Search in sources :

Example 1 with StorageOSUser

use of com.emc.storageos.security.authentication.StorageOSUser in project coprhd-controller by CoprHD.

the class KeystoneService method listOpenstackTenants.

/**
 * Get a list of OpenStack Tenants.
 * Uses data from Keystone Authentication Provider to connect Keystone and retrieve Tenants information.
 *
 * @brief Show OpenStack Tenants.
 * @return OpenStack Tenants details.
 * @see TenantListRestResp
 */
@GET
@Path("/tenants")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.SECURITY_ADMIN })
public TenantListRestResp listOpenstackTenants() {
    _log.debug("Keystone Service - listOpenstackTenants");
    StorageOSUser user = getUserFromContext();
    if (!_permissionsHelper.userHasGivenRoleInAnyTenant(user, Role.SECURITY_ADMIN, Role.TENANT_ADMIN)) {
        throw APIException.forbidden.insufficientPermissionsForUser(user.getName());
    }
    AuthnProvider keystoneProvider = _keystoneUtils.getKeystoneProvider();
    // Get OpenStack Tenants only when Keystone Provider exists.
    if (keystoneProvider != null) {
        KeystoneApiClient keystoneApiClient = _keystoneUtils.getKeystoneApi(keystoneProvider.getManagerDN(), keystoneProvider.getServerUrls(), keystoneProvider.getManagerPassword());
        List<KeystoneTenant> OSTenantList = new ArrayList<>(Arrays.asList(keystoneApiClient.getKeystoneTenants().getTenants()));
        TenantListRestResp response = new TenantListRestResp();
        response.setOpenstackTenants(OSTenantList);
        return response;
    }
    throw APIException.internalServerErrors.targetIsNullOrEmpty("Keystone Authentication Provider");
}
Also used : KeystoneTenant(com.emc.storageos.keystone.restapi.model.response.KeystoneTenant) StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser) ArrayList(java.util.ArrayList) KeystoneApiClient(com.emc.storageos.keystone.restapi.KeystoneApiClient) TenantListRestResp(com.emc.storageos.keystone.restapi.model.response.TenantListRestResp) CheckPermission(com.emc.storageos.security.authorization.CheckPermission)

Example 2 with StorageOSUser

use of com.emc.storageos.security.authentication.StorageOSUser in project coprhd-controller by CoprHD.

the class MigrationService method cancelMigration.

/**
 * Cancel a migration that has yet to be committed.
 *
 * @prereq none
 *
 * @param id the URN of a ViPR migration.
 *
 * @brief Cancel an uncommitted migration.
 * @return A TaskResourceRep
 */
@POST
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/cancel")
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.RESTRICTED_SYSTEM_ADMIN })
public TaskResourceRep cancelMigration(@PathParam("id") URI id) {
    ArgValidator.checkFieldUriType(id, Migration.class, "id");
    Migration migration = queryResource(id);
    if (!BulkList.MigrationFilter.isUserAuthorizedForMigration(migration, getUserFromContext(), _permissionsHelper)) {
        StorageOSUser user = getUserFromContext();
        throw APIException.forbidden.insufficientPermissionsForUser(user.getName());
    }
    if (migration == null || migration.getInactive()) {
        throw APIException.badRequests.cancelMigrationFailed(id.toString(), "The migration is invalid");
    }
    String status = migration.getMigrationStatus();
    String migrationName = migration.getLabel();
    URI volId = migration.getVolume();
    Volume vplexVol = _dbClient.queryObject(Volume.class, volId);
    if (vplexVol == null || vplexVol.getInactive()) {
        throw APIException.badRequests.cancelMigrationFailed(migrationName, "The migrating volume is not valid");
    }
    // Don't allow cancel operation if the vplex volume is in a CG
    URI cgURI = vplexVol.getConsistencyGroup();
    if (!NullColumnValueGetter.isNullURI(cgURI)) {
        throw APIException.badRequests.cancelMigrationFailed(migrationName, "Migration cancellation is not supported for the volumes in consistency group");
    }
    if (status == null || status.isEmpty() || migrationName == null || migrationName.isEmpty()) {
        throw APIException.badRequests.migrationHasntStarted(id.toString());
    }
    if (status.equalsIgnoreCase(VPlexMigrationInfo.MigrationStatus.COMMITTED.getStatusValue())) {
        throw APIException.badRequests.migrationCantBeCancelled(migrationName, status);
    }
    // Create a unique task id.
    String taskId = UUID.randomUUID().toString();
    Operation op = _dbClient.createTaskOpStatus(Volume.class, volId, taskId, ResourceOperationTypeEnum.CANCEL_MIGRATION);
    TaskResourceRep task = toTask(vplexVol, taskId, op);
    if (status.equalsIgnoreCase(VPlexMigrationInfo.MigrationStatus.CANCELLED.getStatusValue()) || status.equalsIgnoreCase(VPlexMigrationInfo.MigrationStatus.PARTIALLY_CANCELLED.getStatusValue())) {
        // it has been cancelled
        s_logger.info("Migration {} has been cancelled", id);
        op.ready();
        vplexVol.getOpStatus().createTaskStatus(taskId, op);
        _dbClient.persistObject(vplexVol);
        return task;
    }
    try {
        VPlexController controller = _vplexBlockServiceApi.getController();
        controller.cancelMigration(vplexVol.getStorageController(), id, taskId);
    } catch (InternalException e) {
        s_logger.error("Controller Error", e);
        String errMsg = String.format("Controller Error: %s", e.getMessage());
        task.setState(Operation.Status.error.name());
        task.setMessage(errMsg);
        op.error(e);
        vplexVol.getOpStatus().updateTaskStatus(taskId, op);
        _dbClient.persistObject(vplexVol);
    }
    return task;
}
Also used : VPlexController(com.emc.storageos.vplexcontroller.VPlexController) Volume(com.emc.storageos.db.client.model.Volume) Migration(com.emc.storageos.db.client.model.Migration) StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser) TaskResourceRep(com.emc.storageos.model.TaskResourceRep) Operation(com.emc.storageos.db.client.model.Operation) URI(java.net.URI) InternalException(com.emc.storageos.svcs.errorhandling.resources.InternalException) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces) CheckPermission(com.emc.storageos.security.authorization.CheckPermission)

Example 3 with StorageOSUser

use of com.emc.storageos.security.authentication.StorageOSUser in project coprhd-controller by CoprHD.

the class MigrationService method deleteMigration.

/**
 * Delete a migration that has been committed or cancelled
 *
 * @param id the URN of a ViPR migration.
 *
 * @brief Delete a committed or cancelled migration.
 * @return A TaskResourceRep
 */
@POST
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/deactivate")
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.RESTRICTED_SYSTEM_ADMIN })
public TaskResourceRep deleteMigration(@PathParam("id") URI id) {
    ArgValidator.checkFieldUriType(id, Migration.class, "id");
    Migration migration = queryResource(id);
    if (!BulkList.MigrationFilter.isUserAuthorizedForMigration(migration, getUserFromContext(), _permissionsHelper)) {
        StorageOSUser user = getUserFromContext();
        throw APIException.forbidden.insufficientPermissionsForUser(user.getName());
    }
    String status = migration.getMigrationStatus();
    String migrationName = migration.getLabel();
    if (status == null || status.isEmpty() || migrationName == null || migrationName.isEmpty()) {
        throw APIException.badRequests.migrationHasntStarted(id.toString());
    }
    if (!status.equalsIgnoreCase(VPlexMigrationInfo.MigrationStatus.COMMITTED.getStatusValue()) && !status.equalsIgnoreCase(VPlexMigrationInfo.MigrationStatus.CANCELLED.getStatusValue()) && !status.equalsIgnoreCase(VPlexMigrationInfo.MigrationStatus.ERROR.getStatusValue())) {
        throw VPlexApiException.exceptions.cantRemoveMigrationInvalidState(migrationName);
    }
    URI volId = migration.getVolume();
    Volume vplexVol = _dbClient.queryObject(Volume.class, volId);
    // Create a unique task id.
    String taskId = UUID.randomUUID().toString();
    Operation op = _dbClient.createTaskOpStatus(Volume.class, volId, taskId, ResourceOperationTypeEnum.DELETE_MIGRATION);
    TaskResourceRep task = toTask(vplexVol, taskId, op);
    if (migration.getInactive()) {
        s_logger.info("Migration {} has been deleted", id);
        op.ready();
        vplexVol.getOpStatus().createTaskStatus(taskId, op);
        _dbClient.persistObject(vplexVol);
        return task;
    }
    try {
        VPlexController controller = _vplexBlockServiceApi.getController();
        controller.deleteMigration(vplexVol.getStorageController(), id, taskId);
    } catch (InternalException e) {
        s_logger.error("Error", e);
        String errMsg = String.format("Error: %s", e.getMessage());
        task.setState(Operation.Status.error.name());
        task.setMessage(errMsg);
        op.error(e);
        vplexVol.getOpStatus().updateTaskStatus(taskId, op);
        _dbClient.persistObject(vplexVol);
    }
    return task;
}
Also used : VPlexController(com.emc.storageos.vplexcontroller.VPlexController) Volume(com.emc.storageos.db.client.model.Volume) Migration(com.emc.storageos.db.client.model.Migration) StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser) TaskResourceRep(com.emc.storageos.model.TaskResourceRep) Operation(com.emc.storageos.db.client.model.Operation) URI(java.net.URI) InternalException(com.emc.storageos.svcs.errorhandling.resources.InternalException) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces) CheckPermission(com.emc.storageos.security.authorization.CheckPermission)

Example 4 with StorageOSUser

use of com.emc.storageos.security.authentication.StorageOSUser in project coprhd-controller by CoprHD.

the class MigrationService method resumeMigration.

/**
 * Resume a migration that was previously paused.
 *
 * @prereq The migration is paused
 *
 * @param id the URN of a ViPR migration.
 *
 * @brief Resume a paused migration.
 * @return A TaskResourceRep
 */
@POST
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/resume")
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.RESTRICTED_SYSTEM_ADMIN })
public TaskResourceRep resumeMigration(@PathParam("id") URI id) {
    ArgValidator.checkFieldUriType(id, Migration.class, "id");
    Migration migration = queryResource(id);
    if (!BulkList.MigrationFilter.isUserAuthorizedForMigration(migration, getUserFromContext(), _permissionsHelper)) {
        StorageOSUser user = getUserFromContext();
        throw APIException.forbidden.insufficientPermissionsForUser(user.getName());
    }
    String status = migration.getMigrationStatus();
    String migrationName = migration.getLabel();
    if (status == null || status.isEmpty() || migrationName == null || migrationName.isEmpty()) {
        throw APIException.badRequests.migrationHasntStarted(id.toString());
    }
    if (!status.equalsIgnoreCase(VPlexMigrationInfo.MigrationStatus.PAUSED.getStatusValue())) {
        throw APIException.badRequests.migrationCantBeResumed(migrationName, status);
    }
    URI volId = migration.getVolume();
    Volume vplexVol = _dbClient.queryObject(Volume.class, volId);
    // Create a unique task id.
    String taskId = UUID.randomUUID().toString();
    // Create a task for the virtual volume being migrated and set the
    // initial task state to pending.
    Operation op = _dbClient.createTaskOpStatus(Volume.class, volId, taskId, ResourceOperationTypeEnum.RESUME_MIGRATION);
    TaskResourceRep task = toTask(vplexVol, taskId, op);
    try {
        VPlexController controller = _vplexBlockServiceApi.getController();
        controller.resumeMigration(vplexVol.getStorageController(), id, taskId);
    } catch (InternalException e) {
        s_logger.error("Error", e);
        String errMsg = String.format("Error: %s", e.getMessage());
        task.setState(Operation.Status.error.name());
        task.setMessage(errMsg);
        op.error(e);
        vplexVol.getOpStatus().updateTaskStatus(taskId, op);
        _dbClient.persistObject(vplexVol);
    }
    return task;
}
Also used : VPlexController(com.emc.storageos.vplexcontroller.VPlexController) Volume(com.emc.storageos.db.client.model.Volume) Migration(com.emc.storageos.db.client.model.Migration) StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser) TaskResourceRep(com.emc.storageos.model.TaskResourceRep) Operation(com.emc.storageos.db.client.model.Operation) URI(java.net.URI) InternalException(com.emc.storageos.svcs.errorhandling.resources.InternalException) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces) CheckPermission(com.emc.storageos.security.authorization.CheckPermission)

Example 5 with StorageOSUser

use of com.emc.storageos.security.authentication.StorageOSUser in project coprhd-controller by CoprHD.

the class MigrationService method getMigration.

/**
 * Returns the data for the migration with the id specified in the request.
 *
 * @prereq none
 *
 * @param id the URN of a ViPR migration.
 *
 * @brief Show data for a migration.
 * @return A MigrationRestRep instance specifying the information about the
 *         migration.
 */
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}")
@CheckPermission(roles = { Role.TENANT_ADMIN, Role.SYSTEM_ADMIN, Role.SYSTEM_MONITOR })
public MigrationRestRep getMigration(@PathParam("id") URI id) {
    // Return the migration or throw an exception when the user is
    // not authorized or the migration is not found.
    ArgValidator.checkFieldUriType(id, Migration.class, "id");
    Migration migration = queryResource(id);
    if (!BulkList.MigrationFilter.isUserAuthorizedForMigration(migration, getUserFromContext(), _permissionsHelper)) {
        StorageOSUser user = getUserFromContext();
        throw APIException.forbidden.insufficientPermissionsForUser(user.getName());
    } else {
        return map(migration);
    }
}
Also used : Migration(com.emc.storageos.db.client.model.Migration) StorageOSUser(com.emc.storageos.security.authentication.StorageOSUser) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) CheckPermission(com.emc.storageos.security.authorization.CheckPermission)

Aggregations

StorageOSUser (com.emc.storageos.security.authentication.StorageOSUser)105 Produces (javax.ws.rs.Produces)59 Path (javax.ws.rs.Path)53 URI (java.net.URI)50 GET (javax.ws.rs.GET)36 CheckPermission (com.emc.storageos.security.authorization.CheckPermission)31 Consumes (javax.ws.rs.Consumes)24 POST (javax.ws.rs.POST)15 ArrayList (java.util.ArrayList)13 Order (com.emc.storageos.db.client.model.uimodels.Order)12 APIException (com.emc.storageos.svcs.errorhandling.resources.APIException)12 TenantOrg (com.emc.storageos.db.client.model.TenantOrg)11 NamedURI (com.emc.storageos.db.client.model.NamedURI)10 TaskResourceRep (com.emc.storageos.model.TaskResourceRep)10 PUT (javax.ws.rs.PUT)10 Operation (com.emc.storageos.db.client.model.Operation)9 VirtualPool (com.emc.storageos.db.client.model.VirtualPool)9 HashSet (java.util.HashSet)9 StringSet (com.emc.storageos.db.client.model.StringSet)8 DatabaseException (com.emc.storageos.db.exceptions.DatabaseException)8