use of com.cloud.legacymodel.user.Account in project cosmic by MissionCriticalCloud.
the class VirtualMachineManagerImpl method migrateVmAwayThroughJobQueue.
public Outcome<VirtualMachine> migrateVmAwayThroughJobQueue(final String vmUuid, final long srcHostId) {
final CallContext context = CallContext.current();
final User user = context.getCallingUser();
final Account account = context.getCallingAccount();
final VMInstanceVO vm = _vmDao.findByUuid(vmUuid);
final List<VmWorkJobVO> pendingWorkJobs = _workJobDao.listPendingWorkJobs(VirtualMachineType.Instance, vm.getId(), VmWorkMigrateAway.class.getName());
VmWorkJobVO workJob = null;
if (pendingWorkJobs != null && pendingWorkJobs.size() > 0) {
assert pendingWorkJobs.size() == 1;
workJob = pendingWorkJobs.get(0);
} else {
workJob = new VmWorkJobVO(context.getContextId());
workJob.setDispatcher(VmWorkConstants.VM_WORK_JOB_DISPATCHER);
workJob.setCmd(VmWorkMigrateAway.class.getName());
workJob.setAccountId(account.getId());
workJob.setUserId(user.getId());
workJob.setVmType(VirtualMachineType.Instance);
workJob.setVmInstanceId(vm.getId());
workJob.setRelated(AsyncJobExecutionContext.getOriginJobId());
// save work context info (there are some duplications)
final VmWorkMigrateAway workInfo = new VmWorkMigrateAway(user.getId(), account.getId(), vm.getId(), VirtualMachineManagerImpl.VM_WORK_JOB_HANDLER, srcHostId);
workJob.setCmdInfo(VmWorkSerializer.serialize(workInfo));
}
_jobMgr.submitAsyncJob(workJob, VmWorkConstants.VM_WORK_QUEUE, vm.getId());
AsyncJobExecutionContext.getCurrentExecutionContext().joinJob(workJob.getId());
return new VmStateSyncOutcome(workJob, VirtualMachine.PowerState.PowerOn, vm.getId(), vm.getPowerHostId());
}
use of com.cloud.legacymodel.user.Account in project cosmic by MissionCriticalCloud.
the class FirstFitAllocator method allocateTo.
@Override
public List<Host> allocateTo(final VirtualMachineProfile vmProfile, final DeploymentPlan plan, final HostType type, final ExcludeList avoid, final List<? extends Host> hosts, final int returnUpTo, final boolean considerReservedCapacity) {
final long dcId = plan.getDataCenterId();
final Long podId = plan.getPodId();
final Long clusterId = plan.getClusterId();
final ServiceOffering offering = vmProfile.getServiceOffering();
final VMTemplateVO template = (VMTemplateVO) vmProfile.getTemplate();
final Account account = vmProfile.getOwner();
List<Host> suitableHosts = new ArrayList<>();
final List<Host> hostsCopy = new ArrayList<>(hosts);
if (type == HostType.Storage) {
// routing or not.
return suitableHosts;
}
final String hostTagOnOffering = offering.getHostTag();
final String hostTagOnTemplate = template.getTemplateTag();
final boolean hasSvcOfferingTag = hostTagOnOffering != null ? true : false;
final boolean hasTemplateTag = hostTagOnTemplate != null ? true : false;
final String haVmTag = (String) vmProfile.getParameter(VirtualMachineProfile.Param.HaTag);
if (haVmTag != null) {
hostsCopy.retainAll(_hostDao.listByHostTag(type, clusterId, podId, dcId, haVmTag));
} else {
if (hostTagOnOffering == null && hostTagOnTemplate == null) {
hostsCopy.retainAll(_resourceMgr.listAllUpAndEnabledNonHAHosts(type, clusterId, podId, dcId));
} else {
if (hasSvcOfferingTag) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Looking for hosts having tag specified on SvcOffering:" + hostTagOnOffering);
}
hostsCopy.retainAll(_hostDao.listByHostTag(type, clusterId, podId, dcId, hostTagOnOffering));
if (s_logger.isDebugEnabled()) {
s_logger.debug("Hosts with tag '" + hostTagOnOffering + "' are:" + hostsCopy);
}
}
if (hasTemplateTag) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Looking for hosts having tag specified on Template:" + hostTagOnTemplate);
}
hostsCopy.retainAll(_hostDao.listByHostTag(type, clusterId, podId, dcId, hostTagOnTemplate));
if (s_logger.isDebugEnabled()) {
s_logger.debug("Hosts with tag '" + hostTagOnTemplate + "' are:" + hostsCopy);
}
}
}
}
if (!hostsCopy.isEmpty()) {
suitableHosts = allocateTo(plan, offering, template, avoid, hostsCopy, returnUpTo, considerReservedCapacity, account);
}
return suitableHosts;
}
use of com.cloud.legacymodel.user.Account in project cosmic by MissionCriticalCloud.
the class FirstFitAllocator method allocateTo.
@Override
public List<Host> allocateTo(final VirtualMachineProfile vmProfile, final DeploymentPlan plan, final HostType type, final ExcludeList avoid, final int returnUpTo, final boolean considerReservedCapacity) {
final long dcId = plan.getDataCenterId();
final Long podId = plan.getPodId();
final Long clusterId = plan.getClusterId();
final ServiceOffering offering = vmProfile.getServiceOffering();
final VMTemplateVO template = (VMTemplateVO) vmProfile.getTemplate();
final Account account = vmProfile.getOwner();
if (type == HostType.Storage) {
// FirstFitAllocator should be used for user VMs only since it won't care whether the host is capable of routing or not
return new ArrayList<>();
}
if (s_logger.isDebugEnabled()) {
s_logger.debug("Looking for hosts in dc: " + dcId + " pod:" + podId + " cluster:" + clusterId);
}
final String hostTagOnOffering = offering.getHostTag();
final String hostTagOnTemplate = template.getTemplateTag();
final boolean hasSvcOfferingTag = hostTagOnOffering != null ? true : false;
final boolean hasTemplateTag = hostTagOnTemplate != null ? true : false;
List<HostVO> clusterHosts = new ArrayList<>();
final String haVmTag = (String) vmProfile.getParameter(VirtualMachineProfile.Param.HaTag);
if (haVmTag != null) {
clusterHosts = _hostDao.listByHostTag(type, clusterId, podId, dcId, haVmTag);
} else {
if (hostTagOnOffering == null && hostTagOnTemplate == null) {
clusterHosts = _resourceMgr.listAllUpAndEnabledNonHAHosts(type, clusterId, podId, dcId);
} else {
List<HostVO> hostsMatchingOfferingTag = new ArrayList<>();
List<HostVO> hostsMatchingTemplateTag = new ArrayList<>();
if (hasSvcOfferingTag) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Looking for hosts having tag specified on SvcOffering:" + hostTagOnOffering);
}
hostsMatchingOfferingTag = _hostDao.listByHostTag(type, clusterId, podId, dcId, hostTagOnOffering);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Hosts with tag '" + hostTagOnOffering + "' are:" + hostsMatchingOfferingTag);
}
}
if (hasTemplateTag) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Looking for hosts having tag specified on Template:" + hostTagOnTemplate);
}
hostsMatchingTemplateTag = _hostDao.listByHostTag(type, clusterId, podId, dcId, hostTagOnTemplate);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Hosts with tag '" + hostTagOnTemplate + "' are:" + hostsMatchingTemplateTag);
}
}
if (hasSvcOfferingTag && hasTemplateTag) {
hostsMatchingOfferingTag.retainAll(hostsMatchingTemplateTag);
clusterHosts = _hostDao.listByHostTag(type, clusterId, podId, dcId, hostTagOnTemplate);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Found " + hostsMatchingOfferingTag.size() + " Hosts satisfying both tags, host ids are:" + hostsMatchingOfferingTag);
}
clusterHosts = hostsMatchingOfferingTag;
} else {
if (hasSvcOfferingTag) {
clusterHosts = hostsMatchingOfferingTag;
} else {
clusterHosts = hostsMatchingTemplateTag;
}
}
}
}
// add all hosts that we are not considering to the avoid list
final List<HostVO> allhostsInCluster = _hostDao.listAllUpAndEnabledNonHAHosts(type, clusterId, podId, dcId, null);
allhostsInCluster.removeAll(clusterHosts);
for (final HostVO host : allhostsInCluster) {
avoid.addHost(host.getId());
}
return allocateTo(plan, offering, template, avoid, clusterHosts, returnUpTo, considerReservedCapacity, account);
}
use of com.cloud.legacymodel.user.Account in project cosmic by MissionCriticalCloud.
the class DomainChecker method checkAccess.
@Override
public boolean checkAccess(final Account caller, final ControlledEntity entity, final AccessType accessType) throws PermissionDeniedException {
if (entity instanceof VirtualMachineTemplate) {
final VirtualMachineTemplate template = (VirtualMachineTemplate) entity;
final Account owner = _accountDao.findById(template.getAccountId());
// validate that the template is usable by the account
if (!template.isPublicTemplate()) {
if (_accountService.isRootAdmin(caller.getId()) || (owner.getId() == caller.getId())) {
return true;
}
// special handling for the project case
if (owner.getType() == Account.ACCOUNT_TYPE_PROJECT && _projectMgr.canAccessProjectAccount(caller, owner.getId())) {
return true;
}
// since the current account is not the owner of the template, check the launch permissions table to see if the
// account can launch a VM from this template
final LaunchPermissionVO permission = _launchPermissionDao.findByTemplateAndAccount(template.getId(), caller.getId());
if (permission == null) {
throw new PermissionDeniedException(caller + " does not have permission to launch instances from " + template);
}
} else {
// Domain admin and regular user can delete/modify only templates created by them
if (accessType != null && accessType == AccessType.OperateEntry) {
if (!_accountService.isRootAdmin(caller.getId()) && owner.getId() != caller.getId()) {
// For projects check if the caller account can access the project account
if (owner.getType() != Account.ACCOUNT_TYPE_PROJECT || !(_projectMgr.canAccessProjectAccount(caller, owner.getId()))) {
throw new PermissionDeniedException("Domain Admin and regular users can modify only their own Public templates");
}
}
}
}
return true;
} else if (entity instanceof Network && accessType != null && accessType == AccessType.UseEntry) {
_networkMgr.checkNetworkPermissions(caller, (Network) entity);
} else if (entity instanceof AffinityGroup) {
return false;
} else {
if (_accountService.isNormalUser(caller.getId())) {
final Account account = _accountDao.findById(entity.getAccountId());
if (account != null && account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
// only project owner can delete/modify the project
if (accessType != null && accessType == AccessType.ModifyProject) {
if (!_projectMgr.canModifyProjectAccount(caller, account.getId())) {
throw new PermissionDeniedException(caller + " does not have permission to operate with resource " + entity);
}
} else if (!_projectMgr.canAccessProjectAccount(caller, account.getId())) {
throw new PermissionDeniedException(caller + " does not have permission to operate with resource " + entity);
}
} else {
if (caller.getId() != entity.getAccountId()) {
throw new PermissionDeniedException(caller + " does not have permission to operate with resource " + entity);
}
}
}
}
return true;
}
use of com.cloud.legacymodel.user.Account in project cosmic by MissionCriticalCloud.
the class AffinityGroupServiceImpl method deleteAffinityGroup.
@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_AFFINITY_GROUP_DELETE, eventDescription = "Deleting affinity group")
public boolean deleteAffinityGroup(final Long affinityGroupId, final String account, final Long projectId, final Long domainId, final String affinityGroupName) {
final AffinityGroupVO group = getAffinityGroup(affinityGroupId, account, projectId, domainId, affinityGroupName);
// check permissions
final Account caller = CallContext.current().getCallingAccount();
_accountMgr.checkAccess(caller, AccessType.OperateEntry, true, group);
final Long affinityGroupIdFinal = group.getId();
deleteAffinityGroup(affinityGroupIdFinal);
// remove its related ACL permission
final Pair<Class<?>, Long> params = new Pair<>(AffinityGroup.class, affinityGroupIdFinal);
_messageBus.publish(_name, EntityManager.MESSAGE_REMOVE_ENTITY_EVENT, PublishScope.LOCAL, params);
if (s_logger.isDebugEnabled()) {
s_logger.debug("Deleted affinity group id=" + affinityGroupIdFinal);
}
return true;
}
Aggregations