Example 1 with BucketACL
use of com.emc.storageos.model.object.BucketACL in project coprhd-controller by CoprHD.
the class BucketACLUtility method reportModifyErrors.
private void reportModifyErrors(BucketACLUpdateParams param) {
String opName = BucketACLOperationType.MODIFY.name();
// Report Add ACL Errors
BucketACL bucketACL = param.getAclToModify();
if (bucketACL == null || bucketACL.getBucketACL().isEmpty()) {
return;
}
List<BucketACE> bucketACEList = bucketACL.getBucketACL();
for (BucketACE bucketACE : bucketACEList) {
if (!bucketACE.canProceedToNextStep()) {
BucketACLOperationErrorType error = bucketACE.getErrorType();
switch(error) {
case INVALID_PERMISSIONS:
{
if (bucketACE.getPermissions() != null) {
throw APIException.badRequests.invalidPermissionForBucketACL(bucketACE.getPermissions());
} else {
throw APIException.badRequests.missingValueInACE(opName, REQUEST_PARAM_PERMISSIONS);
}
}
case USER_AND_GROUP_AND_CUSTOMGROUP_PROVIDED:
{
throw APIException.badRequests.userGroupAndCustomGroupInACLFound(bucketACE.getUser(), bucketACE.getGroup(), bucketACE.getCustomGroup());
}
case USER_AND_GROUP_PROVIDED:
{
throw APIException.badRequests.userGroupAndCustomGroupInACLFound(bucketACE.getUser(), bucketACE.getGroup(), null);
}
case USER_AND_CUSTOMGROUP_PROVIDED:
{
throw APIException.badRequests.userGroupAndCustomGroupInACLFound(bucketACE.getUser(), null, bucketACE.getCustomGroup());
}
case GROUP_AND_CUSTOMGROUP_PROVIDED:
{
throw APIException.badRequests.userGroupAndCustomGroupInACLFound(null, bucketACE.getGroup(), bucketACE.getCustomGroup());
}
case USER_OR_GROUP_OR_CUSTOMGROUP_NOT_PROVIDED:
{
throw APIException.badRequests.missingUserOrGroupOrCustomGroupInACE(opName);
}
case MULTIPLE_ACES_WITH_SAME_USER_OR_GROUP_CUSTOMGROUP:
{
String userOrGroupOrCustomgroup = bucketACE.getUser();
if (userOrGroupOrCustomgroup == null) {
userOrGroupOrCustomgroup = bucketACE.getGroup() != null ? bucketACE.getGroup() : bucketACE.getCustomGroup();
}
throw APIException.badRequests.multipleACLsWithUserOrGroupOrCustomGroupFound(opName, userOrGroupOrCustomgroup);
}
case ACL_NOT_FOUND:
{
throw APIException.badRequests.bucketACLNotFound(opName, bucketACE.toString());
}
case MULTIPLE_DOMAINS_FOUND:
{
String domain1 = bucketACE.getDomain();
String userOrGroupOrCustomgroup = bucketACE.getUser();
if (userOrGroupOrCustomgroup == null) {
userOrGroupOrCustomgroup = bucketACE.getGroup() != null ? bucketACE.getGroup() : bucketACE.getCustomGroup();
}
String domain2 = userOrGroupOrCustomgroup.substring(0, userOrGroupOrCustomgroup.indexOf("\\"));
throw APIException.badRequests.multipleDomainsFound(opName, domain1, domain2);
}
case ACL_EXISTS:
default:
break;
}
}
}
}
Also used :
BucketACLOperationErrorType(com.emc.storageos.model.object.BucketACLUpdateParams.BucketACLOperationErrorType)
ObjectBucketACL(com.emc.storageos.db.client.model.ObjectBucketACL)
BucketACL(com.emc.storageos.model.object.BucketACL)
BucketACE(com.emc.storageos.model.object.BucketACE)
Example 2 with BucketACL
use of com.emc.storageos.model.object.BucketACL in project coprhd-controller by CoprHD.
the class ECSObjectStorageDevice method doSyncBucketACL.
/*
* (non-Javadoc)
*
* @see com.emc.storageos.volumecontroller.ObjectStorageDevice#doSyncBucketACL(com.emc.storageos.db.client.model.StorageSystem,
* com.emc.storageos.db.client.model.Bucket, com.emc.storageos.volumecontroller.ObjectDeviceInputOutput, java.lang.String)
*
* Gets the ACl for the bucket from ECS and persist in coprhd DB.
*/
@Override
public BiosCommandResult doSyncBucketACL(StorageSystem storageObj, Bucket bucket, ObjectDeviceInputOutput objectArgs, String taskId) throws ControllerException {
ECSApi objectAPI = getAPI(storageObj);
try {
String aclResponse = objectAPI.getBucketAclFromECS(objectArgs.getName(), objectArgs.getNamespace());
_log.info("aclResponse {} " + aclResponse);
ECSBucketACL bucketACl = new Gson().fromJson(SecurityUtils.sanitizeJsonString(aclResponse), ECSBucketACL.class);
ECSBucketACL.Acl acl = bucketACl.getAcl();
List<ECSBucketACL.UserAcl> user_acl = acl.getUseAcl();
List<ECSBucketACL.GroupAcl> group_acl = acl.getGroupAcl();
List<ECSBucketACL.CustomGroupAcl> customgroup_acl = acl.getCustomgroupAcl();
List<BucketACE> aclToAdd = Lists.newArrayList();
final String _VERSION = "acl_supported";
final String DELIMETER = "@";
for (ECSBucketACL.UserAcl userAce : user_acl) {
String userWithDomain = userAce.getUser();
String[] usrDomain = userWithDomain.split(DELIMETER);
BucketACE bucketAce = new BucketACE();
if (usrDomain.length > 1) {
bucketAce.setDomain(usrDomain[1]);
bucketAce.setUser(usrDomain[0]);
} else if (usrDomain.length == 1) {
// username without domain
bucketAce.setUser(usrDomain[0]);
}
String[] permArray = userAce.getPermission();
String permissions = formatPermissions(permArray);
bucketAce.setPermissions(permissions);
aclToAdd.add(bucketAce);
}
for (ECSBucketACL.GroupAcl groupAce : group_acl) {
String groupWithDomain = groupAce.getGroup();
String[] grpDomain = groupWithDomain.split(DELIMETER);
BucketACE bucketAce = new BucketACE();
if (grpDomain.length > 1) {
bucketAce.setDomain(grpDomain[1]);
bucketAce.setGroup(grpDomain[0]);
} else if (grpDomain.length == 1) {
// group without domain
bucketAce.setGroup(grpDomain[0]);
}
String[] permArray = groupAce.getPermission();
String permissions = formatPermissions(permArray);
bucketAce.setPermissions(permissions);
aclToAdd.add(bucketAce);
}
for (ECSBucketACL.CustomGroupAcl customGroupAce : customgroup_acl) {
String customGroupWithDomain = customGroupAce.getCustomgroup();
String[] grpDomain = customGroupWithDomain.split(DELIMETER);
BucketACE bucketAce = new BucketACE();
if (grpDomain.length > 1) {
bucketAce.setDomain(grpDomain[1]);
bucketAce.setCustomGroup(grpDomain[0]);
} else if (grpDomain.length == 1) {
// custom group without domain
bucketAce.setCustomGroup(grpDomain[0]);
}
String[] permArray = customGroupAce.getPermission();
String permissions = formatPermissions(permArray);
bucketAce.setPermissions(permissions);
aclToAdd.add(bucketAce);
}
BucketACLUpdateParams param = new BucketACLUpdateParams();
BucketACL aclForAddition = new BucketACL();
aclForAddition.setBucketACL(aclToAdd);
param.setAclToAdd(aclForAddition);
updateBucketACLInDB(param, objectArgs, bucket);
bucket.setVersion(_VERSION);
_dbClient.updateObject(bucket);
} catch (ECSException e) {
_log.error("Sync ACL for Bucket : {} failed.", objectArgs.getName(), e);
completeTask(bucket.getId(), taskId, e);
return BiosCommandResult.createErrorResult(e);
}
completeTask(bucket.getId(), taskId, "Bucket ACL Sync Successful.");
return BiosCommandResult.createSuccessfulResult();
}
Also used :
Gson(com.google.gson.Gson)
BucketACE(com.emc.storageos.model.object.BucketACE)
ECSApi(com.emc.storageos.ecs.api.ECSApi)
BucketACLUpdateParams(com.emc.storageos.model.object.BucketACLUpdateParams)
ObjectBucketACL(com.emc.storageos.db.client.model.ObjectBucketACL)
ECSBucketACL(com.emc.storageos.ecs.api.ECSBucketACL)
BucketACL(com.emc.storageos.model.object.BucketACL)
ECSBucketACL(com.emc.storageos.ecs.api.ECSBucketACL)
ECSException(com.emc.storageos.ecs.api.ECSException)
Example 3 with BucketACL
use of com.emc.storageos.model.object.BucketACL in project coprhd-controller by CoprHD.
the class ECSObjectStorageDevice method doDeleteBucketACL.
@Override
public BiosCommandResult doDeleteBucketACL(StorageSystem storageObj, Bucket bucket, ObjectDeviceInputOutput objectArgs, String taskId) throws ControllerException {
ECSApi objectAPI = getAPI(storageObj);
BucketACLUpdateParams param = new BucketACLUpdateParams();
BucketACL aclForDeletion = new BucketACL();
aclForDeletion.setBucketACL(objectArgs.getBucketAclToDelete());
param.setAclToDelete(aclForDeletion);
try {
String payload = "{\"bucket\":\"" + objectArgs.getName() + "\",\"namespace\":\"" + objectArgs.getNamespace() + "\",\"acl\":{}}\"";
objectAPI.updateBucketACL(objectArgs.getName(), payload);
updateBucketACLInDB(param, objectArgs, bucket);
} catch (ECSException e) {
_log.error("Delete ACL for Bucket : {} failed.", objectArgs.getName(), e);
completeTask(bucket.getId(), taskId, e);
return BiosCommandResult.createErrorResult(e);
}
completeTask(bucket.getId(), taskId, "Successfully updated Bucket ACL.");
return BiosCommandResult.createSuccessfulResult();
}
Also used :
ECSApi(com.emc.storageos.ecs.api.ECSApi)
BucketACLUpdateParams(com.emc.storageos.model.object.BucketACLUpdateParams)
ObjectBucketACL(com.emc.storageos.db.client.model.ObjectBucketACL)
ECSBucketACL(com.emc.storageos.ecs.api.ECSBucketACL)
BucketACL(com.emc.storageos.model.object.BucketACL)
ECSException(com.emc.storageos.ecs.api.ECSException)
Example 4 with BucketACL
use of com.emc.storageos.model.object.BucketACL in project coprhd-controller by CoprHD.
the class ObjectStorageUtils method createBucketACLs.
public static BucketACL createBucketACLs(ObjectStorageACL acl) {
BucketACL aclsToAdd = new BucketACL();
List<BucketACE> aclList = new ArrayList<BucketACE>();
BucketACE bucketAce = new BucketACE();
if (acl.aclType.equalsIgnoreCase("GROUP")) {
bucketAce.setGroup(acl.aclName);
} else if (acl.aclType.equalsIgnoreCase("USER")) {
bucketAce.setUser(acl.aclName);
} else {
bucketAce.setCustomGroup(acl.aclName);
}
if (!StringUtils.isEmpty(acl.aclDomain)) {
bucketAce.setDomain(acl.aclDomain);
}
bucketAce.setPermissions(StringUtils.join(acl.aclPermission, "|").toLowerCase());
aclList.add(bucketAce);
aclsToAdd.setBucketACL(aclList);
return aclsToAdd;
}Example 5 with BucketACL
use of com.emc.storageos.model.object.BucketACL in project coprhd-controller by CoprHD.
the class SetObjectStorageACL method doExecute.
@Override
protected Task<BucketRestRep> doExecute() throws Exception {
ObjectBucketACLUpdateParams aclUpdate = new ObjectBucketACLUpdateParams();
BucketACL aclsToAdd = ObjectStorageUtils.createBucketACLs(acl);
aclUpdate.setAclToAdd(aclsToAdd);
return getClient().objectBuckets().updateBucketACL(bucketId, aclUpdate);
}
Also used :
BucketACL(com.emc.storageos.model.object.BucketACL)
ObjectBucketACLUpdateParams(com.emc.storageos.model.object.ObjectBucketACLUpdateParams)
Aggregations
BucketACL (com.emc.storageos.model.object.BucketACL)13
BucketACE (com.emc.storageos.model.object.BucketACE)10
ObjectBucketACL (com.emc.storageos.db.client.model.ObjectBucketACL)7
ObjectBucketACLUpdateParams (com.emc.storageos.model.object.ObjectBucketACLUpdateParams)4
ECSBucketACL (com.emc.storageos.ecs.api.ECSBucketACL)3
BucketACLUpdateParams (com.emc.storageos.model.object.BucketACLUpdateParams)3
BucketACLOperationErrorType (com.emc.storageos.model.object.BucketACLUpdateParams.BucketACLOperationErrorType)3
ECSApi (com.emc.storageos.ecs.api.ECSApi)2
ECSException (com.emc.storageos.ecs.api.ECSException)2
ViPRCoreClient (com.emc.vipr.client.ViPRCoreClient)2
FlashException (controllers.util.FlashException)2
MapBucket (com.emc.storageos.api.mapper.functions.MapBucket)1
BucketACLUtility (com.emc.storageos.api.service.impl.resource.utils.BucketACLUtility)1
Bucket (com.emc.storageos.db.client.model.Bucket)1
CheckPermission (com.emc.storageos.security.authorization.CheckPermission)1
Gson (com.google.gson.Gson)1
ArrayList (java.util.ArrayList)1
GET (javax.ws.rs.GET)1
Path (javax.ws.rs.Path)1
Produces (javax.ws.rs.Produces)1
