Example 46 with Project
use of com.cloud.projects.Project in project cloudstack by apache.
the class ConfigurationManagerImpl method dedicatePublicIpRange.
@Override
@DB
@ActionEvent(eventType = EventTypes.EVENT_VLAN_IP_RANGE_DEDICATE, eventDescription = "dedicating vlan ip range", async = false)
public Vlan dedicatePublicIpRange(final DedicatePublicIpRangeCmd cmd) throws ResourceAllocationException {
final Long vlanDbId = cmd.getId();
final String accountName = cmd.getAccountName();
final Long domainId = cmd.getDomainId();
final Long projectId = cmd.getProjectId();
// Check if account is valid
Account vlanOwner = null;
if (projectId != null) {
if (accountName != null) {
throw new InvalidParameterValueException("accountName and projectId are mutually exclusive");
}
final Project project = _projectMgr.getProject(projectId);
if (project == null) {
throw new InvalidParameterValueException("Unable to find project by id " + projectId);
}
vlanOwner = _accountMgr.getAccount(project.getProjectAccountId());
if (vlanOwner == null) {
throw new InvalidParameterValueException("Please specify a valid projectId");
}
}
Domain domain = null;
if (accountName != null && domainId != null) {
vlanOwner = _accountDao.findActiveAccount(accountName, domainId);
if (vlanOwner == null) {
throw new InvalidParameterValueException("Unable to find account by name " + accountName);
} else if (vlanOwner.getId() == Account.ACCOUNT_ID_SYSTEM) {
throw new InvalidParameterValueException("Please specify a valid account. Cannot dedicate IP range to system account");
}
} else if (domainId != null) {
domain = _domainDao.findById(domainId);
if (domain == null) {
throw new InvalidParameterValueException("Please specify a valid domain id");
}
}
// Check if range is valid
final VlanVO vlan = _vlanDao.findById(vlanDbId);
if (vlan == null) {
throw new InvalidParameterValueException("Unable to find vlan by id " + vlanDbId);
}
// Check if range has already been dedicated
final List<AccountVlanMapVO> maps = _accountVlanMapDao.listAccountVlanMapsByVlan(vlanDbId);
if (maps != null && !maps.isEmpty()) {
throw new InvalidParameterValueException("Specified Public IP range has already been dedicated");
}
List<DomainVlanMapVO> domainmaps = _domainVlanMapDao.listDomainVlanMapsByVlan(vlanDbId);
if (domainmaps != null && !domainmaps.isEmpty()) {
throw new InvalidParameterValueException("Specified Public IP range has already been dedicated to a domain");
}
// Verify that zone exists and is advanced
final Long zoneId = vlan.getDataCenterId();
final DataCenterVO zone = _zoneDao.findById(zoneId);
if (zone == null) {
throw new InvalidParameterValueException("Unable to find zone by id " + zoneId);
}
if (zone.getNetworkType() == NetworkType.Basic) {
throw new InvalidParameterValueException("Public IP range can be dedicated to an account only in the zone of type " + NetworkType.Advanced);
}
// Check Public IP resource limits
if (vlanOwner != null) {
final int accountPublicIpRange = _publicIpAddressDao.countIPs(zoneId, vlanDbId, false);
_resourceLimitMgr.checkResourceLimit(vlanOwner, ResourceType.public_ip, accountPublicIpRange);
}
// Check if any of the Public IP addresses is allocated to another
// account
final List<IPAddressVO> ips = _publicIpAddressDao.listByVlanId(vlanDbId);
for (final IPAddressVO ip : ips) {
final Long allocatedToAccountId = ip.getAllocatedToAccountId();
if (allocatedToAccountId != null) {
final Account accountAllocatedTo = _accountMgr.getActiveAccountById(allocatedToAccountId);
if (!accountAllocatedTo.getAccountName().equalsIgnoreCase(accountName)) {
throw new InvalidParameterValueException(ip.getAddress() + " Public IP address in range is allocated to another account ");
}
if (vlanOwner == null && domain != null && domain.getId() != accountAllocatedTo.getDomainId()) {
throw new InvalidParameterValueException(ip.getAddress() + " Public IP address in range is allocated to another domain/account ");
}
}
}
if (vlanOwner != null) {
// Create an AccountVlanMapVO entry
final AccountVlanMapVO accountVlanMapVO = new AccountVlanMapVO(vlanOwner.getId(), vlan.getId());
_accountVlanMapDao.persist(accountVlanMapVO);
// generate usage event for dedication of every ip address in the range
for (final IPAddressVO ip : ips) {
UsageEventUtils.publishUsageEvent(EventTypes.EVENT_NET_IP_ASSIGN, vlanOwner.getId(), ip.getDataCenterId(), ip.getId(), ip.getAddress().toString(), ip.isSourceNat(), vlan.getVlanType().toString(), ip.getSystem(), ip.getClass().getName(), ip.getUuid());
}
} else if (domain != null) {
// Create an DomainVlanMapVO entry
DomainVlanMapVO domainVlanMapVO = new DomainVlanMapVO(domain.getId(), vlan.getId());
_domainVlanMapDao.persist(domainVlanMapVO);
}
// increment resource count for dedicated public ip's
if (vlanOwner != null) {
_resourceLimitMgr.incrementResourceCount(vlanOwner.getId(), ResourceType.public_ip, new Long(ips.size()));
}
return vlan;
}
Also used :
DataCenterVO(com.cloud.dc.DataCenterVO)
Account(com.cloud.user.Account)
AccountVlanMapVO(com.cloud.dc.AccountVlanMapVO)
DomainVlanMapVO(com.cloud.dc.DomainVlanMapVO)
Project(com.cloud.projects.Project)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
IPAddressVO(com.cloud.network.dao.IPAddressVO)
Domain(com.cloud.domain.Domain)
VlanVO(com.cloud.dc.VlanVO)
ActionEvent(com.cloud.event.ActionEvent)
DB(com.cloud.utils.db.DB)
Example 47 with Project
use of com.cloud.projects.Project in project cloudstack by apache.
the class AccountManagerImpl method finalizeOwner.
@Override
public Account finalizeOwner(Account caller, String accountName, Long domainId, Long projectId) {
// don't default the owner to the system account
if (caller.getId() == Account.ACCOUNT_ID_SYSTEM && ((accountName == null || domainId == null) && projectId == null)) {
throw new InvalidParameterValueException("Account and domainId are needed for resource creation");
}
// projectId and account/domainId can't be specified together
if ((accountName != null && domainId != null) && projectId != null) {
throw new InvalidParameterValueException("ProjectId and account/domainId can't be specified together");
}
if (projectId != null) {
Project project = _projectMgr.getProject(projectId);
if (project == null) {
throw new InvalidParameterValueException("Unable to find project by id=" + projectId);
}
if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) {
throw new PermissionDeniedException("Account " + caller + " is unauthorised to use project id=" + projectId);
}
return getAccount(project.getProjectAccountId());
}
if (isAdmin(caller.getId()) && accountName != null && domainId != null) {
Domain domain = _domainMgr.getDomain(domainId);
if (domain == null) {
throw new InvalidParameterValueException("Unable to find the domain by id=" + domainId);
}
Account owner = _accountDao.findActiveAccount(accountName, domainId);
if (owner == null) {
throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId);
}
checkAccess(caller, domain);
return owner;
} else if (!isAdmin(caller.getId()) && accountName != null && domainId != null) {
if (!accountName.equals(caller.getAccountName()) || domainId.longValue() != caller.getDomainId()) {
throw new PermissionDeniedException("Can't create/list resources for account " + accountName + " in domain " + domainId + ", permission denied");
} else {
return caller;
}
} else {
if ((accountName == null && domainId != null) || (accountName != null && domainId == null)) {
throw new InvalidParameterValueException("AccountName and domainId must be specified together");
}
// regular user can't create/list resources for other people
return caller;
}
}
Also used :
Project(com.cloud.projects.Project)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
PermissionDeniedException(com.cloud.exception.PermissionDeniedException)
Domain(com.cloud.domain.Domain)
Example 48 with Project
use of com.cloud.projects.Project in project cloudstack by apache.
the class AccountManagerImpl method buildACLSearchParameters.
//TODO: deprecate this to use the new buildACLSearchParameters with permittedDomains, permittedAccounts, and permittedResources as return
@Override
public void buildACLSearchParameters(Account caller, Long id, String accountName, Long projectId, List<Long> permittedAccounts, Ternary<Long, Boolean, ListProjectResourcesCriteria> domainIdRecursiveListProject, boolean listAll, boolean forProjectInvitation) {
Long domainId = domainIdRecursiveListProject.first();
if (domainId != null) {
Domain domain = _domainDao.findById(domainId);
if (domain == null) {
throw new InvalidParameterValueException("Unable to find domain by id " + domainId);
}
// check permissions
checkAccess(caller, domain);
}
if (accountName != null) {
if (projectId != null) {
throw new InvalidParameterValueException("Account and projectId can't be specified together");
}
Account userAccount = null;
Domain domain = null;
if (domainId != null) {
userAccount = _accountDao.findActiveAccount(accountName, domainId);
domain = _domainDao.findById(domainId);
} else {
userAccount = _accountDao.findActiveAccount(accountName, caller.getDomainId());
domain = _domainDao.findById(caller.getDomainId());
}
if (userAccount != null) {
checkAccess(caller, null, false, userAccount);
// check permissions
permittedAccounts.add(userAccount.getId());
} else {
throw new InvalidParameterValueException("could not find account " + accountName + " in domain " + domain.getUuid());
}
}
// set project information
if (projectId != null) {
if (!forProjectInvitation) {
if (projectId.longValue() == -1) {
if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
permittedAccounts.addAll(_projectMgr.listPermittedProjectAccounts(caller.getId()));
} else {
domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.ListProjectResourcesOnly);
}
} else {
Project project = _projectMgr.getProject(projectId);
if (project == null) {
throw new InvalidParameterValueException("Unable to find project by id " + projectId);
}
if (!_projectMgr.canAccessProjectAccount(caller, project.getProjectAccountId())) {
throw new PermissionDeniedException("Account " + caller + " can't access project id=" + projectId);
}
permittedAccounts.add(project.getProjectAccountId());
}
}
} else {
if (id == null) {
domainIdRecursiveListProject.third(Project.ListProjectResourcesCriteria.SkipProjectResources);
}
if (permittedAccounts.isEmpty() && domainId == null) {
if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
permittedAccounts.add(caller.getId());
} else if (!listAll) {
if (id == null) {
permittedAccounts.add(caller.getId());
} else if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
domainIdRecursiveListProject.first(caller.getDomainId());
domainIdRecursiveListProject.second(true);
}
} else if (domainId == null) {
if (caller.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) {
domainIdRecursiveListProject.first(caller.getDomainId());
domainIdRecursiveListProject.second(true);
}
}
} else if (domainId != null) {
if (caller.getType() == Account.ACCOUNT_TYPE_NORMAL) {
permittedAccounts.add(caller.getId());
}
}
}
}
Also used :
Project(com.cloud.projects.Project)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
PermissionDeniedException(com.cloud.exception.PermissionDeniedException)
Domain(com.cloud.domain.Domain)
Aggregations
Project (com.cloud.projects.Project)48
Account (com.cloud.user.Account)30
InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)25
PermissionDeniedException (com.cloud.exception.PermissionDeniedException)16
Domain (com.cloud.domain.Domain)10
ArrayList (java.util.ArrayList)10
DomainVO (com.cloud.domain.DomainVO)7
Volume (com.cloud.storage.Volume)7
Pair (com.cloud.utils.Pair)6
List (java.util.List)6
ServerApiException (com.cloud.api.ServerApiException)5
ProjectResponse (com.cloud.api.response.ProjectResponse)5
PhysicalNetworkVO (com.cloud.network.dao.PhysicalNetworkVO)5
ProjectAccount (com.cloud.projects.ProjectAccount)5
UserAccount (com.cloud.user.UserAccount)5
ServerApiException (org.apache.cloudstack.api.ServerApiException)5
DataCenterVO (com.cloud.dc.DataCenterVO)4
DB (com.cloud.utils.db.DB)4
Filter (com.cloud.utils.db.Filter)4
VlanVO (com.cloud.dc.VlanVO)3
