use of com.emc.storageos.model.vpool.VirtualPoolList in project coprhd-controller by CoprHD.
the class VirtualArrayService method getVirtualArrayVirtualPool.
/**
* Returns the id and self link for all VirtualPool associated
* with the VirtualArray.
*
* @param id the URN of a ViPR VirtualArray.
*
* @brief List VirtualArray VirtualPools
* @return A reference to a VirtualPoolList specifying the id and self link for the
* VirtualPool for the VirtualArray.
*/
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/vpools")
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.SYSTEM_MONITOR }, acls = { ACL.USE })
public VirtualPoolList getVirtualArrayVirtualPool(@PathParam("id") URI id, @DefaultValue("") @QueryParam(TENANT_ID_QUERY_PARAM) String tenantId) {
TenantOrg tenant_input = getTenantIfHaveAccess(tenantId);
VirtualPoolList cosList = new VirtualPoolList();
URIQueryResultList resultList = new URIQueryResultList();
_dbClient.queryByConstraint(ContainmentConstraint.Factory.getVirtualArrayVirtualPoolConstraint(id), resultList);
Iterator<URI> cosIterator = resultList.iterator();
while (cosIterator.hasNext()) {
URI cosId = cosIterator.next();
VirtualPool cos = _dbClient.queryObject(VirtualPool.class, cosId);
if (cosList.containsVirtualPoolResource(cosId.toString())) {
// already added, ignore
continue;
}
/*
* when input tenant parameter is null, An user can see the vpool if:
* 1. be sysadmin or sysmonitor or restricted sysadmin
* 2. mapped to that tenant.
* 3. tenant admin but not mapping to the tenant cannot see it
*
* when input tenant parameter is not null, in addition to above conditions need be met,
* the specified tenant also need have access to the vpool.
*/
StorageOSUser user = getUserFromContext();
if (_permissionsHelper.userHasGivenRole(user, null, Role.SYSTEM_ADMIN, Role.SYSTEM_MONITOR, Role.RESTRICTED_SYSTEM_ADMIN) || userTenantHasPermissionForVirtualPool(cosId.toString())) {
if (tenant_input == null || _permissionsHelper.tenantHasUsageACL(tenant_input.getId(), cos)) {
_log.debug("Adding VirtualPool");
cosList.getVirtualPool().add(toVirtualPoolResource(cos));
}
}
}
return cosList;
}
use of com.emc.storageos.model.vpool.VirtualPoolList in project coprhd-controller by CoprHD.
the class StoragePoolService method getMatchedVirtualPoolForPool.
/**
* Gets the ids and self links for all matched VirtualPools for a given storage pool.
*
* @brief List matching VirtualPools for specified storage pool
* @return A VirtualPoolList reference specifying the ids and self links for
* the matched VirtualPool.
*/
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/matched-vpools")
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.SYSTEM_MONITOR })
public VirtualPoolList getMatchedVirtualPoolForPool(@PathParam("id") URI id) {
VirtualPoolList vpools = new VirtualPoolList();
ArgValidator.checkFieldUriType(id, StoragePool.class, "id");
StoragePool storagePool = queryRegisteredResource(id);
ArgValidator.checkEntity(storagePool, id, isIdEmbeddedInURL(id));
URIQueryResultList cosResultList = new URIQueryResultList();
_dbClient.queryByConstraint(ContainmentConstraint.Factory.getMatchedPoolVirtualPoolConstraint(id), cosResultList);
Iterator<URI> cosListItr = cosResultList.iterator();
while (cosListItr.hasNext()) {
VirtualPool vpool = _dbClient.queryObject(VirtualPool.class, cosListItr.next());
vpools.getVirtualPool().add(toVirtualPoolResource(vpool));
}
return vpools;
}
use of com.emc.storageos.model.vpool.VirtualPoolList in project coprhd-controller by CoprHD.
the class ApiTest method usageAclTests.
/**
* Cos and VirtualArray acls tests
*/
public void usageAclTests() {
TenantResponse tenantResp = rSys.path("/tenant").get(TenantResponse.class);
rootTenantId = tenantResp.getTenant();
String subtenant_url = "/tenants/" + rootTenantId.toString() + "/subtenants";
TenantOrgList list = rSys.path(subtenant_url).get(TenantOrgList.class);
Assert.assertEquals(4, list.getSubtenants().size());
NamedRelatedResourceRep st1 = list.getSubtenants().get(0);
NamedRelatedResourceRep st2 = list.getSubtenants().get(1);
// create neighborhoods for test
VirtualArrayCreateParam neighborhoodParam = new VirtualArrayCreateParam();
neighborhoodParam.setLabel("n1");
VirtualArrayRestRep n1 = rSys.path("/vdc/varrays").post(VirtualArrayRestRep.class, neighborhoodParam);
Assert.assertNotNull(n1.getId());
neighborhoodParam.setLabel("n2");
VirtualArrayRestRep n2 = rSys.path("/vdc/varrays").post(VirtualArrayRestRep.class, neighborhoodParam);
Assert.assertNotNull(n2.getId());
// test open to all by default
ClientResponse resp = rSTAdmin1.path("/vdc/varrays/" + n1.getId().toString()).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
resp = rSTAdmin2.path("/vdc/varrays/" + n1.getId().toString()).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
// set usage acl for st1 on n1
String neighborAclUrl = "/vdc/varrays/%s/acl";
ACLAssignmentChanges changes = new ACLAssignmentChanges();
ACLEntry entry1 = new ACLEntry();
entry1.setTenant(st1.getId().toString());
entry1.setAces(new ArrayList<String>());
entry1.getAces().add("USE");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry1);
resp = rSys.path(String.format(neighborAclUrl, n1.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
VirtualArrayRestRep nRead = rSTAdmin1.path("/vdc/varrays/" + n1.getId().toString()).get(VirtualArrayRestRep.class);
Assert.assertEquals(nRead.getId(), n1.getId());
Assert.assertEquals(nRead.getName(), n1.getName());
resp = rSTAdmin2.path("/vdc/varrays/" + n1.getId().toString()).get(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
// set usage acl for st2 on n2
changes = new ACLAssignmentChanges();
ACLEntry entry2 = new ACLEntry();
entry2.setTenant(st2.getId().toString());
entry2.setAces(new ArrayList<String>());
entry2.getAces().add("USE");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry2);
resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
nRead = rSTAdmin2.path("/vdc/varrays/" + n2.getId().toString()).get(VirtualArrayRestRep.class);
Assert.assertEquals(nRead.getId(), n2.getId());
Assert.assertEquals(nRead.getName(), n2.getName());
resp = rSTAdmin1.path("/vdc/varrays/" + n2.getId().toString()).get(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
// negative test - invalid tenant id
changes = new ACLAssignmentChanges();
entry2 = new ACLEntry();
entry2.setTenant("invalid");
entry2.setAces(new ArrayList<String>());
entry2.getAces().add("USE");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry2);
resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
// negative test - missing ace
changes = new ACLAssignmentChanges();
entry2 = new ACLEntry();
entry2.setTenant(st2.getId().toString());
entry2.setAces(new ArrayList<String>());
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry2);
resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
// negative test - choice of tenant/group/subject_id (multiple present)
changes = new ACLAssignmentChanges();
entry2 = new ACLEntry();
entry2.setTenant(st2.getId().toString());
entry2.setGroup("TEST");
entry2.setAces(new ArrayList<String>());
entry2.getAces().add("USE");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry2);
resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
changes = new ACLAssignmentChanges();
entry2 = new ACLEntry();
entry2.setTenant(st2.getId().toString());
entry2.setSubjectId("TEST");
entry2.setAces(new ArrayList<String>());
entry2.getAces().add("USE");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry2);
resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
changes = new ACLAssignmentChanges();
entry2 = new ACLEntry();
entry2.setTenant(st2.getId().toString());
entry2.setGroup("TEST");
entry2.setSubjectId("TEST");
entry2.setAces(new ArrayList<String>());
entry2.getAces().add("USE");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry2);
resp = rSys.path(String.format(neighborAclUrl, n2.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
// list neighborhoods
VirtualArrayList nList = rSTAdminGr1.path("/vdc/varrays/").get(VirtualArrayList.class);
Assert.assertEquals(1, nList.getVirtualArrays().size());
Assert.assertEquals(n1.getId(), nList.getVirtualArrays().get(0).getId());
// newly created varray, accessible for all
neighborhoodParam = new VirtualArrayCreateParam();
neighborhoodParam.setLabel("n3");
VirtualArrayRestRep n3 = rSys.path("/vdc/varrays").post(VirtualArrayRestRep.class, neighborhoodParam);
Assert.assertNotNull(n3.getId());
nList = rSTAdminGr1.path("/vdc/varrays/").get(VirtualArrayList.class);
Assert.assertEquals(2, nList.getVirtualArrays().size());
Assert.assertTrue(nList.getVirtualArrays().get(0).getId().equals(n1.getId()) || nList.getVirtualArrays().get(1).getId().equals(n1.getId()));
Assert.assertTrue(nList.getVirtualArrays().get(0).getId().equals(n3.getId()) || nList.getVirtualArrays().get(1).getId().equals(n3.getId()));
// delete nh3
rSys.path("/vdc/varrays/" + n3.getId().toString() + "/deactivate").post();
// create vpool
BlockVirtualPoolParam paramCosBlock = new BlockVirtualPoolParam();
paramCosBlock.setName("foobar-block");
paramCosBlock.setDescription("foobar-block description");
paramCosBlock.setProtocols(new HashSet<String>());
paramCosBlock.getProtocols().add(StorageProtocol.Block.FC.name());
paramCosBlock.setMaxPaths(2);
paramCosBlock.setProvisionType("Thick");
BlockVirtualPoolRestRep cos1 = rZAdmin.path("/block/vpools").post(BlockVirtualPoolRestRep.class, paramCosBlock);
Assert.assertNotNull(cos1.getId());
resp = rZAdmin.path("/block/vpools").post(ClientResponse.class, paramCosBlock);
Assert.assertEquals(400, resp.getStatus());
resp = rSTAdmin1.path("/block/vpools/" + cos1.getId().toString()).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
resp = rSTAdmin2.path("/block/vpools/" + cos1.getId().toString()).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
// negative test: assign an empty storage pool
VirtualPoolPoolUpdateParam paramPoolUpdate = new VirtualPoolPoolUpdateParam();
paramPoolUpdate.setStoragePoolAssignmentChanges(new StoragePoolAssignmentChanges());
paramPoolUpdate.getStoragePoolAssignmentChanges().setAdd(new StoragePoolAssignments());
paramPoolUpdate.getStoragePoolAssignmentChanges().getAdd().setStoragePools(new HashSet<String>());
paramPoolUpdate.getStoragePoolAssignmentChanges().getAdd().getStoragePools().add("");
resp = rZAdmin.path("/block/vpools/" + cos1.getId().toString() + "/assign-matched-pools/").put(ClientResponse.class, paramPoolUpdate);
Assert.assertEquals(400, resp.getStatus());
// Set Cos acl
changes = new ACLAssignmentChanges();
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry1);
resp = rSys.path(String.format(_blockCosAclUrl, cos1.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
resp = rSys.path(String.format(_fileCosAclUrl, cos1.getId().toString())).get(ClientResponse.class);
Assert.assertEquals(400, resp.getStatus());
BlockVirtualPoolRestRep cRead = rSTAdmin1.path("/block/vpools/" + cos1.getId().toString()).get(BlockVirtualPoolRestRep.class);
Assert.assertEquals(cRead.getId(), cos1.getId());
Assert.assertEquals(cRead.getName(), cos1.getName());
resp = rSTAdmin2.path("/block/vpools/" + cos1.getId().toString()).get(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
// create second CoS
paramCosBlock = new BlockVirtualPoolParam();
paramCosBlock.setName("foobar-block2");
paramCosBlock.setDescription("foobar-block2 description");
paramCosBlock.setProtocols(new HashSet<String>());
paramCosBlock.getProtocols().add(StorageProtocol.Block.FC.name());
paramCosBlock.setProvisionType("Thick");
BlockVirtualPoolRestRep cos2 = rZAdminGr.path("/block/vpools").post(BlockVirtualPoolRestRep.class, paramCosBlock);
Assert.assertNotNull(cos2.getId());
// list vpool
VirtualPoolList cList = rSTAdminGr1.path("/block/vpools/").get(VirtualPoolList.class);
Assert.assertEquals(2, cList.getVirtualPool().size());
Assert.assertTrue(cList.getVirtualPool().get(0).getId().equals(cos1.getId()) || cList.getVirtualPool().get(1).getId().equals(cos1.getId()));
Assert.assertTrue(cList.getVirtualPool().get(0).getId().equals(cos2.getId()) || cList.getVirtualPool().get(1).getId().equals(cos2.getId()));
cList = rSTAdmin2.path("/block/vpools/").get(VirtualPoolList.class);
Assert.assertEquals(1, cList.getVirtualPool().size());
Assert.assertEquals(cos2.getId(), cList.getVirtualPool().get(0).getId());
// test limits
for (int i = 0; i < 100; i++) {
changes = new ACLAssignmentChanges();
entry1.setTenant(st2.getId().toString());
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry1);
resp = rSys.path(String.format(_blockCosAclUrl, cos2.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(200, resp.getStatus());
}
changes = new ACLAssignmentChanges();
entry1.setTenant("tenant_invalid");
changes.setAdd(new ArrayList<ACLEntry>());
changes.getAdd().add(entry1);
resp = rSys.path(String.format(_blockCosAclUrl, cos2.getId().toString())).put(ClientResponse.class, changes);
Assert.assertEquals(400, resp.getStatus());
// testing tags
String cosTagUrl = "/block/vpools/%s/tags";
TagAssignment tags = new TagAssignment();
tags.setAdd(new StringSet());
tags.getAdd().add("testtag1");
resp = rSTAdmin2.path(String.format(cosTagUrl, cos1.getId())).put(ClientResponse.class, tags);
Assert.assertEquals(403, resp.getStatus());
Tags tagsResp = rSys.path(String.format(cosTagUrl, cos1.getId())).put(Tags.class, tags);
Assert.assertTrue(tagsResp.getTag().equals(tags.getAdd()));
tags.setRemove(new StringSet());
tags.getRemove().addAll(new HashSet(tags.getAdd()));
// invalid tag, too short
tags.getAdd().add("t");
resp = rSys.path(String.format(cosTagUrl, cos1.getId())).put(ClientResponse.class, tags);
Assert.assertEquals(400, resp.getStatus());
tags.getAdd().clear();
// invalid tag, too long
tags.getAdd().add("tag" + STR144);
resp = rSys.path(String.format(cosTagUrl, cos1.getId())).put(ClientResponse.class, tags);
Assert.assertEquals(400, resp.getStatus());
tags.getAdd().clear();
// tags should be trimmed
tags.getAdd().add(" testtag ");
tagsResp = rSys.path(String.format(cosTagUrl, cos1.getId())).put(Tags.class, tags);
Assert.assertTrue(tagsResp.getTag().equals(new StringSet() {
{
add("testtag");
}
}));
resp = rSTAdmin2.path(String.format(cosTagUrl, cos1.getId())).get(ClientResponse.class);
Assert.assertEquals(403, resp.getStatus());
resp = rSTAdmin1.path(String.format(cosTagUrl, cos1.getId())).get(ClientResponse.class);
Assert.assertEquals(200, resp.getStatus());
// Test bad parameter is returned if we add an invalid varray while creating the VirtualPool
FileVirtualPoolParam paramFileCos = new FileVirtualPoolParam();
paramFileCos.setName("Generic File VirtualPool");
paramFileCos.setProtocols(new HashSet<String>());
paramFileCos.getProtocols().add(StorageProtocol.File.NFS.name());
paramFileCos.getProtocols().add(StorageProtocol.File.CIFS.name());
paramFileCos.setVarrays(new HashSet<String>());
paramFileCos.getVarrays().add("IDontExist");
resp = rZAdmin.path("/file/vpools").post(ClientResponse.class, paramFileCos);
Assert.assertEquals(400, resp.getStatus());
// below is vpool restricted to tenant test
/*
* test setup:
* create a varray and vpool and associate the vpool with the varray
* restrict the vpool to the tenant
*/
String vaLabel = "va-testTenantRestrictAccess-" + Calendar.getInstance().getTime().getTime();
String vpLabel = "vp-testTenantRestrictAccess-" + Calendar.getInstance().getTime().getTime();
// create a varray
VirtualArrayCreateParam vaParam = new VirtualArrayCreateParam();
vaParam.setLabel(vaLabel);
BlockSettings bs = new BlockSettings();
bs.setAutoSanZoning(true);
vaParam.setBlockSettings(bs);
VirtualArrayRestRep va1 = rSys.path("/vdc/varrays").post(VirtualArrayRestRep.class, vaParam);
// create a vpool associated with the varray
BlockVirtualPoolParam vpParam = new BlockVirtualPoolParam();
vpParam.setName(vpLabel);
vpParam.setDescription(vpLabel);
Set<String> vas = new HashSet<String>();
vas.add(va1.getId().toString());
vpParam.setVarrays(vas);
vpParam.setProvisionType("Thin");
Set<String> protos = new HashSet();
protos.add("FC");
vpParam.setProtocols(protos);
BlockVirtualPoolRestRep vp1 = rSys.path("/block/vpools").post(BlockVirtualPoolRestRep.class, vpParam);
// restrict the vpool to a tenant
ACLAssignmentChanges aclChange = new ACLAssignmentChanges();
List<ACLEntry> acls = new ArrayList<>();
ACLEntry acl = new ACLEntry();
acl.setTenant(subtenant2Id.toString());
acl.setAces(new ArrayList<String>(Arrays.asList("USE")));
acls.add(acl);
aclChange.setAdd(acls);
String uri = String.format("/block/vpools/%s/acl", vp1.getId());
ACLAssignments aclAssignments = rSys.path(uri).put(ACLAssignments.class, aclChange);
// test1: sysadmin can see vpool
// test2: sysmonitor can see vpool
String vpUri = String.format("/vdc/varrays/%s/vpools", va1.getId().toString());
VirtualPoolList vpoolList = rSys.path(vpUri).get(VirtualPoolList.class);
List<NamedRelatedVirtualPoolRep> vpools = vpoolList.getVirtualPool();
boolean foundVpool = false;
for (NamedRelatedVirtualPoolRep vpool : vpools) {
if (vpool.getId().equals(vp1.getId())) {
foundVpool = true;
_log.info("user root can see the vpool {}", vp1.getName());
}
}
Assert.assertTrue(foundVpool);
// test3: tenant user can see vpool
VirtualPoolList vpoolList2 = rST2User.path(vpUri).get(VirtualPoolList.class);
List<NamedRelatedVirtualPoolRep> vpools2 = vpoolList2.getVirtualPool();
foundVpool = false;
for (NamedRelatedVirtualPoolRep vpool : vpools2) {
if (vpool.getId().equals(vp1.getId())) {
foundVpool = true;
_log.info("user st2user can see the vpool {}", vp1.getName());
}
}
Assert.assertTrue(foundVpool);
}
Aggregations