Examples with CheckPermission com.emc.storageos.security.authorization.CheckPermission used on opensource projects

Example 46 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class KeystoneService method createOpenStackTenants.

/**
 * Creates representation of OpenStack Tenants in CoprHD.
 *
 * @param param OpenStackTenantListParam OpenStack Tenants representation with all necessary elements.
 * @brief Creates representation of OpenStack Tenants in CoprHD.
 * @return Newly created Tenants.
 * @see
 */
@POST
@Path("/tenants")
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.SECURITY_ADMIN })
public OSTenantListRestRep createOpenStackTenants(OpenStackTenantListParam param) {
    _log.debug("Keystone Service - createOpenStackTenants");
    if (param.getOpenstackTenants() == null || param.getOpenstackTenants().isEmpty()) {
        throw APIException.internalServerErrors.targetIsNullOrEmpty("Tenant list param");
    }
    List<OSTenant> openstackTenants = new ArrayList<>();
    for (OpenStackTenantParam openStackTenantParam : param.getOpenstackTenants()) {
        openstackTenants.add(prepareOpenstackTenant(openStackTenantParam));
    }
    if (!openstackTenants.isEmpty()) {
        _dbClient.createObject(openstackTenants);
    }
    AuthnProvider keystoneProvider = _keystoneUtils.getKeystoneProvider();
    if (keystoneProvider == null) {
        throw APIException.internalServerErrors.targetIsNullOrEmpty("Keystone Authentication Provider");
    }
    if (keystoneProvider.getAutoRegCoprHDNImportOSProjects()) {
        if (_openStackSynchronizationTask.getSynchronizationTask() == null) {
            // Do not create Tenants and Projects once synchronization task is running.
            _authService.createTenantsAndProjectsForAutomaticKeystoneRegistration();
            _openStackSynchronizationTask.startSynchronizationTask(_openStackSynchronizationTask.getTaskInterval(keystoneProvider));
        }
    }
    return map(openstackTenants);
}

Example 47 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class MeteringService method getStats.

/**
 * Retrieves the bulk metering stats for all resources in a specified time bucket (minute or hour).
 *
 * @param time_bucket required Time bucket for retrieval of stats. Acceptable formats are: yyyy-MM-dd'T'HH for hour bucket,
 *            yyyy-MM-dd'T'HH:mm for minute bucket
 * @brief List metering statistics for time period
 * @return - Output stream of stats or an error status.
 */
@GET
@Path("/stats")
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.SYSTEM_MONITOR, Role.SYSTEM_ADMIN })
public Response getStats(@QueryParam("time_bucket") final String timeBucketParam, @Context HttpHeaders header) {
    _logger.debug("getStats: timebucket: {}", timeBucketParam);
    MediaType mediaType = MediaType.APPLICATION_XML_TYPE;
    List<MediaType> mTypes = header.getAcceptableMediaTypes();
    if (mTypes != null) {
        for (MediaType media : mTypes) {
            if (media.equals(MediaType.APPLICATION_JSON_TYPE) || media.equals(MediaType.APPLICATION_XML_TYPE)) {
                mediaType = media;
                break;
            }
        }
    }
    DateTimeFormatter dfHourFormat = DateTimeFormat.forPattern(HOUR_BUCKET_TIME_FORMAT).withZoneUTC();
    DateTimeFormatter dfMinuteFormat = DateTimeFormat.forPattern(MINUTE_BUCKET_TIME_FORMAT).withZoneUTC();
    DateTime timeBucket = null;
    TimeBucket granularity = TimeBucket.HOUR;
    try {
        // we reduce the length by 2 here to account for single quote in yyyy-MM-dd'T'HH format
        if ((null != timeBucketParam) && (timeBucketParam.length() == HOUR_BUCKET_TIME_FORMAT.length() - 2)) {
            timeBucket = dfHourFormat.parseDateTime(timeBucketParam);
            granularity = TimeSeriesMetadata.TimeBucket.HOUR;
        } else if ((null != timeBucketParam) && (timeBucketParam.length() == MINUTE_BUCKET_TIME_FORMAT.length() - 2)) {
            timeBucket = dfMinuteFormat.parseDateTime(timeBucketParam);
            granularity = TimeSeriesMetadata.TimeBucket.MINUTE;
        } else {
            throw APIException.badRequests.invalidTimeBucket(timeBucketParam);
        }
    } catch (final IllegalArgumentException e) {
        throw APIException.badRequests.invalidTimeBucket(timeBucketParam, e);
    }
    if (timeBucket == null) {
        throw APIException.badRequests.invalidTimeBucket(timeBucketParam);
    }
    return Response.ok(getStreamData(timeBucket, granularity, mediaType), mediaType).build();
}

Example 48 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class MigrationService method deleteMigration.

/**
 * Delete a migration that has been committed or cancelled
 *
 * @param id the URN of a ViPR migration.
 *
 * @brief Delete a committed or cancelled migration.
 * @return A TaskResourceRep
 */
@POST
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/deactivate")
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.RESTRICTED_SYSTEM_ADMIN })
public TaskResourceRep deleteMigration(@PathParam("id") URI id) {
    ArgValidator.checkFieldUriType(id, Migration.class, "id");
    Migration migration = queryResource(id);
    if (!BulkList.MigrationFilter.isUserAuthorizedForMigration(migration, getUserFromContext(), _permissionsHelper)) {
        StorageOSUser user = getUserFromContext();
        throw APIException.forbidden.insufficientPermissionsForUser(user.getName());
    }
    String status = migration.getMigrationStatus();
    String migrationName = migration.getLabel();
    if (status == null || status.isEmpty() || migrationName == null || migrationName.isEmpty()) {
        throw APIException.badRequests.migrationHasntStarted(id.toString());
    }
    if (!status.equalsIgnoreCase(VPlexMigrationInfo.MigrationStatus.COMMITTED.getStatusValue()) && !status.equalsIgnoreCase(VPlexMigrationInfo.MigrationStatus.CANCELLED.getStatusValue()) && !status.equalsIgnoreCase(VPlexMigrationInfo.MigrationStatus.ERROR.getStatusValue())) {
        throw VPlexApiException.exceptions.cantRemoveMigrationInvalidState(migrationName);
    }
    URI volId = migration.getVolume();
    Volume vplexVol = _dbClient.queryObject(Volume.class, volId);
    // Create a unique task id.
    String taskId = UUID.randomUUID().toString();
    Operation op = _dbClient.createTaskOpStatus(Volume.class, volId, taskId, ResourceOperationTypeEnum.DELETE_MIGRATION);
    TaskResourceRep task = toTask(vplexVol, taskId, op);
    if (migration.getInactive()) {
        s_logger.info("Migration {} has been deleted", id);
        op.ready();
        vplexVol.getOpStatus().createTaskStatus(taskId, op);
        _dbClient.persistObject(vplexVol);
        return task;
    }
    try {
        VPlexController controller = _vplexBlockServiceApi.getController();
        controller.deleteMigration(vplexVol.getStorageController(), id, taskId);
    } catch (InternalException e) {
        s_logger.error("Error", e);
        String errMsg = String.format("Error: %s", e.getMessage());
        task.setState(Operation.Status.error.name());
        task.setMessage(errMsg);
        op.error(e);
        vplexVol.getOpStatus().updateTaskStatus(taskId, op);
        _dbClient.persistObject(vplexVol);
    }
    return task;
}

Example 49 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class MigrationService method getMigration.

/**
 * Returns the data for the migration with the id specified in the request.
 *
 * @prereq none
 *
 * @param id the URN of a ViPR migration.
 *
 * @brief Show data for a migration.
 * @return A MigrationRestRep instance specifying the information about the
 *         migration.
 */
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}")
@CheckPermission(roles = { Role.TENANT_ADMIN, Role.SYSTEM_ADMIN, Role.SYSTEM_MONITOR })
public MigrationRestRep getMigration(@PathParam("id") URI id) {
    // Return the migration or throw an exception when the user is
    // not authorized or the migration is not found.
    ArgValidator.checkFieldUriType(id, Migration.class, "id");
    Migration migration = queryResource(id);
    if (!BulkList.MigrationFilter.isUserAuthorizedForMigration(migration, getUserFromContext(), _permissionsHelper)) {
        StorageOSUser user = getUserFromContext();
        throw APIException.forbidden.insufficientPermissionsForUser(user.getName());
    } else {
        return map(migration);
    }
}

Example 50 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class MigrationService method getMigrations.

/**
 * Returns a list of the migrations the user is permitted to see or an empty
 * list if the user is not authorized for any migrations.
 *
 * @prereq none
 *
 * @brief List migrations
 * @return A MigrationList specifying the name, id, and self link for each
 *         migration.
 */
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.TENANT_ADMIN, Role.SYSTEM_ADMIN, Role.SYSTEM_MONITOR })
public MigrationList getMigrations() {
    // Return the migrations the user is authorized to see.
    MigrationList migrationList = new MigrationList();
    List<URI> migrationURIs = _dbClient.queryByType(Migration.class, true);
    Iterator<URI> uriIter = migrationURIs.iterator();
    while (uriIter.hasNext()) {
        Migration migration = queryResource(uriIter.next());
        if (BulkList.MigrationFilter.isUserAuthorizedForMigration(migration, getUserFromContext(), _permissionsHelper)) {
            migrationList.getMigrations().add(toNamedRelatedResource(migration, migration.getLabel()));
        }
    }
    return migrationList;
}