Example 1 with BaseListCmd
use of org.apache.cloudstack.api.BaseListCmd in project cloudstack by apache.
the class ApiServer method queueCommand.
private String queueCommand(final BaseCmd cmdObj, final Map<String, String> params, StringBuilder log) throws Exception {
final CallContext ctx = CallContext.current();
final Long callerUserId = ctx.getCallingUserId();
final Account caller = ctx.getCallingAccount();
// BaseAsyncCmd: cmd is processed and submitted as an AsyncJob, job related info is serialized and returned.
if (cmdObj instanceof BaseAsyncCmd) {
Long objectId = null;
String objectUuid = null;
if (cmdObj instanceof BaseAsyncCreateCmd) {
final BaseAsyncCreateCmd createCmd = (BaseAsyncCreateCmd) cmdObj;
dispatcher.dispatchCreateCmd(createCmd, params);
objectId = createCmd.getEntityId();
objectUuid = createCmd.getEntityUuid();
params.put("id", objectId.toString());
Class entityClass = EventTypes.getEntityClassForEvent(createCmd.getEventType());
if (entityClass != null)
ctx.putContextParameter(entityClass, objectUuid);
} else {
// Extract the uuid before params are processed and id reflects internal db id
objectUuid = params.get(ApiConstants.ID);
dispatchChainFactory.getStandardDispatchChain().dispatch(new DispatchTask(cmdObj, params));
}
final BaseAsyncCmd asyncCmd = (BaseAsyncCmd) cmdObj;
if (callerUserId != null) {
params.put("ctxUserId", callerUserId.toString());
}
if (caller != null) {
params.put("ctxAccountId", String.valueOf(caller.getId()));
}
if (objectUuid != null) {
params.put("uuid", objectUuid);
}
long startEventId = ctx.getStartEventId();
asyncCmd.setStartEventId(startEventId);
// save the scheduled event
final Long eventId = ActionEventUtils.onScheduledActionEvent((callerUserId == null) ? (Long) User.UID_SYSTEM : callerUserId, asyncCmd.getEntityOwnerId(), asyncCmd.getEventType(), asyncCmd.getEventDescription(), asyncCmd.isDisplay(), startEventId);
if (startEventId == 0) {
// There was no create event before, set current event id as start eventId
startEventId = eventId;
}
params.put("ctxStartEventId", String.valueOf(startEventId));
params.put("cmdEventType", asyncCmd.getEventType().toString());
params.put("ctxDetails", ApiGsonHelper.getBuilder().create().toJson(ctx.getContextParameters()));
Long instanceId = (objectId == null) ? asyncCmd.getInstanceId() : objectId;
// users can provide the job id they want to use, so log as it is a uuid and is unique
String injectedJobId = asyncCmd.getInjectedJobId();
uuidMgr.checkUuidSimple(injectedJobId, AsyncJob.class);
AsyncJobVO job = new AsyncJobVO("", callerUserId, caller.getId(), cmdObj.getClass().getName(), ApiGsonHelper.getBuilder().create().toJson(params), instanceId, asyncCmd.getInstanceType() != null ? asyncCmd.getInstanceType().toString() : null, injectedJobId);
job.setDispatcher(asyncDispatcher.getName());
final long jobId = asyncMgr.submitAsyncJob(job);
if (jobId == 0L) {
final String errorMsg = "Unable to schedule async job for command " + job.getCmd();
s_logger.warn(errorMsg);
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, errorMsg);
}
final String response;
if (objectId != null) {
final String objUuid = (objectUuid == null) ? objectId.toString() : objectUuid;
response = getBaseAsyncCreateResponse(jobId, (BaseAsyncCreateCmd) asyncCmd, objUuid);
} else {
SerializationContext.current().setUuidTranslation(true);
response = getBaseAsyncResponse(jobId, asyncCmd);
}
// Always log response for async for now, I don't think any sensitive data will be in here.
// It might be nice to send this through scrubbing similar to how
// ApiResponseSerializer.toSerializedStringWithSecureLogs works. For now, this gets jobid's
// in the api logs.
log.append(response);
return response;
} else {
dispatcher.dispatch(cmdObj, params, false);
// For those listXXXCommand which we have already created DB views, this step is not needed since async job is joined in their db views.
if (cmdObj instanceof BaseListCmd && !(cmdObj instanceof ListVMsCmd) && !(cmdObj instanceof ListVMsCmdByAdmin) && !(cmdObj instanceof ListRoutersCmd) && !(cmdObj instanceof ListSecurityGroupsCmd) && !(cmdObj instanceof ListTagsCmd) && !(cmdObj instanceof ListEventsCmd) && !(cmdObj instanceof ListVMGroupsCmd) && !(cmdObj instanceof ListProjectsCmd) && !(cmdObj instanceof ListProjectAccountsCmd) && !(cmdObj instanceof ListProjectInvitationsCmd) && !(cmdObj instanceof ListHostsCmd) && !(cmdObj instanceof ListVolumesCmd) && !(cmdObj instanceof ListVolumesCmdByAdmin) && !(cmdObj instanceof ListUsersCmd) && !(cmdObj instanceof ListAccountsCmd) && !(cmdObj instanceof ListAccountsCmdByAdmin) && !(cmdObj instanceof ListStoragePoolsCmd) && !(cmdObj instanceof ListDiskOfferingsCmd) && !(cmdObj instanceof ListServiceOfferingsCmd) && !(cmdObj instanceof ListZonesCmd) && !(cmdObj instanceof ListZonesCmdByAdmin)) {
buildAsyncListResponse((BaseListCmd) cmdObj, caller);
}
SerializationContext.current().setUuidTranslation(true);
return ApiResponseSerializer.toSerializedStringWithSecureLogs((ResponseObject) cmdObj.getResponseObject(), cmdObj.getResponseType(), log);
}
}
Also used :
UserAccount(com.cloud.user.UserAccount)
Account(com.cloud.user.Account)
ListHostsCmd(org.apache.cloudstack.api.command.admin.host.ListHostsCmd)
ListVolumesCmdByAdmin(org.apache.cloudstack.api.command.admin.volume.ListVolumesCmdByAdmin)
ListZonesCmdByAdmin(org.apache.cloudstack.api.command.admin.zone.ListZonesCmdByAdmin)
AsyncJobVO(org.apache.cloudstack.framework.jobs.impl.AsyncJobVO)
ListZonesCmd(org.apache.cloudstack.api.command.user.zone.ListZonesCmd)
ServerApiException(org.apache.cloudstack.api.ServerApiException)
ListProjectInvitationsCmd(org.apache.cloudstack.api.command.user.project.ListProjectInvitationsCmd)
ListProjectAccountsCmd(org.apache.cloudstack.api.command.user.account.ListProjectAccountsCmd)
ListAccountsCmd(org.apache.cloudstack.api.command.user.account.ListAccountsCmd)
DispatchTask(com.cloud.api.dispatch.DispatchTask)
ListUsersCmd(org.apache.cloudstack.api.command.admin.user.ListUsersCmd)
BaseListCmd(org.apache.cloudstack.api.BaseListCmd)
ListSecurityGroupsCmd(org.apache.cloudstack.api.command.user.securitygroup.ListSecurityGroupsCmd)
ListEventsCmd(org.apache.cloudstack.api.command.user.event.ListEventsCmd)
ListVolumesCmd(org.apache.cloudstack.api.command.user.volume.ListVolumesCmd)
ListDiskOfferingsCmd(org.apache.cloudstack.api.command.user.offering.ListDiskOfferingsCmd)
BaseAsyncCreateCmd(org.apache.cloudstack.api.BaseAsyncCreateCmd)
ListRoutersCmd(org.apache.cloudstack.api.command.admin.router.ListRoutersCmd)
ListProjectsCmd(org.apache.cloudstack.api.command.user.project.ListProjectsCmd)
ListAccountsCmdByAdmin(org.apache.cloudstack.api.command.admin.account.ListAccountsCmdByAdmin)
CallContext(org.apache.cloudstack.context.CallContext)
ListVMGroupsCmd(org.apache.cloudstack.api.command.user.vmgroup.ListVMGroupsCmd)
BaseAsyncCmd(org.apache.cloudstack.api.BaseAsyncCmd)
ListVMsCmd(org.apache.cloudstack.api.command.user.vm.ListVMsCmd)
ListVMsCmdByAdmin(org.apache.cloudstack.api.command.admin.vm.ListVMsCmdByAdmin)
ListStoragePoolsCmd(org.apache.cloudstack.api.command.admin.storage.ListStoragePoolsCmd)
ListServiceOfferingsCmd(org.apache.cloudstack.api.command.user.offering.ListServiceOfferingsCmd)
ListTagsCmd(org.apache.cloudstack.api.command.user.tag.ListTagsCmd)
Example 2 with BaseListCmd
use of org.apache.cloudstack.api.BaseListCmd in project cloudstack by apache.
the class RoleBasedAPIAccessChecker method addDefaultAclPolicyPermission.
private void addDefaultAclPolicyPermission(String apiName, Class<?> cmdClass, RoleType role) {
AccessType accessType = null;
Class<?>[] entityTypes = null;
PermissionScope permissionScope = PermissionScope.ACCOUNT;
Long policyId = getDefaultPolicyId(role);
switch(role) {
case User:
permissionScope = PermissionScope.ACCOUNT;
break;
case Admin:
permissionScope = PermissionScope.ALL;
break;
case DomainAdmin:
permissionScope = PermissionScope.DOMAIN;
break;
case ResourceAdmin:
permissionScope = PermissionScope.DOMAIN;
break;
}
boolean addAccountScopedUseEntry = false;
if (cmdClass != null) {
BaseCmd cmdObj;
try {
cmdObj = (BaseCmd) cmdClass.newInstance();
if (cmdObj instanceof BaseListCmd) {
if (permissionScope == PermissionScope.ACCOUNT) {
accessType = AccessType.UseEntry;
} else {
accessType = AccessType.ListEntry;
addAccountScopedUseEntry = true;
}
} else {
accessType = AccessType.OperateEntry;
}
} catch (Exception e) {
throw new CloudRuntimeException(String.format("%s is claimed as an API command, but it cannot be instantiated", cmdClass.getName()));
}
APICommand at = cmdClass.getAnnotation(APICommand.class);
entityTypes = at.entityType();
}
if (entityTypes == null || entityTypes.length == 0) {
_iamSrv.addIAMPermissionToIAMPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
if (addAccountScopedUseEntry) {
_iamSrv.addIAMPermissionToIAMPolicy(policyId, null, PermissionScope.ACCOUNT.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, AccessType.UseEntry.toString(), Permission.Allow, false);
}
} else {
for (Class<?> entityType : entityTypes) {
_iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.getSimpleName(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
if (addAccountScopedUseEntry) {
_iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.getSimpleName(), PermissionScope.ACCOUNT.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, AccessType.UseEntry.toString(), Permission.Allow, false);
}
}
}
}
Also used :
BaseListCmd(org.apache.cloudstack.api.BaseListCmd)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
BaseCmd(org.apache.cloudstack.api.BaseCmd)
APICommand(org.apache.cloudstack.api.APICommand)
AccessType(org.apache.cloudstack.acl.SecurityChecker.AccessType)
PermissionScope(org.apache.cloudstack.acl.PermissionScope)
ConfigurationException(javax.naming.ConfigurationException)
CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException)
PermissionDeniedException(com.cloud.exception.PermissionDeniedException)
Aggregations
BaseListCmd (org.apache.cloudstack.api.BaseListCmd)2
DispatchTask (com.cloud.api.dispatch.DispatchTask)1
PermissionDeniedException (com.cloud.exception.PermissionDeniedException)1
Account (com.cloud.user.Account)1
UserAccount (com.cloud.user.UserAccount)1
CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)1
ConfigurationException (javax.naming.ConfigurationException)1
PermissionScope (org.apache.cloudstack.acl.PermissionScope)1
AccessType (org.apache.cloudstack.acl.SecurityChecker.AccessType)1
APICommand (org.apache.cloudstack.api.APICommand)1
BaseAsyncCmd (org.apache.cloudstack.api.BaseAsyncCmd)1
BaseAsyncCreateCmd (org.apache.cloudstack.api.BaseAsyncCreateCmd)1
BaseCmd (org.apache.cloudstack.api.BaseCmd)1
ServerApiException (org.apache.cloudstack.api.ServerApiException)1
ListAccountsCmdByAdmin (org.apache.cloudstack.api.command.admin.account.ListAccountsCmdByAdmin)1
ListHostsCmd (org.apache.cloudstack.api.command.admin.host.ListHostsCmd)1
ListRoutersCmd (org.apache.cloudstack.api.command.admin.router.ListRoutersCmd)1
ListStoragePoolsCmd (org.apache.cloudstack.api.command.admin.storage.ListStoragePoolsCmd)1
ListUsersCmd (org.apache.cloudstack.api.command.admin.user.ListUsersCmd)1
ListVMsCmdByAdmin (org.apache.cloudstack.api.command.admin.vm.ListVMsCmdByAdmin)1
