Example 86 with Project
use of com.cloud.projects.Project in project cloudstack by apache.
the class ApiServlet method setProjectContext.
private void setProjectContext(Map<String, Object[]> requestParameters) {
final String[] command = (String[]) requestParameters.get(ApiConstants.COMMAND);
if (command == null) {
s_logger.info("missing command, ignoring request...");
return;
}
final String commandName = command[0];
CallContext.current().setApiName(commandName);
for (Map.Entry<String, Object[]> entry : requestParameters.entrySet()) {
if (entry.getKey().equals(ApiConstants.PROJECT_ID) || isSpecificAPI(commandName)) {
String projectId = null;
if (isSpecificAPI(commandName)) {
projectId = String.valueOf(requestParameters.entrySet().stream().filter(e -> e.getKey().equals(ApiConstants.ID)).map(Map.Entry::getValue).findFirst().get()[0]);
} else {
projectId = String.valueOf(entry.getValue()[0]);
}
Project project = projectDao.findByUuid(projectId);
if (project != null) {
CallContext.current().setProject(project);
}
}
}
}Example 87 with Project
use of com.cloud.projects.Project in project cloudstack by apache.
the class KubernetesClusterManagerImpl method createKubernetesClusterResponse.
@Override
public KubernetesClusterResponse createKubernetesClusterResponse(long kubernetesClusterId) {
KubernetesClusterVO kubernetesCluster = kubernetesClusterDao.findById(kubernetesClusterId);
KubernetesClusterResponse response = new KubernetesClusterResponse();
response.setObjectName(KubernetesCluster.class.getSimpleName().toLowerCase());
response.setId(kubernetesCluster.getUuid());
response.setName(kubernetesCluster.getName());
response.setDescription(kubernetesCluster.getDescription());
DataCenterVO zone = ApiDBUtils.findZoneById(kubernetesCluster.getZoneId());
response.setZoneId(zone.getUuid());
response.setZoneName(zone.getName());
response.setMasterNodes(kubernetesCluster.getControlNodeCount());
response.setControlNodes(kubernetesCluster.getControlNodeCount());
response.setClusterSize(kubernetesCluster.getNodeCount());
VMTemplateVO template = ApiDBUtils.findTemplateById(kubernetesCluster.getTemplateId());
response.setTemplateId(template.getUuid());
ServiceOfferingVO offering = serviceOfferingDao.findById(kubernetesCluster.getServiceOfferingId());
response.setServiceOfferingId(offering.getUuid());
response.setServiceOfferingName(offering.getName());
KubernetesSupportedVersionVO version = kubernetesSupportedVersionDao.findById(kubernetesCluster.getKubernetesVersionId());
if (version != null) {
response.setKubernetesVersionId(version.getUuid());
response.setKubernetesVersionName(version.getName());
}
Account account = ApiDBUtils.findAccountById(kubernetesCluster.getAccountId());
if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) {
Project project = ApiDBUtils.findProjectByProjectAccountId(account.getId());
response.setProjectId(project.getUuid());
response.setProjectName(project.getName());
} else {
response.setAccountName(account.getAccountName());
}
Domain domain = ApiDBUtils.findDomainById(kubernetesCluster.getDomainId());
response.setDomainId(domain.getUuid());
response.setDomainName(domain.getName());
response.setKeypair(kubernetesCluster.getKeyPair());
response.setState(kubernetesCluster.getState().toString());
response.setCores(String.valueOf(kubernetesCluster.getCores()));
response.setMemory(String.valueOf(kubernetesCluster.getMemory()));
NetworkVO ntwk = networkDao.findByIdIncludingRemoved(kubernetesCluster.getNetworkId());
response.setEndpoint(kubernetesCluster.getEndpoint());
response.setNetworkId(ntwk.getUuid());
response.setAssociatedNetworkName(ntwk.getName());
if (ntwk.getGuestType() == Network.GuestType.Isolated) {
List<IPAddressVO> ipAddresses = ipAddressDao.listByAssociatedNetwork(ntwk.getId(), true);
if (ipAddresses != null && ipAddresses.size() == 1) {
response.setIpAddress(ipAddresses.get(0).getAddress().addr());
response.setIpAddressId(ipAddresses.get(0).getUuid());
}
}
List<UserVmResponse> vmResponses = new ArrayList<UserVmResponse>();
List<KubernetesClusterVmMapVO> vmList = kubernetesClusterVmMapDao.listByClusterId(kubernetesCluster.getId());
ResponseView respView = ResponseView.Restricted;
Account caller = CallContext.current().getCallingAccount();
if (accountService.isRootAdmin(caller.getId())) {
respView = ResponseView.Full;
}
final String responseName = "virtualmachine";
if (vmList != null && !vmList.isEmpty()) {
for (KubernetesClusterVmMapVO vmMapVO : vmList) {
UserVmJoinVO userVM = userVmJoinDao.findById(vmMapVO.getVmId());
if (userVM != null) {
UserVmResponse vmResponse = ApiDBUtils.newUserVmResponse(respView, responseName, userVM, EnumSet.of(VMDetails.nics), caller);
vmResponses.add(vmResponse);
}
}
}
response.setHasAnnotation(annotationDao.hasAnnotations(kubernetesCluster.getUuid(), AnnotationService.EntityType.KUBERNETES_CLUSTER.name(), accountService.isRootAdmin(caller.getId())));
response.setVirtualMachines(vmResponses);
response.setAutoscalingEnabled(kubernetesCluster.getAutoscalingEnabled());
response.setMinSize(kubernetesCluster.getMinSize());
response.setMaxSize(kubernetesCluster.getMaxSize());
return response;
}
Also used :
DataCenterVO(com.cloud.dc.DataCenterVO)
KubernetesClusterResponse(org.apache.cloudstack.api.response.KubernetesClusterResponse)
UserAccount(com.cloud.user.UserAccount)
Account(com.cloud.user.Account)
NetworkVO(com.cloud.network.dao.NetworkVO)
VMTemplateVO(com.cloud.storage.VMTemplateVO)
ArrayList(java.util.ArrayList)
ServiceOfferingVO(com.cloud.service.ServiceOfferingVO)
UserVmResponse(org.apache.cloudstack.api.response.UserVmResponse)
UserVmJoinVO(com.cloud.api.query.vo.UserVmJoinVO)
Project(com.cloud.projects.Project)
ResponseView(org.apache.cloudstack.api.ResponseObject.ResponseView)
KubernetesSupportedVersionVO(com.cloud.kubernetes.version.KubernetesSupportedVersionVO)
IPAddressVO(com.cloud.network.dao.IPAddressVO)
Domain(com.cloud.domain.Domain)
Example 88 with Project
use of com.cloud.projects.Project in project cloudstack by apache.
the class CertServiceImpl method listSslCerts.
@Override
public List<SslCertResponse> listSslCerts(final ListSslCertsCmd listSslCertCmd) {
Preconditions.checkNotNull(listSslCertCmd);
final CallContext ctx = CallContext.current();
final Account caller = ctx.getCallingAccount();
final Long certId = listSslCertCmd.getCertId();
final Long accountId = listSslCertCmd.getAccountId();
final Long lbRuleId = listSslCertCmd.getLbId();
final Long projectId = listSslCertCmd.getProjectId();
final List<SslCertResponse> certResponseList = new ArrayList<SslCertResponse>();
if (certId == null && accountId == null && lbRuleId == null && projectId == null) {
throw new InvalidParameterValueException("Invalid parameters either certificate ID or Account ID or Loadbalancer ID or Project ID required");
}
List<LoadBalancerCertMapVO> certLbMap = null;
SslCertVO certVO = null;
if (certId != null) {
certVO = _sslCertDao.findById(certId);
if (certVO == null) {
throw new InvalidParameterValueException("Invalid certificate id: " + certId);
}
_accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseEntry, true, certVO);
certLbMap = _lbCertDao.listByCertId(certId);
certResponseList.add(createCertResponse(certVO, certLbMap));
return certResponseList;
}
if (lbRuleId != null) {
final LoadBalancer lb = _entityMgr.findById(LoadBalancerVO.class, lbRuleId);
if (lb == null) {
throw new InvalidParameterValueException("Found no loadbalancer with id: " + lbRuleId);
}
_accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseEntry, true, lb);
// get the cert id
LoadBalancerCertMapVO lbCertMapRule;
lbCertMapRule = _lbCertDao.findByLbRuleId(lbRuleId);
if (lbCertMapRule == null) {
s_logger.debug("No certificate bound to loadbalancer id: " + lbRuleId);
return certResponseList;
}
certVO = _sslCertDao.findById(lbCertMapRule.getCertId());
certLbMap = _lbCertDao.listByCertId(lbCertMapRule.getCertId());
certResponseList.add(createCertResponse(certVO, certLbMap));
return certResponseList;
}
if (projectId != null) {
final Project project = _projectMgr.getProject(projectId);
if (project == null) {
throw new InvalidParameterValueException("Found no project with id: " + projectId);
}
final List<SslCertVO> projectCertVOList = _sslCertDao.listByAccountId(project.getProjectAccountId());
if (projectCertVOList == null || projectCertVOList.isEmpty()) {
return certResponseList;
}
_accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseEntry, true, projectCertVOList.get(0));
for (final SslCertVO cert : projectCertVOList) {
certLbMap = _lbCertDao.listByCertId(cert.getId());
certResponseList.add(createCertResponse(cert, certLbMap));
}
return certResponseList;
}
// reached here look by accountId
final List<SslCertVO> certVOList = _sslCertDao.listByAccountId(accountId);
if (certVOList == null || certVOList.isEmpty()) {
return certResponseList;
}
_accountMgr.checkAccess(caller, SecurityChecker.AccessType.UseEntry, true, certVOList.get(0));
for (final SslCertVO cert : certVOList) {
certLbMap = _lbCertDao.listByCertId(cert.getId());
certResponseList.add(createCertResponse(cert, certLbMap));
}
return certResponseList;
}
Also used :
Account(com.cloud.user.Account)
ArrayList(java.util.ArrayList)
LoadBalancerCertMapVO(com.cloud.network.dao.LoadBalancerCertMapVO)
LoadBalancer(com.cloud.network.rules.LoadBalancer)
CallContext(org.apache.cloudstack.context.CallContext)
Project(com.cloud.projects.Project)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
SslCertVO(com.cloud.network.dao.SslCertVO)
SslCertResponse(org.apache.cloudstack.api.response.SslCertResponse)
Example 89 with Project
use of com.cloud.projects.Project in project cloudstack by apache.
the class ProjectRoleBasedApiAccessChecker method checkAccess.
@Override
public boolean checkAccess(User user, String apiCommandName) throws PermissionDeniedException {
if (isDisabled()) {
return true;
}
Account userAccount = accountService.getAccount(user.getAccountId());
Project project = CallContext.current().getProject();
if (project == null) {
return true;
}
if (accountService.isRootAdmin(userAccount.getId()) || accountService.isDomainAdmin(userAccount.getAccountId())) {
return true;
}
ProjectAccount projectUser = projectAccountDao.findByProjectIdUserId(project.getId(), userAccount.getAccountId(), user.getId());
if (projectUser != null) {
if (projectUser.getAccountRole() == ProjectAccount.Role.Admin) {
return true;
} else {
return isPermitted(project, projectUser, apiCommandName);
}
}
ProjectAccount projectAccount = projectAccountDao.findByProjectIdAccountId(project.getId(), userAccount.getAccountId());
if (projectAccount != null) {
if (projectAccount.getAccountRole() == ProjectAccount.Role.Admin) {
return true;
} else {
return isPermitted(project, projectAccount, apiCommandName);
}
}
// Default deny all
if ("updateProjectInvitation".equals(apiCommandName)) {
return true;
}
throw new UnavailableCommandException("The API " + apiCommandName + " does not exist or is not available for this account/user in project " + project.getUuid());
}
Also used :
Account(com.cloud.user.Account)
ProjectAccount(com.cloud.projects.ProjectAccount)
Project(com.cloud.projects.Project)
ProjectAccount(com.cloud.projects.ProjectAccount)
UnavailableCommandException(com.cloud.exception.UnavailableCommandException)
Aggregations
Project (com.cloud.projects.Project)89
Account (com.cloud.user.Account)55
PermissionDeniedException (com.cloud.exception.PermissionDeniedException)28
InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)27
Domain (com.cloud.domain.Domain)20
ArrayList (java.util.ArrayList)20
InvalidParameterValueException (com.cloud.utils.exception.InvalidParameterValueException)18
DomainVO (com.cloud.domain.DomainVO)12
PhysicalNetworkVO (com.cloud.network.dao.PhysicalNetworkVO)11
Pair (com.cloud.utils.Pair)11
List (java.util.List)11
ServerApiException (com.cloud.api.ServerApiException)10
ProjectAccount (com.cloud.projects.ProjectAccount)10
Volume (com.cloud.storage.Volume)10
UserAccount (com.cloud.user.UserAccount)10
DB (com.cloud.utils.db.DB)10
ProjectResponse (com.cloud.api.response.ProjectResponse)9
Filter (com.cloud.utils.db.Filter)9
DataCenterVO (com.cloud.dc.DataCenterVO)8
VlanVO (com.cloud.dc.VlanVO)6
