Example 16 with BucketACE
use of com.emc.storageos.model.object.BucketACE in project coprhd-controller by CoprHD.
the class BucketACLUtility method reportDeleteErrors.
private void reportDeleteErrors(BucketACLUpdateParams param) {
String opName = BucketACLOperationType.DELETE.name();
// Report Add ACL Errors
BucketACL bucketACL = param.getAclToDelete();
if (bucketACL == null || bucketACL.getBucketACL().isEmpty()) {
return;
}
List<BucketACE> bucketACELits = bucketACL.getBucketACL();
for (BucketACE bucketACE : bucketACELits) {
if (!bucketACE.canProceedToNextStep()) {
BucketACLOperationErrorType error = bucketACE.getErrorType();
switch(error) {
case USER_AND_GROUP_AND_CUSTOMGROUP_PROVIDED:
{
throw APIException.badRequests.userGroupAndCustomGroupInACLFound(bucketACE.getUser(), bucketACE.getGroup(), bucketACE.getCustomGroup());
}
case USER_AND_GROUP_PROVIDED:
{
throw APIException.badRequests.userGroupAndCustomGroupInACLFound(bucketACE.getUser(), bucketACE.getGroup(), null);
}
case USER_AND_CUSTOMGROUP_PROVIDED:
{
throw APIException.badRequests.userGroupAndCustomGroupInACLFound(bucketACE.getUser(), null, bucketACE.getCustomGroup());
}
case GROUP_AND_CUSTOMGROUP_PROVIDED:
{
throw APIException.badRequests.userGroupAndCustomGroupInACLFound(null, bucketACE.getGroup(), bucketACE.getCustomGroup());
}
case USER_OR_GROUP_OR_CUSTOMGROUP_NOT_PROVIDED:
{
throw APIException.badRequests.missingUserOrGroupOrCustomGroupInACE(opName);
}
case MULTIPLE_ACES_WITH_SAME_USER_OR_GROUP_CUSTOMGROUP:
{
String userOrGroupOrCustomgroup = bucketACE.getUser();
if (userOrGroupOrCustomgroup == null) {
userOrGroupOrCustomgroup = bucketACE.getGroup() != null ? bucketACE.getGroup() : bucketACE.getCustomGroup();
}
throw APIException.badRequests.multipleACLsWithUserOrGroupOrCustomGroupFound(opName, userOrGroupOrCustomgroup);
}
case MULTIPLE_DOMAINS_FOUND:
{
String domain1 = bucketACE.getDomain();
String userOrGroupOrCustomgroup = bucketACE.getUser();
if (userOrGroupOrCustomgroup == null) {
userOrGroupOrCustomgroup = bucketACE.getGroup() != null ? bucketACE.getGroup() : bucketACE.getCustomGroup();
}
String domain2 = userOrGroupOrCustomgroup.substring(0, userOrGroupOrCustomgroup.indexOf("\\"));
throw APIException.badRequests.multipleDomainsFound(opName, domain1, domain2);
}
case ACL_NOT_FOUND:
{
throw APIException.badRequests.bucketACLNotFound(opName, bucketACE.toString());
}
default:
break;
}
}
}
}
Also used :
BucketACLOperationErrorType(com.emc.storageos.model.object.BucketACLUpdateParams.BucketACLOperationErrorType)
ObjectBucketACL(com.emc.storageos.db.client.model.ObjectBucketACL)
BucketACL(com.emc.storageos.model.object.BucketACL)
BucketACE(com.emc.storageos.model.object.BucketACE)
Example 17 with BucketACE
use of com.emc.storageos.model.object.BucketACE in project coprhd-controller by CoprHD.
the class BucketACLUtility method verifyModifyBucketACL.
private void verifyModifyBucketACL(List<BucketACE> bucketACEList) {
if (bucketACEList == null) {
return;
}
_log.info("Number of bucket ACE(s) to modify {} ", bucketACEList.size());
for (BucketACE ace : bucketACEList) {
ace.proceedToNextStep();
_log.info("Verifying ACL {}", ace.toString());
// Are there same user or group found in other acls. If so, report
// error
verifyUserGroupCustomgroup(ace);
if (!ace.canProceedToNextStep()) {
break;
}
validatePermissions(ace);
if (!ace.canProceedToNextStep()) {
break;
}
// Verify with existing ACL
ObjectBucketACL dbBucketAcl = getExistingACL(ace);
// If same acl exists, allow to modify
if (dbBucketAcl != null) {
_log.info("Existing ACL in modify request: {}", dbBucketAcl);
ace.proceedToNextStep();
} else {
// If not found, don't allow to proceed further
if (ace.canProceedToNextStep()) {
_log.error("No existing ACL found in DB to modify {}", ace);
ace.cancelNextStep(BucketACLOperationErrorType.ACL_NOT_FOUND);
}
}
}
}
Also used :
BucketACE(com.emc.storageos.model.object.BucketACE)
ObjectBucketACL(com.emc.storageos.db.client.model.ObjectBucketACL)
Example 18 with BucketACE
use of com.emc.storageos.model.object.BucketACE in project coprhd-controller by CoprHD.
the class BucketService method getBucketACL.
/**
* Gets the ACL settings for bucket
*
* @param id
* @brief Get ACLs for a bucket
* @return BucketACL
* @throws InternalException
*/
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/acl")
@CheckPermission(roles = { Role.SYSTEM_MONITOR, Role.TENANT_ADMIN }, acls = { ACL.ANY })
public BucketACL getBucketACL(@PathParam("id") URI id) throws InternalException {
_log.info("Request recieved to get Bucket ACL with Id: {}", id);
// Validate the Bucket
Bucket bucket = null;
ArgValidator.checkFieldUriType(id, Bucket.class, "id");
bucket = _dbClient.queryObject(Bucket.class, id);
ArgValidator.checkEntity(bucket, id, isIdEmbeddedInURL(id));
if (bucket.getVersion() == null) {
syncBucketACL(bucket);
}
BucketACL bucketAcl = new BucketACL();
BucketACLUtility bucketACLUtil = new BucketACLUtility(_dbClient, bucket.getName(), bucket.getId());
List<BucketACE> bucketAces = bucketACLUtil.queryExistingBucketACL();
_log.info("Number of existing ACLs found : {} ", bucketAces.size());
if (!bucketAces.isEmpty()) {
bucketAcl.setBucketACL(bucketAces);
}
return bucketAcl;
}
Also used :
BucketACL(com.emc.storageos.model.object.BucketACL)
BucketACLUtility(com.emc.storageos.api.service.impl.resource.utils.BucketACLUtility)
Bucket(com.emc.storageos.db.client.model.Bucket)
MapBucket(com.emc.storageos.api.mapper.functions.MapBucket)
BucketACE(com.emc.storageos.model.object.BucketACE)
Path(javax.ws.rs.Path)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
CheckPermission(com.emc.storageos.security.authorization.CheckPermission)
Example 19 with BucketACE
use of com.emc.storageos.model.object.BucketACE in project coprhd-controller by CoprHD.
the class ObjectDeviceController method queryExistingBucketAcl.
private List<BucketACE> queryExistingBucketAcl(ObjectDeviceInputOutput args, URI buckeId) {
_log.info("Querying ACL of Bucket {}", args.getName());
List<BucketACE> acl = new ArrayList<BucketACE>();
try {
List<ObjectBucketACL> dbBucketAclList = queryDbBucketAcl(args, buckeId);
Iterator<ObjectBucketACL> dbAclIter = dbBucketAclList.iterator();
while (dbAclIter.hasNext()) {
ObjectBucketACL dbBucketAcl = dbAclIter.next();
BucketACE ace = new BucketACE();
ace.setDomain(dbBucketAcl.getDomain());
ace.setBucketName(dbBucketAcl.getBucketName());
ace.setGroup(dbBucketAcl.getGroup());
ace.setPermissions(dbBucketAcl.getPermissions());
ace.setNamespace(dbBucketAcl.getNamespace());
ace.setUser(dbBucketAcl.getUser());
ace.setCustomGroup(dbBucketAcl.getCustomGroup());
acl.add(ace);
}
} catch (Exception e) {
_log.error("Error while querying ACL(s) of a share {}", e);
}
return acl;
}
Also used :
ArrayList(java.util.ArrayList)
BucketACE(com.emc.storageos.model.object.BucketACE)
InternalException(com.emc.storageos.svcs.errorhandling.resources.InternalException)
ControllerException(com.emc.storageos.volumecontroller.ControllerException)
ObjectBucketACL(com.emc.storageos.db.client.model.ObjectBucketACL)
Aggregations
BucketACE (com.emc.storageos.model.object.BucketACE)19
ObjectBucketACL (com.emc.storageos.db.client.model.ObjectBucketACL)11
BucketACL (com.emc.storageos.model.object.BucketACL)10
ECSBucketACL (com.emc.storageos.ecs.api.ECSBucketACL)3
ECSException (com.emc.storageos.ecs.api.ECSException)3
BucketACLOperationErrorType (com.emc.storageos.model.object.BucketACLUpdateParams.BucketACLOperationErrorType)3
ObjectBucketACLUpdateParams (com.emc.storageos.model.object.ObjectBucketACLUpdateParams)3
ViPRCoreClient (com.emc.vipr.client.ViPRCoreClient)3
ArrayList (java.util.ArrayList)3
ECSApi (com.emc.storageos.ecs.api.ECSApi)2
BucketACLUpdateParams (com.emc.storageos.model.object.BucketACLUpdateParams)2
InternalException (com.emc.storageos.svcs.errorhandling.resources.InternalException)2
ControllerException (com.emc.storageos.volumecontroller.ControllerException)2
Gson (com.google.gson.Gson)2
FlashException (controllers.util.FlashException)2
MapBucket (com.emc.storageos.api.mapper.functions.MapBucket)1
BucketACLUtility (com.emc.storageos.api.service.impl.resource.utils.BucketACLUtility)1
Bucket (com.emc.storageos.db.client.model.Bucket)1
CheckPermission (com.emc.storageos.security.authorization.CheckPermission)1
URISyntaxException (java.net.URISyntaxException)1
