Search in sources :

Example 6 with BucketACE

use of com.emc.storageos.model.object.BucketACE in project coprhd-controller by CoprHD.

the class ECSObjectStorageDevice method doSyncBucketACL.

/*
     * (non-Javadoc)
     * 
     * @see com.emc.storageos.volumecontroller.ObjectStorageDevice#doSyncBucketACL(com.emc.storageos.db.client.model.StorageSystem,
     * com.emc.storageos.db.client.model.Bucket, com.emc.storageos.volumecontroller.ObjectDeviceInputOutput, java.lang.String)
     * 
     * Gets the ACl for the bucket from ECS and persist in coprhd DB.
     */
@Override
public BiosCommandResult doSyncBucketACL(StorageSystem storageObj, Bucket bucket, ObjectDeviceInputOutput objectArgs, String taskId) throws ControllerException {
    ECSApi objectAPI = getAPI(storageObj);
    try {
        String aclResponse = objectAPI.getBucketAclFromECS(objectArgs.getName(), objectArgs.getNamespace());
        _log.info("aclResponse {} " + aclResponse);
        ECSBucketACL bucketACl = new Gson().fromJson(SecurityUtils.sanitizeJsonString(aclResponse), ECSBucketACL.class);
        ECSBucketACL.Acl acl = bucketACl.getAcl();
        List<ECSBucketACL.UserAcl> user_acl = acl.getUseAcl();
        List<ECSBucketACL.GroupAcl> group_acl = acl.getGroupAcl();
        List<ECSBucketACL.CustomGroupAcl> customgroup_acl = acl.getCustomgroupAcl();
        List<BucketACE> aclToAdd = Lists.newArrayList();
        final String _VERSION = "acl_supported";
        final String DELIMETER = "@";
        for (ECSBucketACL.UserAcl userAce : user_acl) {
            String userWithDomain = userAce.getUser();
            String[] usrDomain = userWithDomain.split(DELIMETER);
            BucketACE bucketAce = new BucketACE();
            if (usrDomain.length > 1) {
                bucketAce.setDomain(usrDomain[1]);
                bucketAce.setUser(usrDomain[0]);
            } else if (usrDomain.length == 1) {
                // username without domain
                bucketAce.setUser(usrDomain[0]);
            }
            String[] permArray = userAce.getPermission();
            String permissions = formatPermissions(permArray);
            bucketAce.setPermissions(permissions);
            aclToAdd.add(bucketAce);
        }
        for (ECSBucketACL.GroupAcl groupAce : group_acl) {
            String groupWithDomain = groupAce.getGroup();
            String[] grpDomain = groupWithDomain.split(DELIMETER);
            BucketACE bucketAce = new BucketACE();
            if (grpDomain.length > 1) {
                bucketAce.setDomain(grpDomain[1]);
                bucketAce.setGroup(grpDomain[0]);
            } else if (grpDomain.length == 1) {
                // group without domain
                bucketAce.setGroup(grpDomain[0]);
            }
            String[] permArray = groupAce.getPermission();
            String permissions = formatPermissions(permArray);
            bucketAce.setPermissions(permissions);
            aclToAdd.add(bucketAce);
        }
        for (ECSBucketACL.CustomGroupAcl customGroupAce : customgroup_acl) {
            String customGroupWithDomain = customGroupAce.getCustomgroup();
            String[] grpDomain = customGroupWithDomain.split(DELIMETER);
            BucketACE bucketAce = new BucketACE();
            if (grpDomain.length > 1) {
                bucketAce.setDomain(grpDomain[1]);
                bucketAce.setCustomGroup(grpDomain[0]);
            } else if (grpDomain.length == 1) {
                // custom group without domain
                bucketAce.setCustomGroup(grpDomain[0]);
            }
            String[] permArray = customGroupAce.getPermission();
            String permissions = formatPermissions(permArray);
            bucketAce.setPermissions(permissions);
            aclToAdd.add(bucketAce);
        }
        BucketACLUpdateParams param = new BucketACLUpdateParams();
        BucketACL aclForAddition = new BucketACL();
        aclForAddition.setBucketACL(aclToAdd);
        param.setAclToAdd(aclForAddition);
        updateBucketACLInDB(param, objectArgs, bucket);
        bucket.setVersion(_VERSION);
        _dbClient.updateObject(bucket);
    } catch (ECSException e) {
        _log.error("Sync ACL for Bucket : {} failed.", objectArgs.getName(), e);
        completeTask(bucket.getId(), taskId, e);
        return BiosCommandResult.createErrorResult(e);
    }
    completeTask(bucket.getId(), taskId, "Bucket ACL Sync Successful.");
    return BiosCommandResult.createSuccessfulResult();
}
Also used : Gson(com.google.gson.Gson) BucketACE(com.emc.storageos.model.object.BucketACE) ECSApi(com.emc.storageos.ecs.api.ECSApi) BucketACLUpdateParams(com.emc.storageos.model.object.BucketACLUpdateParams) ObjectBucketACL(com.emc.storageos.db.client.model.ObjectBucketACL) ECSBucketACL(com.emc.storageos.ecs.api.ECSBucketACL) BucketACL(com.emc.storageos.model.object.BucketACL) ECSBucketACL(com.emc.storageos.ecs.api.ECSBucketACL) ECSException(com.emc.storageos.ecs.api.ECSException)

Example 7 with BucketACE

use of com.emc.storageos.model.object.BucketACE in project coprhd-controller by CoprHD.

the class ObjectStorageUtils method createBucketACLs.

public static BucketACL createBucketACLs(ObjectStorageACL acl) {
    BucketACL aclsToAdd = new BucketACL();
    List<BucketACE> aclList = new ArrayList<BucketACE>();
    BucketACE bucketAce = new BucketACE();
    if (acl.aclType.equalsIgnoreCase("GROUP")) {
        bucketAce.setGroup(acl.aclName);
    } else if (acl.aclType.equalsIgnoreCase("USER")) {
        bucketAce.setUser(acl.aclName);
    } else {
        bucketAce.setCustomGroup(acl.aclName);
    }
    if (!StringUtils.isEmpty(acl.aclDomain)) {
        bucketAce.setDomain(acl.aclDomain);
    }
    bucketAce.setPermissions(StringUtils.join(acl.aclPermission, "|").toLowerCase());
    aclList.add(bucketAce);
    aclsToAdd.setBucketACL(aclList);
    return aclsToAdd;
}
Also used : BucketACL(com.emc.storageos.model.object.BucketACL) ArrayList(java.util.ArrayList) BucketACE(com.emc.storageos.model.object.BucketACE)

Example 8 with BucketACE

use of com.emc.storageos.model.object.BucketACE in project coprhd-controller by CoprHD.

the class ObjectBuckets method createObjectBucketACLUpdateParams.

private static ObjectBucketACLUpdateParams createObjectBucketACLUpdateParams(String formData) {
    String[] uiAcls = formData.split(",");
    List<BucketACE> aces = Lists.newArrayList();
    for (String uiAce : uiAcls) {
        String[] uiData = uiAce.split("~~~");
        String uiType = uiData[0];
        String uiName = uiData[1];
        String uiDomain = uiData[2];
        String uiPermissions = uiData[3];
        BucketACE bucketAce = new BucketACE();
        if (uiDomain != null && !uiDomain.isEmpty() && !"null".equals(uiDomain)) {
            bucketAce.setDomain(uiDomain);
        }
        if (GROUP.equalsIgnoreCase(uiType.trim())) {
            bucketAce.setGroup(uiName.trim());
        } else if (CUSTOMGROUP.equalsIgnoreCase(uiType.trim())) {
            bucketAce.setCustomGroup(uiName.trim());
        } else {
            bucketAce.setUser(uiName.trim());
        }
        if (uiPermissions != null && !"".equals(uiPermissions) && !"null".equals(uiPermissions)) {
            bucketAce.setPermissions(uiPermissions);
        }
        aces.add(bucketAce);
    }
    BucketACL aclToAdd = new BucketACL();
    aclToAdd.setBucketACL(aces);
    ObjectBucketACLUpdateParams input = new ObjectBucketACLUpdateParams();
    input.setAclToAdd(aclToAdd);
    return input;
}
Also used : BucketACL(com.emc.storageos.model.object.BucketACL) ObjectBucketACLUpdateParams(com.emc.storageos.model.object.ObjectBucketACLUpdateParams) BucketACE(com.emc.storageos.model.object.BucketACE)

Example 9 with BucketACE

use of com.emc.storageos.model.object.BucketACE in project coprhd-controller by CoprHD.

the class ObjectBuckets method listBucketACLJson.

public static void listBucketACLJson(String id) {
    ViPRCoreClient client = BourneUtil.getViprClient();
    List<BucketACE> bucketAcl = client.objectBuckets().getBucketACL(uri(id));
    List<BucketACLDataTable.AclInfo> acl = Lists.newArrayList();
    for (BucketACE ace : bucketAcl) {
        String userOrGroupOrCustomgroup = ace.getUser();
        String type = USER;
        if (ace.getGroup() != null && !ace.getGroup().isEmpty()) {
            type = GROUP;
            userOrGroupOrCustomgroup = ace.getGroup();
        } else if (ace.getCustomGroup() != null && !ace.getCustomGroup().isEmpty()) {
            type = CUSTOMGROUP;
            userOrGroupOrCustomgroup = ace.getCustomGroup();
        }
        acl.add(new BucketACLDataTable.AclInfo(userOrGroupOrCustomgroup, type, ace.getPermissions(), id, ace.getDomain()));
    }
    renderJSON(DataTablesSupport.createJSON(acl, params));
}
Also used : BucketACLDataTable(models.datatable.BucketACLDataTable) ViPRCoreClient(com.emc.vipr.client.ViPRCoreClient) BucketACE(com.emc.storageos.model.object.BucketACE)

Example 10 with BucketACE

use of com.emc.storageos.model.object.BucketACE in project coprhd-controller by CoprHD.

the class ECSObjectStorageDevice method toJsonString.

private String toJsonString(ObjectDeviceInputOutput objectArgs, List<BucketACE> aclsToProcess) {
    ECSBucketACL ecsBucketAcl = new ECSBucketACL();
    List<ECSBucketACL.UserAcl> user_acl = Lists.newArrayList();
    List<ECSBucketACL.GroupAcl> group_acl = Lists.newArrayList();
    List<ECSBucketACL.CustomGroupAcl> customgroup_acl = Lists.newArrayList();
    String PERMISSION_DELEMITER = "\\|";
    for (BucketACE aceToAdd : aclsToProcess) {
        ECSBucketACL.UserAcl userAcl = ecsBucketAcl.new UserAcl();
        ECSBucketACL.GroupAcl groupAcl = ecsBucketAcl.new GroupAcl();
        ECSBucketACL.CustomGroupAcl customgroupAcl = ecsBucketAcl.new CustomGroupAcl();
        String type = "user";
        String userOrGroupOrCustomgroup = aceToAdd.getUser();
        if (userOrGroupOrCustomgroup == null) {
            userOrGroupOrCustomgroup = aceToAdd.getGroup() != null ? aceToAdd.getGroup() : aceToAdd.getCustomGroup();
            type = aceToAdd.getGroup() != null ? "group" : "customgroup";
        }
        if (aceToAdd.getDomain() != null && !aceToAdd.getDomain().isEmpty()) {
            // ECS accepts username@domain format.
            userOrGroupOrCustomgroup = userOrGroupOrCustomgroup + "@" + aceToAdd.getDomain();
        }
        switch(type) {
            case "user":
                userAcl.setUser(userOrGroupOrCustomgroup);
                if (aceToAdd.getPermissions() != null) {
                    userAcl.setPermission(aceToAdd.getPermissions().split(PERMISSION_DELEMITER));
                }
                user_acl.add(userAcl);
                break;
            case "group":
                groupAcl.setGroup(userOrGroupOrCustomgroup);
                if (aceToAdd.getPermissions() != null) {
                    groupAcl.setPermission(aceToAdd.getPermissions().split(PERMISSION_DELEMITER));
                }
                group_acl.add(groupAcl);
                break;
            case "customgroup":
                customgroupAcl.setCustomgroup(userOrGroupOrCustomgroup);
                if (aceToAdd.getPermissions() != null) {
                    customgroupAcl.setPermission(aceToAdd.getPermissions().split(PERMISSION_DELEMITER));
                }
                customgroup_acl.add(customgroupAcl);
                break;
        }
    }
    ecsBucketAcl.setBucket(objectArgs.getName());
    ecsBucketAcl.setNamespace(objectArgs.getNamespace());
    ECSBucketACL.Acl acl = ecsBucketAcl.new Acl();
    if (!user_acl.isEmpty()) {
        acl.setUserAcl(user_acl);
    }
    if (!group_acl.isEmpty()) {
        acl.setGroupAcl(group_acl);
    }
    if (!customgroup_acl.isEmpty()) {
        acl.setCustomgroupAcl(customgroup_acl);
    }
    ecsBucketAcl.setAcl(acl);
    return new Gson().toJson(ecsBucketAcl);
}
Also used : Gson(com.google.gson.Gson) BucketACE(com.emc.storageos.model.object.BucketACE) ECSBucketACL(com.emc.storageos.ecs.api.ECSBucketACL)

Aggregations

BucketACE (com.emc.storageos.model.object.BucketACE)19 ObjectBucketACL (com.emc.storageos.db.client.model.ObjectBucketACL)11 BucketACL (com.emc.storageos.model.object.BucketACL)10 ECSBucketACL (com.emc.storageos.ecs.api.ECSBucketACL)3 ECSException (com.emc.storageos.ecs.api.ECSException)3 BucketACLOperationErrorType (com.emc.storageos.model.object.BucketACLUpdateParams.BucketACLOperationErrorType)3 ObjectBucketACLUpdateParams (com.emc.storageos.model.object.ObjectBucketACLUpdateParams)3 ViPRCoreClient (com.emc.vipr.client.ViPRCoreClient)3 ArrayList (java.util.ArrayList)3 ECSApi (com.emc.storageos.ecs.api.ECSApi)2 BucketACLUpdateParams (com.emc.storageos.model.object.BucketACLUpdateParams)2 InternalException (com.emc.storageos.svcs.errorhandling.resources.InternalException)2 ControllerException (com.emc.storageos.volumecontroller.ControllerException)2 Gson (com.google.gson.Gson)2 FlashException (controllers.util.FlashException)2 MapBucket (com.emc.storageos.api.mapper.functions.MapBucket)1 BucketACLUtility (com.emc.storageos.api.service.impl.resource.utils.BucketACLUtility)1 Bucket (com.emc.storageos.db.client.model.Bucket)1 CheckPermission (com.emc.storageos.security.authorization.CheckPermission)1 URISyntaxException (java.net.URISyntaxException)1