Examples with CheckPermission com.emc.storageos.security.authorization.CheckPermission used on opensource projects

Example 51 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class MigrationService method resumeMigration.

/**
 * Resume a migration that was previously paused.
 *
 * @prereq The migration is paused
 *
 * @param id the URN of a ViPR migration.
 *
 * @brief Resume a paused migration.
 * @return A TaskResourceRep
 */
@POST
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/resume")
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.RESTRICTED_SYSTEM_ADMIN })
public TaskResourceRep resumeMigration(@PathParam("id") URI id) {
    ArgValidator.checkFieldUriType(id, Migration.class, "id");
    Migration migration = queryResource(id);
    if (!BulkList.MigrationFilter.isUserAuthorizedForMigration(migration, getUserFromContext(), _permissionsHelper)) {
        StorageOSUser user = getUserFromContext();
        throw APIException.forbidden.insufficientPermissionsForUser(user.getName());
    }
    String status = migration.getMigrationStatus();
    String migrationName = migration.getLabel();
    if (status == null || status.isEmpty() || migrationName == null || migrationName.isEmpty()) {
        throw APIException.badRequests.migrationHasntStarted(id.toString());
    }
    if (!status.equalsIgnoreCase(VPlexMigrationInfo.MigrationStatus.PAUSED.getStatusValue())) {
        throw APIException.badRequests.migrationCantBeResumed(migrationName, status);
    }
    URI volId = migration.getVolume();
    Volume vplexVol = _dbClient.queryObject(Volume.class, volId);
    // Create a unique task id.
    String taskId = UUID.randomUUID().toString();
    // Create a task for the virtual volume being migrated and set the
    // initial task state to pending.
    Operation op = _dbClient.createTaskOpStatus(Volume.class, volId, taskId, ResourceOperationTypeEnum.RESUME_MIGRATION);
    TaskResourceRep task = toTask(vplexVol, taskId, op);
    try {
        VPlexController controller = _vplexBlockServiceApi.getController();
        controller.resumeMigration(vplexVol.getStorageController(), id, taskId);
    } catch (InternalException e) {
        s_logger.error("Error", e);
        String errMsg = String.format("Error: %s", e.getMessage());
        task.setState(Operation.Status.error.name());
        task.setMessage(errMsg);
        op.error(e);
        vplexVol.getOpStatus().updateTaskStatus(taskId, op);
        _dbClient.persistObject(vplexVol);
    }
    return task;
}

Example 52 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class MigrationService method cancelMigration.

/**
 * Cancel a migration that has yet to be committed.
 *
 * @prereq none
 *
 * @param id the URN of a ViPR migration.
 *
 * @brief Cancel an uncommitted migration.
 * @return A TaskResourceRep
 */
@POST
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/cancel")
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.RESTRICTED_SYSTEM_ADMIN })
public TaskResourceRep cancelMigration(@PathParam("id") URI id) {
    ArgValidator.checkFieldUriType(id, Migration.class, "id");
    Migration migration = queryResource(id);
    if (!BulkList.MigrationFilter.isUserAuthorizedForMigration(migration, getUserFromContext(), _permissionsHelper)) {
        StorageOSUser user = getUserFromContext();
        throw APIException.forbidden.insufficientPermissionsForUser(user.getName());
    }
    if (migration == null || migration.getInactive()) {
        throw APIException.badRequests.cancelMigrationFailed(id.toString(), "The migration is invalid");
    }
    String status = migration.getMigrationStatus();
    String migrationName = migration.getLabel();
    URI volId = migration.getVolume();
    Volume vplexVol = _dbClient.queryObject(Volume.class, volId);
    if (vplexVol == null || vplexVol.getInactive()) {
        throw APIException.badRequests.cancelMigrationFailed(migrationName, "The migrating volume is not valid");
    }
    // Don't allow cancel operation if the vplex volume is in a CG
    URI cgURI = vplexVol.getConsistencyGroup();
    if (!NullColumnValueGetter.isNullURI(cgURI)) {
        throw APIException.badRequests.cancelMigrationFailed(migrationName, "Migration cancellation is not supported for the volumes in consistency group");
    }
    if (status == null || status.isEmpty() || migrationName == null || migrationName.isEmpty()) {
        throw APIException.badRequests.migrationHasntStarted(id.toString());
    }
    if (status.equalsIgnoreCase(VPlexMigrationInfo.MigrationStatus.COMMITTED.getStatusValue())) {
        throw APIException.badRequests.migrationCantBeCancelled(migrationName, status);
    }
    // Create a unique task id.
    String taskId = UUID.randomUUID().toString();
    Operation op = _dbClient.createTaskOpStatus(Volume.class, volId, taskId, ResourceOperationTypeEnum.CANCEL_MIGRATION);
    TaskResourceRep task = toTask(vplexVol, taskId, op);
    if (status.equalsIgnoreCase(VPlexMigrationInfo.MigrationStatus.CANCELLED.getStatusValue()) || status.equalsIgnoreCase(VPlexMigrationInfo.MigrationStatus.PARTIALLY_CANCELLED.getStatusValue())) {
        // it has been cancelled
        s_logger.info("Migration {} has been cancelled", id);
        op.ready();
        vplexVol.getOpStatus().createTaskStatus(taskId, op);
        _dbClient.persistObject(vplexVol);
        return task;
    }
    try {
        VPlexController controller = _vplexBlockServiceApi.getController();
        controller.cancelMigration(vplexVol.getStorageController(), id, taskId);
    } catch (InternalException e) {
        s_logger.error("Controller Error", e);
        String errMsg = String.format("Controller Error: %s", e.getMessage());
        task.setState(Operation.Status.error.name());
        task.setMessage(errMsg);
        op.error(e);
        vplexVol.getOpStatus().updateTaskStatus(taskId, op);
        _dbClient.persistObject(vplexVol);
    }
    return task;
}

Example 53 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class NetworkService method getAllNetworks.

/**
 * This call returns a list of all the networks, regardless of whether or not
 * they are associated with a virtual array.
 * <p>
 * If network systems are discovered, fiber channel networks that are discovered are not initially associated with virtual array. The
 * discovered networks must be updated to associate then with virtual arrays.
 *
 * @brief List networks
 * @return a list of all networks
 */
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.SYSTEM_MONITOR })
public NetworkList getAllNetworks(@QueryParam("wwn") String wwn) {
    NetworkList tzlist = new NetworkList();
    if (wwn != null) {
        // Validate the argument for wwn structure...
        ArgValidator.checkFieldValidWwn(wwn);
        // Normalize wwn for colon-separated and all-caps
        wwn = WwnUtils.convertWWN(wwn.toUpperCase(), FORMAT.COLON);
        Network network = NetworkUtil.getEndpointNetwork(wwn, _dbClient);
        if (network != null) {
            tzlist.getNetworks().add(toNamedRelatedResource(ResourceTypeEnum.NETWORK, network.getId(), network.getLabel()));
        }
    } else {
        List<URI> networks = _dbClient.queryByType(Network.class, true);
        List<Network> transportZones = _dbClient.queryObject(Network.class, networks);
        for (Network network : transportZones) {
            if (network == null || network.getInactive() == true) {
                continue;
            }
            tzlist.getNetworks().add(toNamedRelatedResource(ResourceTypeEnum.NETWORK, network.getId(), network.getLabel()));
        }
    }
    return tzlist;
}

Example 54 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class NetworkService method updateNetworkEndpoints.

/**
 * Add or remove end-point(s) to network.
 * <p>
 * For fiber channel, some Networks may be automatically created by discovering Network Systems. These Networks will have endpoints that
 * were discovered by a Network System, including endpoints that represent host initiator port WWNs as well as end points that represent
 * storage array port WWNs.
 * <p>
 * Discovered endpoints may not be deleted by the user. They will be updated periodically as the Network System refreshes its
 * information on the topology of the VSANs or Fabrics.
 * <p>
 * The user may still manually add endpoints to a discovered Network. The user is able to delete endpoints that were manually added. If
 * a manually entered endpoint is subsequently discovered by a a Network System, it becomes managed as if it were discovered originally,
 * and then may no longer be deleted.
 * <p>
 * This API is maintained for backward compatibility. Since the method is deprecated use /vdc/networks/{id} instead.
 *
 * @see #updateNetwork(URI, NetworkUpdate)
 * @param id the URN of a ViPR Network
 * @param param Network endpoint parameters
 * @deprecated use {@link #updateNetwork(URI, NetworkUpdate)}
 * @brief Add or remove network end points
 * @return Network details
 */
@PUT
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/endpoints")
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.RESTRICTED_SYSTEM_ADMIN })
@Deprecated
public NetworkRestRep updateNetworkEndpoints(@PathParam("id") URI id, NetworkEndpointParam param) {
    Network network = doUpdateEndpoints(id, param);
    recordAndAudit(network, OperationTypeEnum.UPDATE_NETWORK);
    return MapNetwork.toNetworkRestRep(network, _dbClient);
}

Example 55 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class NetworkSystemService method getFabrics.

/**
 * Returns a list of the VSAN or fabric names configured on this network system.
 * Note: This is a synchronous call to the device and may take a while to receive a response.
 *
 * @param id the URN of a ViPR network system.
 * @prereq none
 * @brief List network system VSANs and fabrics
 * @return A list of fabric names configured on the Network System.
 * @throws InternalException
 */
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/san-fabrics")
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.SYSTEM_MONITOR })
public Fabrics getFabrics(@PathParam("id") URI id) throws InternalException {
    Fabrics fabrics = new Fabrics();
    ArgValidator.checkFieldUriType(id, NetworkSystem.class, "id");
    NetworkSystem device = queryResource(id);
    NetworkController controller = getNetworkController(device.getSystemType());
    List<String> fabricIds = controller.getFabricIds(device.getId());
    fabrics.setFabricIds(fabricIds);
    return fabrics;
}