Example 1 with BucketACE
use of com.emc.storageos.model.object.BucketACE in project coprhd-controller by CoprHD.
the class BucketACLUtility method verifyDeleteBucketACL.
private void verifyDeleteBucketACL(List<BucketACE> bucketACEList) {
if (bucketACEList == null) {
return;
}
_log.info("Number of bucket ACE(s) to delete {} ", bucketACEList.size());
for (BucketACE ace : bucketACEList) {
ace.proceedToNextStep();
_log.info("Verifying ACL {}", ace.toString());
// Are there same user or group found in other acls. If so, report
// error
verifyUserGroupCustomgroup(ace);
if (!ace.canProceedToNextStep()) {
break;
}
// Verify with existing ACL
ObjectBucketACL dbBucketAcl = getExistingACL(ace);
// If same acl exists, allow to modify
if (dbBucketAcl != null) {
_log.info("Existing ACL found in delete request: {}", dbBucketAcl);
ace.proceedToNextStep();
} else {
// If not found, don't allow to proceed further
if (ace.canProceedToNextStep()) {
_log.error("No existing ACL found in DB to delete {}", ace);
ace.cancelNextStep(BucketACLOperationErrorType.ACL_NOT_FOUND);
}
}
}
}
Also used :
BucketACE(com.emc.storageos.model.object.BucketACE)
ObjectBucketACL(com.emc.storageos.db.client.model.ObjectBucketACL)
Example 2 with BucketACE
use of com.emc.storageos.model.object.BucketACE in project coprhd-controller by CoprHD.
the class BucketACLUtility method queryExistingBucketACL.
public List<BucketACE> queryExistingBucketACL() {
List<BucketACE> bucketACEList = new ArrayList<BucketACE>();
List<ObjectBucketACL> dbBucketACL = queryDbBucketACL();
if (dbBucketACL != null) {
Iterator<ObjectBucketACL> dbAclIterator = dbBucketACL.iterator();
while (dbAclIterator.hasNext()) {
ObjectBucketACL dbBucketAce = dbAclIterator.next();
if (bucketId.equals(dbBucketAce.getBucketId())) {
BucketACE ace = new BucketACE();
ace.setBucketName(dbBucketAce.getBucketName());
ace.setDomain(dbBucketAce.getDomain());
ace.setUser(dbBucketAce.getUser());
ace.setGroup(dbBucketAce.getGroup());
ace.setPermissions(dbBucketAce.getPermissions());
ace.setCustomGroup(dbBucketAce.getCustomGroup());
ace.setNamespace(dbBucketAce.getNamespace());
bucketACEList.add(ace);
}
}
}
return bucketACEList;
}
Also used :
ArrayList(java.util.ArrayList)
BucketACE(com.emc.storageos.model.object.BucketACE)
ObjectBucketACL(com.emc.storageos.db.client.model.ObjectBucketACL)
Example 3 with BucketACE
use of com.emc.storageos.model.object.BucketACE in project coprhd-controller by CoprHD.
the class BucketACLUtility method reportModifyErrors.
private void reportModifyErrors(BucketACLUpdateParams param) {
String opName = BucketACLOperationType.MODIFY.name();
// Report Add ACL Errors
BucketACL bucketACL = param.getAclToModify();
if (bucketACL == null || bucketACL.getBucketACL().isEmpty()) {
return;
}
List<BucketACE> bucketACEList = bucketACL.getBucketACL();
for (BucketACE bucketACE : bucketACEList) {
if (!bucketACE.canProceedToNextStep()) {
BucketACLOperationErrorType error = bucketACE.getErrorType();
switch(error) {
case INVALID_PERMISSIONS:
{
if (bucketACE.getPermissions() != null) {
throw APIException.badRequests.invalidPermissionForBucketACL(bucketACE.getPermissions());
} else {
throw APIException.badRequests.missingValueInACE(opName, REQUEST_PARAM_PERMISSIONS);
}
}
case USER_AND_GROUP_AND_CUSTOMGROUP_PROVIDED:
{
throw APIException.badRequests.userGroupAndCustomGroupInACLFound(bucketACE.getUser(), bucketACE.getGroup(), bucketACE.getCustomGroup());
}
case USER_AND_GROUP_PROVIDED:
{
throw APIException.badRequests.userGroupAndCustomGroupInACLFound(bucketACE.getUser(), bucketACE.getGroup(), null);
}
case USER_AND_CUSTOMGROUP_PROVIDED:
{
throw APIException.badRequests.userGroupAndCustomGroupInACLFound(bucketACE.getUser(), null, bucketACE.getCustomGroup());
}
case GROUP_AND_CUSTOMGROUP_PROVIDED:
{
throw APIException.badRequests.userGroupAndCustomGroupInACLFound(null, bucketACE.getGroup(), bucketACE.getCustomGroup());
}
case USER_OR_GROUP_OR_CUSTOMGROUP_NOT_PROVIDED:
{
throw APIException.badRequests.missingUserOrGroupOrCustomGroupInACE(opName);
}
case MULTIPLE_ACES_WITH_SAME_USER_OR_GROUP_CUSTOMGROUP:
{
String userOrGroupOrCustomgroup = bucketACE.getUser();
if (userOrGroupOrCustomgroup == null) {
userOrGroupOrCustomgroup = bucketACE.getGroup() != null ? bucketACE.getGroup() : bucketACE.getCustomGroup();
}
throw APIException.badRequests.multipleACLsWithUserOrGroupOrCustomGroupFound(opName, userOrGroupOrCustomgroup);
}
case ACL_NOT_FOUND:
{
throw APIException.badRequests.bucketACLNotFound(opName, bucketACE.toString());
}
case MULTIPLE_DOMAINS_FOUND:
{
String domain1 = bucketACE.getDomain();
String userOrGroupOrCustomgroup = bucketACE.getUser();
if (userOrGroupOrCustomgroup == null) {
userOrGroupOrCustomgroup = bucketACE.getGroup() != null ? bucketACE.getGroup() : bucketACE.getCustomGroup();
}
String domain2 = userOrGroupOrCustomgroup.substring(0, userOrGroupOrCustomgroup.indexOf("\\"));
throw APIException.badRequests.multipleDomainsFound(opName, domain1, domain2);
}
case ACL_EXISTS:
default:
break;
}
}
}
}
Also used :
BucketACLOperationErrorType(com.emc.storageos.model.object.BucketACLUpdateParams.BucketACLOperationErrorType)
ObjectBucketACL(com.emc.storageos.db.client.model.ObjectBucketACL)
BucketACL(com.emc.storageos.model.object.BucketACL)
BucketACE(com.emc.storageos.model.object.BucketACE)
Example 4 with BucketACE
use of com.emc.storageos.model.object.BucketACE in project coprhd-controller by CoprHD.
the class ECSObjectStorageDevice method doUpdateBucketACL.
@Override
public BiosCommandResult doUpdateBucketACL(StorageSystem storageObj, Bucket bucket, ObjectDeviceInputOutput objectArgs, BucketACLUpdateParams param, String taskId) throws ControllerException {
List<BucketACE> aclToAdd = objectArgs.getBucketAclToAdd();
List<BucketACE> aclToModify = objectArgs.getBucketAclToModify();
List<BucketACE> aclToDelete = objectArgs.getBucketAclToDelete();
// Get existing Acl for the Bucket
List<BucketACE> aclsToProcess = objectArgs.getExistingBucketAcl();
aclsToProcess.addAll(aclToAdd);
// Process ACLs to modify
for (BucketACE existingAce : aclsToProcess) {
String domainOfExistingAce = existingAce.getDomain();
if (domainOfExistingAce == null) {
domainOfExistingAce = "";
}
for (BucketACE aceToModify : aclToModify) {
String domainOfmodifiedAce = aceToModify.getDomain();
if (domainOfmodifiedAce == null) {
domainOfmodifiedAce = "";
}
if (aceToModify.getUser() != null && existingAce.getUser() != null) {
if (domainOfExistingAce.concat(existingAce.getUser()).equalsIgnoreCase(domainOfmodifiedAce.concat(aceToModify.getUser()))) {
existingAce.setPermissions(aceToModify.getPermissions());
}
}
if (aceToModify.getGroup() != null && existingAce.getGroup() != null) {
if (domainOfExistingAce.concat(existingAce.getGroup()).equalsIgnoreCase(domainOfmodifiedAce.concat(aceToModify.getGroup()))) {
existingAce.setPermissions(aceToModify.getPermissions());
}
}
if (aceToModify.getCustomGroup() != null && existingAce.getCustomGroup() != null) {
if (domainOfExistingAce.concat(existingAce.getCustomGroup()).equalsIgnoreCase(domainOfmodifiedAce.concat(aceToModify.getCustomGroup()))) {
existingAce.setPermissions(aceToModify.getPermissions());
}
}
}
}
// Process ACLs to delete
for (BucketACE aceToDelete : aclToDelete) {
String domainOfDeleteAce = aceToDelete.getDomain();
if (domainOfDeleteAce == null) {
domainOfDeleteAce = "";
}
for (Iterator<BucketACE> iterator = aclsToProcess.iterator(); iterator.hasNext(); ) {
BucketACE existingAcl = iterator.next();
String domainOfExistingAce = existingAcl.getDomain();
if (domainOfExistingAce == null) {
domainOfExistingAce = "";
}
if (aceToDelete.getUser() != null && existingAcl.getUser() != null) {
if (domainOfDeleteAce.concat(aceToDelete.getUser()).equalsIgnoreCase(domainOfExistingAce.concat(existingAcl.getUser()))) {
iterator.remove();
}
}
if (aceToDelete.getGroup() != null && existingAcl.getGroup() != null) {
if (domainOfDeleteAce.concat(aceToDelete.getGroup()).equalsIgnoreCase(domainOfExistingAce.concat(existingAcl.getGroup()))) {
iterator.remove();
}
}
if (aceToDelete.getCustomGroup() != null && existingAcl.getCustomGroup() != null) {
if (domainOfDeleteAce.concat(aceToDelete.getCustomGroup()).equalsIgnoreCase(domainOfExistingAce.concat(existingAcl.getCustomGroup()))) {
iterator.remove();
}
}
}
}
ECSApi objectAPI = getAPI(storageObj);
try {
String payload = toJsonString(objectArgs, aclsToProcess);
objectAPI.updateBucketACL(objectArgs.getName(), payload);
updateBucketACLInDB(param, objectArgs, bucket);
} catch (ECSException e) {
_log.error("ACL Update for Bucket : {} failed.", objectArgs.getName(), e);
completeTask(bucket.getId(), taskId, e);
return BiosCommandResult.createErrorResult(e);
}
completeTask(bucket.getId(), taskId, "Successfully updated Bucket ACL.");
return BiosCommandResult.createSuccessfulResult();
}
Also used :
ECSApi(com.emc.storageos.ecs.api.ECSApi)
ECSException(com.emc.storageos.ecs.api.ECSException)
BucketACE(com.emc.storageos.model.object.BucketACE)
Example 5 with BucketACE
use of com.emc.storageos.model.object.BucketACE in project coprhd-controller by CoprHD.
the class ECSObjectStorageDevice method updateBucketACLInDB.
private void updateBucketACLInDB(BucketACLUpdateParams param, ObjectDeviceInputOutput args, Bucket bucket) {
try {
// Create new Acl
if (param.getAclToAdd() != null) {
List<BucketACE> aclToAdd = param.getAclToAdd().getBucketACL();
if (aclToAdd != null && !aclToAdd.isEmpty()) {
for (BucketACE ace : aclToAdd) {
ObjectBucketACL dbBucketAcl = new ObjectBucketACL();
dbBucketAcl.setId(URIUtil.createId(ObjectBucketACL.class));
copyToPersistBucketACL(ace, dbBucketAcl, args, bucket.getId());
_log.info("Storing new acl in DB: {}", dbBucketAcl);
_dbClient.createObject(dbBucketAcl);
}
}
}
// Modify existing Acl
if (param.getAclToModify() != null) {
List<BucketACE> aclToModify = param.getAclToModify().getBucketACL();
if (aclToModify != null && !aclToModify.isEmpty()) {
for (BucketACE ace : aclToModify) {
ObjectBucketACL dbBucketAcl = new ObjectBucketACL();
copyToPersistBucketACL(ace, dbBucketAcl, args, bucket.getId());
ObjectBucketACL dbBucketAclTemp = getExistingBucketAclFromDB(dbBucketAcl);
if (dbBucketAclTemp != null) {
dbBucketAcl.setId(dbBucketAclTemp.getId());
_log.info("Modifying acl in DB: {}", dbBucketAcl);
_dbClient.updateObject(dbBucketAcl);
}
}
}
}
// Delete existing Acl
if (param.getAclToDelete() != null) {
List<BucketACE> aclToDelete = param.getAclToDelete().getBucketACL();
if (aclToDelete != null && !aclToDelete.isEmpty()) {
for (BucketACE ace : aclToDelete) {
ObjectBucketACL dbBucketAcl = new ObjectBucketACL();
copyToPersistBucketACL(ace, dbBucketAcl, args, bucket.getId());
ObjectBucketACL dbBuckeAclTemp = getExistingBucketAclFromDB(dbBucketAcl);
if (dbBuckeAclTemp != null) {
dbBucketAcl.setId(dbBuckeAclTemp.getId());
dbBucketAcl.setInactive(true);
_log.info("Marking acl inactive in DB: {}", dbBucketAcl);
_dbClient.updateObject(dbBucketAcl);
}
}
}
}
} catch (Exception e) {
_log.error("Error While executing CRUD Operations {}", e);
}
}
Also used :
BucketACE(com.emc.storageos.model.object.BucketACE)
URISyntaxException(java.net.URISyntaxException)
InternalException(com.emc.storageos.svcs.errorhandling.resources.InternalException)
ControllerException(com.emc.storageos.volumecontroller.ControllerException)
ECSException(com.emc.storageos.ecs.api.ECSException)
ObjectBucketACL(com.emc.storageos.db.client.model.ObjectBucketACL)
Aggregations
BucketACE (com.emc.storageos.model.object.BucketACE)19
ObjectBucketACL (com.emc.storageos.db.client.model.ObjectBucketACL)11
BucketACL (com.emc.storageos.model.object.BucketACL)10
ECSBucketACL (com.emc.storageos.ecs.api.ECSBucketACL)3
ECSException (com.emc.storageos.ecs.api.ECSException)3
BucketACLOperationErrorType (com.emc.storageos.model.object.BucketACLUpdateParams.BucketACLOperationErrorType)3
ObjectBucketACLUpdateParams (com.emc.storageos.model.object.ObjectBucketACLUpdateParams)3
ViPRCoreClient (com.emc.vipr.client.ViPRCoreClient)3
ArrayList (java.util.ArrayList)3
ECSApi (com.emc.storageos.ecs.api.ECSApi)2
BucketACLUpdateParams (com.emc.storageos.model.object.BucketACLUpdateParams)2
InternalException (com.emc.storageos.svcs.errorhandling.resources.InternalException)2
ControllerException (com.emc.storageos.volumecontroller.ControllerException)2
Gson (com.google.gson.Gson)2
FlashException (controllers.util.FlashException)2
MapBucket (com.emc.storageos.api.mapper.functions.MapBucket)1
BucketACLUtility (com.emc.storageos.api.service.impl.resource.utils.BucketACLUtility)1
Bucket (com.emc.storageos.db.client.model.Bucket)1
CheckPermission (com.emc.storageos.security.authorization.CheckPermission)1
URISyntaxException (java.net.URISyntaxException)1
