Examples with CheckPermission com.emc.storageos.security.authorization.CheckPermission used on opensource projects

Example 11 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class StorageProviderService method deleteStorageProvider.

/**
 * Delete Storage Provider
 *
 * @param id
 * @brief Delete a storage provider
 * @return
 */
@POST
@Path("/{id}/deactivate")
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.RESTRICTED_SYSTEM_ADMIN })
public Response deleteStorageProvider(@PathParam("id") URI id) {
    // Validate the provider
    ArgValidator.checkFieldUriType(id, StorageProvider.class, "id");
    StorageProvider provider = _dbClient.queryObject(StorageProvider.class, id);
    ArgValidator.checkEntityNotNull(provider, id, isIdEmbeddedInURL(id));
    // Verify the provider can be removed without leaving "dangling" storages.
    StringSet providerStorageSystems = provider.getStorageSystems();
    if (null != providerStorageSystems && !providerStorageSystems.isEmpty()) {
        // First we need to verify that all related storage systems has at least 2 providers
        for (String system : providerStorageSystems) {
            StorageSystem storageSys = _dbClient.queryObject(StorageSystem.class, URI.create(system));
            if (storageSys != null && !storageSys.getInactive() && storageSys.getProviders() != null && storageSys.getProviders().size() == 1) {
                throw APIException.badRequests.cannotDeleteProviderWithManagedStorageSystems(storageSys.getId());
            }
        }
        // Next we can clear this provider from storage systems.
        for (String system : providerStorageSystems) {
            StorageSystem storageSys = _dbClient.queryObject(StorageSystem.class, URI.create(system));
            provider.removeStorageSystem(_dbClient, storageSys);
        }
    }
    StringSet decommissionedSystems = provider.getDecommissionedSystems();
    if (null != decommissionedSystems && !decommissionedSystems.isEmpty()) {
        for (String decommissioned : decommissionedSystems) {
            DecommissionedResource oldRes = _dbClient.queryObject(DecommissionedResource.class, URI.create(decommissioned));
            if (oldRes != null) {
                _dbClient.markForDeletion(oldRes);
            }
        }
    }
    // Set to inactive.
    _dbClient.markForDeletion(provider);
    auditOp(OperationTypeEnum.DELETE_STORAGEPROVIDER, true, null, provider.getId().toString(), provider.getLabel(), provider.getIPAddress(), provider.getPortNumber(), provider.getUserName(), provider.getInterfaceType());
    return Response.ok().build();
}

Example 12 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class StorageProviderService method updateStorageProvider.

/**
 * Update the Storage Provider. This is useful when we move arrays to some other
 * provider.
 *
 * @param id the URN of a ViPR Storage Provider
 * @brief Update Storage provider
 * @return Updated Storage Provider information.
 */
@PUT
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}")
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.RESTRICTED_SYSTEM_ADMIN })
public StorageProviderRestRep updateStorageProvider(@PathParam("id") URI id, StorageProviderUpdateParam param) {
    StorageProvider storageProvider = _dbClient.queryObject(StorageProvider.class, id);
    if (null == storageProvider || storageProvider.getInactive()) {
        throw APIException.notFound.unableToFindEntityInURL(id);
    } else {
        /*
             * Usecase is not to remove the provider instead we can update the old storage provider with
             * new provider details.
             */
        if (param.getName() != null && !param.getName().equals("") && !param.getName().equalsIgnoreCase(storageProvider.getLabel())) {
            checkForDuplicateName(param.getName(), StorageProvider.class);
            storageProvider.setLabel(param.getName());
        }
        // if the ip or port passed are different from the existing one
        // check to ensure a provider does not exist with the new ip + port combo
        String existingIPAddress = storageProvider.getIPAddress();
        Integer existingPortNumber = storageProvider.getPortNumber();
        if ((param.getIpAddress() != null && !param.getIpAddress().equals(existingIPAddress)) || (param.getPortNumber() != null && !param.getPortNumber().equals(existingPortNumber))) {
            String ipAddress = (param.getIpAddress() != null) ? param.getIpAddress() : existingIPAddress;
            Integer portNumber = (param.getPortNumber() != null) ? param.getPortNumber() : existingPortNumber;
            ArgValidator.checkFieldRange(portNumber, 1, 65535, "port_number");
            String providerKey = ipAddress + "-" + portNumber;
            List<StorageProvider> providers = CustomQueryUtility.getActiveStorageProvidersByProviderId(_dbClient, providerKey);
            if (providers != null && !providers.isEmpty()) {
                throw APIException.badRequests.invalidParameterStorageProviderAlreadyRegistered(providerKey);
            }
            // if and only if the connection with old IP is not alive.
            if (!existingIPAddress.equals(param.getIpAddress()) && isOldConnectionAlive(existingIPAddress, existingPortNumber, storageProvider.getInterfaceType()) && (storageProvider.getStorageSystems() != null && !storageProvider.getStorageSystems().isEmpty())) {
                throw APIException.badRequests.cannotUpdateProviderIP(existingIPAddress + "-" + existingPortNumber);
            }
            storageProvider.setIPAddress(ipAddress);
            storageProvider.setPortNumber(portNumber);
        }
        if (param.getUserName() != null && StringUtils.isNotBlank(param.getUserName())) {
            storageProvider.setUserName(param.getUserName());
        }
        if (param.getPassword() != null && StringUtils.isNotBlank(param.getPassword())) {
            storageProvider.setPassword(param.getPassword());
        }
        if (param.getUseSSL() != null) {
            storageProvider.setUseSSL(param.getUseSSL());
        }
        if (param.getInterfaceType() != null) {
            ArgValidator.checkFieldValueFromEnum(param.getInterfaceType(), "interface_type", EnumSet.of(StorageProvider.InterfaceType.hicommand, StorageProvider.InterfaceType.smis, StorageProvider.InterfaceType.ibmxiv, StorageProvider.InterfaceType.scaleioapi, StorageProvider.InterfaceType.xtremio, StorageProvider.InterfaceType.ddmc, StorageProvider.InterfaceType.unity));
            storageProvider.setInterfaceType(param.getInterfaceType());
        }
        if (param.getSecondaryUsername() != null) {
            ArgValidator.checkFieldNotEmpty(param.getSecondaryUsername(), "secondary_username");
            storageProvider.setSecondaryUsername(param.getSecondaryUsername());
        }
        if (param.getSecondaryPassword() != null) {
            ArgValidator.checkFieldNotEmpty(param.getSecondaryPassword(), "secondary_password");
            storageProvider.setSecondaryPassword(param.getSecondaryPassword());
        }
        if (param.getSecondaryURL() != null) {
            verifySecondaryParams(param.getSecondaryURL());
            storageProvider.setSecondaryURL(param.getSecondaryURL());
        }
        if (param.getElementManagerURL() != null) {
            storageProvider.setElementManagerURL(param.getElementManagerURL());
        }
        _dbClient.persistObject(storageProvider);
    }
    auditOp(OperationTypeEnum.UPDATE_STORAGEPROVIDER, true, null, storageProvider.getId().toString(), storageProvider.getLabel(), storageProvider.getIPAddress(), storageProvider.getPortNumber(), storageProvider.getUserName(), storageProvider.getInterfaceType());
    return map(storageProvider);
}

Example 13 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class StorageSystemService method registerStorageSystem.

/**
 * Allows the user register the storage system with the passed id.
 *
 * @param id the URN of a ViPR storage system.
 *
 * @brief Register storage system
 * @return A StorageSystemRestRep reference specifying the data for the
 *         updated storage system.
 * @throws ControllerException
 */
@POST
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/register")
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.RESTRICTED_SYSTEM_ADMIN })
public StorageSystemRestRep registerStorageSystem(@PathParam("id") URI id) throws ControllerException {
    // Validate the storage system.
    ArgValidator.checkFieldUriType(id, StorageSystem.class, "id");
    StorageSystem storageSystem = _dbClient.queryObject(StorageSystem.class, id);
    ArgValidator.checkEntity(storageSystem, id, isIdEmbeddedInURL(id));
    // If not already registered, register it now.
    if (RegistrationStatus.UNREGISTERED.toString().equalsIgnoreCase(storageSystem.getRegistrationStatus())) {
        storageSystem.setRegistrationStatus(RegistrationStatus.REGISTERED.toString());
        _dbClient.updateObject(storageSystem);
        startStorageSystem(storageSystem);
        auditOp(OperationTypeEnum.REGISTER_STORAGE_SYSTEM, true, null, storageSystem.getId().toString(), id.toString());
    }
    // Register all Pools.
    URIQueryResultList storagePoolURIs = new URIQueryResultList();
    _dbClient.queryByConstraint(ContainmentConstraint.Factory.getStorageDeviceStoragePoolConstraint(id), storagePoolURIs);
    Iterator<URI> storagePoolIter = storagePoolURIs.iterator();
    List<StoragePool> registeredPools = new ArrayList<StoragePool>();
    while (storagePoolIter.hasNext()) {
        StoragePool pool = _dbClient.queryObject(StoragePool.class, storagePoolIter.next());
        if (pool.getInactive() || DiscoveredDataObject.RegistrationStatus.REGISTERED.toString().equals(pool.getRegistrationStatus())) {
            continue;
        }
        registerStoragePool(pool);
        registeredPools.add(pool);
    }
    // Register all Ports.
    URIQueryResultList storagePortURIs = new URIQueryResultList();
    _dbClient.queryByConstraint(ContainmentConstraint.Factory.getStorageDeviceStoragePortConstraint(id), storagePortURIs);
    Iterator<URI> storagePortIter = storagePortURIs.iterator();
    while (storagePortIter.hasNext()) {
        StoragePort port = _dbClient.queryObject(StoragePort.class, storagePortIter.next());
        if (port.getInactive() || DiscoveredDataObject.RegistrationStatus.REGISTERED.toString().equals(port.getRegistrationStatus())) {
            continue;
        }
        registerStoragePort(port);
    }
    StringBuffer errorMessage = new StringBuffer();
    // Pool registration also update its varray relationship, so, we should also update vpool to pool relation.
    ImplicitPoolMatcher.matchModifiedStoragePoolsWithAllVirtualPool(registeredPools, _dbClient, _coordinator, errorMessage);
    return map(storageSystem);
}

Example 14 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class StorageSystemService method getObjectNamespace.

/**
 * Get details of the object namespace associated with a particular storage system
 *
 * @param id storage system URN ID
 * @param nsId namespace id
 * @brief Show details for a namespace
 * @return details of namespace
 */
@GET
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Path("/{id}/object-namespaces/{nsId}")
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.SYSTEM_MONITOR })
public ObjectNamespaceRestRep getObjectNamespace(@PathParam("id") URI id, @PathParam("nsId") URI nsId) {
    // Make sure storage system is registered.
    ArgValidator.checkFieldUriType(id, StorageSystem.class, "id");
    StorageSystem system = queryResource(id);
    ArgValidator.checkEntity(system, id, isIdEmbeddedInURL(id));
    if (!StorageSystem.Type.ecs.toString().equals(system.getSystemType())) {
        throw APIException.badRequests.invalidParameterURIInvalid("id", id);
    }
    ArgValidator.checkFieldUriType(nsId, ObjectNamespace.class, "nativeId");
    ObjectNamespace ecsNamespace = _dbClient.queryObject(ObjectNamespace.class, nsId);
    ArgValidator.checkEntity(ecsNamespace, nsId, isIdEmbeddedInURL(nsId));
    return toObjectNamespaceRestRep(ecsNamespace, _dbClient, _coordinator);
}

Example 15 with CheckPermission

use of com.emc.storageos.security.authorization.CheckPermission in project coprhd-controller by CoprHD.

the class StorageSystemService method discoverSystem.

/**
 * Allows the user to manually discover the registered storage system with
 * the passed id.
 *
 * @param id the URN of a ViPR storage system.
 * @QueryParam namespace
 *             StorageSystem Auto Discovery is grouped into multiple namespaces.
 *             Namespace is used to discover specific parts of Storage System.
 *
 *             Possible Values :
 *             UNMANAGED_VOLUMES
 *             UNMANAGED_FIESYSTEMS
 *             ALL
 *
 *             UNMANAGED_VOLUMES will discover all the Volumes which are present in the Array,
 *             and only supported on vmax and vnxblock.
 *             Using UNMANAGED_VOLUMES Namespace in other system types would result in error.
 *
 *             UNMANAGED_FILESYSTEMS will discover all the fileystems which are present in the Array,
 *             and only supported on netapp.
 *
 *             Using UNMANAGED_FILESYSTEMS Namespace in other system types would result in error.
 *
 * @brief Discover storage system
 * @throws ControllerException When an error occurs discovering the storage
 *             system.
 */
@POST
@Consumes({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@Produces({ MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON })
@CheckPermission(roles = { Role.SYSTEM_ADMIN, Role.RESTRICTED_SYSTEM_ADMIN })
@Path("/{id}/discover")
public TaskResourceRep discoverSystem(@PathParam("id") URI id, @QueryParam("namespace") String namespace) {
    StorageSystem storageSystem = _dbClient.queryObject(StorageSystem.class, id);
    ArgValidator.checkEntity(storageSystem, id, isIdEmbeddedInURL(id), true);
    String deviceType = storageSystem.getSystemType();
    // If Namespace is empty or null set it to ALL as default
    if (namespace == null || namespace.trim().length() < 1) {
        namespace = Discovery_Namespaces.ALL.toString();
    }
    if (!validateNameSpace(namespace, storageSystem)) {
        throw APIException.badRequests.invalidParameterStorageSystemNamespace(namespace);
    }
    // Trigger unmanaged resource discovery only when system is compatible.
    if ((Discovery_Namespaces.UNMANAGED_VOLUMES.name().equalsIgnoreCase(namespace) || Discovery_Namespaces.BLOCK_SNAPSHOTS.name().equalsIgnoreCase(namespace) || Discovery_Namespaces.UNMANAGED_FILESYSTEMS.name().equalsIgnoreCase(namespace)) && !CompatibilityStatus.COMPATIBLE.name().equalsIgnoreCase(storageSystem.getCompatibilityStatus())) {
        throw APIException.badRequests.cannotDiscoverUnmanagedResourcesForUnsupportedSystem();
    }
    BlockController controller = getController(BlockController.class, deviceType);
    DiscoveredObjectTaskScheduler scheduler = null;
    ArrayList<AsyncTask> tasks = new ArrayList<AsyncTask>(1);
    String taskId = UUID.randomUUID().toString();
    if (Discovery_Namespaces.ARRAY_AFFINITY.name().equalsIgnoreCase(namespace)) {
        if (!storageSystem.deviceIsType(Type.vmax) && !storageSystem.deviceIsType(Type.vnxblock) && !storageSystem.deviceIsType(Type.xtremio) && !storageSystem.deviceIsType(Type.unity)) {
            throw APIException.badRequests.cannotDiscoverArrayAffinityForUnsupportedSystem(storageSystem.getSystemType());
        }
        scheduler = new DiscoveredObjectTaskScheduler(_dbClient, new ArrayAffinityJobExec(controller));
        URI providerURI = storageSystem.getActiveProviderURI();
        List<URI> systemIds = new ArrayList<URI>();
        systemIds.add(id);
        if (!NullColumnValueGetter.isNullURI(providerURI) && (storageSystem.deviceIsType(Type.vmax) || storageSystem.deviceIsType(Type.vnxblock) || storageSystem.deviceIsType(Type.xtremio))) {
            List<URI> sysURIs = _dbClient.queryByType(StorageSystem.class, true);
            Iterator<StorageSystem> storageSystems = _dbClient.queryIterativeObjects(StorageSystem.class, sysURIs);
            while (storageSystems.hasNext()) {
                StorageSystem systemObj = storageSystems.next();
                if (systemObj == null) {
                    _log.warn("StorageSystem is no longer in the DB. It could have been deleted or decommissioned");
                    continue;
                }
                if (providerURI.equals(systemObj.getActiveProviderURI()) && !id.equals(systemObj.getId())) {
                    systemIds.add(systemObj.getId());
                }
            }
        }
        tasks.add(new ArrayAffinityAsyncTask(StorageSystem.class, systemIds, null, taskId));
    } else {
        scheduler = new DiscoveredObjectTaskScheduler(_dbClient, new DiscoverJobExec(controller));
        tasks.add(new AsyncTask(StorageSystem.class, storageSystem.getId(), taskId, namespace));
    }
    TaskList taskList = scheduler.scheduleAsyncTasks(tasks);
    return taskList.getTaskList().listIterator().next();
}