Search in sources :

Example 86 with TenantOrg

use of com.emc.storageos.db.client.model.TenantOrg in project coprhd-controller by CoprHD.

the class BasePermissionsHelper method removeRootRoleAssignmentOnTenantAndProject.

public void removeRootRoleAssignmentOnTenantAndProject() throws DatabaseException {
    String keyForRoot = new PermissionsKey(PermissionsKey.Type.SID, ROOT).toString();
    StringBuffer tenantRolesRemoved = new StringBuffer("Tenant roles removed: ");
    StringBuffer projectOwnerRemoved = new StringBuffer("Project owner removed: ");
    List<URI> uriQueryResultList = _dbClient.queryByType(TenantOrg.class, true);
    Iterator<TenantOrg> tenantOrgIterator = _dbClient.queryIterativeObjects(TenantOrg.class, uriQueryResultList);
    while (tenantOrgIterator.hasNext()) {
        boolean bNeedPersistent = false;
        TenantOrg tenantOrg = tenantOrgIterator.next();
        Set<String> rootRoles = tenantOrg.getRoleSet(keyForRoot);
        if (!CollectionUtils.isEmpty(rootRoles)) {
            for (String role : rootRoles) {
                _log.info("removing root's " + role + " from Tenant: " + tenantOrg.getLabel());
                tenantOrg.removeRole(keyForRoot, role);
                bNeedPersistent = true;
            }
        }
        if (bNeedPersistent) {
            _dbClient.updateAndReindexObject(tenantOrg);
            tenantRolesRemoved.append(tenantOrg.getLabel()).append(" ");
        }
    }
    uriQueryResultList = _dbClient.queryByType(Project.class, true);
    Iterator<Project> projectIterator = _dbClient.queryIterativeObjects(Project.class, uriQueryResultList);
    while (projectIterator.hasNext()) {
        Project project = projectIterator.next();
        if (project.getOwner().equalsIgnoreCase(ROOT)) {
            _log.info("removing root's ownership from project: " + project.getLabel());
            project.setOwner("");
            _dbClient.updateAndReindexObject(project);
            projectOwnerRemoved.append(project.getLabel()).append(" ");
        }
    }
    _log.info(tenantRolesRemoved.toString());
    _log.info(projectOwnerRemoved.toString());
}
Also used : Project(com.emc.storageos.db.client.model.Project) TenantOrg(com.emc.storageos.db.client.model.TenantOrg) NamedURI(com.emc.storageos.db.client.model.NamedURI) URI(java.net.URI)

Example 87 with TenantOrg

use of com.emc.storageos.db.client.model.TenantOrg in project coprhd-controller by CoprHD.

the class BasePermissionsHelper method getUserPermissionsForTenantBasedOnUserGroup.

/**
 * Update the user's permissions for the tenant based on the user group.
 *
 * @param user who's permissions to be updated.
 * @param filterBy if not null, set of roles that the resulting columns will be filtered by
 * @param permissionsMap out param, to be updated with list of permissions.
 */
private void getUserPermissionsForTenantBasedOnUserGroup(StorageOSUser user, Set<String> filterBy, Map<URI, Set<String>> permissionsMap) {
    if (user == null || CollectionUtils.isEmpty(user.getAttributes())) {
        _log.error("Invalid user or user attributes");
        return;
    }
    TenantOrg userTenant = (TenantOrg) _dbClient.queryObject(URI.create(user.getTenantId()));
    if (userTenant == null) {
        _log.error("Could not find user's {} tenant {}", user.getDistinguishedName(), user.getTenantId());
        return;
    }
    Set<String> tenantRoles = new HashSet<String>();
    updateUserTenantRolesBasedOnUserGroup(user, userTenant, tenantRoles);
    if (!CollectionUtils.isEmpty(tenantRoles)) {
        addUserPermissions(filterBy, userTenant.getId(), tenantRoles, permissionsMap);
    }
}
Also used : TenantOrg(com.emc.storageos.db.client.model.TenantOrg) HashSet(java.util.HashSet)

Example 88 with TenantOrg

use of com.emc.storageos.db.client.model.TenantOrg in project coprhd-controller by CoprHD.

the class BasePermissionsHelper method getTenantRolesForUser.

/**
 * get the set of tenant roles assigned to a user
 *
 * @param user StorageOSUser representing the logged in user
 * @param tenantId URI of the tenant, if null, user's tenant is used if one exists
 * @return unmodifiable instance of Set<StorageOSUser.TenantRole>
 */
public Set<String> getTenantRolesForUser(StorageOSUser user, URI tenantId, boolean idEmbeddedInURL) {
    if (tenantId == null) {
        tenantId = URI.create(user.getTenantId());
    }
    if (tenantId == null) {
        return Collections.emptySet();
    }
    Set<String> tenantRoles = new HashSet<String>();
    TenantOrg tenant = getObjectById(tenantId, TenantOrg.class);
    if (tenant == null) {
        if (idEmbeddedInURL) {
            throw APIException.notFound.unableToFindEntityInURL(tenantId);
        } else {
            throw APIException.badRequests.unableToFindTenant(tenantId);
        }
    }
    // The three scenarios that allow us to look up roles in this tenant:
    // 1 user tenant is the same tenant as the one we're after for role lookups,
    // 2 or user tenant is root tenant (parent of all)
    // 3 or user tenant is parent of the tenant we are after (technically same as 2 today since
    // there is only one level of subtenancy but in the future this may change)
    // If all are false, return no role.
    URI userTenantId = URI.create(user.getTenantId());
    TenantOrg userTenant = getObjectById(userTenantId, TenantOrg.class);
    if (!tenantId.equals(userTenantId) && !TenantOrg.isRootTenant(userTenant) && !tenant.getParentTenant().getURI().equals(userTenantId)) {
        return Collections.emptySet();
    }
    // for upn
    Set<String> userRoles = tenant.getRoleSet(new PermissionsKey(PermissionsKey.Type.SID, user.getName()).toString());
    if (userRoles != null) {
        for (String role : userRoles) {
            if (isRoleTenantLevel(role)) {
                tenantRoles.add(role);
            }
        }
    }
    // from groups
    Set<String> groups = user.getGroups();
    if (!CollectionUtils.isEmpty(groups)) {
        for (String group : groups) {
            // add if any roles for the groups, from root tenant/zone roles
            Set<String> roleSet = tenant.getRoleSet(new PermissionsKey(PermissionsKey.Type.GROUP, group).toString());
            if (null != roleSet) {
                for (String role : roleSet) {
                    if (isRoleTenantLevel(role)) {
                        tenantRoles.add(role);
                    }
                }
            }
        }
    }
    // Now based on userGroup role assignments.
    updateUserTenantRolesBasedOnUserGroup(user, tenant, tenantRoles);
    return Collections.unmodifiableSet(tenantRoles);
}
Also used : TenantOrg(com.emc.storageos.db.client.model.TenantOrg) NamedURI(com.emc.storageos.db.client.model.NamedURI) URI(java.net.URI) HashSet(java.util.HashSet)

Example 89 with TenantOrg

use of com.emc.storageos.db.client.model.TenantOrg in project coprhd-controller by CoprHD.

the class XIVSmisStorageDevice method doCreateVolumes.

/*
     * (non-Javadoc)
     * 
     * @see
     * com.emc.storageos.volumecontroller.BlockStorageDevice#doCreateVolumes
     * (com.emc.storageos.db.client.model.StorageSystem,
     * com.emc.storageos.db.client.model.StoragePool, java.lang.String,
     * java.util.List, com.emc.storageos.volumecontroller.impl.utils.
     * VirtualPoolCapabilityValuesWrapper,
     * com.emc.storageos.volumecontroller.TaskCompleter)
     */
@Override
public void doCreateVolumes(final StorageSystem storageSystem, final StoragePool storagePool, final String opId, final List<Volume> volumes, final VirtualPoolCapabilityValuesWrapper capabilities, final TaskCompleter taskCompleter) throws DeviceControllerException {
    Set<URI> volumeURIs = new HashSet<URI>(0);
    StringBuilder logMsgBuilder = new StringBuilder(String.format("Create Volume Start - Array:%s, Pool:%s", storageSystem.getLabel(), storagePool.getNativeId()));
    Volume firstVolume = volumes.get(0);
    Long capacity = firstVolume.getCapacity();
    boolean isThinlyProvisioned = firstVolume.getThinlyProvisioned();
    String tenantName = "";
    try {
        TenantOrg tenant = _dbClient.queryObject(TenantOrg.class, firstVolume.getTenant().getURI());
        tenantName = tenant.getLabel();
    } catch (DatabaseException e) {
        _log.error("Error lookup TenantOrg object", e);
    }
    List<String> labels = new ArrayList<String>(volumes.size());
    for (Volume volume : volumes) {
        String label = volume.getLabel();
        logMsgBuilder.append("\nVolume: ").append(label);
        labels.add(_nameGenerator.generate(tenantName, label, volume.getId().toString(), '-', SmisConstants.MAX_VOLUME_NAME_LENGTH));
    }
    _log.info(logMsgBuilder.toString());
    try {
        CIMObjectPath configSvcPath = _cimPath.getConfigSvcPath(storageSystem);
        CIMArgument[] inArgs = _helper.getCreateVolumesInputArguments(storageSystem, storagePool, labels, capacity, volumes.size(), isThinlyProvisioned);
        CIMArgument[] outArgs = new CIMArgument[5];
        _helper.invokeMethod(storageSystem, configSvcPath, SmisConstants.CREATE_OR_MODIFY_ELEMENTS_FROM_STORAGE_POOL, inArgs, outArgs);
        volumeURIs = _smisStorageDevicePostProcessor.processVolumeCreation(storageSystem, storagePool.getId(), volumes, outArgs);
        if (!volumeURIs.isEmpty()) {
            // see SmisAbstractCreateVolumeJob.addVolumeToConsistencyGroup
            // All the volumes will be in the same consistency group
            final URI consistencyGroupId = firstVolume.getConsistencyGroup();
            if (consistencyGroupId != null) {
                addVolumesToCG(storageSystem, consistencyGroupId, new ArrayList<URI>(volumeURIs));
            }
        }
        taskCompleter.ready(_dbClient);
    } catch (final InternalException e) {
        _log.error("Problem in doCreateVolumes: ", e);
        taskCompleter.error(_dbClient, e);
    } catch (WBEMException e) {
        _log.error("Problem making SMI-S call: ", e);
        ServiceError serviceError = DeviceControllerErrors.smis.unableToCallStorageProvider(e.getMessage());
        taskCompleter.error(_dbClient, serviceError);
    } catch (Exception e) {
        _log.error("Problem in doCreateVolumes: ", e);
        ServiceError serviceError = DeviceControllerErrors.smis.methodFailed("doCreateVolumes", e.getMessage());
        taskCompleter.error(_dbClient, serviceError);
    }
    List<Volume> volumesToSave = new ArrayList<Volume>();
    for (URI id : taskCompleter.getIds()) {
        if (!volumeURIs.contains(id)) {
            logMsgBuilder.append("\n");
            logMsgBuilder.append(String.format("Task %s failed to create volume: %s", opId, id.toString()));
            Volume volume = _dbClient.queryObject(Volume.class, id);
            volume.setInactive(true);
            volumesToSave.add(volume);
        }
    }
    if (!volumesToSave.isEmpty()) {
        _dbClient.persistObject(volumesToSave);
    }
    logMsgBuilder = new StringBuilder(String.format("Create Volumes End - Array:%s, Pool:%s", storageSystem.getLabel(), storagePool.getNativeId()));
    for (Volume volume : volumes) {
        logMsgBuilder.append(String.format("%nVolume:%s", volume.getLabel()));
    }
    _log.info(logMsgBuilder.toString());
}
Also used : ServiceError(com.emc.storageos.svcs.errorhandling.model.ServiceError) ArrayList(java.util.ArrayList) CIMObjectPath(javax.cim.CIMObjectPath) WBEMException(javax.wbem.WBEMException) URI(java.net.URI) InternalException(com.emc.storageos.svcs.errorhandling.resources.InternalException) DatabaseException(com.emc.storageos.db.exceptions.DatabaseException) DeviceControllerException(com.emc.storageos.exceptions.DeviceControllerException) WBEMException(javax.wbem.WBEMException) InternalException(com.emc.storageos.svcs.errorhandling.resources.InternalException) Volume(com.emc.storageos.db.client.model.Volume) TenantOrg(com.emc.storageos.db.client.model.TenantOrg) DatabaseException(com.emc.storageos.db.exceptions.DatabaseException) HashSet(java.util.HashSet) CIMArgument(javax.cim.CIMArgument)

Example 90 with TenantOrg

use of com.emc.storageos.db.client.model.TenantOrg in project coprhd-controller by CoprHD.

the class AbstractCloneOperations method createSingleClone.

@Override
@SuppressWarnings("rawtypes")
public void createSingleClone(StorageSystem storageSystem, URI sourceVolume, URI cloneVolume, Boolean createInactive, TaskCompleter taskCompleter) {
    _log.info("START createSingleClone operation");
    try {
        BlockObject sourceObj = BlockObject.fetch(_dbClient, sourceVolume);
        URI tenantUri = null;
        Volume baseVolume = null;
        boolean isSourceSnap = false;
        if (sourceObj instanceof BlockSnapshot) {
            // In case of snapshot, get the tenant from its parent volume
            NamedURI parentVolUri = ((BlockSnapshot) sourceObj).getParent();
            Volume parentVolume = _dbClient.queryObject(Volume.class, parentVolUri);
            tenantUri = parentVolume.getTenant().getURI();
            baseVolume = parentVolume;
            isSourceSnap = true;
        } else {
            // This is a default flow
            tenantUri = ((Volume) sourceObj).getTenant().getURI();
            baseVolume = (Volume) sourceObj;
        }
        // CTRL-1992: Need to resync any existing snapshot restore sessions, if applicable
        if (_helper.arraySupportsResync(storageSystem)) {
            CloseableIterator<CIMObjectPath> syncObjectIter = _cimPath.getSyncObjects(storageSystem, sourceObj);
            CIMObjectPath path = null;
            while (syncObjectIter.hasNext()) {
                path = syncObjectIter.next();
                CIMInstance instance = _helper.getInstance(storageSystem, path, false, false, SmisConstants.PS_COPY_STATE_AND_DESC_SYNCTYPE);
                String copyState = instance.getPropertyValue(SmisConstants.CP_COPY_STATE).toString();
                String copyStateDesc = instance.getPropertyValue(SmisConstants.EMC_COPY_STATE_DESC).toString();
                String syncType = instance.getPropertyValue(SmisConstants.CP_SYNC_TYPE).toString();
                _log.info(String.format("Sync %s has copyState %s (%s) syncType %s", path.toString(), copyState, copyStateDesc, syncType));
                if (copyState.equals(COPY_STATE_RESTORED_INT_VALUE) && syncType.equals(Integer.toString(SmisConstants.SNAPSHOT_VALUE))) {
                    // This snapshot is in the 'Restored' state, need to
                    // resync it, before we can create a full copy
                    _log.info("Sync {} is in restored state, need to resync", path);
                    SmisBlockResyncSnapshotJob job = new SmisBlockResyncSnapshotJob(null, storageSystem.getId(), new TaskCompleter() {

                        @Override
                        protected void complete(DbClient dbClient, Operation.Status status, ServiceCoded coded) throws DeviceControllerException {
                        }
                    });
                    CIMArgument[] result = new CIMArgument[5];
                    _helper.invokeMethodSynchronously(storageSystem, _cimPath.getControllerReplicationSvcPath(storageSystem), SmisConstants.MODIFY_REPLICA_SYNCHRONIZATION, _helper.getResyncSnapshotInputArguments(path), result, job);
                    if (job.isSuccess()) {
                        _log.info("{} was successfully resynchronized", path.toString());
                    } else {
                        _log.error("Encountered a failure while trying to resynchronize a restored snapshot");
                        ServiceError error = DeviceControllerErrors.smis.resyncActiveRestoreSessionFailure(sourceObj.getLabel());
                        taskCompleter.error(_dbClient, error);
                        return;
                    }
                }
            }
        }
        Volume cloneObj = _dbClient.queryObject(Volume.class, cloneVolume);
        StoragePool targetPool = _dbClient.queryObject(StoragePool.class, cloneObj.getPool());
        TenantOrg tenantOrg = _dbClient.queryObject(TenantOrg.class, tenantUri);
        String cloneLabel = generateLabel(tenantOrg, cloneObj);
        CIMObjectPath volumeGroupPath = _helper.getVolumeGroupPath(storageSystem, storageSystem, baseVolume, targetPool);
        CIMObjectPath sourceVolumePath = _cimPath.getBlockObjectPath(storageSystem, sourceObj);
        CIMObjectPath replicationSvcPath = _cimPath.getControllerReplicationSvcPath(storageSystem);
        CIMArgument[] inArgs = null;
        CIMInstance repSettingData = null;
        if (storageSystem.deviceIsType(Type.vmax)) {
            if (createInactive && storageSystem.getUsingSmis80()) {
                repSettingData = _helper.getReplicationSettingDataInstanceForDesiredCopyMethod(storageSystem, COPY_BEFORE_ACTIVATE, true);
            } else if (storageSystem.checkIfVmax3() && ControllerUtils.isVmaxUsing81SMIS(storageSystem, _dbClient)) {
                /**
                 * VMAX3 using SMI 8.1 provider needs to send DesiredCopyMethodology=32770
                 * to create TimeFinder differential clone.
                 */
                repSettingData = _helper.getReplicationSettingDataInstanceForDesiredCopyMethod(storageSystem, SMIS810_TF_DIFFERENTIAL_CLONE_VALUE, true);
            } else {
                repSettingData = _helper.getReplicationSettingDataInstanceForDesiredCopyMethod(storageSystem, DIFFERENTIAL_CLONE_VALUE, true);
            }
            inArgs = _helper.getCloneInputArguments(cloneLabel, sourceVolumePath, volumeGroupPath, storageSystem, targetPool, createInactive, repSettingData);
        } else if (storageSystem.deviceIsType(Type.vnxblock)) {
            if (!isSourceSnap) {
                repSettingData = getReplicationSettingDataInstanceForThinProvisioningPolicy(storageSystem, PROVISIONING_TARGET_SAME_AS_SOURCE);
                // don't supply target pool when using thinlyProvisioningPolicy=PROVISIONING_TARGET_SAME_AS_SOURCE
                inArgs = _helper.getCreateElementReplicaMirrorInputArgumentsWithReplicationSettingData(storageSystem, sourceObj, null, false, repSettingData, cloneLabel);
                cloneObj.setPool(baseVolume.getPool());
                _dbClient.persistObject(cloneObj);
            } else {
                // when source is snapshot, create clone instead of mirror, since creating mirror from a snap is not supported.
                inArgs = _helper.getCloneInputArguments(cloneLabel, sourceVolumePath, volumeGroupPath, storageSystem, targetPool, createInactive, null);
            }
        }
        CIMArgument[] outArgs = new CIMArgument[5];
        _helper.invokeMethod(storageSystem, replicationSvcPath, SmisConstants.CREATE_ELEMENT_REPLICA, inArgs, outArgs);
        CIMObjectPath job = _cimPath.getCimObjectPathFromOutputArgs(outArgs, SmisConstants.JOB);
        if (job != null) {
            ControllerServiceImpl.enqueueJob(new QueueJob(new SmisCloneVolumeJob(job, storageSystem.getId(), taskCompleter)));
        }
    } catch (Exception e) {
        Volume clone = _dbClient.queryObject(Volume.class, cloneVolume);
        if (clone != null) {
            clone.setInactive(true);
            _dbClient.persistObject(clone);
        }
        String errorMsg = String.format(CREATE_ERROR_MSG_FORMAT, sourceVolume, cloneVolume);
        _log.error(errorMsg, e);
        SmisException serviceCode = DeviceControllerExceptions.smis.createFullCopyFailure(errorMsg, e);
        taskCompleter.error(_dbClient, serviceCode);
        throw serviceCode;
    }
}
Also used : StoragePool(com.emc.storageos.db.client.model.StoragePool) NamedURI(com.emc.storageos.db.client.model.NamedURI) Operation(com.emc.storageos.db.client.model.Operation) NamedURI(com.emc.storageos.db.client.model.NamedURI) URI(java.net.URI) CIMInstance(javax.cim.CIMInstance) SmisBlockResyncSnapshotJob(com.emc.storageos.volumecontroller.impl.smis.job.SmisBlockResyncSnapshotJob) SmisCloneVolumeJob(com.emc.storageos.volumecontroller.impl.smis.job.SmisCloneVolumeJob) DeviceControllerException(com.emc.storageos.exceptions.DeviceControllerException) BlockObject(com.emc.storageos.db.client.model.BlockObject) ServiceError(com.emc.storageos.svcs.errorhandling.model.ServiceError) DbClient(com.emc.storageos.db.client.DbClient) BlockSnapshot(com.emc.storageos.db.client.model.BlockSnapshot) CIMObjectPath(javax.cim.CIMObjectPath) DeviceControllerException(com.emc.storageos.exceptions.DeviceControllerException) WBEMException(javax.wbem.WBEMException) Volume(com.emc.storageos.db.client.model.Volume) ServiceCoded(com.emc.storageos.svcs.errorhandling.model.ServiceCoded) TenantOrg(com.emc.storageos.db.client.model.TenantOrg) TaskCompleter(com.emc.storageos.volumecontroller.TaskCompleter) QueueJob(com.emc.storageos.volumecontroller.impl.job.QueueJob) CIMArgument(javax.cim.CIMArgument)

Aggregations

TenantOrg (com.emc.storageos.db.client.model.TenantOrg)138 URI (java.net.URI)64 NamedURI (com.emc.storageos.db.client.model.NamedURI)57 Project (com.emc.storageos.db.client.model.Project)54 Volume (com.emc.storageos.db.client.model.Volume)41 ArrayList (java.util.ArrayList)40 VirtualPool (com.emc.storageos.db.client.model.VirtualPool)37 DeviceControllerException (com.emc.storageos.exceptions.DeviceControllerException)34 ServiceError (com.emc.storageos.svcs.errorhandling.model.ServiceError)33 StorageSystem (com.emc.storageos.db.client.model.StorageSystem)29 StringSet (com.emc.storageos.db.client.model.StringSet)29 DatabaseException (com.emc.storageos.db.exceptions.DatabaseException)28 VirtualArray (com.emc.storageos.db.client.model.VirtualArray)26 Produces (javax.ws.rs.Produces)26 StoragePool (com.emc.storageos.db.client.model.StoragePool)25 List (java.util.List)23 Test (org.junit.Test)23 InternalException (com.emc.storageos.svcs.errorhandling.resources.InternalException)22 StringMap (com.emc.storageos.db.client.model.StringMap)21 Consumes (javax.ws.rs.Consumes)21