Example 1 with ControlledEntity
use of org.apache.cloudstack.acl.ControlledEntity in project cloudstack by apache.
the class ApiDispatcher method doAccessChecks.
private void doAccessChecks(BaseCmd cmd, Map<Object, AccessType> entitiesToAccess) {
Account caller = CallContext.current().getCallingAccount();
APICommand commandAnnotation = cmd.getClass().getAnnotation(APICommand.class);
String apiName = commandAnnotation != null ? commandAnnotation.name() : null;
if (!entitiesToAccess.isEmpty()) {
for (Object entity : entitiesToAccess.keySet()) {
if (entity instanceof ControlledEntity) {
_accountMgr.checkAccess(caller, entitiesToAccess.get(entity), false, apiName, (ControlledEntity) entity);
} else if (entity instanceof InfrastructureEntity) {
// FIXME: Move this code in adapter, remove code from Account manager
}
}
}
}
Also used :
Account(com.cloud.user.Account)
ControlledEntity(org.apache.cloudstack.acl.ControlledEntity)
InfrastructureEntity(org.apache.cloudstack.acl.InfrastructureEntity)
APICommand(org.apache.cloudstack.api.APICommand)
Example 2 with ControlledEntity
use of org.apache.cloudstack.acl.ControlledEntity in project cloudstack by apache.
the class AutoScaleManagerImpl method checkValidityAndPersist.
@DB
protected AutoScalePolicyVO checkValidityAndPersist(final AutoScalePolicyVO autoScalePolicyVOFinal, final List<Long> conditionIds) {
final int duration = autoScalePolicyVOFinal.getDuration();
final int quietTime = autoScalePolicyVOFinal.getQuietTime();
if (duration < 0) {
throw new InvalidParameterValueException("duration is an invalid value: " + duration);
}
if (quietTime < 0) {
throw new InvalidParameterValueException("quiettime is an invalid value: " + quietTime);
}
return Transaction.execute(new TransactionCallback<AutoScalePolicyVO>() {
@Override
public AutoScalePolicyVO doInTransaction(TransactionStatus status) {
AutoScalePolicyVO autoScalePolicyVO = _autoScalePolicyDao.persist(autoScalePolicyVOFinal);
if (conditionIds != null) {
SearchBuilder<ConditionVO> conditionsSearch = _conditionDao.createSearchBuilder();
conditionsSearch.and("ids", conditionsSearch.entity().getId(), Op.IN);
conditionsSearch.done();
SearchCriteria<ConditionVO> sc = conditionsSearch.create();
sc.setParameters("ids", conditionIds.toArray(new Object[0]));
List<ConditionVO> conditions = _conditionDao.search(sc, null);
ControlledEntity[] sameOwnerEntities = conditions.toArray(new ControlledEntity[conditions.size() + 1]);
sameOwnerEntities[sameOwnerEntities.length - 1] = autoScalePolicyVO;
_accountMgr.checkAccess(CallContext.current().getCallingAccount(), null, true, sameOwnerEntities);
if (conditionIds.size() != conditions.size()) {
// TODO report the condition id which could not be found
throw new InvalidParameterValueException("Unable to find the condition specified");
}
ArrayList<Long> counterIds = new ArrayList<Long>();
for (ConditionVO condition : conditions) {
if (counterIds.contains(condition.getCounterid())) {
throw new InvalidParameterValueException("atleast two conditions in the conditionids have the same counter. It is not right to apply two different conditions for the same counter");
}
counterIds.add(condition.getCounterid());
}
/* For update case remove the existing mappings and create fresh ones */
_autoScalePolicyConditionMapDao.removeByAutoScalePolicyId(autoScalePolicyVO.getId());
for (Long conditionId : conditionIds) {
AutoScalePolicyConditionMapVO policyConditionMapVO = new AutoScalePolicyConditionMapVO(autoScalePolicyVO.getId(), conditionId);
_autoScalePolicyConditionMapDao.persist(policyConditionMapVO);
}
}
return autoScalePolicyVO;
}
});
}
Also used :
SearchBuilder(com.cloud.utils.db.SearchBuilder)
ArrayList(java.util.ArrayList)
TransactionStatus(com.cloud.utils.db.TransactionStatus)
SearchCriteria(com.cloud.utils.db.SearchCriteria)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
ControlledEntity(org.apache.cloudstack.acl.ControlledEntity)
ArrayList(java.util.ArrayList)
List(java.util.List)
DB(com.cloud.utils.db.DB)
Example 3 with ControlledEntity
use of org.apache.cloudstack.acl.ControlledEntity in project cloudstack by apache.
the class AutoScaleManagerImpl method checkValidityAndPersist.
@DB
protected AutoScaleVmGroupVO checkValidityAndPersist(final AutoScaleVmGroupVO vmGroup, final List<Long> passedScaleUpPolicyIds, final List<Long> passedScaleDownPolicyIds) {
int minMembers = vmGroup.getMinMembers();
int maxMembers = vmGroup.getMaxMembers();
int interval = vmGroup.getInterval();
List<Counter> counters = new ArrayList<Counter>();
List<AutoScalePolicyVO> policies = new ArrayList<AutoScalePolicyVO>();
final List<Long> policyIds = new ArrayList<Long>();
List<Long> currentScaleUpPolicyIds = new ArrayList<Long>();
List<Long> currentScaleDownPolicyIds = new ArrayList<Long>();
if (vmGroup.getCreated() != null) {
ApiDBUtils.getAutoScaleVmGroupPolicyIds(vmGroup.getId(), currentScaleUpPolicyIds, currentScaleDownPolicyIds);
}
if (minMembers < 0) {
throw new InvalidParameterValueException(ApiConstants.MIN_MEMBERS + " is an invalid value: " + minMembers);
}
if (maxMembers < 0) {
throw new InvalidParameterValueException(ApiConstants.MAX_MEMBERS + " is an invalid value: " + maxMembers);
}
if (minMembers > maxMembers) {
throw new InvalidParameterValueException(ApiConstants.MIN_MEMBERS + " (" + minMembers + ")cannot be greater than " + ApiConstants.MAX_MEMBERS + " (" + maxMembers + ")");
}
if (interval < 0) {
throw new InvalidParameterValueException("interval is an invalid value: " + interval);
}
if (passedScaleUpPolicyIds != null) {
policies.addAll(getAutoScalePolicies("scaleuppolicyid", passedScaleUpPolicyIds, counters, interval, true));
policyIds.addAll(passedScaleUpPolicyIds);
} else {
// Run the interval check for existing policies
getAutoScalePolicies("scaleuppolicyid", currentScaleUpPolicyIds, counters, interval, true);
policyIds.addAll(currentScaleUpPolicyIds);
}
if (passedScaleDownPolicyIds != null) {
policies.addAll(getAutoScalePolicies("scaledownpolicyid", passedScaleDownPolicyIds, counters, interval, false));
policyIds.addAll(passedScaleDownPolicyIds);
} else {
// Run the interval check for existing policies
getAutoScalePolicies("scaledownpolicyid", currentScaleDownPolicyIds, counters, interval, false);
policyIds.addAll(currentScaleDownPolicyIds);
}
AutoScaleVmProfileVO profileVO = getEntityInDatabase(CallContext.current().getCallingAccount(), ApiConstants.VMPROFILE_ID, vmGroup.getProfileId(), _autoScaleVmProfileDao);
LoadBalancerVO loadBalancer = getEntityInDatabase(CallContext.current().getCallingAccount(), ApiConstants.LBID, vmGroup.getLoadBalancerId(), _lbDao);
validateAutoScaleCounters(loadBalancer.getNetworkId(), counters, profileVO.getCounterParams());
ControlledEntity[] sameOwnerEntities = policies.toArray(new ControlledEntity[policies.size() + 2]);
sameOwnerEntities[sameOwnerEntities.length - 2] = loadBalancer;
sameOwnerEntities[sameOwnerEntities.length - 1] = profileVO;
_accountMgr.checkAccess(CallContext.current().getCallingAccount(), null, true, sameOwnerEntities);
return Transaction.execute(new TransactionCallback<AutoScaleVmGroupVO>() {
@Override
public AutoScaleVmGroupVO doInTransaction(TransactionStatus status) {
AutoScaleVmGroupVO vmGroupNew = _autoScaleVmGroupDao.persist(vmGroup);
if (passedScaleUpPolicyIds != null || passedScaleDownPolicyIds != null) {
_autoScaleVmGroupPolicyMapDao.removeByGroupId(vmGroupNew.getId());
for (Long policyId : policyIds) {
_autoScaleVmGroupPolicyMapDao.persist(new AutoScaleVmGroupPolicyMapVO(vmGroupNew.getId(), policyId));
}
}
return vmGroupNew;
}
});
}
Also used :
ArrayList(java.util.ArrayList)
LoadBalancerVO(com.cloud.network.dao.LoadBalancerVO)
TransactionStatus(com.cloud.utils.db.TransactionStatus)
InvalidParameterValueException(com.cloud.exception.InvalidParameterValueException)
ControlledEntity(org.apache.cloudstack.acl.ControlledEntity)
DB(com.cloud.utils.db.DB)
Example 4 with ControlledEntity
use of org.apache.cloudstack.acl.ControlledEntity in project cloudstack by apache.
the class ParamProcessWorker method doAccessChecks.
private void doAccessChecks(BaseCmd cmd, Map<Object, AccessType> entitiesToAccess) {
Account caller = CallContext.current().getCallingAccount();
List<Long> entityOwners = cmd.getEntityOwnerIds();
Account[] owners = null;
if (entityOwners != null) {
owners = entityOwners.stream().map(id -> _accountMgr.getAccount(id)).toArray(Account[]::new);
} else {
owners = new Account[] { _accountMgr.getAccount(cmd.getEntityOwnerId()) };
}
if (cmd instanceof BaseAsyncCreateCmd) {
// check that caller can access the owner account.
_accountMgr.checkAccess(caller, null, false, owners);
}
if (!entitiesToAccess.isEmpty()) {
// check that caller can access the owner account.
_accountMgr.checkAccess(caller, null, false, owners);
for (Map.Entry<Object, AccessType> entry : entitiesToAccess.entrySet()) {
Object entity = entry.getKey();
if (entity instanceof ControlledEntity) {
_accountMgr.checkAccess(caller, entry.getValue(), true, (ControlledEntity) entity);
} else if (entity instanceof InfrastructureEntity) {
// FIXME: Move this code in adapter, remove code from
// Account manager
}
}
}
}
Also used :
Account(com.cloud.user.Account)
ControlledEntity(org.apache.cloudstack.acl.ControlledEntity)
BaseAsyncCreateCmd(org.apache.cloudstack.api.BaseAsyncCreateCmd)
InfrastructureEntity(org.apache.cloudstack.acl.InfrastructureEntity)
HashMap(java.util.HashMap)
Map(java.util.Map)
AccessType(org.apache.cloudstack.acl.SecurityChecker.AccessType)
Example 5 with ControlledEntity
use of org.apache.cloudstack.acl.ControlledEntity in project cloudstack by apache.
the class AnnotationManagerImpl method isEntityOwnedByTheUser.
private boolean isEntityOwnedByTheUser(String entityType, String entityUuid, UserVO callingUser) {
try {
if (!isCallingUserRole(RoleType.Admin)) {
EntityType type = EntityType.valueOf(entityType);
List<EntityType> notAllowedTypes = EntityType.getNotAllowedTypesForNonAdmins(getCallingUserRole());
if (notAllowedTypes.contains(type)) {
return false;
}
if (isCallingUserRole(RoleType.DomainAdmin)) {
if (type == EntityType.SERVICE_OFFERING || type == EntityType.DISK_OFFERING) {
return true;
} else if (type == EntityType.DOMAIN) {
DomainVO domain = domainDao.findByUuid(entityUuid);
AccountVO account = accountDao.findById(callingUser.getAccountId());
accountService.checkAccess(account, domain);
return true;
}
}
ControlledEntity entity = getEntityFromUuidAndType(entityUuid, type);
if (entity == null) {
String errMsg = String.format("Could not find an entity with type: %s and ID: %s", entityType, entityUuid);
LOGGER.error(errMsg);
throw new CloudRuntimeException(errMsg);
}
if (type == EntityType.NETWORK && entity instanceof NetworkVO && ((NetworkVO) entity).getAclType() == ControlledEntity.ACLType.Domain) {
NetworkVO network = (NetworkVO) entity;
DomainVO domain = domainDao.findById(network.getDomainId());
AccountVO account = accountDao.findById(callingUser.getAccountId());
accountService.checkAccess(account, domain);
} else {
accountService.checkAccess(callingUser, entity);
}
}
} catch (IllegalArgumentException e) {
LOGGER.error("Could not parse entity type " + entityType, e);
return false;
} catch (PermissionDeniedException e) {
LOGGER.debug(e.getMessage(), e);
return false;
}
return true;
}
Also used :
DomainVO(com.cloud.domain.DomainVO)
NetworkVO(com.cloud.network.dao.NetworkVO)
ControlledEntity(org.apache.cloudstack.acl.ControlledEntity)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
PermissionDeniedException(com.cloud.exception.PermissionDeniedException)
AccountVO(com.cloud.user.AccountVO)
Aggregations
ControlledEntity (org.apache.cloudstack.acl.ControlledEntity)11
ArrayList (java.util.ArrayList)5
InvalidParameterValueException (com.cloud.exception.InvalidParameterValueException)4
Account (com.cloud.user.Account)4
DomainVO (com.cloud.domain.DomainVO)3
PermissionDeniedException (com.cloud.exception.PermissionDeniedException)3
HashMap (java.util.HashMap)3
EventVO (com.cloud.event.EventVO)2
NetworkDomainVO (com.cloud.network.dao.NetworkDomainVO)2
DB (com.cloud.utils.db.DB)2
TransactionStatus (com.cloud.utils.db.TransactionStatus)2
CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)2
List (java.util.List)2
Map (java.util.Map)2
InfrastructureEntity (org.apache.cloudstack.acl.InfrastructureEntity)2
Domain (com.cloud.domain.Domain)1
ActionEvent (com.cloud.event.ActionEvent)1
Network (com.cloud.network.Network)1
LoadBalancerVO (com.cloud.network.dao.LoadBalancerVO)1
NetworkVO (com.cloud.network.dao.NetworkVO)1
