Example 21 with ShareACL
use of com.emc.storageos.model.file.ShareACL in project coprhd-controller by CoprHD.
the class IsilonFileStorageDevice method updateShareACLs.
@Override
public BiosCommandResult updateShareACLs(StorageSystem storage, FileDeviceInputOutput args) {
// Requested Share ACL
List<ShareACL> aclsToAdd = args.getShareAclsToAdd();
List<ShareACL> aclsToDelete = args.getShareAclsToDelete();
List<ShareACL> aclsToModify = args.getShareAclsToModify();
Map<String, ShareACL> arrayExtraShareACL = null;
try {
boolean cifsSidEnable = customConfigHandler.getComputedCustomConfigBooleanValue(CustomConfigConstants.ISILON_USER_TO_SID_MAPPING_FOR_CIFS_SHARE_ENABLED, storage.getSystemType(), null);
// add the new Share ACL from the array into the add request.
if (cifsSidEnable) {
arrayExtraShareACL = extraShareACLBySidFromArray(storage, args);
} else {
arrayExtraShareACL = extraShareACLFromArray(storage, args);
}
_log.info("Number of extra ACLs found on array is: {}", arrayExtraShareACL.size());
if (!arrayExtraShareACL.isEmpty()) {
if (aclsToAdd != null) {
// now add the remaining Share ACL
aclsToAdd.addAll(arrayExtraShareACL.values());
} else {
// if add acl is null then create a new Share ACL and add
aclsToAdd = new ArrayList<ShareACL>();
aclsToAdd.addAll(arrayExtraShareACL.values());
// update the args so new acl get persisted in CoprHD DB.
args.setShareAclsToAdd(aclsToAdd);
}
}
} catch (Exception e) {
// TODO Auto-generated catch block
_log.error("Not able to fetch latest Share ACL from backend array.", e);
}
// Get existing Acls for the share
List<ShareACL> aclsToProcess = args.getExistingShareAcls();
_log.info("Share name : {}", args.getShareName());
// Process Acls
_log.info("Number of existing ACLs found {}", aclsToProcess.size());
// Process ACLs to add
aclsToProcess.addAll(aclsToAdd);
// Process ACLs to modify
for (ShareACL existingAcl : aclsToProcess) {
String domainOfExistingAce = existingAcl.getDomain();
if (domainOfExistingAce == null) {
domainOfExistingAce = "";
}
for (ShareACL aclToModify : aclsToModify) {
String domainOfmodifiedAce = aclToModify.getDomain();
if (domainOfmodifiedAce == null) {
domainOfmodifiedAce = "";
}
if (aclToModify.getUser() != null && existingAcl.getUser() != null) {
if (domainOfExistingAce.concat(existingAcl.getUser()).equalsIgnoreCase(domainOfmodifiedAce.concat(aclToModify.getUser()))) {
existingAcl.setPermission(aclToModify.getPermission());
}
}
if (aclToModify.getGroup() != null && existingAcl.getGroup() != null) {
if (domainOfExistingAce.concat(existingAcl.getGroup()).equalsIgnoreCase(domainOfmodifiedAce.concat(aclToModify.getGroup()))) {
existingAcl.setPermission(aclToModify.getPermission());
}
}
}
}
// Process ACLs to delete
for (ShareACL aclToDelete : aclsToDelete) {
String domainOfDeleteAce = aclToDelete.getDomain();
if (domainOfDeleteAce == null) {
domainOfDeleteAce = "";
}
for (Iterator<ShareACL> iterator = aclsToProcess.iterator(); iterator.hasNext(); ) {
ShareACL existingAcl = iterator.next();
String domainOfExistingAce = existingAcl.getDomain();
if (domainOfExistingAce == null) {
domainOfExistingAce = "";
}
if (aclToDelete.getUser() != null && existingAcl.getUser() != null) {
if (domainOfDeleteAce.concat(aclToDelete.getUser()).equalsIgnoreCase(domainOfExistingAce.concat(existingAcl.getUser()))) {
iterator.remove();
}
}
if (aclToDelete.getGroup() != null && existingAcl.getGroup() != null) {
if (domainOfDeleteAce.concat(aclToDelete.getGroup()).equalsIgnoreCase(domainOfExistingAce.concat(existingAcl.getGroup()))) {
iterator.remove();
}
}
}
}
// Process new ACLs
IsilonApi isi = getIsilonDevice(storage);
processAclsForShare(isi, args, aclsToProcess);
BiosCommandResult result = BiosCommandResult.createSuccessfulResult();
return result;
}
Also used :
BiosCommandResult(com.emc.storageos.volumecontroller.impl.BiosCommandResult)
IsilonApi(com.emc.storageos.isilon.restapi.IsilonApi)
ShareACL(com.emc.storageos.model.file.ShareACL)
IsilonException(com.emc.storageos.isilon.restapi.IsilonException)
ControllerException(com.emc.storageos.volumecontroller.ControllerException)
URISyntaxException(java.net.URISyntaxException)
DeviceControllerException(com.emc.storageos.exceptions.DeviceControllerException)
IsilonCollectionException(com.emc.storageos.plugins.metering.isilon.IsilonCollectionException)
Example 22 with ShareACL
use of com.emc.storageos.model.file.ShareACL in project coprhd-controller by CoprHD.
the class IsilonFileStorageDevice method processAclsForShare.
/**
* Sets permissions on Isilon SMB share.
*
* @param isi
* the isilon API handle
* @param args
* in which the attribute <code>shareName</code> must be set
* @param aclsToProcess
* the ACEs to set on Isilon SMB share. If this value is null,
* then no permissions (ACEs) will be set
*/
private void processAclsForShare(IsilonApi isi, FileDeviceInputOutput args, List<ShareACL> aclsToProcess) {
_log.info("Start processAclsForShare to set ACL for share {}: ACL: {}", args.getShareName(), aclsToProcess);
IsilonSMBShare isilonSMBShare = new IsilonSMBShare(args.getShareName());
ArrayList<Permission> permissions = new ArrayList<Permission>();
String permissionValue = null;
String permissionTypeValue = null;
if (aclsToProcess != null) {
for (ShareACL acl : aclsToProcess) {
String domain = acl.getDomain();
if (domain == null) {
domain = "";
}
domain = domain.toLowerCase();
String userOrGroup = acl.getUser() == null ? acl.getGroup().toLowerCase() : acl.getUser().toLowerCase();
if (domain.length() > 0) {
userOrGroup = domain + "\\" + userOrGroup;
}
permissionValue = acl.getPermission().toLowerCase();
if (permissionValue.startsWith("full")) {
permissionValue = Permission.PERMISSION_FULL;
}
permissionTypeValue = Permission.PERMISSION_TYPE_ALLOW;
Permission permission = isilonSMBShare.new Permission(permissionTypeValue, permissionValue, userOrGroup);
permissions.add(permission);
}
}
/*
* If permissions array list is empty, it means to remove all ACEs on
* the share.
*/
isilonSMBShare.setPermissions(permissions);
_log.info("Calling Isilon API: modifyShare. Share {}, permissions {}", isilonSMBShare, permissions);
String zoneName = getZoneName(args.getvNAS());
if (zoneName != null) {
isi.modifyShare(args.getShareName(), zoneName, isilonSMBShare);
} else {
isi.modifyShare(args.getShareName(), isilonSMBShare);
}
_log.info("End processAclsForShare");
}
Also used :
IsilonSMBShare(com.emc.storageos.isilon.restapi.IsilonSMBShare)
Permission(com.emc.storageos.isilon.restapi.IsilonSMBShare.Permission)
ArrayList(java.util.ArrayList)
ShareACL(com.emc.storageos.model.file.ShareACL)
Example 23 with ShareACL
use of com.emc.storageos.model.file.ShareACL in project coprhd-controller by CoprHD.
the class IsilonFileStorageDevice method extraShareACLBySidFromArray.
/**
* By using Sid get the CIFS Share ACL which are present in array but not in CoprHD Database .
*
* @param storage
* @param args
* @return Map with user sid with ShareACL
*/
private Map<String, ShareACL> extraShareACLBySidFromArray(StorageSystem storage, FileDeviceInputOutput args) {
// get all Share ACL from CoprHD data base
List<ShareACL> existingDBShareACL = args.getExistingShareAcls();
NASServer nas = getNasServerForFileSystem(args, storage);
Map<String, ShareACL> arrayShareACLMap = new HashMap<>();
// get the all the Share ACL from the storage system.
IsilonApi isi = getIsilonDevice(storage);
String zoneName = getZoneName(args.getvNAS());
IsilonSMBShare share = null;
if (zoneName != null) {
share = isi.getShare(args.getShareName(), zoneName);
} else {
share = isi.getShare(args.getShareName());
}
if (share != null) {
List<Permission> permissions = share.getPermissions();
for (Permission perm : permissions) {
if (perm.getPermissionType().equalsIgnoreCase(Permission.PERMISSION_TYPE_ALLOW)) {
ShareACL shareACL = new ShareACL();
shareACL.setPermission(perm.getPermission());
String userAndDomain = perm.getTrustee().getName();
String[] trustees = new String[2];
trustees = userAndDomain.split("\\\\");
String trusteesType = perm.getTrustee().getType();
if (trustees.length > 1) {
shareACL.setDomain(trustees[0]);
if (trusteesType.equals("group")) {
shareACL.setGroup(trustees[1]);
} else {
shareACL.setUser(trustees[1]);
}
} else {
if (trusteesType.equals("group")) {
shareACL.setGroup(trustees[0]);
} else {
shareACL.setUser(trustees[0]);
}
}
arrayShareACLMap.put(perm.getTrustee().getId(), shareACL);
}
}
for (Iterator<ShareACL> iterator = existingDBShareACL.iterator(); iterator.hasNext(); ) {
ShareACL shareACL = iterator.next();
String name = "";
String domain = shareACL.getDomain();
String user = shareACL.getUser();
String group = shareACL.getGroup();
String type = "user";
if (user != null && !user.isEmpty()) {
name = user;
} else if (group != null && !group.isEmpty()) {
name = group;
type = "group";
}
String sid = getIdForDomainUserOrGroup(isi, nas, domain, name, type, false);
if (arrayShareACLMap.containsKey(sid)) {
arrayShareACLMap.remove(sid);
}
}
}
return arrayShareACLMap;
}
Also used :
NASServer(com.emc.storageos.db.client.model.NASServer)
HashMap(java.util.HashMap)
IsilonSMBShare(com.emc.storageos.isilon.restapi.IsilonSMBShare)
Permission(com.emc.storageos.isilon.restapi.IsilonSMBShare.Permission)
IsilonApi(com.emc.storageos.isilon.restapi.IsilonApi)
ShareACL(com.emc.storageos.model.file.ShareACL)
Example 24 with ShareACL
use of com.emc.storageos.model.file.ShareACL in project coprhd-controller by CoprHD.
the class NetAppFileStorageDevice method forceAddShareAcl.
private void forceAddShareAcl(NetAppApi nApi, String shareName, List<ShareACL> aclsToAdd) {
if (aclsToAdd == null || aclsToAdd.isEmpty()) {
return;
}
List<CifsAcl> acls = new ArrayList<CifsAcl>();
for (ShareACL newAcl : aclsToAdd) {
CifsAcl cif_new = new CifsAcl();
String domain = newAcl.getDomain();
String userOrGroup = newAcl.getGroup() == null ? newAcl.getUser() : newAcl.getGroup();
if (domain != null && !domain.isEmpty()) {
userOrGroup = domain + "\\" + userOrGroup;
}
// for netapp api user and group are same.and need to set only user
cif_new.setUserName(userOrGroup);
cif_new.setShareName(shareName);
cif_new.setAccess(getAccessEnum(newAcl.getPermission()));
acls.add(cif_new);
}
for (CifsAcl cifsAcl : acls) {
try {
List<CifsAcl> singleACL = new ArrayList<CifsAcl>();
singleACL.add(cifsAcl);
nApi.modifyCIFSShareAcl(shareName, singleACL);
} catch (Exception e) {
_log.error("NetAppFileStorageDevice:: Force add of ACL for user [" + cifsAcl.getUserName() + "] failed with an Exception", e);
}
}
}
Also used :
CifsAcl(com.iwave.ext.netapp.model.CifsAcl)
ArrayList(java.util.ArrayList)
ShareACL(com.emc.storageos.model.file.ShareACL)
ControllerException(com.emc.storageos.volumecontroller.ControllerException)
DeviceControllerException(com.emc.storageos.exceptions.DeviceControllerException)
NetAppException(com.emc.storageos.netapp.NetAppException)
Example 25 with ShareACL
use of com.emc.storageos.model.file.ShareACL in project coprhd-controller by CoprHD.
the class NetAppFileStorageDevice method rollbackShareACLs.
private BiosCommandResult rollbackShareACLs(StorageSystem storage, FileDeviceInputOutput args, List<ShareACL> existingList) {
BiosCommandResult result = new BiosCommandResult();
NetAppApi nApi = new NetAppApi.Builder(storage.getIpAddress(), storage.getPortNumber(), storage.getUsername(), storage.getPassword()).https(true).build();
try {
// We can have multiple ace added/modified in one put call ,some of them can fail due to some reason.
// In case of failure, to make it consistent in vipr db and NetApp share, delete all currently
// added and modified ace and revert it to old acl.
_log.info("NetAppFileStorageDevice::Rolling back update ACL by trying delete ACL for share {}", args.getShareName());
List<ShareACL> aclsToClear = new ArrayList<ShareACL>();
aclsToClear.addAll(args.getShareAclsToAdd());
aclsToClear.addAll(args.getShareAclsToModify());
forceDeleteShareAcl(nApi, args.getShareName(), aclsToClear);
_log.info("NetAppFileStorageDevice::Adding back old ACL to Share {}", args.getShareName());
forceAddShareAcl(nApi, args.getShareName(), existingList);
result = BiosCommandResult.createSuccessfulResult();
} catch (Exception e) {
_log.error("NetAppFileStorageDevice::Roll Back of ACL failed with an Exception", e);
ServiceError serviceError = DeviceControllerErrors.netapp.unableToUpdateCIFSShareAcl();
serviceError.setMessage(e.getLocalizedMessage());
result = BiosCommandResult.createErrorResult(serviceError);
}
return result;
}
Also used :
ServiceError(com.emc.storageos.svcs.errorhandling.model.ServiceError)
BiosCommandResult(com.emc.storageos.volumecontroller.impl.BiosCommandResult)
ArrayList(java.util.ArrayList)
NetAppApi(com.emc.storageos.netapp.NetAppApi)
ShareACL(com.emc.storageos.model.file.ShareACL)
ControllerException(com.emc.storageos.volumecontroller.ControllerException)
DeviceControllerException(com.emc.storageos.exceptions.DeviceControllerException)
NetAppException(com.emc.storageos.netapp.NetAppException)
Aggregations
ShareACL (com.emc.storageos.model.file.ShareACL)36
ArrayList (java.util.ArrayList)22
DeviceControllerException (com.emc.storageos.exceptions.DeviceControllerException)13
ShareACLs (com.emc.storageos.model.file.ShareACLs)13
ControllerException (com.emc.storageos.volumecontroller.ControllerException)13
CifsShareACL (com.emc.storageos.db.client.model.CifsShareACL)10
NetAppException (com.emc.storageos.netapp.NetAppException)9
ServiceError (com.emc.storageos.svcs.errorhandling.model.ServiceError)7
BiosCommandResult (com.emc.storageos.volumecontroller.impl.BiosCommandResult)7
ViPRCoreClient (com.emc.vipr.client.ViPRCoreClient)5
NetAppCException (com.emc.storageos.netappc.NetAppCException)4
CifsAcl (com.iwave.ext.netapp.model.CifsAcl)4
NFSShareACL (com.emc.storageos.db.client.model.NFSShareACL)3
IsilonApi (com.emc.storageos.isilon.restapi.IsilonApi)3
IsilonSMBShare (com.emc.storageos.isilon.restapi.IsilonSMBShare)3
Permission (com.emc.storageos.isilon.restapi.IsilonSMBShare.Permission)3
ShareACLOperationErrorType (com.emc.storageos.model.file.CifsShareACLUpdateParams.ShareACLOperationErrorType)3
FileCifsShareACLUpdateParams (com.emc.storageos.model.file.FileCifsShareACLUpdateParams)3
NetAppApi (com.emc.storageos.netapp.NetAppApi)3
NetAppClusterApi (com.emc.storageos.netappc.NetAppClusterApi)3
