisorType, templateOwner.getAccountName(), templateOwner.getDomainId(), templateOwner.getAccountId(), chksum, bootable, templateTag, details, sshkeyEnabled, null, isDynamicallyScalable, templateType, manufacturerString, correctedOptimiseFor, maintenancePolicy, isRemoteGatewayTemplate);
}