use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.
the class FileService method updateExport.
/**
* @Deprecated use @Path("/{id}/export") instead
*
* Existing file system exports may have their list of endpoints updated. The permission, security, or
* root user
* mapping of an existing export may not be changed. In order to change one of these attributes, the
* export must be
* first deleted and then created with the new value.
*
* @param id
* the URN of a ViPR Project
* @param protocol
* Protocol valid values - NFS,NFSv4,CIFS
* @param securityType
* Security type valid values - sys,krb5,krb5i,krb5p
* @param permissions
* Permissions valid values - ro,rw,root
* @param rootUserMapping
* Root user mapping
* @brief Update file system export.
* <p>
* Use /file/filesystems/{id}/export instead
* @return Task resource representation
* @throws InternalException
*/
@Deprecated
@PUT
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/exports/{protocol},{secType},{perm},{root_mapping}")
@CheckPermission(roles = { Role.TENANT_ADMIN }, acls = { ACL.OWN, ACL.ALL })
public TaskResourceRep updateExport(@PathParam("id") URI id, @PathParam("protocol") String protocol, @PathParam("secType") String securityType, @PathParam("perm") String permissions, @PathParam("root_mapping") String rootUserMapping, FileExportUpdateParam param) throws InternalException {
_log.info("Export update request received {}", id);
// Validate the input.
ArgValidator.checkFieldUriType(id, FileShare.class, "id");
FileShare fs = queryResource(id);
ArgValidator.checkFieldNotNull(protocol, "protocol");
ArgValidator.checkFieldNotNull(securityType, "secType");
ArgValidator.checkFieldNotNull(permissions, "perm");
ArgValidator.checkFieldNotNull(rootUserMapping, "root_mapping");
ArgValidator.checkEntity(fs, id, isIdEmbeddedInURL(id));
ArgValidator.checkFieldNotEmpty(fs.getFsExports(), "exports");
StorageSystem device = _dbClient.queryObject(StorageSystem.class, fs.getStorageDevice());
FileController controller = getController(FileController.class, device.getSystemType());
String path = fs.getPath();
_log.info("update export for path {} ", path);
_log.info(String.format("securityType %1$s, permissions %2$s, rootMapping %3$s, protocol %4$s FileSystem %5$s", securityType, permissions, rootUserMapping, protocol, path));
FileExport fExport = fs.getFsExports().get(FileExport.exportLookupKey(protocol, securityType, permissions, rootUserMapping, path));
if (fExport == null) {
throw APIException.badRequests.invalidParameterFileSystemNoSuchExport();
}
validateIpInterfacesRegistered(param.getAdd(), _dbClient);
verifyExports(fs, param, permissions, securityType, rootUserMapping, path);
String task = UUID.randomUUID().toString();
Operation op = _dbClient.createTaskOpStatus(FileShare.class, fs.getId(), task, ResourceOperationTypeEnum.EXPORT_FILE_SYSTEM);
// Update the list.
List<String> clients = fExport.getClients();
if (param.getAdd() != null) {
for (String addEndpoint : param.getAdd()) {
clients.add(addEndpoint);
}
}
if (param.getRemove() != null) {
for (String delEndpoint : param.getRemove()) {
clients.remove(delEndpoint);
}
}
FileShareExport export = new FileShareExport(clients, securityType, permissions, rootUserMapping, protocol, fExport.getStoragePortName(), fExport.getStoragePort(), path, fExport.getMountPath(), fExport.getSubDirectory(), param.getComments());
controller.export(device.getId(), fs.getId(), Arrays.asList(export), task);
auditOp(OperationTypeEnum.EXPORT_FILE_SYSTEM, true, AuditLogManager.AUDITOP_BEGIN, fs.getId().toString(), device.getId().toString(), export.getClients(), securityType, permissions, rootUserMapping, protocol);
return toTask(fs, task, op);
}
use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.
the class FileService method createQuotaDirectory.
/**
* Create Quota directory for a file system
* <p>
* NOTE: This is an asynchronous operation.
*
* @param id
* the URN of a ViPR File system
* @param param
* File system Quota directory parameters
* @brief Create file system Quota directory
* @return Task resource representation
* @throws InternalException
*/
@POST
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/quota-directories")
@CheckPermission(roles = { Role.TENANT_ADMIN }, acls = { ACL.OWN, ACL.ALL })
public TaskResourceRep createQuotaDirectory(@PathParam("id") URI id, QuotaDirectoryCreateParam param) throws InternalException {
_log.info("FileService::createQtree Request recieved {}", id);
String origQtreeName = param.getQuotaDirName();
ArgValidator.checkQuotaDirName(origQtreeName, "name");
ArgValidator.checkFieldMaximum(param.getSoftLimit(), 100, "softLimit");
ArgValidator.checkFieldMaximum(param.getNotificationLimit(), 100, "notificationLimit");
if (param.getSoftLimit() != 0L) {
ArgValidator.checkFieldMinimum(param.getSoftGrace(), 1L, "softGrace");
}
// check duplicate QuotaDirectory names for this fileshare
checkForDuplicateName(origQtreeName, QuotaDirectory.class, id, "parent", _dbClient);
String task = UUID.randomUUID().toString();
ArgValidator.checkFieldUriType(id, FileShare.class, "id");
if (param.getSecurityStyle() != null) {
ArgValidator.checkFieldValueFromEnum(param.getSecurityStyle(), "security_style", EnumSet.allOf(QuotaDirectory.SecurityStyles.class));
}
// Get the FileSystem object from the URN
FileShare fs = queryResource(id);
ArgValidator.checkEntity(fs, id, isIdEmbeddedInURL(id));
int fsSoftLimit = -1;
if (null != fs.getSoftLimit()) {
fsSoftLimit = fs.getSoftLimit().intValue();
}
int fsNotifiLimit = -1;
if (null != fs.getNotificationLimit()) {
fsNotifiLimit = fs.getNotificationLimit().intValue();
}
int fsGraceLimit = -1;
if (null != fs.getSoftGracePeriod()) {
fsGraceLimit = fs.getSoftGracePeriod().intValue();
}
// Create the QuotaDirectory object for the DB
QuotaDirectory quotaDirectory = new QuotaDirectory();
quotaDirectory.setId(URIUtil.createId(QuotaDirectory.class));
// ICICIC - Curious !
quotaDirectory.setParent(new NamedURI(id, origQtreeName));
quotaDirectory.setLabel(origQtreeName);
quotaDirectory.setOpStatus(new OpStatusMap());
quotaDirectory.setProject(new NamedURI(fs.getProject().getURI(), origQtreeName));
quotaDirectory.setTenant(new NamedURI(fs.getTenant().getURI(), origQtreeName));
quotaDirectory.setSoftLimit(param.getSoftLimit() > 0 ? param.getSoftLimit() : fsSoftLimit > 0 ? fsSoftLimit : 0);
quotaDirectory.setSoftGrace(param.getSoftGrace() > 0 ? param.getSoftGrace() : fsGraceLimit > 0 ? fsGraceLimit : 0);
quotaDirectory.setNotificationLimit(param.getNotificationLimit() > 0 ? param.getNotificationLimit() : fsNotifiLimit > 0 ? fsNotifiLimit : 0);
String convertedName = origQtreeName.replaceAll("[^\\dA-Za-z_]", "");
_log.info("FileService::QuotaDirectory Original name {} and converted name {}", origQtreeName, convertedName);
quotaDirectory.setName(convertedName);
if (param.getOpLock() != null) {
quotaDirectory.setOpLock(param.getOpLock());
} else {
quotaDirectory.setOpLock(true);
}
if (param.getSecurityStyle() != null) {
quotaDirectory.setSecurityStyle(param.getSecurityStyle());
} else {
quotaDirectory.setSecurityStyle(SecurityStyles.parent.toString());
}
if (param.getSize() != null) {
// converts the input string in format "<value>GB"
Long quotaSize = SizeUtil.translateSize(param.getSize());
// to bytes
ArgValidator.checkFieldMaximum(quotaSize, fs.getCapacity(), SizeUtil.SIZE_B, "size", true);
quotaDirectory.setSize(quotaSize);
} else {
quotaDirectory.setSize((long) 0);
}
fs.setOpStatus(new OpStatusMap());
Operation op = new Operation();
op.setResourceType(ResourceOperationTypeEnum.CREATE_FILE_SYSTEM_QUOTA_DIR);
quotaDirectory.getOpStatus().createTaskStatus(task, op);
fs.getOpStatus().createTaskStatus(task, op);
_dbClient.createObject(quotaDirectory);
_dbClient.persistObject(fs);
// Create an object of type "FileShareQuotaDirectory" to be passed into the south-bound layers.
FileShareQuotaDirectory qt = new FileShareQuotaDirectory(quotaDirectory);
// Now get ready to make calls into the controller
StorageSystem device = _dbClient.queryObject(StorageSystem.class, fs.getStorageDevice());
FileController controller = getController(FileController.class, device.getSystemType());
try {
controller.createQuotaDirectory(device.getId(), qt, fs.getId(), task);
} catch (InternalException e) {
quotaDirectory.setInactive(true);
_dbClient.persistObject(quotaDirectory);
// should discriminate between validation problems vs. internal errors
throw e;
}
auditOp(OperationTypeEnum.CREATE_FILE_SYSTEM_QUOTA_DIR, true, AuditLogManager.AUDITOP_BEGIN, quotaDirectory.getLabel(), quotaDirectory.getId().toString(), fs.getId().toString());
fs = _dbClient.queryObject(FileShare.class, id);
_log.debug("FileService::QuotaDirectory Before sending response, FS ID : {}, Tasks : {} ; Status {}", fs.getOpStatus().get(task), fs.getOpStatus().get(task).getStatus());
return toTask(quotaDirectory, task, op);
}
use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.
the class FileService method getNativeContinuousCopies.
/**
* List FileShare mirrors
*
* @prereq none
*
* @param id
* the URN of a ViPR FileShare to list mirrors
*
* @brief List fileShare mirrors
* @return FileShare mirror response containing a list of mirror identifiers
*/
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/protection/continuous-copies")
@CheckPermission(roles = { Role.SYSTEM_MONITOR, Role.TENANT_ADMIN }, acls = { ACL.ANY })
public MirrorList getNativeContinuousCopies(@PathParam("id") URI id) {
MirrorList list = new MirrorList();
ArgValidator.checkFieldUriType(id, FileShare.class, "id");
FileShare sourceFileShare = _dbClient.queryObject(FileShare.class, id);
StringSet sourceFileShareMirrors = sourceFileShare.getMirrorfsTargets();
if (sourceFileShareMirrors == null || sourceFileShareMirrors.isEmpty()) {
return list;
}
for (String uriStr : sourceFileShareMirrors) {
FileShare fileMirror = _dbClient.queryObject(FileShare.class, URI.create(uriStr));
if (fileMirror == null || fileMirror.getInactive()) {
_log.warn("Stale mirror {} found for fileShare {}", uriStr, sourceFileShare.getId());
continue;
}
list.getMirrorList().add(toNamedRelatedResource(fileMirror));
}
return list;
}
use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.
the class FileService method reduce.
/**
* Reduce file system quota -- supported only on Isilon
*
* @param id - the URN of a ViPR File system
* @param param - File system reduction parameters
* @return Task resource representation
* @throws InternalException
*/
@POST
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/reduce")
@CheckPermission(roles = { Role.TENANT_ADMIN }, acls = { ACL.OWN, ACL.ALL })
public TaskResourceRep reduce(@PathParam("id") URI id, FileSystemReduceParam param) throws InternalException {
_log.info(String.format("FileShareReduce --- FileShare id: %1$s, New Quota: %2$s", id, param.getNewSize()));
// check file system
ArgValidator.checkFieldUriType(id, FileShare.class, "id");
FileShare fs = queryResource(id);
ArgValidator.checkEntity(fs, id, isIdEmbeddedInURL(id));
StorageSystem device = _dbClient.queryObject(StorageSystem.class, fs.getStorageDevice());
if (!device.deviceIsType(DiscoveredDataObject.Type.isilon)) {
String msg = String.format("reducing filesystem is not supported for storage system %s", device.getSystemType());
throw APIException.badRequests.reduceFileSystemNotSupported(msg);
}
Long newFSsize = SizeUtil.translateSize(param.getNewSize());
long quotaFsSize = newFSsize - fs.getCapacity();
final long MIN_EXPAND_SIZE = SizeUtil.translateSize("1MB") + 1;
if (newFSsize <= 0) {
throw APIException.badRequests.parameterMustBeGreaterThan("new_size", 0);
} else {
if (quotaFsSize < MIN_EXPAND_SIZE) {
List<QuotaDirectory> quotaDirs = queryDBQuotaDirectories(fs);
if (null != quotaDirs && !quotaDirs.isEmpty()) {
long qdsize = 0;
// that new size should not be less than any of the sub quota.
for (QuotaDirectory quotaDir : quotaDirs) {
qdsize = newFSsize - quotaDir.getSize();
Double quotasize = SizeUtil.translateSize(quotaDir.getSize(), SizeUtil.SIZE_GB);
Double newFScapacity = SizeUtil.translateSize(newFSsize, SizeUtil.SIZE_GB);
if (qdsize < MIN_EXPAND_SIZE) {
String msg = String.format("as requested reduced size [%.1fGB] is smaller than its quota size [%.1fGB] for filesystem %s", newFScapacity, quotasize, fs.getName());
throw APIException.badRequests.reduceFileSystemNotSupported(msg);
}
}
}
} else {
throw APIException.badRequests.parameterMustBeLessThan("new_size", fs.getCapacity());
}
}
String task = UUID.randomUUID().toString();
Operation op = _dbClient.createTaskOpStatus(FileShare.class, fs.getId(), task, ResourceOperationTypeEnum.REDUCE_FILE_SYSTEM);
op.setDescription("Filesystem reduce quota");
FileServiceApi fileServiceApi = getFileShareServiceImpl(fs, _dbClient);
try {
fileServiceApi.reduceFileShareQuota(fs, newFSsize, task);
} catch (InternalException e) {
if (_log.isErrorEnabled()) {
_log.error("Reduce File Quota error", e);
}
fs = _dbClient.queryObject(FileShare.class, fs.getId());
op = fs.getOpStatus().get(task);
op.error(e);
fs.getOpStatus().updateTaskStatus(task, op);
_dbClient.updateObject(fs);
throw e;
}
return toTask(fs, task, op);
}
use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.
the class FileService method stopContinuousCopies.
/**
* Stop continuous copies.
*
* @prereq none
* @param id the URN of a ViPR Source file share
* @brief Stop the replication session between source and target file system.
* @return TaskList
* @throws ControllerException
*/
@POST
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/protection/continuous-copies/stop")
@CheckPermission(roles = { Role.TENANT_ADMIN }, acls = { ACL.OWN, ACL.ALL })
public TaskList stopContinuousCopies(@PathParam("id") URI id, FileReplicationParam param) throws ControllerException {
doMirrorOperationValidation(id, ProtectionOp.STOP.toString());
String task = UUID.randomUUID().toString();
FileShare sourceFileShare = queryResource(id);
Set<URI> unassignFrom = new HashSet<>();
unassignFrom.add(id);
FilePolicy filepolicy = FileSystemReplicationUtils.getReplicationPolicyAppliedOnFS(sourceFileShare, _dbClient);
Operation op = _dbClient.createTaskOpStatus(FileShare.class, id, task, ResourceOperationTypeEnum.FILE_PROTECTION_ACTION_STOP);
op.setDescription("stop the replication link between source and target");
FileOrchestrationController controller = getController(FileOrchestrationController.class, FileOrchestrationController.FILE_ORCHESTRATION_DEVICE);
controller.unassignFilePolicy(filepolicy.getId(), unassignFrom, task);
auditOp(OperationTypeEnum.STOP_FILE_MIRROR, true, "BEGIN", sourceFileShare.getId().toString());
TaskList taskList = new TaskList();
TaskResourceRep taskResp = toTask(sourceFileShare, task, op);
taskList.getTaskList().add(taskResp);
return taskList;
}
Aggregations