use of com.emc.storageos.db.client.model.TenantOrg in project coprhd-controller by CoprHD.
the class BasePermissionsHelper method removeRootRoleAssignmentOnTenantAndProject.
public void removeRootRoleAssignmentOnTenantAndProject() throws DatabaseException {
String keyForRoot = new PermissionsKey(PermissionsKey.Type.SID, ROOT).toString();
StringBuffer tenantRolesRemoved = new StringBuffer("Tenant roles removed: ");
StringBuffer projectOwnerRemoved = new StringBuffer("Project owner removed: ");
List<URI> uriQueryResultList = _dbClient.queryByType(TenantOrg.class, true);
Iterator<TenantOrg> tenantOrgIterator = _dbClient.queryIterativeObjects(TenantOrg.class, uriQueryResultList);
while (tenantOrgIterator.hasNext()) {
boolean bNeedPersistent = false;
TenantOrg tenantOrg = tenantOrgIterator.next();
Set<String> rootRoles = tenantOrg.getRoleSet(keyForRoot);
if (!CollectionUtils.isEmpty(rootRoles)) {
for (String role : rootRoles) {
_log.info("removing root's " + role + " from Tenant: " + tenantOrg.getLabel());
tenantOrg.removeRole(keyForRoot, role);
bNeedPersistent = true;
}
}
if (bNeedPersistent) {
_dbClient.updateAndReindexObject(tenantOrg);
tenantRolesRemoved.append(tenantOrg.getLabel()).append(" ");
}
}
uriQueryResultList = _dbClient.queryByType(Project.class, true);
Iterator<Project> projectIterator = _dbClient.queryIterativeObjects(Project.class, uriQueryResultList);
while (projectIterator.hasNext()) {
Project project = projectIterator.next();
if (project.getOwner().equalsIgnoreCase(ROOT)) {
_log.info("removing root's ownership from project: " + project.getLabel());
project.setOwner("");
_dbClient.updateAndReindexObject(project);
projectOwnerRemoved.append(project.getLabel()).append(" ");
}
}
_log.info(tenantRolesRemoved.toString());
_log.info(projectOwnerRemoved.toString());
}
use of com.emc.storageos.db.client.model.TenantOrg in project coprhd-controller by CoprHD.
the class BasePermissionsHelper method getUserPermissionsForTenantBasedOnUserGroup.
/**
* Update the user's permissions for the tenant based on the user group.
*
* @param user who's permissions to be updated.
* @param filterBy if not null, set of roles that the resulting columns will be filtered by
* @param permissionsMap out param, to be updated with list of permissions.
*/
private void getUserPermissionsForTenantBasedOnUserGroup(StorageOSUser user, Set<String> filterBy, Map<URI, Set<String>> permissionsMap) {
if (user == null || CollectionUtils.isEmpty(user.getAttributes())) {
_log.error("Invalid user or user attributes");
return;
}
TenantOrg userTenant = (TenantOrg) _dbClient.queryObject(URI.create(user.getTenantId()));
if (userTenant == null) {
_log.error("Could not find user's {} tenant {}", user.getDistinguishedName(), user.getTenantId());
return;
}
Set<String> tenantRoles = new HashSet<String>();
updateUserTenantRolesBasedOnUserGroup(user, userTenant, tenantRoles);
if (!CollectionUtils.isEmpty(tenantRoles)) {
addUserPermissions(filterBy, userTenant.getId(), tenantRoles, permissionsMap);
}
}
use of com.emc.storageos.db.client.model.TenantOrg in project coprhd-controller by CoprHD.
the class BasePermissionsHelper method getTenantRolesForUser.
/**
* get the set of tenant roles assigned to a user
*
* @param user StorageOSUser representing the logged in user
* @param tenantId URI of the tenant, if null, user's tenant is used if one exists
* @return unmodifiable instance of Set<StorageOSUser.TenantRole>
*/
public Set<String> getTenantRolesForUser(StorageOSUser user, URI tenantId, boolean idEmbeddedInURL) {
if (tenantId == null) {
tenantId = URI.create(user.getTenantId());
}
if (tenantId == null) {
return Collections.emptySet();
}
Set<String> tenantRoles = new HashSet<String>();
TenantOrg tenant = getObjectById(tenantId, TenantOrg.class);
if (tenant == null) {
if (idEmbeddedInURL) {
throw APIException.notFound.unableToFindEntityInURL(tenantId);
} else {
throw APIException.badRequests.unableToFindTenant(tenantId);
}
}
// The three scenarios that allow us to look up roles in this tenant:
// 1 user tenant is the same tenant as the one we're after for role lookups,
// 2 or user tenant is root tenant (parent of all)
// 3 or user tenant is parent of the tenant we are after (technically same as 2 today since
// there is only one level of subtenancy but in the future this may change)
// If all are false, return no role.
URI userTenantId = URI.create(user.getTenantId());
TenantOrg userTenant = getObjectById(userTenantId, TenantOrg.class);
if (!tenantId.equals(userTenantId) && !TenantOrg.isRootTenant(userTenant) && !tenant.getParentTenant().getURI().equals(userTenantId)) {
return Collections.emptySet();
}
// for upn
Set<String> userRoles = tenant.getRoleSet(new PermissionsKey(PermissionsKey.Type.SID, user.getName()).toString());
if (userRoles != null) {
for (String role : userRoles) {
if (isRoleTenantLevel(role)) {
tenantRoles.add(role);
}
}
}
// from groups
Set<String> groups = user.getGroups();
if (!CollectionUtils.isEmpty(groups)) {
for (String group : groups) {
// add if any roles for the groups, from root tenant/zone roles
Set<String> roleSet = tenant.getRoleSet(new PermissionsKey(PermissionsKey.Type.GROUP, group).toString());
if (null != roleSet) {
for (String role : roleSet) {
if (isRoleTenantLevel(role)) {
tenantRoles.add(role);
}
}
}
}
}
// Now based on userGroup role assignments.
updateUserTenantRolesBasedOnUserGroup(user, tenant, tenantRoles);
return Collections.unmodifiableSet(tenantRoles);
}
use of com.emc.storageos.db.client.model.TenantOrg in project coprhd-controller by CoprHD.
the class XIVSmisStorageDevice method doCreateVolumes.
/*
* (non-Javadoc)
*
* @see
* com.emc.storageos.volumecontroller.BlockStorageDevice#doCreateVolumes
* (com.emc.storageos.db.client.model.StorageSystem,
* com.emc.storageos.db.client.model.StoragePool, java.lang.String,
* java.util.List, com.emc.storageos.volumecontroller.impl.utils.
* VirtualPoolCapabilityValuesWrapper,
* com.emc.storageos.volumecontroller.TaskCompleter)
*/
@Override
public void doCreateVolumes(final StorageSystem storageSystem, final StoragePool storagePool, final String opId, final List<Volume> volumes, final VirtualPoolCapabilityValuesWrapper capabilities, final TaskCompleter taskCompleter) throws DeviceControllerException {
Set<URI> volumeURIs = new HashSet<URI>(0);
StringBuilder logMsgBuilder = new StringBuilder(String.format("Create Volume Start - Array:%s, Pool:%s", storageSystem.getLabel(), storagePool.getNativeId()));
Volume firstVolume = volumes.get(0);
Long capacity = firstVolume.getCapacity();
boolean isThinlyProvisioned = firstVolume.getThinlyProvisioned();
String tenantName = "";
try {
TenantOrg tenant = _dbClient.queryObject(TenantOrg.class, firstVolume.getTenant().getURI());
tenantName = tenant.getLabel();
} catch (DatabaseException e) {
_log.error("Error lookup TenantOrg object", e);
}
List<String> labels = new ArrayList<String>(volumes.size());
for (Volume volume : volumes) {
String label = volume.getLabel();
logMsgBuilder.append("\nVolume: ").append(label);
labels.add(_nameGenerator.generate(tenantName, label, volume.getId().toString(), '-', SmisConstants.MAX_VOLUME_NAME_LENGTH));
}
_log.info(logMsgBuilder.toString());
try {
CIMObjectPath configSvcPath = _cimPath.getConfigSvcPath(storageSystem);
CIMArgument[] inArgs = _helper.getCreateVolumesInputArguments(storageSystem, storagePool, labels, capacity, volumes.size(), isThinlyProvisioned);
CIMArgument[] outArgs = new CIMArgument[5];
_helper.invokeMethod(storageSystem, configSvcPath, SmisConstants.CREATE_OR_MODIFY_ELEMENTS_FROM_STORAGE_POOL, inArgs, outArgs);
volumeURIs = _smisStorageDevicePostProcessor.processVolumeCreation(storageSystem, storagePool.getId(), volumes, outArgs);
if (!volumeURIs.isEmpty()) {
// see SmisAbstractCreateVolumeJob.addVolumeToConsistencyGroup
// All the volumes will be in the same consistency group
final URI consistencyGroupId = firstVolume.getConsistencyGroup();
if (consistencyGroupId != null) {
addVolumesToCG(storageSystem, consistencyGroupId, new ArrayList<URI>(volumeURIs));
}
}
taskCompleter.ready(_dbClient);
} catch (final InternalException e) {
_log.error("Problem in doCreateVolumes: ", e);
taskCompleter.error(_dbClient, e);
} catch (WBEMException e) {
_log.error("Problem making SMI-S call: ", e);
ServiceError serviceError = DeviceControllerErrors.smis.unableToCallStorageProvider(e.getMessage());
taskCompleter.error(_dbClient, serviceError);
} catch (Exception e) {
_log.error("Problem in doCreateVolumes: ", e);
ServiceError serviceError = DeviceControllerErrors.smis.methodFailed("doCreateVolumes", e.getMessage());
taskCompleter.error(_dbClient, serviceError);
}
List<Volume> volumesToSave = new ArrayList<Volume>();
for (URI id : taskCompleter.getIds()) {
if (!volumeURIs.contains(id)) {
logMsgBuilder.append("\n");
logMsgBuilder.append(String.format("Task %s failed to create volume: %s", opId, id.toString()));
Volume volume = _dbClient.queryObject(Volume.class, id);
volume.setInactive(true);
volumesToSave.add(volume);
}
}
if (!volumesToSave.isEmpty()) {
_dbClient.persistObject(volumesToSave);
}
logMsgBuilder = new StringBuilder(String.format("Create Volumes End - Array:%s, Pool:%s", storageSystem.getLabel(), storagePool.getNativeId()));
for (Volume volume : volumes) {
logMsgBuilder.append(String.format("%nVolume:%s", volume.getLabel()));
}
_log.info(logMsgBuilder.toString());
}
use of com.emc.storageos.db.client.model.TenantOrg in project coprhd-controller by CoprHD.
the class AbstractCloneOperations method createSingleClone.
@Override
@SuppressWarnings("rawtypes")
public void createSingleClone(StorageSystem storageSystem, URI sourceVolume, URI cloneVolume, Boolean createInactive, TaskCompleter taskCompleter) {
_log.info("START createSingleClone operation");
try {
BlockObject sourceObj = BlockObject.fetch(_dbClient, sourceVolume);
URI tenantUri = null;
Volume baseVolume = null;
boolean isSourceSnap = false;
if (sourceObj instanceof BlockSnapshot) {
// In case of snapshot, get the tenant from its parent volume
NamedURI parentVolUri = ((BlockSnapshot) sourceObj).getParent();
Volume parentVolume = _dbClient.queryObject(Volume.class, parentVolUri);
tenantUri = parentVolume.getTenant().getURI();
baseVolume = parentVolume;
isSourceSnap = true;
} else {
// This is a default flow
tenantUri = ((Volume) sourceObj).getTenant().getURI();
baseVolume = (Volume) sourceObj;
}
// CTRL-1992: Need to resync any existing snapshot restore sessions, if applicable
if (_helper.arraySupportsResync(storageSystem)) {
CloseableIterator<CIMObjectPath> syncObjectIter = _cimPath.getSyncObjects(storageSystem, sourceObj);
CIMObjectPath path = null;
while (syncObjectIter.hasNext()) {
path = syncObjectIter.next();
CIMInstance instance = _helper.getInstance(storageSystem, path, false, false, SmisConstants.PS_COPY_STATE_AND_DESC_SYNCTYPE);
String copyState = instance.getPropertyValue(SmisConstants.CP_COPY_STATE).toString();
String copyStateDesc = instance.getPropertyValue(SmisConstants.EMC_COPY_STATE_DESC).toString();
String syncType = instance.getPropertyValue(SmisConstants.CP_SYNC_TYPE).toString();
_log.info(String.format("Sync %s has copyState %s (%s) syncType %s", path.toString(), copyState, copyStateDesc, syncType));
if (copyState.equals(COPY_STATE_RESTORED_INT_VALUE) && syncType.equals(Integer.toString(SmisConstants.SNAPSHOT_VALUE))) {
// This snapshot is in the 'Restored' state, need to
// resync it, before we can create a full copy
_log.info("Sync {} is in restored state, need to resync", path);
SmisBlockResyncSnapshotJob job = new SmisBlockResyncSnapshotJob(null, storageSystem.getId(), new TaskCompleter() {
@Override
protected void complete(DbClient dbClient, Operation.Status status, ServiceCoded coded) throws DeviceControllerException {
}
});
CIMArgument[] result = new CIMArgument[5];
_helper.invokeMethodSynchronously(storageSystem, _cimPath.getControllerReplicationSvcPath(storageSystem), SmisConstants.MODIFY_REPLICA_SYNCHRONIZATION, _helper.getResyncSnapshotInputArguments(path), result, job);
if (job.isSuccess()) {
_log.info("{} was successfully resynchronized", path.toString());
} else {
_log.error("Encountered a failure while trying to resynchronize a restored snapshot");
ServiceError error = DeviceControllerErrors.smis.resyncActiveRestoreSessionFailure(sourceObj.getLabel());
taskCompleter.error(_dbClient, error);
return;
}
}
}
}
Volume cloneObj = _dbClient.queryObject(Volume.class, cloneVolume);
StoragePool targetPool = _dbClient.queryObject(StoragePool.class, cloneObj.getPool());
TenantOrg tenantOrg = _dbClient.queryObject(TenantOrg.class, tenantUri);
String cloneLabel = generateLabel(tenantOrg, cloneObj);
CIMObjectPath volumeGroupPath = _helper.getVolumeGroupPath(storageSystem, storageSystem, baseVolume, targetPool);
CIMObjectPath sourceVolumePath = _cimPath.getBlockObjectPath(storageSystem, sourceObj);
CIMObjectPath replicationSvcPath = _cimPath.getControllerReplicationSvcPath(storageSystem);
CIMArgument[] inArgs = null;
CIMInstance repSettingData = null;
if (storageSystem.deviceIsType(Type.vmax)) {
if (createInactive && storageSystem.getUsingSmis80()) {
repSettingData = _helper.getReplicationSettingDataInstanceForDesiredCopyMethod(storageSystem, COPY_BEFORE_ACTIVATE, true);
} else if (storageSystem.checkIfVmax3() && ControllerUtils.isVmaxUsing81SMIS(storageSystem, _dbClient)) {
/**
* VMAX3 using SMI 8.1 provider needs to send DesiredCopyMethodology=32770
* to create TimeFinder differential clone.
*/
repSettingData = _helper.getReplicationSettingDataInstanceForDesiredCopyMethod(storageSystem, SMIS810_TF_DIFFERENTIAL_CLONE_VALUE, true);
} else {
repSettingData = _helper.getReplicationSettingDataInstanceForDesiredCopyMethod(storageSystem, DIFFERENTIAL_CLONE_VALUE, true);
}
inArgs = _helper.getCloneInputArguments(cloneLabel, sourceVolumePath, volumeGroupPath, storageSystem, targetPool, createInactive, repSettingData);
} else if (storageSystem.deviceIsType(Type.vnxblock)) {
if (!isSourceSnap) {
repSettingData = getReplicationSettingDataInstanceForThinProvisioningPolicy(storageSystem, PROVISIONING_TARGET_SAME_AS_SOURCE);
// don't supply target pool when using thinlyProvisioningPolicy=PROVISIONING_TARGET_SAME_AS_SOURCE
inArgs = _helper.getCreateElementReplicaMirrorInputArgumentsWithReplicationSettingData(storageSystem, sourceObj, null, false, repSettingData, cloneLabel);
cloneObj.setPool(baseVolume.getPool());
_dbClient.persistObject(cloneObj);
} else {
// when source is snapshot, create clone instead of mirror, since creating mirror from a snap is not supported.
inArgs = _helper.getCloneInputArguments(cloneLabel, sourceVolumePath, volumeGroupPath, storageSystem, targetPool, createInactive, null);
}
}
CIMArgument[] outArgs = new CIMArgument[5];
_helper.invokeMethod(storageSystem, replicationSvcPath, SmisConstants.CREATE_ELEMENT_REPLICA, inArgs, outArgs);
CIMObjectPath job = _cimPath.getCimObjectPathFromOutputArgs(outArgs, SmisConstants.JOB);
if (job != null) {
ControllerServiceImpl.enqueueJob(new QueueJob(new SmisCloneVolumeJob(job, storageSystem.getId(), taskCompleter)));
}
} catch (Exception e) {
Volume clone = _dbClient.queryObject(Volume.class, cloneVolume);
if (clone != null) {
clone.setInactive(true);
_dbClient.persistObject(clone);
}
String errorMsg = String.format(CREATE_ERROR_MSG_FORMAT, sourceVolume, cloneVolume);
_log.error(errorMsg, e);
SmisException serviceCode = DeviceControllerExceptions.smis.createFullCopyFailure(errorMsg, e);
taskCompleter.error(_dbClient, serviceCode);
throw serviceCode;
}
}
Aggregations