Search in sources :

Example 86 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class FileService method updateExport.

/**
 * @Deprecated use @Path("/{id}/export") instead
 *
 *             Existing file system exports may have their list of endpoints updated. The permission, security, or
 *             root user
 *             mapping of an existing export may not be changed. In order to change one of these attributes, the
 *             export must be
 *             first deleted and then created with the new value.
 *
 * @param id
 *            the URN of a ViPR Project
 * @param protocol
 *            Protocol valid values - NFS,NFSv4,CIFS
 * @param securityType
 *            Security type valid values - sys,krb5,krb5i,krb5p
 * @param permissions
 *            Permissions valid values - ro,rw,root
 * @param rootUserMapping
 *            Root user mapping
 * @brief Update file system export.
 *        <p>
 *        Use /file/filesystems/{id}/export instead
 * @return Task resource representation
 * @throws InternalException
 */
@Deprecated
@PUT
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/exports/{protocol},{secType},{perm},{root_mapping}")
@CheckPermission(roles = { Role.TENANT_ADMIN }, acls = { ACL.OWN, ACL.ALL })
public TaskResourceRep updateExport(@PathParam("id") URI id, @PathParam("protocol") String protocol, @PathParam("secType") String securityType, @PathParam("perm") String permissions, @PathParam("root_mapping") String rootUserMapping, FileExportUpdateParam param) throws InternalException {
    _log.info("Export update request received {}", id);
    // Validate the input.
    ArgValidator.checkFieldUriType(id, FileShare.class, "id");
    FileShare fs = queryResource(id);
    ArgValidator.checkFieldNotNull(protocol, "protocol");
    ArgValidator.checkFieldNotNull(securityType, "secType");
    ArgValidator.checkFieldNotNull(permissions, "perm");
    ArgValidator.checkFieldNotNull(rootUserMapping, "root_mapping");
    ArgValidator.checkEntity(fs, id, isIdEmbeddedInURL(id));
    ArgValidator.checkFieldNotEmpty(fs.getFsExports(), "exports");
    StorageSystem device = _dbClient.queryObject(StorageSystem.class, fs.getStorageDevice());
    FileController controller = getController(FileController.class, device.getSystemType());
    String path = fs.getPath();
    _log.info("update export for path {} ", path);
    _log.info(String.format("securityType %1$s, permissions %2$s, rootMapping %3$s, protocol %4$s FileSystem %5$s", securityType, permissions, rootUserMapping, protocol, path));
    FileExport fExport = fs.getFsExports().get(FileExport.exportLookupKey(protocol, securityType, permissions, rootUserMapping, path));
    if (fExport == null) {
        throw APIException.badRequests.invalidParameterFileSystemNoSuchExport();
    }
    validateIpInterfacesRegistered(param.getAdd(), _dbClient);
    verifyExports(fs, param, permissions, securityType, rootUserMapping, path);
    String task = UUID.randomUUID().toString();
    Operation op = _dbClient.createTaskOpStatus(FileShare.class, fs.getId(), task, ResourceOperationTypeEnum.EXPORT_FILE_SYSTEM);
    // Update the list.
    List<String> clients = fExport.getClients();
    if (param.getAdd() != null) {
        for (String addEndpoint : param.getAdd()) {
            clients.add(addEndpoint);
        }
    }
    if (param.getRemove() != null) {
        for (String delEndpoint : param.getRemove()) {
            clients.remove(delEndpoint);
        }
    }
    FileShareExport export = new FileShareExport(clients, securityType, permissions, rootUserMapping, protocol, fExport.getStoragePortName(), fExport.getStoragePort(), path, fExport.getMountPath(), fExport.getSubDirectory(), param.getComments());
    controller.export(device.getId(), fs.getId(), Arrays.asList(export), task);
    auditOp(OperationTypeEnum.EXPORT_FILE_SYSTEM, true, AuditLogManager.AUDITOP_BEGIN, fs.getId().toString(), device.getId().toString(), export.getClients(), securityType, permissions, rootUserMapping, protocol);
    return toTask(fs, task, op);
}
Also used : FileShareExport(com.emc.storageos.volumecontroller.FileShareExport) FileController(com.emc.storageos.volumecontroller.FileController) FileExport(com.emc.storageos.db.client.model.FileExport) Operation(com.emc.storageos.db.client.model.Operation) FileShare(com.emc.storageos.db.client.model.FileShare) SMBFileShare(com.emc.storageos.db.client.model.SMBFileShare) MapFileShare(com.emc.storageos.api.mapper.functions.MapFileShare) StorageSystem(com.emc.storageos.db.client.model.StorageSystem) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) PUT(javax.ws.rs.PUT) CheckPermission(com.emc.storageos.security.authorization.CheckPermission)

Example 87 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class FileService method createQuotaDirectory.

/**
 * Create Quota directory for a file system
 * <p>
 * NOTE: This is an asynchronous operation.
 *
 * @param id
 *            the URN of a ViPR File system
 * @param param
 *            File system Quota directory parameters
 * @brief Create file system Quota directory
 * @return Task resource representation
 * @throws InternalException
 */
@POST
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/quota-directories")
@CheckPermission(roles = { Role.TENANT_ADMIN }, acls = { ACL.OWN, ACL.ALL })
public TaskResourceRep createQuotaDirectory(@PathParam("id") URI id, QuotaDirectoryCreateParam param) throws InternalException {
    _log.info("FileService::createQtree Request recieved {}", id);
    String origQtreeName = param.getQuotaDirName();
    ArgValidator.checkQuotaDirName(origQtreeName, "name");
    ArgValidator.checkFieldMaximum(param.getSoftLimit(), 100, "softLimit");
    ArgValidator.checkFieldMaximum(param.getNotificationLimit(), 100, "notificationLimit");
    if (param.getSoftLimit() != 0L) {
        ArgValidator.checkFieldMinimum(param.getSoftGrace(), 1L, "softGrace");
    }
    // check duplicate QuotaDirectory names for this fileshare
    checkForDuplicateName(origQtreeName, QuotaDirectory.class, id, "parent", _dbClient);
    String task = UUID.randomUUID().toString();
    ArgValidator.checkFieldUriType(id, FileShare.class, "id");
    if (param.getSecurityStyle() != null) {
        ArgValidator.checkFieldValueFromEnum(param.getSecurityStyle(), "security_style", EnumSet.allOf(QuotaDirectory.SecurityStyles.class));
    }
    // Get the FileSystem object from the URN
    FileShare fs = queryResource(id);
    ArgValidator.checkEntity(fs, id, isIdEmbeddedInURL(id));
    int fsSoftLimit = -1;
    if (null != fs.getSoftLimit()) {
        fsSoftLimit = fs.getSoftLimit().intValue();
    }
    int fsNotifiLimit = -1;
    if (null != fs.getNotificationLimit()) {
        fsNotifiLimit = fs.getNotificationLimit().intValue();
    }
    int fsGraceLimit = -1;
    if (null != fs.getSoftGracePeriod()) {
        fsGraceLimit = fs.getSoftGracePeriod().intValue();
    }
    // Create the QuotaDirectory object for the DB
    QuotaDirectory quotaDirectory = new QuotaDirectory();
    quotaDirectory.setId(URIUtil.createId(QuotaDirectory.class));
    // ICICIC - Curious !
    quotaDirectory.setParent(new NamedURI(id, origQtreeName));
    quotaDirectory.setLabel(origQtreeName);
    quotaDirectory.setOpStatus(new OpStatusMap());
    quotaDirectory.setProject(new NamedURI(fs.getProject().getURI(), origQtreeName));
    quotaDirectory.setTenant(new NamedURI(fs.getTenant().getURI(), origQtreeName));
    quotaDirectory.setSoftLimit(param.getSoftLimit() > 0 ? param.getSoftLimit() : fsSoftLimit > 0 ? fsSoftLimit : 0);
    quotaDirectory.setSoftGrace(param.getSoftGrace() > 0 ? param.getSoftGrace() : fsGraceLimit > 0 ? fsGraceLimit : 0);
    quotaDirectory.setNotificationLimit(param.getNotificationLimit() > 0 ? param.getNotificationLimit() : fsNotifiLimit > 0 ? fsNotifiLimit : 0);
    String convertedName = origQtreeName.replaceAll("[^\\dA-Za-z_]", "");
    _log.info("FileService::QuotaDirectory Original name {} and converted name {}", origQtreeName, convertedName);
    quotaDirectory.setName(convertedName);
    if (param.getOpLock() != null) {
        quotaDirectory.setOpLock(param.getOpLock());
    } else {
        quotaDirectory.setOpLock(true);
    }
    if (param.getSecurityStyle() != null) {
        quotaDirectory.setSecurityStyle(param.getSecurityStyle());
    } else {
        quotaDirectory.setSecurityStyle(SecurityStyles.parent.toString());
    }
    if (param.getSize() != null) {
        // converts the input string in format "<value>GB"
        Long quotaSize = SizeUtil.translateSize(param.getSize());
        // to bytes
        ArgValidator.checkFieldMaximum(quotaSize, fs.getCapacity(), SizeUtil.SIZE_B, "size", true);
        quotaDirectory.setSize(quotaSize);
    } else {
        quotaDirectory.setSize((long) 0);
    }
    fs.setOpStatus(new OpStatusMap());
    Operation op = new Operation();
    op.setResourceType(ResourceOperationTypeEnum.CREATE_FILE_SYSTEM_QUOTA_DIR);
    quotaDirectory.getOpStatus().createTaskStatus(task, op);
    fs.getOpStatus().createTaskStatus(task, op);
    _dbClient.createObject(quotaDirectory);
    _dbClient.persistObject(fs);
    // Create an object of type "FileShareQuotaDirectory" to be passed into the south-bound layers.
    FileShareQuotaDirectory qt = new FileShareQuotaDirectory(quotaDirectory);
    // Now get ready to make calls into the controller
    StorageSystem device = _dbClient.queryObject(StorageSystem.class, fs.getStorageDevice());
    FileController controller = getController(FileController.class, device.getSystemType());
    try {
        controller.createQuotaDirectory(device.getId(), qt, fs.getId(), task);
    } catch (InternalException e) {
        quotaDirectory.setInactive(true);
        _dbClient.persistObject(quotaDirectory);
        // should discriminate between validation problems vs. internal errors
        throw e;
    }
    auditOp(OperationTypeEnum.CREATE_FILE_SYSTEM_QUOTA_DIR, true, AuditLogManager.AUDITOP_BEGIN, quotaDirectory.getLabel(), quotaDirectory.getId().toString(), fs.getId().toString());
    fs = _dbClient.queryObject(FileShare.class, id);
    _log.debug("FileService::QuotaDirectory Before sending response, FS ID : {}, Tasks : {} ; Status {}", fs.getOpStatus().get(task), fs.getOpStatus().get(task).getStatus());
    return toTask(quotaDirectory, task, op);
}
Also used : NamedURI(com.emc.storageos.db.client.model.NamedURI) FileController(com.emc.storageos.volumecontroller.FileController) OpStatusMap(com.emc.storageos.db.client.model.OpStatusMap) QuotaDirectory(com.emc.storageos.db.client.model.QuotaDirectory) FileShareQuotaDirectory(com.emc.storageos.volumecontroller.FileShareQuotaDirectory) Operation(com.emc.storageos.db.client.model.Operation) FileShare(com.emc.storageos.db.client.model.FileShare) SMBFileShare(com.emc.storageos.db.client.model.SMBFileShare) MapFileShare(com.emc.storageos.api.mapper.functions.MapFileShare) PrefixConstraint(com.emc.storageos.db.client.constraint.PrefixConstraint) AlternateIdConstraint(com.emc.storageos.db.client.constraint.AlternateIdConstraint) ContainmentPrefixConstraint(com.emc.storageos.db.client.constraint.ContainmentPrefixConstraint) ContainmentConstraint(com.emc.storageos.db.client.constraint.ContainmentConstraint) InternalException(com.emc.storageos.svcs.errorhandling.resources.InternalException) SecurityStyles(com.emc.storageos.db.client.model.QuotaDirectory.SecurityStyles) FileShareQuotaDirectory(com.emc.storageos.volumecontroller.FileShareQuotaDirectory) StorageSystem(com.emc.storageos.db.client.model.StorageSystem) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) CheckPermission(com.emc.storageos.security.authorization.CheckPermission)

Example 88 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class FileService method getNativeContinuousCopies.

/**
 * List FileShare mirrors
 *
 * @prereq none
 *
 * @param id
 *            the URN of a ViPR FileShare to list mirrors
 *
 * @brief List fileShare mirrors
 * @return FileShare mirror response containing a list of mirror identifiers
 */
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/protection/continuous-copies")
@CheckPermission(roles = { Role.SYSTEM_MONITOR, Role.TENANT_ADMIN }, acls = { ACL.ANY })
public MirrorList getNativeContinuousCopies(@PathParam("id") URI id) {
    MirrorList list = new MirrorList();
    ArgValidator.checkFieldUriType(id, FileShare.class, "id");
    FileShare sourceFileShare = _dbClient.queryObject(FileShare.class, id);
    StringSet sourceFileShareMirrors = sourceFileShare.getMirrorfsTargets();
    if (sourceFileShareMirrors == null || sourceFileShareMirrors.isEmpty()) {
        return list;
    }
    for (String uriStr : sourceFileShareMirrors) {
        FileShare fileMirror = _dbClient.queryObject(FileShare.class, URI.create(uriStr));
        if (fileMirror == null || fileMirror.getInactive()) {
            _log.warn("Stale mirror {} found for fileShare {}", uriStr, sourceFileShare.getId());
            continue;
        }
        list.getMirrorList().add(toNamedRelatedResource(fileMirror));
    }
    return list;
}
Also used : MirrorList(com.emc.storageos.model.block.MirrorList) StringSet(com.emc.storageos.db.client.model.StringSet) FileShare(com.emc.storageos.db.client.model.FileShare) SMBFileShare(com.emc.storageos.db.client.model.SMBFileShare) MapFileShare(com.emc.storageos.api.mapper.functions.MapFileShare) Path(javax.ws.rs.Path) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) CheckPermission(com.emc.storageos.security.authorization.CheckPermission)

Example 89 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class FileService method reduce.

/**
 * Reduce file system quota -- supported only on Isilon
 *
 * @param id - the URN of a ViPR File system
 * @param param - File system reduction parameters
 * @return Task resource representation
 * @throws InternalException
 */
@POST
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/reduce")
@CheckPermission(roles = { Role.TENANT_ADMIN }, acls = { ACL.OWN, ACL.ALL })
public TaskResourceRep reduce(@PathParam("id") URI id, FileSystemReduceParam param) throws InternalException {
    _log.info(String.format("FileShareReduce --- FileShare id: %1$s, New Quota: %2$s", id, param.getNewSize()));
    // check file system
    ArgValidator.checkFieldUriType(id, FileShare.class, "id");
    FileShare fs = queryResource(id);
    ArgValidator.checkEntity(fs, id, isIdEmbeddedInURL(id));
    StorageSystem device = _dbClient.queryObject(StorageSystem.class, fs.getStorageDevice());
    if (!device.deviceIsType(DiscoveredDataObject.Type.isilon)) {
        String msg = String.format("reducing filesystem is not supported for storage system %s", device.getSystemType());
        throw APIException.badRequests.reduceFileSystemNotSupported(msg);
    }
    Long newFSsize = SizeUtil.translateSize(param.getNewSize());
    long quotaFsSize = newFSsize - fs.getCapacity();
    final long MIN_EXPAND_SIZE = SizeUtil.translateSize("1MB") + 1;
    if (newFSsize <= 0) {
        throw APIException.badRequests.parameterMustBeGreaterThan("new_size", 0);
    } else {
        if (quotaFsSize < MIN_EXPAND_SIZE) {
            List<QuotaDirectory> quotaDirs = queryDBQuotaDirectories(fs);
            if (null != quotaDirs && !quotaDirs.isEmpty()) {
                long qdsize = 0;
                // that new size should not be less than any of the sub quota.
                for (QuotaDirectory quotaDir : quotaDirs) {
                    qdsize = newFSsize - quotaDir.getSize();
                    Double quotasize = SizeUtil.translateSize(quotaDir.getSize(), SizeUtil.SIZE_GB);
                    Double newFScapacity = SizeUtil.translateSize(newFSsize, SizeUtil.SIZE_GB);
                    if (qdsize < MIN_EXPAND_SIZE) {
                        String msg = String.format("as requested reduced size [%.1fGB] is smaller than its quota size [%.1fGB] for filesystem %s", newFScapacity, quotasize, fs.getName());
                        throw APIException.badRequests.reduceFileSystemNotSupported(msg);
                    }
                }
            }
        } else {
            throw APIException.badRequests.parameterMustBeLessThan("new_size", fs.getCapacity());
        }
    }
    String task = UUID.randomUUID().toString();
    Operation op = _dbClient.createTaskOpStatus(FileShare.class, fs.getId(), task, ResourceOperationTypeEnum.REDUCE_FILE_SYSTEM);
    op.setDescription("Filesystem reduce quota");
    FileServiceApi fileServiceApi = getFileShareServiceImpl(fs, _dbClient);
    try {
        fileServiceApi.reduceFileShareQuota(fs, newFSsize, task);
    } catch (InternalException e) {
        if (_log.isErrorEnabled()) {
            _log.error("Reduce File Quota error", e);
        }
        fs = _dbClient.queryObject(FileShare.class, fs.getId());
        op = fs.getOpStatus().get(task);
        op.error(e);
        fs.getOpStatus().updateTaskStatus(task, op);
        _dbClient.updateObject(fs);
        throw e;
    }
    return toTask(fs, task, op);
}
Also used : QuotaDirectory(com.emc.storageos.db.client.model.QuotaDirectory) FileShareQuotaDirectory(com.emc.storageos.volumecontroller.FileShareQuotaDirectory) Operation(com.emc.storageos.db.client.model.Operation) FileShare(com.emc.storageos.db.client.model.FileShare) SMBFileShare(com.emc.storageos.db.client.model.SMBFileShare) MapFileShare(com.emc.storageos.api.mapper.functions.MapFileShare) StorageSystem(com.emc.storageos.db.client.model.StorageSystem) InternalException(com.emc.storageos.svcs.errorhandling.resources.InternalException) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) CheckPermission(com.emc.storageos.security.authorization.CheckPermission)

Example 90 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class FileService method stopContinuousCopies.

/**
 * Stop continuous copies.
 *
 * @prereq none
 * @param id the URN of a ViPR Source file share
 * @brief Stop the replication session between source and target file system.
 * @return TaskList
 * @throws ControllerException
 */
@POST
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/protection/continuous-copies/stop")
@CheckPermission(roles = { Role.TENANT_ADMIN }, acls = { ACL.OWN, ACL.ALL })
public TaskList stopContinuousCopies(@PathParam("id") URI id, FileReplicationParam param) throws ControllerException {
    doMirrorOperationValidation(id, ProtectionOp.STOP.toString());
    String task = UUID.randomUUID().toString();
    FileShare sourceFileShare = queryResource(id);
    Set<URI> unassignFrom = new HashSet<>();
    unassignFrom.add(id);
    FilePolicy filepolicy = FileSystemReplicationUtils.getReplicationPolicyAppliedOnFS(sourceFileShare, _dbClient);
    Operation op = _dbClient.createTaskOpStatus(FileShare.class, id, task, ResourceOperationTypeEnum.FILE_PROTECTION_ACTION_STOP);
    op.setDescription("stop the replication link between source and target");
    FileOrchestrationController controller = getController(FileOrchestrationController.class, FileOrchestrationController.FILE_ORCHESTRATION_DEVICE);
    controller.unassignFilePolicy(filepolicy.getId(), unassignFrom, task);
    auditOp(OperationTypeEnum.STOP_FILE_MIRROR, true, "BEGIN", sourceFileShare.getId().toString());
    TaskList taskList = new TaskList();
    TaskResourceRep taskResp = toTask(sourceFileShare, task, op);
    taskList.getTaskList().add(taskResp);
    return taskList;
}
Also used : FilePolicy(com.emc.storageos.db.client.model.FilePolicy) FileOrchestrationController(com.emc.storageos.fileorchestrationcontroller.FileOrchestrationController) TaskList(com.emc.storageos.model.TaskList) TaskResourceRep(com.emc.storageos.model.TaskResourceRep) Operation(com.emc.storageos.db.client.model.Operation) FileShare(com.emc.storageos.db.client.model.FileShare) SMBFileShare(com.emc.storageos.db.client.model.SMBFileShare) MapFileShare(com.emc.storageos.api.mapper.functions.MapFileShare) NamedURI(com.emc.storageos.db.client.model.NamedURI) URI(java.net.URI) HashSet(java.util.HashSet) Path(javax.ws.rs.Path) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces) CheckPermission(com.emc.storageos.security.authorization.CheckPermission)

Aggregations

CheckPermission (com.emc.storageos.security.authorization.CheckPermission)566 Produces (javax.ws.rs.Produces)512 Path (javax.ws.rs.Path)487 POST (javax.ws.rs.POST)240 Consumes (javax.ws.rs.Consumes)215 GET (javax.ws.rs.GET)194 URI (java.net.URI)185 Operation (com.emc.storageos.db.client.model.Operation)105 ArrayList (java.util.ArrayList)97 StorageSystem (com.emc.storageos.db.client.model.StorageSystem)93 PUT (javax.ws.rs.PUT)85 APIException (com.emc.storageos.svcs.errorhandling.resources.APIException)69 Volume (com.emc.storageos.db.client.model.Volume)68 URIQueryResultList (com.emc.storageos.db.client.constraint.URIQueryResultList)65 TaskList (com.emc.storageos.model.TaskList)61 FileShare (com.emc.storageos.db.client.model.FileShare)56 SMBFileShare (com.emc.storageos.db.client.model.SMBFileShare)54 TaskResourceRep (com.emc.storageos.model.TaskResourceRep)53 NamedURI (com.emc.storageos.db.client.model.NamedURI)47 InternalException (com.emc.storageos.svcs.errorhandling.resources.InternalException)46