public String getCallingAccountUuid() { return getCallingAccount().getUuid(); }
public String getCallingAccountUuid() { return getCallingAccount().getUuid(); }
private boolean removeUserAccount(final Account account) { if (account == null || !isEnabled()) { return false; } final CloudianClient client = getClient(); final Domain domain = domainDao.findById(account.getDomainId()); for (int retry = 0; retry < 3; retry++) { if (client.removeUser(account.getUuid(), domain.getUuid())) { return true; } else { LOG.warn("Failed to remove Cloudian user id=" + account.getUuid() + " in group id=" + domain.getUuid() + ", retrying count=" + retry+1); } } LOG.warn("Failed to remove Cloudian user id=" + account.getUuid() + " in group id=" + domain.getUuid() + ", please remove manually"); return false; }
eventDescription.put("account", account.getUuid()); eventDescription.put("zone", zoneUuid); eventDescription.put("event", usageEventType);
callingUser.getUuid(), callingUser.getUsername(), callingAccount.getUuid(), callingAccount.getAccountName())); return;
eventDescription.put("project", project.getUuid()); eventDescription.put("user", user.getUuid()); eventDescription.put("account", account.getUuid()); eventDescription.put("event", eventType); eventDescription.put("status", state.toString());
boolean isAdmin = isDomainAdmin || isRootAdminExecutingPasswordUpdate; if (isAdmin) { s_logger.trace(String.format("Admin account [uuid=%s] executing password update for user [%s] ", callingAccount.getUuid(), user.getUuid()));
final Domain domain = domainDao.findById(caller.getDomainId()); String user = caller.getUuid(); String group = domain.getUuid();
private boolean addUserAccount(final Account account, final Domain domain) { if (account == null || domain == null || !isEnabled()) { return false; } final User accountUser = userDao.listByAccount(account.getId()).get(0); final CloudianClient client = getClient(); final String fullName = String.format("%s %s (%s)", accountUser.getFirstname(), accountUser.getLastname(), account.getAccountName()); final CloudianUser user = new CloudianUser(); user.setUserId(account.getUuid()); user.setGroupId(domain.getUuid()); user.setFullName(fullName); user.setEmailAddr(accountUser.getEmail()); user.setUserType(CloudianUser.USER); user.setActive(true); return client.addUser(user); }
@Override public LinkAccountToLdapResponse linkAccountToLdap(LinkAccountToLdapCmd cmd) { Validate.notNull(_ldapConfiguration.getBaseDn(cmd.getDomainId()), "can not link an account to ldap in a domain for which no basdn is configured"); Validate.notNull(cmd.getDomainId(), "domainId cannot be null."); Validate.notEmpty(cmd.getAccountName(), "accountName cannot be empty."); Validate.notEmpty(cmd.getLdapDomain(), "ldapDomain cannot be empty, please supply a GROUP or OU name"); Validate.notNull(cmd.getType(), "type cannot be null. It should either be GROUP or OU"); Validate.notEmpty(cmd.getLdapDomain(), "GROUP or OU name cannot be empty"); LinkType linkType = LdapManager.LinkType.valueOf(cmd.getType().toUpperCase()); Account account = accountDao.findActiveAccount(cmd.getAccountName(),cmd.getDomainId()); if (account == null) { account = new AccountVO(cmd.getAccountName(), cmd.getDomainId(), null, cmd.getAccountType(), UUID.randomUUID().toString()); accountDao.persist((AccountVO)account); } Long accountId = account.getAccountId(); LdapTrustMapVO vo = _ldapTrustMapDao.persist(new LdapTrustMapVO(cmd.getDomainId(), linkType, cmd.getLdapDomain(), cmd.getAccountType(), accountId)); DomainVO domain = domainDao.findById(vo.getDomainId()); String domainUuid = "<unknown>"; if (domain == null) { s_logger.error("no domain in database for id " + vo.getDomainId()); } else { domainUuid = domain.getUuid(); } LinkAccountToLdapResponse response = new LinkAccountToLdapResponse(domainUuid, vo.getType().toString(), vo.getName(), vo.getAccountType(), account.getUuid(), cmd.getAccountName()); return response; } }
throw new PermissionDeniedException("The account " + caller.getUuid() + " is removed");
public UploadListener(DataStore host, Timer timerInput, UploadDao uploadDao, UploadVO uploadObj, UploadMonitorImpl uploadMonitor, UploadCommand cmd, Long accountId, String typeName, Type type, long eventId, long asyncJobId, AsyncJobManager asyncMgr) { sserver = host; this.uploadDao = uploadDao; this.uploadMonitor = uploadMonitor; this.cmd = cmd; uploadId = uploadObj.getId(); this.accountId = accountId; this.typeName = typeName; this.type = type; initStateMachine(); currState = getState(Status.NOT_UPLOADED.toString()); timer = timerInput; timeoutTask = new TimeoutTask(this); timer.schedule(timeoutTask, 3 * STATUS_POLL_INTERVAL); this.eventId = eventId; this.asyncJobId = asyncJobId; this.asyncMgr = asyncMgr; String extractId = null; if (type == Type.VOLUME) { extractId = ApiDBUtils.findVolumeById(uploadObj.getTypeId()).getUuid(); } else { extractId = ApiDBUtils.findTemplateById(uploadObj.getTypeId()).getUuid(); } resultObj = new ExtractResponse(extractId, typeName, ApiDBUtils.findAccountById(accountId).getUuid(), Status.NOT_UPLOADED.toString(), ApiDBUtils.findUploadById(uploadId) .getUuid()); resultObj.setResponseName(responseNameMap.get(type.toString())); updateDatabase(Status.NOT_UPLOADED, cmd.getUrl(), ""); }
@Override public ApiLimitResponse searchApiLimit(Account caller) { ApiLimitResponse response = new ApiLimitResponse(); response.setAccountId(caller.getUuid()); response.setAccountName(caller.getAccountName()); StoreEntry entry = _store.get(caller.getId()); if (entry == null) { /* Populate the entry, thus unlocking any underlying mutex */ entry = _store.create(caller.getId(), timeToLive); response.setApiIssued(0); response.setApiAllowed(maxAllowed); response.setExpireAfter(timeToLive); } else { response.setApiIssued(entry.getCounter()); response.setApiAllowed(maxAllowed - entry.getCounter()); response.setExpireAfter(entry.getExpireDuration()); } return response; }
@Override @ActionEvent(eventType = EventTypes.EVENT_ACCOUNT_DISABLE, eventDescription = "disabling account", async = true) public AccountVO disableAccount(String accountName, Long domainId, Long accountId) throws ConcurrentOperationException, ResourceUnavailableException { Account caller = getCurrentCallingAccount(); Account account = null; if (accountId != null) { account = _accountDao.findById(accountId); } else { account = _accountDao.findActiveAccount(accountName, domainId); } if (account == null || account.getType() == Account.ACCOUNT_TYPE_PROJECT) { throw new InvalidParameterValueException("Unable to find account by accountId: " + accountId + " OR by name: " + accountName + " in domain " + domainId); } if (account.getId() == Account.ACCOUNT_ID_SYSTEM) { throw new PermissionDeniedException("Account id : " + accountId + " is a system account, disable is not allowed"); } checkAccess(caller, AccessType.OperateEntry, true, account); if (disableAccount(account.getId())) { CallContext.current().putContextParameter(Account.class, account.getUuid()); return _accountDao.findById(account.getId()); } else { throw new CloudRuntimeException("Unable to update account by accountId: " + accountId + " OR by name: " + accountName + " in domain " + domainId); } }
@Override public long getEntityOwnerId() { VMSnapshot vmsnapshot = _entityMgr.findById(VMSnapshot.class, getVMSnapshotId()); if (vmsnapshot == null) { throw new InvalidParameterValueException("Unable to find vmsnapshot by id=" + getVMSnapshotId()); } Account account = _accountService.getAccount(vmsnapshot.getAccountId()); //Can create templates for enabled projects/accounts only if (account.getType() == Account.ACCOUNT_TYPE_PROJECT) { Project project = _projectService.findByProjectAccountId(vmsnapshot.getAccountId()); if (project == null) { throw new InvalidParameterValueException("Unable to find project by account id=" + account.getUuid()); } if (project.getState() != Project.State.Active) { throw new PermissionDeniedException("Can't add resources to the project id=" + project.getUuid() + " in state=" + project.getState() + " as it's no longer active"); } } else if (account.getState() == Account.State.disabled) { throw new PermissionDeniedException("The owner of template is disabled: " + account); } return vmsnapshot.getAccountId(); }
@Override @ActionEvent(eventType = EventTypes.EVENT_ACCOUNT_DISABLE, eventDescription = "locking account", async = true) public AccountVO lockAccount(String accountName, Long domainId, Long accountId) { Account caller = getCurrentCallingAccount(); Account account = null; if (accountId != null) { account = _accountDao.findById(accountId); } else { account = _accountDao.findActiveAccount(accountName, domainId); } if (account == null || account.getType() == Account.ACCOUNT_TYPE_PROJECT) { throw new InvalidParameterValueException("Unable to find active account by accountId: " + accountId + " OR by name: " + accountName + " in domain " + domainId); } if (account.getId() == Account.ACCOUNT_ID_SYSTEM) { throw new PermissionDeniedException("Account id : " + accountId + " is a system account, lock is not allowed"); } checkAccess(caller, AccessType.OperateEntry, true, account); if (lockAccount(account.getId())) { CallContext.current().putContextParameter(Account.class, account.getUuid()); return _accountDao.findById(account.getId()); } else { throw new CloudRuntimeException("Unable to lock account by accountId: " + accountId + " OR by name: " + accountName + " in domain " + domainId); } }
@Override public ExtractResponse createExtractResponse(Long id, Long zoneId, Long accountId, String mode, String url) { ExtractResponse response = new ExtractResponse(); response.setObjectName("template"); VMTemplateVO template = ApiDBUtils.findTemplateById(id); response.setId(template.getUuid()); response.setName(template.getName()); if (zoneId != null) { DataCenter zone = ApiDBUtils.findZoneById(zoneId); response.setZoneId(zone.getUuid()); response.setZoneName(zone.getName()); } response.setMode(mode); response.setUrl(url); response.setState(Upload.Status.DOWNLOAD_URL_CREATED.toString()); Account account = ApiDBUtils.findAccountById(accountId); response.setAccountId(account.getUuid()); return response; }
@Override @ActionEvent(eventType = EventTypes.EVENT_ACCOUNT_ENABLE, eventDescription = "enabling account", async = true) public AccountVO enableAccount(String accountName, Long domainId, Long accountId) { // Check if account exists Account account = null; if (accountId != null) { account = _accountDao.findById(accountId); } else { account = _accountDao.findActiveAccount(accountName, domainId); } if (account == null || account.getType() == Account.ACCOUNT_TYPE_PROJECT) { throw new InvalidParameterValueException("Unable to find account by accountId: " + accountId + " OR by name: " + accountName + " in domain " + domainId); } if (account.getId() == Account.ACCOUNT_ID_SYSTEM) { throw new PermissionDeniedException("Account id : " + accountId + " is a system account, enable is not allowed"); } // Check if user performing the action is allowed to modify this account Account caller = getCurrentCallingAccount(); checkAccess(caller, AccessType.OperateEntry, true, account); boolean success = enableAccount(account.getId()); if (success) { CallContext.current().putContextParameter(Account.class, account.getUuid()); return _accountDao.findById(account.getId()); } else { throw new CloudRuntimeException("Unable to enable account by accountId: " + accountId + " OR by name: " + accountName + " in domain " + domainId); } }
@Override public ExtractResponse createExtractResponse(Long uploadId, Long id, Long zoneId, Long accountId, String mode, String url) { ExtractResponse response = new ExtractResponse(); response.setObjectName("template"); VMTemplateVO template = ApiDBUtils.findTemplateById(id); response.setId(template.getUuid()); response.setName(template.getName()); if (zoneId != null) { DataCenter zone = ApiDBUtils.findZoneById(zoneId); response.setZoneId(zone.getUuid()); response.setZoneName(zone.getName()); } response.setMode(mode); if (uploadId == null) { // region-wide image store response.setUrl(url); response.setState(Upload.Status.DOWNLOAD_URL_CREATED.toString()); } else { UploadVO uploadInfo = ApiDBUtils.findUploadById(uploadId); response.setUploadId(uploadInfo.getUuid()); response.setState(uploadInfo.getUploadState().toString()); response.setUrl(uploadInfo.getUploadUrl()); } Account account = ApiDBUtils.findAccountById(accountId); response.setAccountId(account.getUuid()); return response; }
@Override public void execute() { CallContext.current().setEventDetails("Volume Id: " + this._uuidMgr.getUuid(Volume.class, getId())); String uploadUrl = _volumeService.extractVolume(this); if (uploadUrl != null) { ExtractResponse response = new ExtractResponse(); response.setResponseName(getCommandName()); response.setObjectName("volume"); Volume vol = _entityMgr.findById(Volume.class, id); response.setId(vol.getUuid()); response.setName(vol.getName()); DataCenter zone = _entityMgr.findById(DataCenter.class, zoneId); response.setZoneId(zone.getUuid()); response.setZoneName(zone.getName()); response.setMode(mode); response.setState(Upload.Status.DOWNLOAD_URL_CREATED.toString()); Account account = _entityMgr.findById(Account.class, getEntityOwnerId()); response.setAccountId(account.getUuid()); response.setUrl(uploadUrl); setResponseObject(response); } else { throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to extract volume"); } } }