use of org.ow2.proactive.permissions.NSAdminPermission in project scheduling by ow2-proactive.
the class CommonRest method getCurrentLoggers.
@Override
public Map<String, String> getCurrentLoggers(String sessionId) throws RestException {
Scheduler scheduler = checkAccess(sessionId);
try {
try {
checkPermission(scheduler.getSubject(), new RMCoreAllPermission(), "Resource Manager administrative rights is required");
} catch (PermissionException e) {
checkPermission(scheduler.getSubject(), new NSAdminPermission(), "Resource Manager administrative rights is required");
}
Map<String, String> loggers = new LinkedHashMap<>();
Enumeration loggerEnumeration = LogManager.getCurrentLoggers();
while (loggerEnumeration.hasMoreElements()) {
Object loggerObject = loggerEnumeration.nextElement();
if (loggerObject != null && loggerObject instanceof Logger) {
Logger loggerInstance = (Logger) loggerObject;
if (loggerInstance.getName() != null && loggerInstance.getLevel() != null) {
loggers.put(loggerInstance.getName(), loggerInstance.getLevel().toString());
}
}
}
return loggers;
} catch (PermissionException e) {
throw new PermissionRestException("Resource Manager administrative rights is required");
} catch (NotConnectedException e) {
throw new NotConnectedRestException(YOU_ARE_NOT_CONNECTED_TO_THE_SCHEDULER_YOU_SHOULD_LOG_ON_FIRST);
}
}
use of org.ow2.proactive.permissions.NSAdminPermission in project scheduling by ow2-proactive.
the class RMCore method checkNodeAdminPermission.
/**
* Checks if the client is the node source admin.
*
* @param nodeSource is a nodeSource to be checked
* @param client is a client to be checked
* @return true if the client is an admin, SecurityException otherwise
*/
private boolean checkNodeAdminPermission(NodeSource nodeSource, Client client) {
String errorMessage = client.getName() + " is not authorized to manage node source " + nodeSource.getName();
// checking if the caller is an administrator
client.checkPermission(nodeSource.getAdminPermission(), errorMessage, new RMCoreAllPermission(), new NSAdminPermission());
return true;
}
use of org.ow2.proactive.permissions.NSAdminPermission in project scheduling by ow2-proactive.
the class RMCore method releaseNodes.
/**
* {@inheritDoc}
*/
public BooleanWrapper releaseNodes(NodeSet nodes) {
if (nodes.getExtraNodes() != null) {
// do not forget to release extra nodes
nodes.addAll(nodes.getExtraNodes());
}
// exception to throw in case of problems
RuntimeException exception = null;
NodeSet nodesReleased = new NodeSet();
NodeSet nodesFailedToRelease = new NodeSet();
for (Node node : nodes) {
String nodeURL = null;
try {
nodeURL = node.getNodeInformation().getURL();
logger.debug("Releasing node " + nodeURL);
} catch (RuntimeException e) {
logger.debug("A Runtime exception occurred while obtaining information on the node," + "the node must be down (it will be detected later)", e);
// node is down, will be detected by pinger
exception = new IllegalStateException(e.getMessage(), e);
nodesFailedToRelease.add(node);
}
// verify whether the node has not been removed from the RM
if (this.allNodes.containsKey(nodeURL)) {
RMNode rmnode = this.getNodebyUrl(nodeURL);
// free
if (rmnode.isFree()) {
logger.warn("Client " + caller + " tries to release the already free node " + nodeURL);
nodesFailedToRelease.add(node);
} else if (rmnode.isDown()) {
logger.warn("Node was down, it cannot be released");
nodesFailedToRelease.add(node);
} else {
Set<? extends IdentityPrincipal> userPrincipal = rmnode.getOwner().getSubject().getPrincipals(UserNamePrincipal.class);
Permission ownerPermission = new PrincipalPermission(rmnode.getOwner().getName(), userPrincipal);
try {
caller.checkPermission(ownerPermission, caller + " is not authorized to free node " + node.getNodeInformation().getURL(), new RMCoreAllPermission(), new NodeUserAllPermission(), new NSAdminPermission());
if (rmnode.isToRemove()) {
removeNodeFromCoreAndSource(rmnode, caller);
nodesReleased.add(node);
if (delayedNodeSourceRemovalEvents.containsKey(rmnode.getNodeSourceName()) && nodeSourceCanBeRemoved(rmnode.getNodeSourceName())) {
logger.debug(NODE_SOURCE_STRING + rmnode.getNodeSourceName() + " is eligible to remove.");
final Entry<RMNodeSourceEvent, NodeSource> remove = delayedNodeSourceRemovalEvents.remove(rmnode.getNodeSourceName());
final RMNodeSourceEvent removedEvent = remove.getKey();
final NodeSource nodeSource = remove.getValue();
logger.info(NODE_SOURCE_STRING + rmnode.getNodeSourceName() + HAS_BEEN_SUCCESSFULLY + removedEvent.getEventType().getDescription());
this.monitoring.nodeSourceEvent(removedEvent);
nodeSource.shutdown(this.caller);
} else if (delayedNodeSourceUndeploying.containsKey(rmnode.getNodeSourceName()) && nodeSourceCanBeRemoved(rmnode.getNodeSourceName())) {
logger.debug(NODE_SOURCE_STRING + rmnode.getNodeSourceName() + " is eligible to undeploy.");
final NodeSource nodeSource = delayedNodeSourceUndeploying.remove(rmnode.getNodeSourceName());
logger.info(NODE_SOURCE_STRING + rmnode.getNodeSourceName() + HAS_BEEN_SUCCESSFULLY + "undeployed.");
nodeSource.shutdown(this.caller);
}
} else {
internalSetFree(rmnode);
nodesReleased.add(node);
}
} catch (SecurityException ex) {
logger.error(ex.getMessage(), ex);
nodesFailedToRelease.add(node);
exception = ex;
}
}
} else {
logger.warn("Cannot release unknown node " + nodeURL);
nodesFailedToRelease.add(node);
exception = new IllegalArgumentException("Cannot release unknown node " + nodeURL);
}
}
logger.info("Nodes released : " + nodesReleased);
if (!nodesFailedToRelease.isEmpty()) {
logger.warn("Nodes failed to release : " + nodesFailedToRelease);
}
if (exception != null) {
// throwing the latest exception we had
throw exception;
}
return new BooleanWrapper(true);
}
use of org.ow2.proactive.permissions.NSAdminPermission in project scheduling by ow2-proactive.
the class RMCore method undeployNodeSource.
/**
* {@inheritDoc}
*/
public BooleanWrapper undeployNodeSource(String nodeSourceName, boolean preempt) {
logger.info("Undeploy node source " + nodeSourceName + " with preempt=" + preempt + REQUESTED_BY_STRING + this.caller.getName());
if (!this.definedNodeSources.containsKey(nodeSourceName)) {
throw new IllegalArgumentException("Unknown node source " + nodeSourceName);
}
if (this.deployedNodeSources.containsKey(nodeSourceName)) {
NodeSource nodeSourceToRemove = this.deployedNodeSources.get(nodeSourceName);
this.caller.checkPermission(nodeSourceToRemove.getAdminPermission(), this.caller + " is not authorized to undeploy " + nodeSourceName, new RMCoreAllPermission(), new NSAdminPermission());
nodeSourceToRemove.setStatus(NodeSourceStatus.NODES_UNDEPLOYED);
this.removeAllNodes(nodeSourceName, preempt);
this.updateNodeSourceDescriptorWithStatusAndPersist(this.definedNodeSources.get(nodeSourceName).getDescriptor(), NodeSourceStatus.NODES_UNDEPLOYED);
this.nodeSourceUnregister(nodeSourceName, NodeSourceStatus.NODES_UNDEPLOYED, new RMNodeSourceEvent(RMEventType.NODESOURCE_SHUTDOWN, this.caller.getName(), nodeSourceName, nodeSourceToRemove.getDescription(), nodeSourceToRemove.getAdditionalInformation(), nodeSourceToRemove.getAdministrator().getName(), NodeSourceStatus.NODES_UNDEPLOYED.toString()));
// asynchronously delegate the removal process to the node source
nodeSourceToRemove.shutdown(this.caller);
}
return new BooleanWrapper(true);
}
Aggregations