Example 31 with PermissionDeniedException
use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.
the class ResourceCheckerTest method test_checkIfDataCenterIsUsable_whenDataCenterIsEnabledAndAccountIsRoot.
@Test
public void test_checkIfDataCenterIsUsable_whenDataCenterIsEnabledAndAccountIsRoot() throws Exception {
final DataCenterVO dataCenter = new DataCenterVO();
dataCenter.setAllocationState(AllocationState.Enabled);
final AccountVO account = new AccountVO(1L);
when(accountManager.isRootAdmin(1L)).thenReturn(true);
final ResourceChecker resourceChecker = buildResourceChecker();
try {
resourceChecker.checkIfDataCenterIsUsable(dataCenter, account);
} catch (final PermissionDeniedException e) {
fail("No PermissionDeniedException should have be generated");
}
}
Also used :
DataCenterVO(com.cloud.dc.DataCenterVO)
PermissionDeniedException(com.cloud.legacymodel.exceptions.PermissionDeniedException)
AccountVO(com.cloud.user.AccountVO)
Test(org.junit.Test)
Example 32 with PermissionDeniedException
use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.
the class AssociateIPAddrCmd method getEntityOwnerId.
@Override
public long getEntityOwnerId() {
final Account caller = CallContext.current().getCallingAccount();
if (accountName != null && domainId != null) {
final Account account = _accountService.finalizeOwner(caller, accountName, domainId, projectId);
return account.getId();
} else if (projectId != null) {
final Project project = _projectService.getProject(projectId);
if (project != null) {
if (project.getState() == Project.State.Active) {
return project.getProjectAccountId();
} else {
throw new PermissionDeniedException("Can't add resources to the project with specified projectId in state=" + project.getState() + " as it's no longer active");
}
} else {
throw new InvalidParameterValueException("Unable to find project by ID");
}
} else if (networkId != null) {
final Network network = _networkService.getNetwork(networkId);
if (network == null) {
throw new InvalidParameterValueException("Unable to find network by network id specified");
}
final NetworkOffering offering = _entityMgr.findById(NetworkOffering.class, network.getNetworkOfferingId());
final DataCenter zone = _entityMgr.findById(DataCenter.class, network.getDataCenterId());
if (zone.getNetworkType() == NetworkType.Basic && offering.getElasticIp() && offering.getElasticLb()) {
// shared network with EIP/ELB service.
return caller.getAccountId();
}
return network.getAccountId();
} else if (vpcId != null) {
final Vpc vpc = _entityMgr.findById(Vpc.class, getVpcId());
if (vpc == null) {
throw new InvalidParameterValueException("Can't find enabled VPC by ID specified");
}
return vpc.getAccountId();
}
return caller.getAccountId();
}
Also used :
Account(com.cloud.legacymodel.user.Account)
Project(com.cloud.projects.Project)
DataCenter(com.cloud.legacymodel.dc.DataCenter)
InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)
NetworkOffering(com.cloud.offering.NetworkOffering)
Network(com.cloud.legacymodel.network.Network)
Vpc(com.cloud.legacymodel.network.vpc.Vpc)
PermissionDeniedException(com.cloud.legacymodel.exceptions.PermissionDeniedException)
Example 33 with PermissionDeniedException
use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.
the class QueryManagerImpl method listProjectAccountsInternal.
public Pair<List<ProjectAccountJoinVO>, Integer> listProjectAccountsInternal(final ListProjectAccountsCmd cmd) {
final long projectId = cmd.getProjectId();
final String accountName = cmd.getAccountName();
final String role = cmd.getRole();
final Long startIndex = cmd.getStartIndex();
final Long pageSizeVal = cmd.getPageSizeVal();
// long projectId, String accountName, String role, Long startIndex,
// Long pageSizeVal) {
final Account caller = CallContext.current().getCallingAccount();
// check that the project exists
final Project project = _projectDao.findById(projectId);
if (project == null) {
throw new InvalidParameterValueException("Unable to find the project id=" + projectId);
}
// project's account
if (!_accountMgr.isAdmin(caller.getId()) && _projectAccountDao.findByProjectIdAccountId(projectId, caller.getAccountId()) == null) {
throw new PermissionDeniedException("Account " + caller + " is not authorized to list users of the project id=" + projectId);
}
final Filter searchFilter = new Filter(ProjectAccountJoinVO.class, "id", false, startIndex, pageSizeVal);
final SearchBuilder<ProjectAccountJoinVO> sb = _projectAccountJoinDao.createSearchBuilder();
sb.and("accountRole", sb.entity().getAccountRole(), Op.EQ);
sb.and("projectId", sb.entity().getProjectId(), Op.EQ);
if (accountName != null) {
sb.and("accountName", sb.entity().getAccountName(), Op.EQ);
}
final SearchCriteria<ProjectAccountJoinVO> sc = sb.create();
sc.setParameters("projectId", projectId);
if (role != null) {
sc.setParameters("accountRole", role);
}
if (accountName != null) {
sc.setParameters("accountName", accountName);
}
return _projectAccountJoinDao.searchAndCount(sc, searchFilter);
}
Also used :
Account(com.cloud.legacymodel.user.Account)
Project(com.cloud.projects.Project)
InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)
Filter(com.cloud.utils.db.Filter)
TemplateFilter(com.cloud.legacymodel.storage.VirtualMachineTemplate.TemplateFilter)
ProjectAccountJoinVO(com.cloud.api.query.vo.ProjectAccountJoinVO)
PermissionDeniedException(com.cloud.legacymodel.exceptions.PermissionDeniedException)
Example 34 with PermissionDeniedException
use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.
the class ResizeVolumeCmd method getEntityOwnerId.
@Override
public long getEntityOwnerId() {
final Volume volume = _entityMgr.findById(Volume.class, getEntityId());
if (volume == null) {
throw new InvalidParameterValueException("Unable to find volume by id=" + id);
}
final Account account = _accountService.getAccount(volume.getAccountId());
// Can resize volumes for enabled projects/accounts only
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
final Project project = _projectService.findByProjectAccountId(volume.getAccountId());
if (project.getState() != Project.State.Active) {
throw new PermissionDeniedException("Can't add resources to project id=" + project.getId() + " in state=" + project.getState() + " as it's no longer active");
}
} else if (account.getState() == Account.State.disabled) {
throw new PermissionDeniedException("The owner of volume " + id + " is disabled: " + account);
}
return volume.getAccountId();
}
Also used :
Account(com.cloud.legacymodel.user.Account)
Project(com.cloud.projects.Project)
Volume(com.cloud.legacymodel.storage.Volume)
InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)
PermissionDeniedException(com.cloud.legacymodel.exceptions.PermissionDeniedException)
Example 35 with PermissionDeniedException
use of com.cloud.legacymodel.exceptions.PermissionDeniedException in project cosmic by MissionCriticalCloud.
the class LoadBalancingRulesManagerImpl method assignToLoadBalancer.
@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_ASSIGN_TO_LOAD_BALANCER_RULE, eventDescription = "assigning to load balancer", async = true)
public boolean assignToLoadBalancer(final long loadBalancerId, final List<Long> instanceIds, Map<Long, List<String>> vmIdIpMap) {
final CallContext ctx = CallContext.current();
final Account caller = ctx.getCallingAccount();
final LoadBalancerVO loadBalancer = _lbDao.findById(loadBalancerId);
if (loadBalancer == null) {
throw new InvalidParameterValueException("Failed to assign to load balancer " + loadBalancerId + ", the load balancer was not found.");
}
if (instanceIds == null && vmIdIpMap.isEmpty()) {
throw new InvalidParameterValueException("Both instanceids and vmidipmap can't be null");
}
// instanceIds and vmIdipmap is passed
if (instanceIds != null && !vmIdIpMap.isEmpty()) {
for (final long instanceId : instanceIds) {
if (!vmIdIpMap.containsKey(instanceId)) {
vmIdIpMap.put(instanceId, null);
}
}
}
// only instanceids list passed
if (instanceIds != null && vmIdIpMap.isEmpty()) {
vmIdIpMap = new HashMap<>();
for (final long instanceId : instanceIds) {
vmIdIpMap.put(instanceId, null);
}
}
final List<LoadBalancerVMMapVO> mappedInstances = _lb2VmMapDao.listByLoadBalancerId(loadBalancerId, false);
final Set<Long> mappedInstanceIds = new HashSet<>();
for (final LoadBalancerVMMapVO mappedInstance : mappedInstances) {
mappedInstanceIds.add(Long.valueOf(mappedInstance.getInstanceId()));
}
final Map<Long, List<String>> existingVmIdIps = new HashMap<>();
// now get the ips of vm and add it to map
for (final LoadBalancerVMMapVO mappedInstance : mappedInstances) {
List<String> ipsList = null;
if (existingVmIdIps.containsKey(mappedInstance.getInstanceId())) {
ipsList = existingVmIdIps.get(mappedInstance.getInstanceId());
} else {
ipsList = new ArrayList<>();
}
ipsList.add(mappedInstance.getInstanceIp());
existingVmIdIps.put(mappedInstance.getInstanceId(), ipsList);
}
final List<UserVm> vmsToAdd = new ArrayList<>();
// check for conflict
final Set<Long> passedInstanceIds = vmIdIpMap.keySet();
for (final Long instanceId : passedInstanceIds) {
final UserVm vm = _vmDao.findById(instanceId);
if (vm == null || vm.getState() == State.Destroyed || vm.getState() == State.Expunging) {
final InvalidParameterValueException ex = new InvalidParameterValueException("Invalid instance id specified");
if (vm == null) {
ex.addProxyObject(instanceId.toString(), "instanceId");
} else {
ex.addProxyObject(vm.getUuid(), "instanceId");
}
throw ex;
}
_rulesMgr.checkRuleAndUserVm(loadBalancer, vm, caller);
if (vm.getAccountId() != loadBalancer.getAccountId()) {
throw new PermissionDeniedException("Cannot add virtual machines that do not belong to the same owner.");
}
// Let's check to make sure the vm has a nic in the same network as
// the load balancing rule.
final List<? extends Nic> nics = _networkModel.getNics(vm.getId());
Nic nicInSameNetwork = null;
for (final Nic nic : nics) {
if (nic.getNetworkId() == loadBalancer.getNetworkId()) {
nicInSameNetwork = nic;
break;
}
}
if (nicInSameNetwork == null) {
final InvalidParameterValueException ex = new InvalidParameterValueException("VM with id specified cannot be added because it doesn't belong in the same network.");
ex.addProxyObject(vm.getUuid(), "instanceId");
throw ex;
}
final String priIp = nicInSameNetwork.getIPv4Address();
if (existingVmIdIps.containsKey(instanceId)) {
// now check for ip address
final List<String> mappedIps = existingVmIdIps.get(instanceId);
List<String> newIps = vmIdIpMap.get(instanceId);
if (newIps == null) {
newIps = new ArrayList<>();
newIps.add(priIp);
}
for (final String newIp : newIps) {
if (mappedIps.contains(newIp)) {
throw new InvalidParameterValueException("VM " + instanceId + " with " + newIp + " is already mapped to load balancer.");
}
}
}
List<String> vmIpsList = vmIdIpMap.get(instanceId);
final String vmLbIp = null;
if (vmIpsList != null) {
// check if the ips belongs to nic secondary ip
for (final String ip : vmIpsList) {
// skip the primary ip from vm secondary ip comparisions
if (ip.equals(priIp)) {
continue;
}
if (_nicSecondaryIpDao.findByIp4AddressAndNicId(ip, nicInSameNetwork.getId()) == null) {
throw new InvalidParameterValueException("VM ip " + ip + " specified does not belong to " + "nic in network " + nicInSameNetwork.getNetworkId());
}
}
} else {
vmIpsList = new ArrayList<>();
vmIpsList.add(priIp);
}
// assign for primary ip and ip passed in vmidipmap
if (instanceIds != null) {
if (instanceIds.contains(instanceId)) {
vmIpsList.add(priIp);
}
}
vmIdIpMap.put(instanceId, vmIpsList);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Adding " + vm + " to the load balancer pool");
}
vmsToAdd.add(vm);
}
final Set<Long> vmIds = vmIdIpMap.keySet();
final Map<Long, List<String>> newMap = vmIdIpMap;
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(final TransactionStatus status) {
for (final Long vmId : vmIds) {
final Set<String> lbVmIps = new HashSet<>(newMap.get(vmId));
for (final String vmIp : lbVmIps) {
LoadBalancerVMMapVO map = new LoadBalancerVMMapVO(loadBalancer.getId(), vmId, vmIp, false);
map = _lb2VmMapDao.persist(map);
}
}
}
});
boolean success = false;
final FirewallRule.State backupState = loadBalancer.getState();
try {
loadBalancer.setState(FirewallRule.State.Add);
_lbDao.persist(loadBalancer);
applyLoadBalancerConfig(loadBalancerId);
success = true;
} catch (final ResourceUnavailableException e) {
s_logger.warn("Unable to apply the load balancer config because resource is unavaliable.", e);
success = false;
} finally {
if (!success) {
final List<Long> vmInstanceIds = new ArrayList<>();
Transaction.execute(new TransactionCallbackNoReturn() {
@Override
public void doInTransactionWithoutResult(final TransactionStatus status) {
for (final Long vmId : vmIds) {
vmInstanceIds.add(vmId);
}
}
});
if (!vmInstanceIds.isEmpty()) {
_lb2VmMapDao.remove(loadBalancer.getId(), vmInstanceIds, null);
s_logger.debug("LB Rollback rule id: " + loadBalancer.getId() + " while attaching VM: " + vmInstanceIds);
}
loadBalancer.setState(backupState);
_lbDao.persist(loadBalancer);
final CloudRuntimeException ex = new CloudRuntimeException("Failed to add specified loadbalancerruleid for vms " + vmInstanceIds);
ex.addProxyObject(loadBalancer.getUuid(), "loadBalancerId");
// right VO object or table name.
throw ex;
}
}
return success;
}
Also used :
Account(com.cloud.legacymodel.user.Account)
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
LoadBalancerVO(com.cloud.network.dao.LoadBalancerVO)
ArrayList(java.util.ArrayList)
TransactionStatus(com.cloud.utils.db.TransactionStatus)
TransactionCallbackNoReturn(com.cloud.utils.db.TransactionCallbackNoReturn)
UserVm(com.cloud.uservm.UserVm)
InvalidParameterValueException(com.cloud.legacymodel.exceptions.InvalidParameterValueException)
CloudRuntimeException(com.cloud.legacymodel.exceptions.CloudRuntimeException)
LoadBalancerVMMapVO(com.cloud.network.dao.LoadBalancerVMMapVO)
ArrayList(java.util.ArrayList)
List(java.util.List)
FirewallRule(com.cloud.legacymodel.network.FirewallRule)
HashSet(java.util.HashSet)
Nic(com.cloud.legacymodel.network.Nic)
CallContext(com.cloud.context.CallContext)
ResourceUnavailableException(com.cloud.legacymodel.exceptions.ResourceUnavailableException)
PermissionDeniedException(com.cloud.legacymodel.exceptions.PermissionDeniedException)
ActionEvent(com.cloud.event.ActionEvent)
DB(com.cloud.utils.db.DB)
Aggregations
PermissionDeniedException (com.cloud.legacymodel.exceptions.PermissionDeniedException)73
Account (com.cloud.legacymodel.user.Account)64
InvalidParameterValueException (com.cloud.legacymodel.exceptions.InvalidParameterValueException)59
ActionEvent (com.cloud.event.ActionEvent)26
CloudRuntimeException (com.cloud.legacymodel.exceptions.CloudRuntimeException)25
ArrayList (java.util.ArrayList)14
UserAccount (com.cloud.legacymodel.user.UserAccount)13
DB (com.cloud.utils.db.DB)13
DataCenterVO (com.cloud.dc.DataCenterVO)11
HashMap (java.util.HashMap)11
DomainVO (com.cloud.domain.DomainVO)9
ResourceUnavailableException (com.cloud.legacymodel.exceptions.ResourceUnavailableException)9
Project (com.cloud.projects.Project)9
InsufficientCapacityException (com.cloud.legacymodel.exceptions.InsufficientCapacityException)8
Pair (com.cloud.legacymodel.utils.Pair)8
VMTemplateVO (com.cloud.storage.VMTemplateVO)8
TransactionStatus (com.cloud.utils.db.TransactionStatus)8
List (java.util.List)8
Domain (com.cloud.legacymodel.domain.Domain)7
VolumeVO (com.cloud.storage.VolumeVO)7
