Examples with ForbiddenException org.candlepin.common.exceptions.ForbiddenException used on opensource projects

Example 1 with ForbiddenException

use of org.candlepin.common.exceptions.ForbiddenException in project candlepin by candlepin.

the class ConsumerBindUtil method handleActivationKeyPools.

private boolean handleActivationKeyPools(Consumer consumer, ActivationKey key) {
    if (key.getPools().size() == 0) {
        return true;
    }
    boolean onePassed = false;
    List<ActivationKeyPool> toBind = new LinkedList<>();
    for (ActivationKeyPool akp : key.getPools()) {
        if (akp.getPool().getId() != null) {
            toBind.add(akp);
        }
    }
    // Sort pools before binding to avoid deadlocks
    Collections.sort(toBind);
    for (ActivationKeyPool akp : toBind) {
        int quantity = (akp.getQuantity() == null) ? getQuantityToBind(akp.getPool(), consumer) : akp.getQuantity().intValue();
        try {
            entitler.sendEvents(entitler.bindByPoolQuantity(consumer, akp.getPool().getId(), quantity));
            onePassed = true;
        } catch (ForbiddenException e) {
            log.warn(i18n.tr("Cannot bind to pool \"{0}\" in activation key \"{1}\": {2}", akp.getPool().getId(), akp.getKey().getName(), e.getMessage()));
        }
    }
    return onePassed;
}

Example 2 with ForbiddenException

use of org.candlepin.common.exceptions.ForbiddenException in project candlepin by candlepin.

the class Entitler method bindByProducts.

/**
 * Force option is used to heal entire org
 *
 * @param data AutobindData encapsulating data required for an autobind request
 * @param force heal host even if it has autoheal disabled
 * @return List of Entitlements
 * @throws AutobindDisabledForOwnerException when an autobind attempt is made and the owner
 *         has it disabled.
 */
@Transactional
public List<Entitlement> bindByProducts(AutobindData data, boolean force) throws AutobindDisabledForOwnerException {
    Consumer consumer = data.getConsumer();
    Owner owner = data.getOwner();
    if (!consumer.isDev() && owner.isAutobindDisabled()) {
        log.info("Skipping auto-attach for consumer '{}'. Auto-attach is disabled for owner {}.", consumer, owner.getKey());
        throw new AutobindDisabledForOwnerException(i18n.tr("Auto-attach is disabled for owner \"{0}\".", owner.getKey()));
    }
    // entitlements based on the planned design of the subscriptions
    if (consumer.hasFact("virt.uuid") && !consumer.isDev()) {
        String guestUuid = consumer.getFact("virt.uuid");
        // Remove any expired unmapped guest entitlements
        revokeUnmappedGuestEntitlements(consumer);
        // Scoped to the consumer's organization.  Even in the event of sharing, a guest in one
        // organization should not be able to compel a heal in an another organization
        Consumer host = consumerCurator.getHost(consumer, consumer.getOwnerId());
        if (host != null && (force || host.isAutoheal())) {
            log.info("Attempting to heal host machine with UUID \"{}\" for guest with UUID \"{}\"", host.getUuid(), consumer.getUuid());
            if (!StringUtils.equals(host.getServiceLevel(), consumer.getServiceLevel())) {
                log.warn("Host with UUID \"{}\" has a service level \"{}\" that does not match" + " that of the guest with UUID \"{}\" and service level \"{}\"", host.getUuid(), host.getServiceLevel(), consumer.getUuid(), consumer.getServiceLevel());
            }
            try {
                List<Entitlement> hostEntitlements = poolManager.entitleByProductsForHost(consumer, host, data.getOnDate(), data.getPossiblePools());
                log.debug("Granted host {} entitlements", hostEntitlements.size());
                sendEvents(hostEntitlements);
            } catch (Exception e) {
                // log and continue, this should NEVER block
                log.debug("Healing failed for host UUID {} with message: {}", host.getUuid(), e.getMessage());
            }
            /* Consumer is stale at this point.  Note that we use find() instead of
                 * findByUuid() or getConsumer() since the latter two methods are secured
                 * to a specific host principal and bindByProducts can get called when
                 * a guest is switching hosts */
            consumer = consumerCurator.find(consumer.getId());
            data.setConsumer(consumer);
        }
    }
    if (consumer.isDev()) {
        if (config.getBoolean(ConfigProperties.STANDALONE) || !poolCurator.hasActiveEntitlementPools(consumer.getOwnerId(), null)) {
            throw new ForbiddenException(i18n.tr("Development units may only be used on hosted servers" + " and with orgs that have active subscriptions."));
        }
        // Look up the dev pool for this consumer, and if not found
        // create one. If a dev pool already exists, remove it and
        // create a new one.
        String sku = consumer.getFact("dev_sku");
        Pool devPool = poolCurator.findDevPool(consumer);
        if (devPool != null) {
            poolManager.deletePool(devPool);
        }
        devPool = poolManager.createPool(assembleDevPool(consumer, owner, sku));
        data.setPossiblePools(Arrays.asList(devPool.getId()));
        data.setProductIds(new String[] { sku });
    }
    // Attempt to create entitlements:
    try {
        // the pools are only used to bind the guest
        List<Entitlement> entitlements = poolManager.entitleByProducts(data);
        log.debug("Created entitlements: {}", entitlements);
        return entitlements;
    } catch (EntitlementRefusedException e) {
        // TODO: Could be multiple errors, but we'll just report the first one for now
        String productId = "Unknown Product";
        if (data.getProductIds().length > 0) {
            productId = data.getProductIds()[0];
        }
        throw new ForbiddenException(messageTranslator.productErrorToMessage(productId, e.getResults().values().iterator().next().getErrors().get(0)));
    }
}

Example 3 with ForbiddenException

use of org.candlepin.common.exceptions.ForbiddenException in project candlepin by candlepin.

the class ManifestManager method validateConsumerForExport.

private Consumer validateConsumerForExport(String consumerUuid, String cdnLabel) {
    // FIXME Should this be testing the CdnLabel as well?
    Consumer consumer = consumerCurator.verifyAndLookupConsumer(consumerUuid);
    ConsumerType ctype = this.consumerTypeCurator.getConsumerType(consumer);
    if (ctype == null || !ctype.isManifest()) {
        throw new ForbiddenException(i18n.tr("Unit {0} cannot be exported. A manifest cannot be made for units of type \"{1}\".", consumerUuid, ctype != null ? ctype.getLabel() : "unknown type"));
    }
    if (!StringUtils.isBlank(cdnLabel) && cdnCurator.lookupByLabel(cdnLabel) == null) {
        throw new ForbiddenException(i18n.tr("A CDN with label {0} does not exist on this system.", cdnLabel));
    }
    return consumer;
}

Example 4 with ForbiddenException

use of org.candlepin.common.exceptions.ForbiddenException in project candlepin by candlepin.

the class RevocationOp method execute.

@Transactional
public void execute(PoolManager poolManager) {
    Collection<Pool> overflowing = new ArrayList<>();
    for (Pool pool : pools) {
        if (pool.isOverflowing()) {
            overflowing.add(pool);
        }
    }
    if (overflowing.isEmpty()) {
        return;
    }
    overflowing = poolCurator.lockAndLoad(overflowing);
    for (Pool pool : overflowing) {
        poolNewConsumed.put(pool, pool.getConsumed());
        List<Pool> shared = poolCurator.listSharedPoolsOf(pool);
        if (!shared.isEmpty()) {
            sharedPools.put(pool, shared);
            // first determine shared pool counts where allotted units are not in use
            reduceSharedPools(pool);
        }
        // we then start revoking the existing entitlements
        determineExcessEntitlements(pool);
    }
    // revoke the entitlements amassed above
    poolManager.revokeEntitlements(new ArrayList<>(entitlementsToRevoke));
    // We have to wait until we get here so that share pool entitlements we want revoked are gone
    for (Entitlement entitlement : shareEntitlementsToAdjust.keySet()) {
        try {
            poolManager.adjustEntitlementQuantity(entitlement.getConsumer(), entitlement, shareEntitlementsToAdjust.get(entitlement).intValue());
        } catch (EntitlementRefusedException e) {
            // TODO: Could be multiple errors, but we'll just report the first one for now:
            throw new ForbiddenException(e.getResults().values().iterator().next().getErrors().get(0).toString());
        }
    }
}

Example 5 with ForbiddenException

use of org.candlepin.common.exceptions.ForbiddenException in project candlepin by candlepin.

the class ConsumerBindUtilTest method registerFailWithNoGoodKeyPool.

@Test(expected = BadRequestException.class)
public void registerFailWithNoGoodKeyPool() throws Exception {
    List<ActivationKey> keys = new ArrayList<>();
    ActivationKey key1 = new ActivationKey("key1", owner);
    keys.add(key1);
    Product prod1 = TestUtil.createProduct();
    Pool ghost = TestUtil.createPool(owner, prod1, 5);
    ghost.setId("ghost-pool");
    key1.addPool(ghost, 10L);
    Consumer consumer = new Consumer("sys.example.com", null, null, system);
    when(entitler.bindByPoolQuantity(eq(consumer), eq(ghost.getId()), eq(10))).thenThrow(new ForbiddenException("fail"));
    consumerBindUtil.handleActivationKeys(consumer, keys, false);
}