Search in sources :

Example 6 with NSAdminPermission

use of org.ow2.proactive.permissions.NSAdminPermission in project scheduling by ow2-proactive.

the class CommonRest method getCurrentLoggers.

@Override
public Map<String, String> getCurrentLoggers(String sessionId) throws RestException {
    Scheduler scheduler = checkAccess(sessionId);
    try {
        try {
            checkPermission(scheduler.getSubject(), new RMCoreAllPermission(), "Resource Manager administrative rights is required");
        } catch (PermissionException e) {
            checkPermission(scheduler.getSubject(), new NSAdminPermission(), "Resource Manager administrative rights is required");
        }
        Map<String, String> loggers = new LinkedHashMap<>();
        Enumeration loggerEnumeration = LogManager.getCurrentLoggers();
        while (loggerEnumeration.hasMoreElements()) {
            Object loggerObject = loggerEnumeration.nextElement();
            if (loggerObject != null && loggerObject instanceof Logger) {
                Logger loggerInstance = (Logger) loggerObject;
                if (loggerInstance.getName() != null && loggerInstance.getLevel() != null) {
                    loggers.put(loggerInstance.getName(), loggerInstance.getLevel().toString());
                }
            }
        }
        return loggers;
    } catch (PermissionException e) {
        throw new PermissionRestException("Resource Manager administrative rights is required");
    } catch (NotConnectedException e) {
        throw new NotConnectedRestException(YOU_ARE_NOT_CONNECTED_TO_THE_SCHEDULER_YOU_SHOULD_LOG_ON_FIRST);
    }
}
Also used : PermissionException(org.ow2.proactive.scheduler.common.exception.PermissionException) NotConnectedException(org.ow2.proactive.scheduler.common.exception.NotConnectedException) Scheduler(org.ow2.proactive.scheduler.common.Scheduler) NotConnectedRestException(org.ow2.proactive_grid_cloud_portal.scheduler.exception.NotConnectedRestException) Logger(org.apache.log4j.Logger) PermissionRestException(org.ow2.proactive_grid_cloud_portal.scheduler.exception.PermissionRestException)

Example 7 with NSAdminPermission

use of org.ow2.proactive.permissions.NSAdminPermission in project scheduling by ow2-proactive.

the class RMCore method checkNodeAdminPermission.

/**
 * Checks if the client is the node source admin.
 *
 * @param nodeSource is a nodeSource to be checked
 * @param client is a client to be checked
 * @return true if the client is an admin, SecurityException otherwise
 */
private boolean checkNodeAdminPermission(NodeSource nodeSource, Client client) {
    String errorMessage = client.getName() + " is not authorized to manage node source " + nodeSource.getName();
    // checking if the caller is an administrator
    client.checkPermission(nodeSource.getAdminPermission(), errorMessage, new RMCoreAllPermission(), new NSAdminPermission());
    return true;
}
Also used : RMCoreAllPermission(org.ow2.proactive.permissions.RMCoreAllPermission) NSAdminPermission(org.ow2.proactive.permissions.NSAdminPermission)

Example 8 with NSAdminPermission

use of org.ow2.proactive.permissions.NSAdminPermission in project scheduling by ow2-proactive.

the class RMCore method releaseNodes.

/**
 * {@inheritDoc}
 */
public BooleanWrapper releaseNodes(NodeSet nodes) {
    if (nodes.getExtraNodes() != null) {
        // do not forget to release extra nodes
        nodes.addAll(nodes.getExtraNodes());
    }
    // exception to throw in case of problems
    RuntimeException exception = null;
    NodeSet nodesReleased = new NodeSet();
    NodeSet nodesFailedToRelease = new NodeSet();
    for (Node node : nodes) {
        String nodeURL = null;
        try {
            nodeURL = node.getNodeInformation().getURL();
            logger.debug("Releasing node " + nodeURL);
        } catch (RuntimeException e) {
            logger.debug("A Runtime exception occurred while obtaining information on the node," + "the node must be down (it will be detected later)", e);
            // node is down, will be detected by pinger
            exception = new IllegalStateException(e.getMessage(), e);
            nodesFailedToRelease.add(node);
        }
        // verify whether the node has not been removed from the RM
        if (this.allNodes.containsKey(nodeURL)) {
            RMNode rmnode = this.getNodebyUrl(nodeURL);
            // free
            if (rmnode.isFree()) {
                logger.warn("Client " + caller + " tries to release the already free node " + nodeURL);
                nodesFailedToRelease.add(node);
            } else if (rmnode.isDown()) {
                logger.warn("Node was down, it cannot be released");
                nodesFailedToRelease.add(node);
            } else {
                Set<? extends IdentityPrincipal> userPrincipal = rmnode.getOwner().getSubject().getPrincipals(UserNamePrincipal.class);
                Permission ownerPermission = new PrincipalPermission(rmnode.getOwner().getName(), userPrincipal);
                try {
                    caller.checkPermission(ownerPermission, caller + " is not authorized to free node " + node.getNodeInformation().getURL(), new RMCoreAllPermission(), new NodeUserAllPermission(), new NSAdminPermission());
                    if (rmnode.isToRemove()) {
                        removeNodeFromCoreAndSource(rmnode, caller);
                        nodesReleased.add(node);
                        if (delayedNodeSourceRemovalEvents.containsKey(rmnode.getNodeSourceName()) && nodeSourceCanBeRemoved(rmnode.getNodeSourceName())) {
                            logger.debug(NODE_SOURCE_STRING + rmnode.getNodeSourceName() + " is eligible to remove.");
                            final Entry<RMNodeSourceEvent, NodeSource> remove = delayedNodeSourceRemovalEvents.remove(rmnode.getNodeSourceName());
                            final RMNodeSourceEvent removedEvent = remove.getKey();
                            final NodeSource nodeSource = remove.getValue();
                            logger.info(NODE_SOURCE_STRING + rmnode.getNodeSourceName() + HAS_BEEN_SUCCESSFULLY + removedEvent.getEventType().getDescription());
                            this.monitoring.nodeSourceEvent(removedEvent);
                            nodeSource.shutdown(this.caller);
                        } else if (delayedNodeSourceUndeploying.containsKey(rmnode.getNodeSourceName()) && nodeSourceCanBeRemoved(rmnode.getNodeSourceName())) {
                            logger.debug(NODE_SOURCE_STRING + rmnode.getNodeSourceName() + " is eligible to undeploy.");
                            final NodeSource nodeSource = delayedNodeSourceUndeploying.remove(rmnode.getNodeSourceName());
                            logger.info(NODE_SOURCE_STRING + rmnode.getNodeSourceName() + HAS_BEEN_SUCCESSFULLY + "undeployed.");
                            nodeSource.shutdown(this.caller);
                        }
                    } else {
                        internalSetFree(rmnode);
                        nodesReleased.add(node);
                    }
                } catch (SecurityException ex) {
                    logger.error(ex.getMessage(), ex);
                    nodesFailedToRelease.add(node);
                    exception = ex;
                }
            }
        } else {
            logger.warn("Cannot release unknown node " + nodeURL);
            nodesFailedToRelease.add(node);
            exception = new IllegalArgumentException("Cannot release unknown node " + nodeURL);
        }
    }
    logger.info("Nodes released : " + nodesReleased);
    if (!nodesFailedToRelease.isEmpty()) {
        logger.warn("Nodes failed to release : " + nodesFailedToRelease);
    }
    if (exception != null) {
        // throwing the latest exception we had
        throw exception;
    }
    return new BooleanWrapper(true);
}
Also used : NodeSet(org.ow2.proactive.utils.NodeSet) RMNodeSourceEvent(org.ow2.proactive.resourcemanager.common.event.RMNodeSourceEvent) NodeSet(org.ow2.proactive.utils.NodeSet) Set(java.util.Set) ImmutableSet(com.google.common.collect.ImmutableSet) HashSet(java.util.HashSet) RMDeployingNode(org.ow2.proactive.resourcemanager.rmnode.RMDeployingNode) Node(org.objectweb.proactive.core.node.Node) RMNode(org.ow2.proactive.resourcemanager.rmnode.RMNode) PrincipalPermission(org.ow2.proactive.permissions.PrincipalPermission) NodeUserAllPermission(org.ow2.proactive.permissions.NodeUserAllPermission) UserNamePrincipal(org.ow2.proactive.authentication.principals.UserNamePrincipal) RMCoreAllPermission(org.ow2.proactive.permissions.RMCoreAllPermission) NSAdminPermission(org.ow2.proactive.permissions.NSAdminPermission) NodeSource(org.ow2.proactive.resourcemanager.nodesource.NodeSource) BooleanWrapper(org.objectweb.proactive.core.util.wrapper.BooleanWrapper) RMNode(org.ow2.proactive.resourcemanager.rmnode.RMNode) Entry(java.util.Map.Entry) Permission(java.security.Permission) NSAdminPermission(org.ow2.proactive.permissions.NSAdminPermission) NodeUserAllPermission(org.ow2.proactive.permissions.NodeUserAllPermission) MethodCallPermission(org.ow2.proactive.permissions.MethodCallPermission) RMCoreAllPermission(org.ow2.proactive.permissions.RMCoreAllPermission) PrincipalPermission(org.ow2.proactive.permissions.PrincipalPermission) IdentityPrincipal(org.ow2.proactive.authentication.principals.IdentityPrincipal)

Example 9 with NSAdminPermission

use of org.ow2.proactive.permissions.NSAdminPermission in project scheduling by ow2-proactive.

the class RMCore method undeployNodeSource.

/**
 * {@inheritDoc}
 */
public BooleanWrapper undeployNodeSource(String nodeSourceName, boolean preempt) {
    logger.info("Undeploy node source " + nodeSourceName + " with preempt=" + preempt + REQUESTED_BY_STRING + this.caller.getName());
    if (!this.definedNodeSources.containsKey(nodeSourceName)) {
        throw new IllegalArgumentException("Unknown node source " + nodeSourceName);
    }
    if (this.deployedNodeSources.containsKey(nodeSourceName)) {
        NodeSource nodeSourceToRemove = this.deployedNodeSources.get(nodeSourceName);
        this.caller.checkPermission(nodeSourceToRemove.getAdminPermission(), this.caller + " is not authorized to undeploy " + nodeSourceName, new RMCoreAllPermission(), new NSAdminPermission());
        nodeSourceToRemove.setStatus(NodeSourceStatus.NODES_UNDEPLOYED);
        this.removeAllNodes(nodeSourceName, preempt);
        this.updateNodeSourceDescriptorWithStatusAndPersist(this.definedNodeSources.get(nodeSourceName).getDescriptor(), NodeSourceStatus.NODES_UNDEPLOYED);
        this.nodeSourceUnregister(nodeSourceName, NodeSourceStatus.NODES_UNDEPLOYED, new RMNodeSourceEvent(RMEventType.NODESOURCE_SHUTDOWN, this.caller.getName(), nodeSourceName, nodeSourceToRemove.getDescription(), nodeSourceToRemove.getAdditionalInformation(), nodeSourceToRemove.getAdministrator().getName(), NodeSourceStatus.NODES_UNDEPLOYED.toString()));
        // asynchronously delegate the removal process to the node source
        nodeSourceToRemove.shutdown(this.caller);
    }
    return new BooleanWrapper(true);
}
Also used : NodeSource(org.ow2.proactive.resourcemanager.nodesource.NodeSource) RMCoreAllPermission(org.ow2.proactive.permissions.RMCoreAllPermission) NSAdminPermission(org.ow2.proactive.permissions.NSAdminPermission) RMNodeSourceEvent(org.ow2.proactive.resourcemanager.common.event.RMNodeSourceEvent) BooleanWrapper(org.objectweb.proactive.core.util.wrapper.BooleanWrapper)

Aggregations

NSAdminPermission (org.ow2.proactive.permissions.NSAdminPermission)7 RMCoreAllPermission (org.ow2.proactive.permissions.RMCoreAllPermission)7 BooleanWrapper (org.objectweb.proactive.core.util.wrapper.BooleanWrapper)5 NodeSource (org.ow2.proactive.resourcemanager.nodesource.NodeSource)5 Logger (org.apache.log4j.Logger)2 Node (org.objectweb.proactive.core.node.Node)2 RMNodeSourceEvent (org.ow2.proactive.resourcemanager.common.event.RMNodeSourceEvent)2 RMDeployingNode (org.ow2.proactive.resourcemanager.rmnode.RMDeployingNode)2 RMNode (org.ow2.proactive.resourcemanager.rmnode.RMNode)2 Scheduler (org.ow2.proactive.scheduler.common.Scheduler)2 NotConnectedException (org.ow2.proactive.scheduler.common.exception.NotConnectedException)2 PermissionException (org.ow2.proactive.scheduler.common.exception.PermissionException)2 NotConnectedRestException (org.ow2.proactive_grid_cloud_portal.scheduler.exception.NotConnectedRestException)2 PermissionRestException (org.ow2.proactive_grid_cloud_portal.scheduler.exception.PermissionRestException)2 ImmutableSet (com.google.common.collect.ImmutableSet)1 Permission (java.security.Permission)1 HashSet (java.util.HashSet)1 Entry (java.util.Map.Entry)1 Set (java.util.Set)1 Level (org.apache.log4j.Level)1