Search in sources :

Example 1 with ProjectRestRep

use of com.emc.storageos.model.project.ProjectRestRep in project coprhd-controller by CoprHD.

the class ApiTestUserGroup method testUserGroupCreateWithProjectAclALL.

@Test
public void testUserGroupCreateWithProjectAclALL() throws NoSuchAlgorithmException {
    final String testName = "testUserGroupCreateWithProjectAclALL - ";
    createDefaultAuthnProvider(testName + DEFAULT_AUTH_PROVIDER_CREATION);
    // Create a test tenant.
    URI testTenantId = createTestTenant();
    // Remove the group just created tenant user mapping.
    // So that, all the users in the domain can be assigned with
    // tenant roles. Here getting the ldapGroup(2) as that is the
    // one used as default one for creating the tenant.
    removeUserMappingGroups(testTenantId, getLDAPGroup(2));
    // Create a test project for the just created tenant.
    URI projectId = createTestProject(testTenantId);
    String aclAssignmentsApi = getProjectACLAssignmentApi(projectId);
    boolean isGroup = false;
    // Assigning all the project acls ALL to the user ldapViPRUser5
    List<String> acls = new ArrayList<String>();
    acls.add(getACL(0));
    String userNameWithDomain = getUserWithDomain(4);
    ACLEntry aclAssignmentEntry1 = getACLAssignmentEntry(userNameWithDomain, acls, isGroup);
    ACLAssignmentChanges aclAssignmentChanges = getDefaultACLAssignmentChanges();
    aclAssignmentChanges.getAdd().add(aclAssignmentEntry1);
    ACLAssignments aclAssignments = rSys.path(aclAssignmentsApi).put(ACLAssignments.class, aclAssignmentChanges);
    validateACLAssignmentsSuccess(aclAssignments, userNameWithDomain, isGroup);
    // Create a user ldapViPRUser5.
    BalancedWebResource ldapViPRUser5 = getHttpsClient(userNameWithDomain, getLDAPUserPassword());
    ProjectRestRep ldapViPRUser5ProjectInfo = ldapViPRUser5.path(getProjectApi(projectId)).get(ProjectRestRep.class);
    Assert.assertEquals(projectId, ldapViPRUser5ProjectInfo.getId());
    UserGroupCreateParam createParam = getDefaultUserGroupCreateParam();
    // Try to create a user group by non security admin user (ldapViPRUser5).
    ClientResponse clientResponseUserGroupCreate = ldapViPRUser5.path(getTestApi()).post(ClientResponse.class, createParam);
    String partialErrorMessage = ERROR_INSUFFICIENT_PERMISSION_FOR_USER;
    partialErrorMessage = String.format(partialErrorMessage, userNameWithDomain.toLowerCase());
    validateUserGroupBadRequest(HttpStatus.SC_FORBIDDEN, partialErrorMessage, clientResponseUserGroupCreate);
    // Only Tenant Admin and Project owner has a readonly access.
    clientResponseUserGroupCreate = ldapViPRUser5.path(getTestApi()).get(ClientResponse.class);
    validateUserGroupBadRequest(HttpStatus.SC_FORBIDDEN, partialErrorMessage, clientResponseUserGroupCreate);
    // Test the bulk api. Here expecting false for get, as ldapViPRUser5
    // is not a sysadmin or sysmonitor and expecting true for post, as
    // ldapViPRUser5 has all project acl.
    testUserGroupBulkApi(ldapViPRUser5, false, false);
    // Now remove the user group from the acl assignments.
    aclAssignmentChanges.getAdd().clear();
    aclAssignmentChanges.getRemove().add(aclAssignmentEntry1);
    aclAssignments = rSys.path(aclAssignmentsApi).put(ACLAssignments.class, aclAssignmentChanges);
    validateACLAssignmentsRemove(aclAssignments, userNameWithDomain, isGroup);
    // Now the user should not have any acls.
    ClientResponse clientResponseProjectInfo = ldapViPRUser5.path(getProjectApi(projectId)).get(ClientResponse.class);
    Assert.assertEquals(HttpStatus.SC_FORBIDDEN, clientResponseProjectInfo.getStatus());
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) ArrayList(java.util.ArrayList) ProjectRestRep(com.emc.storageos.model.project.ProjectRestRep) URI(java.net.URI) Test(org.junit.Test)

Example 2 with ProjectRestRep

use of com.emc.storageos.model.project.ProjectRestRep in project coprhd-controller by CoprHD.

the class ApiTestUserGroup method testUserGroupCreateWithProjectOwner.

@Test
public void testUserGroupCreateWithProjectOwner() throws NoSuchAlgorithmException {
    final String testName = "testUserGroupCreateWithProjectOwner - ";
    createDefaultAuthnProvider(testName + DEFAULT_AUTH_PROVIDER_CREATION);
    // Create a test tenant.
    URI testTenantId = createTestTenant();
    // Remove the group just created tenant user mapping.
    // So that, all the users in the domain can be assigned with
    // tenant roles. Here getting the ldapGroup(2) as that is the
    // one used as default one for creating the tenant.
    removeUserMappingGroups(testTenantId, getLDAPGroup(2));
    // Create a test project for the just created tenant.
    URI projectId = createTestProject(testTenantId);
    String userNameWithDomain = getUserWithDomain(4);
    // Change the owner of the project to ldapViPRUser5 from rSys.
    String projectEditApi = getProjectApi(projectId);
    ProjectUpdateParam updateParam = new ProjectUpdateParam();
    updateParam.setOwner(userNameWithDomain);
    ClientResponse clientResponseProjectEdit = rSys.path(projectEditApi).put(ClientResponse.class, updateParam);
    Assert.assertEquals(HttpStatus.SC_OK, clientResponseProjectEdit.getStatus());
    // Create a user ldapViPRUser5.
    BalancedWebResource ldapViPRUser5 = getHttpsClient(userNameWithDomain, getLDAPUserPassword());
    ProjectRestRep ldapViPRUser5ProjectInfo = ldapViPRUser5.path(getProjectApi(projectId)).get(ProjectRestRep.class);
    Assert.assertEquals(projectId, ldapViPRUser5ProjectInfo.getId());
    UserGroupCreateParam createParam = getDefaultUserGroupCreateParam();
    // Try to create a user group by non security admin user (ldapViPRUser5).
    ClientResponse clientResponseUserGroupCreate = ldapViPRUser5.path(getTestApi()).post(ClientResponse.class, createParam);
    String partialErrorMessage = ERROR_INSUFFICIENT_PERMISSION_FOR_USER;
    partialErrorMessage = String.format(partialErrorMessage, userNameWithDomain.toLowerCase());
    validateUserGroupBadRequest(HttpStatus.SC_FORBIDDEN, partialErrorMessage, clientResponseUserGroupCreate);
    // Tenant Admin and Project owner has a readonly access.
    clientResponseUserGroupCreate = ldapViPRUser5.path(getTestApi()).get(ClientResponse.class);
    Assert.assertEquals(HttpStatus.SC_OK, clientResponseUserGroupCreate.getStatus());
    // Test the bulk api. Here expecting false for get, as ldapViPRUser5
    // is not a sysadmin or sysmonitor and expecting true for post, as
    // ldapViPRUser5 is project owner.
    testUserGroupBulkApi(ldapViPRUser5, false, true);
    ProjectRestRep ProjectInfo = ldapViPRUser5.path(getProjectApi(projectId)).get(ProjectRestRep.class);
    Assert.assertEquals(projectId, ProjectInfo.getId());
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) ProjectUpdateParam(com.emc.storageos.model.project.ProjectUpdateParam) ProjectRestRep(com.emc.storageos.model.project.ProjectRestRep) URI(java.net.URI) Test(org.junit.Test)

Example 3 with ProjectRestRep

use of com.emc.storageos.model.project.ProjectRestRep in project coprhd-controller by CoprHD.

the class ApiTestUserGroup method testUserGroupWithProjectACLAssignment.

@Test
public void testUserGroupWithProjectACLAssignment() throws NoSuchAlgorithmException {
    final String testName = "testUserGroupWithProjectACLAssignment - ";
    createDefaultAuthnProvider(testName + DEFAULT_AUTH_PROVIDER_CREATION);
    UserGroupCreateParam createParam = getDefaultUserGroupCreateParam();
    ClientResponse clientUserGroupCreateResp = rSys.path(getTestApi()).post(ClientResponse.class, createParam);
    UserGroupRestRep userGroupCreateResp = validateUserGroupCreateSuccess(createParam, clientUserGroupCreateResp);
    // Create a test tenant.
    URI testTenantId = createTestTenant();
    // Update the provider tenant user mapping with the
    // just created user group "Depart_Dev".
    updateTenantGroups(testTenantId, userGroupCreateResp.getName());
    // Create a test project for the just created tenant.
    URI projectId = createTestProject(testTenantId);
    boolean isGroup = true;
    String aclAssignmentsApi = getProjectACLAssignmentApi(projectId);
    // Assigning all the project acls to Depart_Dev user group
    // (with attributes department = [ENG, DEV] and l = [Boston]
    List<String> acls = new ArrayList<String>();
    acls.add(getACL(1));
    ACLEntry aclAssignmentEntry1 = getACLAssignmentEntry(userGroupCreateResp.getName(), acls, isGroup);
    ACLAssignmentChanges aclAssignmentChanges = getDefaultACLAssignmentChanges();
    aclAssignmentChanges.getAdd().add(aclAssignmentEntry1);
    ACLAssignments aclAssignments = rSys.path(aclAssignmentsApi).put(ACLAssignments.class, aclAssignmentChanges);
    validateACLAssignmentsSuccess(aclAssignments, userGroupCreateResp.getName(), isGroup);
    // Create a user whose attributes matches with the above created
    // user group "Depart_Dev". Matching LDAP user is ldapViPRUser5.
    BalancedWebResource ldapViPRUser5 = getHttpsClient(getUserWithDomain(4), getLDAPUserPassword());
    ProjectRestRep ldapViPRUser5ProjectInfo = ldapViPRUser5.path(getProjectApi(projectId)).get(ProjectRestRep.class);
    Assert.assertEquals(projectId, ldapViPRUser5ProjectInfo.getId());
    // Now try to delete the user group "Depart_Dev".
    // It should fail, as it is associated with the project acls assignments and
    // tenant user mappings.
    deleteUserGroupAndExpectFailure(userGroupCreateResp.getId());
    // Now try to change the domain the of the user group "Depart_Dev".
    // It should fail, as it is associated with the project acls assignments and
    // tenant user mappings.
    changeUserGroupDomainAndExpectFailure(userGroupCreateResp);
    // Edit the user group but dont change any properties in the group.
    // This should be successful irrespective of whether it is used in
    // any role or acl or user mapping assignments.
    editUserGroupWithoutAnyChangeAndExpectSuccess(userGroupCreateResp);
    // Now remove the user group from the acl assignments.
    aclAssignmentChanges.getAdd().clear();
    aclAssignmentChanges.getRemove().add(aclAssignmentEntry1);
    aclAssignments = rSys.path(aclAssignmentsApi).put(ACLAssignments.class, aclAssignmentChanges);
    validateACLAssignmentsRemove(aclAssignments, userGroupCreateResp.getName(), isGroup);
    // Now the user should not have any acls associated with the
    // user group "Depart_Dev". This is done by just
    // querying about the just created project. Since user
    // does not have any project role or tenant roles, the request
    // will fail.
    ClientResponse clientResponseProjectInfo = ldapViPRUser5.path(getProjectApi(projectId)).get(ClientResponse.class);
    Assert.assertEquals(HttpStatus.SC_FORBIDDEN, clientResponseProjectInfo.getStatus());
    // Now remove the user group from the tenant user mappings.
    removeTenantUserMapping(testTenantId, userGroupCreateResp.getName());
}
Also used : ClientResponse(com.sun.jersey.api.client.ClientResponse) ArrayList(java.util.ArrayList) ProjectRestRep(com.emc.storageos.model.project.ProjectRestRep) URI(java.net.URI) Test(org.junit.Test)

Example 4 with ProjectRestRep

use of com.emc.storageos.model.project.ProjectRestRep in project coprhd-controller by CoprHD.

the class HostClusters method itemDetails.

public static void itemDetails(String id) {
    ClusterRestRep cluster = ClusterUtils.getCluster(uri(id));
    if (cluster == null) {
        error(MessagesUtils.get(UNKNOWN, id));
    }
    ProjectRestRep project = ProjectUtils.getProject(ResourceUtils.id(cluster.getProject()));
    List<HostRestRep> hosts = ClusterUtils.getHosts(uri(id));
    VcenterDataCenterRestRep dataCenter = VCenterUtils.getDataCenter(ResourceUtils.id(cluster.getVcenterDataCenter()));
    VcenterRestRep vcenter = VCenterUtils.getVCenter(dataCenter);
    render(cluster, project, hosts, dataCenter, vcenter);
}
Also used : ClusterRestRep(com.emc.storageos.model.host.cluster.ClusterRestRep) HostRestRep(com.emc.storageos.model.host.HostRestRep) VcenterRestRep(com.emc.storageos.model.host.vcenter.VcenterRestRep) VcenterDataCenterRestRep(com.emc.storageos.model.host.vcenter.VcenterDataCenterRestRep) ProjectRestRep(com.emc.storageos.model.project.ProjectRestRep)

Example 5 with ProjectRestRep

use of com.emc.storageos.model.project.ProjectRestRep in project coprhd-controller by CoprHD.

the class ConsistencyGroups method list.

public static void list() {
    BlockConsistencyGroupDataTable dataTable = new BlockConsistencyGroupDataTable();
    List<ProjectRestRep> projects = ProjectUtils.getProjects(Models.currentAdminTenant());
    Collections.sort(projects, new Comparator<ProjectRestRep>() {

        public int compare(ProjectRestRep proj1, ProjectRestRep proj2) {
            return proj1.getName().compareTo(proj2.getName());
        }
    });
    String activeProjectId = flash.get(ACTIVE_PROJECT_ID);
    if (activeProjectId == null && !projects.isEmpty()) {
        activeProjectId = projects.get(0).getId().toString();
    }
    TenantSelector.addRenderArgs();
    render(dataTable, projects, activeProjectId);
}
Also used : BlockConsistencyGroupDataTable(models.datatable.BlockConsistencyGroupDataTable) ProjectRestRep(com.emc.storageos.model.project.ProjectRestRep)

Aggregations

ProjectRestRep (com.emc.storageos.model.project.ProjectRestRep)24 URI (java.net.URI)13 ArrayList (java.util.ArrayList)7 ClientResponse (com.sun.jersey.api.client.ClientResponse)4 FlashException (controllers.util.FlashException)4 Test (org.junit.Test)4 Asset (com.emc.sa.asset.annotation.Asset)3 BlockConsistencyGroupRestRep (com.emc.storageos.model.block.BlockConsistencyGroupRestRep)2 VolumeRestRep (com.emc.storageos.model.block.VolumeRestRep)2 HostRestRep (com.emc.storageos.model.host.HostRestRep)2 ClusterRestRep (com.emc.storageos.model.host.cluster.ClusterRestRep)2 ProjectUpdateParam (com.emc.storageos.model.project.ProjectUpdateParam)2 VirtualArrayRestRep (com.emc.storageos.model.varray.VirtualArrayRestRep)2 BlockVirtualPoolRestRep (com.emc.storageos.model.vpool.BlockVirtualPoolRestRep)2 ViPRCoreClient (com.emc.vipr.client.ViPRCoreClient)2 AssetOption (com.emc.vipr.model.catalog.AssetOption)2 AssetDependencies (com.emc.sa.asset.annotation.AssetDependencies)1 NamedRelatedResourceRep (com.emc.storageos.model.NamedRelatedResourceRep)1 RelatedResourceRep (com.emc.storageos.model.RelatedResourceRep)1 VirtualArrayRelatedResourceRep (com.emc.storageos.model.VirtualArrayRelatedResourceRep)1