Search in sources :

Example 1 with BaseListCmd

use of org.apache.cloudstack.api.BaseListCmd in project cloudstack by apache.

the class ApiServer method queueCommand.

private String queueCommand(final BaseCmd cmdObj, final Map<String, String> params, StringBuilder log) throws Exception {
    final CallContext ctx = CallContext.current();
    final Long callerUserId = ctx.getCallingUserId();
    final Account caller = ctx.getCallingAccount();
    // BaseAsyncCmd: cmd is processed and submitted as an AsyncJob, job related info is serialized and returned.
    if (cmdObj instanceof BaseAsyncCmd) {
        Long objectId = null;
        String objectUuid = null;
        if (cmdObj instanceof BaseAsyncCreateCmd) {
            final BaseAsyncCreateCmd createCmd = (BaseAsyncCreateCmd) cmdObj;
            dispatcher.dispatchCreateCmd(createCmd, params);
            objectId = createCmd.getEntityId();
            objectUuid = createCmd.getEntityUuid();
            params.put("id", objectId.toString());
            Class entityClass = EventTypes.getEntityClassForEvent(createCmd.getEventType());
            if (entityClass != null)
                ctx.putContextParameter(entityClass, objectUuid);
        } else {
            // Extract the uuid before params are processed and id reflects internal db id
            objectUuid = params.get(ApiConstants.ID);
            dispatchChainFactory.getStandardDispatchChain().dispatch(new DispatchTask(cmdObj, params));
        }
        final BaseAsyncCmd asyncCmd = (BaseAsyncCmd) cmdObj;
        if (callerUserId != null) {
            params.put("ctxUserId", callerUserId.toString());
        }
        if (caller != null) {
            params.put("ctxAccountId", String.valueOf(caller.getId()));
        }
        if (objectUuid != null) {
            params.put("uuid", objectUuid);
        }
        long startEventId = ctx.getStartEventId();
        asyncCmd.setStartEventId(startEventId);
        // save the scheduled event
        final Long eventId = ActionEventUtils.onScheduledActionEvent((callerUserId == null) ? (Long) User.UID_SYSTEM : callerUserId, asyncCmd.getEntityOwnerId(), asyncCmd.getEventType(), asyncCmd.getEventDescription(), asyncCmd.isDisplay(), startEventId);
        if (startEventId == 0) {
            // There was no create event before, set current event id as start eventId
            startEventId = eventId;
        }
        params.put("ctxStartEventId", String.valueOf(startEventId));
        params.put("cmdEventType", asyncCmd.getEventType().toString());
        params.put("ctxDetails", ApiGsonHelper.getBuilder().create().toJson(ctx.getContextParameters()));
        Long instanceId = (objectId == null) ? asyncCmd.getInstanceId() : objectId;
        // users can provide the job id they want to use, so log as it is a uuid and is unique
        String injectedJobId = asyncCmd.getInjectedJobId();
        uuidMgr.checkUuidSimple(injectedJobId, AsyncJob.class);
        AsyncJobVO job = new AsyncJobVO("", callerUserId, caller.getId(), cmdObj.getClass().getName(), ApiGsonHelper.getBuilder().create().toJson(params), instanceId, asyncCmd.getInstanceType() != null ? asyncCmd.getInstanceType().toString() : null, injectedJobId);
        job.setDispatcher(asyncDispatcher.getName());
        final long jobId = asyncMgr.submitAsyncJob(job);
        if (jobId == 0L) {
            final String errorMsg = "Unable to schedule async job for command " + job.getCmd();
            s_logger.warn(errorMsg);
            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, errorMsg);
        }
        final String response;
        if (objectId != null) {
            final String objUuid = (objectUuid == null) ? objectId.toString() : objectUuid;
            response = getBaseAsyncCreateResponse(jobId, (BaseAsyncCreateCmd) asyncCmd, objUuid);
        } else {
            SerializationContext.current().setUuidTranslation(true);
            response = getBaseAsyncResponse(jobId, asyncCmd);
        }
        // Always log response for async for now, I don't think any sensitive data will be in here.
        // It might be nice to send this through scrubbing similar to how
        // ApiResponseSerializer.toSerializedStringWithSecureLogs works. For now, this gets jobid's
        // in the api logs.
        log.append(response);
        return response;
    } else {
        dispatcher.dispatch(cmdObj, params, false);
        // For those listXXXCommand which we have already created DB views, this step is not needed since async job is joined in their db views.
        if (cmdObj instanceof BaseListCmd && !(cmdObj instanceof ListVMsCmd) && !(cmdObj instanceof ListVMsCmdByAdmin) && !(cmdObj instanceof ListRoutersCmd) && !(cmdObj instanceof ListSecurityGroupsCmd) && !(cmdObj instanceof ListTagsCmd) && !(cmdObj instanceof ListEventsCmd) && !(cmdObj instanceof ListVMGroupsCmd) && !(cmdObj instanceof ListProjectsCmd) && !(cmdObj instanceof ListProjectAccountsCmd) && !(cmdObj instanceof ListProjectInvitationsCmd) && !(cmdObj instanceof ListHostsCmd) && !(cmdObj instanceof ListVolumesCmd) && !(cmdObj instanceof ListVolumesCmdByAdmin) && !(cmdObj instanceof ListUsersCmd) && !(cmdObj instanceof ListAccountsCmd) && !(cmdObj instanceof ListAccountsCmdByAdmin) && !(cmdObj instanceof ListStoragePoolsCmd) && !(cmdObj instanceof ListDiskOfferingsCmd) && !(cmdObj instanceof ListServiceOfferingsCmd) && !(cmdObj instanceof ListZonesCmd) && !(cmdObj instanceof ListZonesCmdByAdmin)) {
            buildAsyncListResponse((BaseListCmd) cmdObj, caller);
        }
        SerializationContext.current().setUuidTranslation(true);
        return ApiResponseSerializer.toSerializedStringWithSecureLogs((ResponseObject) cmdObj.getResponseObject(), cmdObj.getResponseType(), log);
    }
}
Also used : UserAccount(com.cloud.user.UserAccount) Account(com.cloud.user.Account) ListHostsCmd(org.apache.cloudstack.api.command.admin.host.ListHostsCmd) ListVolumesCmdByAdmin(org.apache.cloudstack.api.command.admin.volume.ListVolumesCmdByAdmin) ListZonesCmdByAdmin(org.apache.cloudstack.api.command.admin.zone.ListZonesCmdByAdmin) AsyncJobVO(org.apache.cloudstack.framework.jobs.impl.AsyncJobVO) ListZonesCmd(org.apache.cloudstack.api.command.user.zone.ListZonesCmd) ServerApiException(org.apache.cloudstack.api.ServerApiException) ListProjectInvitationsCmd(org.apache.cloudstack.api.command.user.project.ListProjectInvitationsCmd) ListProjectAccountsCmd(org.apache.cloudstack.api.command.user.account.ListProjectAccountsCmd) ListAccountsCmd(org.apache.cloudstack.api.command.user.account.ListAccountsCmd) DispatchTask(com.cloud.api.dispatch.DispatchTask) ListUsersCmd(org.apache.cloudstack.api.command.admin.user.ListUsersCmd) BaseListCmd(org.apache.cloudstack.api.BaseListCmd) ListSecurityGroupsCmd(org.apache.cloudstack.api.command.user.securitygroup.ListSecurityGroupsCmd) ListEventsCmd(org.apache.cloudstack.api.command.user.event.ListEventsCmd) ListVolumesCmd(org.apache.cloudstack.api.command.user.volume.ListVolumesCmd) ListDiskOfferingsCmd(org.apache.cloudstack.api.command.user.offering.ListDiskOfferingsCmd) BaseAsyncCreateCmd(org.apache.cloudstack.api.BaseAsyncCreateCmd) ListRoutersCmd(org.apache.cloudstack.api.command.admin.router.ListRoutersCmd) ListProjectsCmd(org.apache.cloudstack.api.command.user.project.ListProjectsCmd) ListAccountsCmdByAdmin(org.apache.cloudstack.api.command.admin.account.ListAccountsCmdByAdmin) CallContext(org.apache.cloudstack.context.CallContext) ListVMGroupsCmd(org.apache.cloudstack.api.command.user.vmgroup.ListVMGroupsCmd) BaseAsyncCmd(org.apache.cloudstack.api.BaseAsyncCmd) ListVMsCmd(org.apache.cloudstack.api.command.user.vm.ListVMsCmd) ListVMsCmdByAdmin(org.apache.cloudstack.api.command.admin.vm.ListVMsCmdByAdmin) ListStoragePoolsCmd(org.apache.cloudstack.api.command.admin.storage.ListStoragePoolsCmd) ListServiceOfferingsCmd(org.apache.cloudstack.api.command.user.offering.ListServiceOfferingsCmd) ListTagsCmd(org.apache.cloudstack.api.command.user.tag.ListTagsCmd)

Example 2 with BaseListCmd

use of org.apache.cloudstack.api.BaseListCmd in project cloudstack by apache.

the class RoleBasedAPIAccessChecker method addDefaultAclPolicyPermission.

private void addDefaultAclPolicyPermission(String apiName, Class<?> cmdClass, RoleType role) {
    AccessType accessType = null;
    Class<?>[] entityTypes = null;
    PermissionScope permissionScope = PermissionScope.ACCOUNT;
    Long policyId = getDefaultPolicyId(role);
    switch(role) {
        case User:
            permissionScope = PermissionScope.ACCOUNT;
            break;
        case Admin:
            permissionScope = PermissionScope.ALL;
            break;
        case DomainAdmin:
            permissionScope = PermissionScope.DOMAIN;
            break;
        case ResourceAdmin:
            permissionScope = PermissionScope.DOMAIN;
            break;
    }
    boolean addAccountScopedUseEntry = false;
    if (cmdClass != null) {
        BaseCmd cmdObj;
        try {
            cmdObj = (BaseCmd) cmdClass.newInstance();
            if (cmdObj instanceof BaseListCmd) {
                if (permissionScope == PermissionScope.ACCOUNT) {
                    accessType = AccessType.UseEntry;
                } else {
                    accessType = AccessType.ListEntry;
                    addAccountScopedUseEntry = true;
                }
            } else {
                accessType = AccessType.OperateEntry;
            }
        } catch (Exception e) {
            throw new CloudRuntimeException(String.format("%s is claimed as an API command, but it cannot be instantiated", cmdClass.getName()));
        }
        APICommand at = cmdClass.getAnnotation(APICommand.class);
        entityTypes = at.entityType();
    }
    if (entityTypes == null || entityTypes.length == 0) {
        _iamSrv.addIAMPermissionToIAMPolicy(policyId, null, permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
        if (addAccountScopedUseEntry) {
            _iamSrv.addIAMPermissionToIAMPolicy(policyId, null, PermissionScope.ACCOUNT.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, AccessType.UseEntry.toString(), Permission.Allow, false);
        }
    } else {
        for (Class<?> entityType : entityTypes) {
            _iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.getSimpleName(), permissionScope.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, (accessType == null) ? null : accessType.toString(), Permission.Allow, false);
            if (addAccountScopedUseEntry) {
                _iamSrv.addIAMPermissionToIAMPolicy(policyId, entityType.getSimpleName(), PermissionScope.ACCOUNT.toString(), new Long(IAMPolicyPermission.PERMISSION_SCOPE_ID_CURRENT_CALLER), apiName, AccessType.UseEntry.toString(), Permission.Allow, false);
            }
        }
    }
}
Also used : BaseListCmd(org.apache.cloudstack.api.BaseListCmd) CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException) BaseCmd(org.apache.cloudstack.api.BaseCmd) APICommand(org.apache.cloudstack.api.APICommand) AccessType(org.apache.cloudstack.acl.SecurityChecker.AccessType) PermissionScope(org.apache.cloudstack.acl.PermissionScope) ConfigurationException(javax.naming.ConfigurationException) CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException) PermissionDeniedException(com.cloud.exception.PermissionDeniedException)

Aggregations

BaseListCmd (org.apache.cloudstack.api.BaseListCmd)2 DispatchTask (com.cloud.api.dispatch.DispatchTask)1 PermissionDeniedException (com.cloud.exception.PermissionDeniedException)1 Account (com.cloud.user.Account)1 UserAccount (com.cloud.user.UserAccount)1 CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)1 ConfigurationException (javax.naming.ConfigurationException)1 PermissionScope (org.apache.cloudstack.acl.PermissionScope)1 AccessType (org.apache.cloudstack.acl.SecurityChecker.AccessType)1 APICommand (org.apache.cloudstack.api.APICommand)1 BaseAsyncCmd (org.apache.cloudstack.api.BaseAsyncCmd)1 BaseAsyncCreateCmd (org.apache.cloudstack.api.BaseAsyncCreateCmd)1 BaseCmd (org.apache.cloudstack.api.BaseCmd)1 ServerApiException (org.apache.cloudstack.api.ServerApiException)1 ListAccountsCmdByAdmin (org.apache.cloudstack.api.command.admin.account.ListAccountsCmdByAdmin)1 ListHostsCmd (org.apache.cloudstack.api.command.admin.host.ListHostsCmd)1 ListRoutersCmd (org.apache.cloudstack.api.command.admin.router.ListRoutersCmd)1 ListStoragePoolsCmd (org.apache.cloudstack.api.command.admin.storage.ListStoragePoolsCmd)1 ListUsersCmd (org.apache.cloudstack.api.command.admin.user.ListUsersCmd)1 ListVMsCmdByAdmin (org.apache.cloudstack.api.command.admin.vm.ListVMsCmdByAdmin)1