diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index fa0e1131e6a..7a6275ca790 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -115,84 +115,111 @@ import com.cloud.vm.dao.InstanceGroupDao; import com.cloud.vm.dao.UserVmDao; import com.cloud.vm.dao.VMInstanceDao; -@Local(value={AccountManager.class, AccountService.class}) +@Local(value = { AccountManager.class, AccountService.class }) public class AccountManagerImpl implements AccountManager, AccountService, Manager { - public static final Logger s_logger = Logger.getLogger(AccountManagerImpl.class); - - private String _name; - @Inject private AccountDao _accountDao; - @Inject ConfigurationDao _configDao; - @Inject private DomainDao _domainDao; - @Inject private ResourceLimitDao _resourceLimitDao; - @Inject private ResourceCountDao _resourceCountDao; - @Inject private UserDao _userDao; - @Inject private InstanceGroupDao _vmGroupDao; - @Inject private UserAccountDao _userAccountDao; - @Inject private VolumeDao _volumeDao; - @Inject private UserVmDao _userVmDao; - @Inject private VMTemplateDao _templateDao; - @Inject private NetworkDao _networkDao; - @Inject private SecurityGroupDao _securityGroupDao; - @Inject private VMInstanceDao _vmDao; - - - @Inject private SecurityGroupManager _networkGroupMgr; - @Inject private NetworkManager _networkMgr; - @Inject private SnapshotManager _snapMgr; - @Inject private UserVmManager _vmMgr; - @Inject private StorageManager _storageMgr; - @Inject private TemplateManager _tmpltMgr; - @Inject private ConfigurationManager _configMgr; - @Inject private VirtualMachineManager _itMgr; - @Inject private UsageEventDao _usageEventDao; - @Inject private RemoteAccessVpnDao _remoteAccessVpnDao; - @Inject private RemoteAccessVpnService _remoteAccessVpnMgr; - @Inject private VpnUserDao _vpnUser; - @Inject private DataCenterDao _dcDao; + public static final Logger s_logger = Logger.getLogger(AccountManagerImpl.class); + + private String _name; + @Inject + private AccountDao _accountDao; + @Inject + ConfigurationDao _configDao; + @Inject + private DomainDao _domainDao; + @Inject + private ResourceLimitDao _resourceLimitDao; + @Inject + private ResourceCountDao _resourceCountDao; + @Inject + private UserDao _userDao; + @Inject + private InstanceGroupDao _vmGroupDao; + @Inject + private UserAccountDao _userAccountDao; + @Inject + private VolumeDao _volumeDao; + @Inject + private UserVmDao _userVmDao; + @Inject + private VMTemplateDao _templateDao; + @Inject + private NetworkDao _networkDao; + @Inject + private SecurityGroupDao _securityGroupDao; + @Inject + private VMInstanceDao _vmDao; + + @Inject + private SecurityGroupManager _networkGroupMgr; + @Inject + private NetworkManager _networkMgr; + @Inject + private SnapshotManager _snapMgr; + @Inject + private UserVmManager _vmMgr; + @Inject + private StorageManager _storageMgr; + @Inject + private TemplateManager _tmpltMgr; + @Inject + private ConfigurationManager _configMgr; + @Inject + private VirtualMachineManager _itMgr; + @Inject + private UsageEventDao _usageEventDao; + @Inject + private RemoteAccessVpnDao _remoteAccessVpnDao; + @Inject + private RemoteAccessVpnService _remoteAccessVpnMgr; + @Inject + private VpnUserDao _vpnUser; + @Inject + private DataCenterDao _dcDao; + private final ScheduledExecutorService _executor = Executors.newScheduledThreadPool(1, new NamedThreadFactory("AccountChecker")); - - private final GlobalLock m_resourceCountLock = GlobalLock.getInternLock("resource.count"); - - UserVO _systemUser; - AccountVO _systemAccount; - @Inject(adapter=SecurityChecker.class) - Adapters _securityCheckers; - int _cleanupInterval; - - @Override + + private final GlobalLock m_resourceCountLock = GlobalLock.getInternLock("resource.count"); + + UserVO _systemUser; + AccountVO _systemAccount; + @Inject(adapter = SecurityChecker.class) + Adapters _securityCheckers; + int _cleanupInterval; + + @Override public boolean configure(final String name, final Map params) throws ConfigurationException { - _name = name; - - _systemAccount = _accountDao.findById(AccountVO.ACCOUNT_ID_SYSTEM); - if (_systemAccount == null) { - throw new ConfigurationException("Unable to find the system account using " + Account.ACCOUNT_ID_SYSTEM); - } - - _systemUser = _userDao.findById(UserVO.UID_SYSTEM); - if (_systemUser == null) { - throw new ConfigurationException("Unable to find the system user using " + User.UID_SYSTEM); - } - - ComponentLocator locator = ComponentLocator.getCurrentLocator(); - ConfigurationDao configDao = locator.getDao(ConfigurationDao.class); - Map configs = configDao.getConfiguration(params); - + _name = name; + + _systemAccount = _accountDao.findById(AccountVO.ACCOUNT_ID_SYSTEM); + if (_systemAccount == null) { + throw new ConfigurationException("Unable to find the system account using " + Account.ACCOUNT_ID_SYSTEM); + } + + _systemUser = _userDao.findById(UserVO.UID_SYSTEM); + if (_systemUser == null) { + throw new ConfigurationException("Unable to find the system user using " + User.UID_SYSTEM); + } + + ComponentLocator locator = ComponentLocator.getCurrentLocator(); + ConfigurationDao configDao = locator.getDao(ConfigurationDao.class); + Map configs = configDao.getConfiguration(params); + String value = configs.get(Config.AccountCleanupInterval.key()); _cleanupInterval = NumbersUtil.parseInt(value, 60 * 60 * 24); // 1 hour. - - return true; + + return true; } - - @Override + + @Override public UserVO getSystemUser() { - return _systemUser; - } - + return _systemUser; + } + @Override public String getName() { return _name; } - + @Override public boolean start() { _executor.scheduleAtFixedRate(new AccountCleanupTask(), _cleanupInterval, _cleanupInterval, TimeUnit.SECONDS); @@ -205,15 +232,15 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } @Override - public void incrementResourceCount(long accountId, ResourceType type, Long...delta) { - long numToIncrement = (delta.length == 0) ? 1 : delta[0].longValue(); + public void incrementResourceCount(long accountId, ResourceType type, Long... delta) { + long numToIncrement = (delta.length == 0) ? 1 : delta[0].longValue(); - if (m_resourceCountLock.lock(120)) { // 2 minutes - try { + if (m_resourceCountLock.lock(120)) { // 2 minutes + try { _resourceCountDao.updateAccountCount(accountId, type, true, numToIncrement); // on a per-domain basis, increment the count - // FIXME: can this increment be done on the database side in a custom update statement? + // FIXME: can this increment be done on the database side in a custom update statement? Account account = _accountDao.findByIdIncludingRemoved(accountId); Long domainId = account.getDomainId(); while (domainId != null) { @@ -221,31 +248,33 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag DomainVO domain = _domainDao.findById(domainId); domainId = domain.getParent(); } - } finally { - m_resourceCountLock.unlock(); - } - } - } - - @Override - public void decrementResourceCount(long accountId, ResourceType type, Long...delta) { - long numToDecrement = (delta.length == 0) ? 1 : delta[0].longValue(); - - if (m_resourceCountLock.lock(120)) { // 2 minutes - try { - assert ((_resourceCountDao.getAccountCount(accountId, type) - numToDecrement) >= 0) : "Resource counts can not be negative. Check where we skipped increment."; - _resourceCountDao.updateAccountCount(accountId, type, false, numToDecrement); - - // on a per-domain basis, decrement the count - // FIXME: can this decrement be done on the database side in a custom update statement? - Account account = _accountDao.findByIdIncludingRemoved(accountId); // find all accounts, even removed accounts if this happens to be for an account that's being deleted - Long domainId = account.getDomainId(); - while (domainId != null) { - assert ((_resourceCountDao.getDomainCount(domainId, type) - numToDecrement) >= 0) : "Resource counts can not be negative. Check where we skipped increment."; - _resourceCountDao.updateDomainCount(domainId, type, false, numToDecrement); - DomainVO domain = _domainDao.findById(domainId); - domainId = domain.getParent(); - } + } finally { + m_resourceCountLock.unlock(); + } + } + } + + @Override + public void decrementResourceCount(long accountId, ResourceType type, Long... delta) { + long numToDecrement = (delta.length == 0) ? 1 : delta[0].longValue(); + + if (m_resourceCountLock.lock(120)) { // 2 minutes + try { + assert ((_resourceCountDao.getAccountCount(accountId, type) - numToDecrement) >= 0) : "Resource counts can not be negative. Check where we skipped increment."; + _resourceCountDao.updateAccountCount(accountId, type, false, numToDecrement); + + // on a per-domain basis, decrement the count + // FIXME: can this decrement be done on the database side in a custom update statement? + Account account = _accountDao.findByIdIncludingRemoved(accountId); // find all accounts, even removed accounts + // if this happens to be for an account + // that's being deleted + Long domainId = account.getDomainId(); + while (domainId != null) { + assert ((_resourceCountDao.getDomainCount(domainId, type) - numToDecrement) >= 0) : "Resource counts can not be negative. Check where we skipped increment."; + _resourceCountDao.updateDomainCount(domainId, type, false, numToDecrement); + DomainVO domain = _domainDao.findByIdIncludingRemoved(domainId); + domainId = domain.getParent(); + } } finally { m_resourceCountLock.unlock(); } @@ -254,48 +283,48 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag @Override public long findCorrectResourceLimit(AccountVO account, ResourceType type) { - long max = -1; - - ResourceLimitVO limit = _resourceLimitDao.findByAccountIdAndType(account.getId(), type); + long max = -1; - // Check if limit is configured for account - if (limit != null) { - max = limit.getMax().longValue(); - } else { - // If the account has an no limit set, then return global default account limits - try { - switch (type) { - case public_ip: - max = Long.parseLong(_configDao.getValue(Config.DefaultMaxAccountPublicIPs.key())); - break; - case snapshot: - max = Long.parseLong(_configDao.getValue(Config.DefaultMaxAccountSnapshots.key())); - break; - case template: - max = Long.parseLong(_configDao.getValue(Config.DefaultMaxAccountTemplates.key())); - break; - case user_vm: - max = Long.parseLong(_configDao.getValue(Config.DefaultMaxAccountUserVms.key())); - break; - case volume: - max = Long.parseLong(_configDao.getValue(Config.DefaultMaxAccountVolumes.key())); - break; - } - } catch (NumberFormatException nfe) { - s_logger.error("Invalid value is set for the default account limit."); - } - } + ResourceLimitVO limit = _resourceLimitDao.findByAccountIdAndType(account.getId(), type); - return max; + // Check if limit is configured for account + if (limit != null) { + max = limit.getMax().longValue(); + } else { + // If the account has an no limit set, then return global default account limits + try { + switch (type) { + case public_ip: + max = Long.parseLong(_configDao.getValue(Config.DefaultMaxAccountPublicIPs.key())); + break; + case snapshot: + max = Long.parseLong(_configDao.getValue(Config.DefaultMaxAccountSnapshots.key())); + break; + case template: + max = Long.parseLong(_configDao.getValue(Config.DefaultMaxAccountTemplates.key())); + break; + case user_vm: + max = Long.parseLong(_configDao.getValue(Config.DefaultMaxAccountUserVms.key())); + break; + case volume: + max = Long.parseLong(_configDao.getValue(Config.DefaultMaxAccountVolumes.key())); + break; + } + } catch (NumberFormatException nfe) { + s_logger.error("Invalid value is set for the default account limit."); + } + } + + return max; } @Override public long findCorrectResourceLimit(DomainVO domain, ResourceType type) { long max = -1; - + // Check account ResourceLimitVO limit = _resourceLimitDao.findByDomainIdAndType(domain.getId(), type); - + if (limit != null) { max = limit.getMax().longValue(); } else { @@ -306,7 +335,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag DomainVO tmpDomain = _domainDao.findById(domainId); domainId = tmpDomain.getParent(); } - + if (limit != null) { max = limit.getMax().longValue(); } @@ -316,21 +345,21 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } @Override - public boolean resourceLimitExceeded(Account account, ResourceType type, long...count) { - long numResources = ((count.length == 0) ? 1 : count[0]); + public boolean resourceLimitExceeded(Account account, ResourceType type, long... count) { + long numResources = ((count.length == 0) ? 1 : count[0]); - // Don't place any limits on system or admin accounts - long accountType = account.getType(); - if (accountType == Account.ACCOUNT_TYPE_ADMIN || accountType == Account.ACCOUNT_ID_SYSTEM) { - return false; - } + // Don't place any limits on system or admin accounts + long accountType = account.getType(); + if (accountType == Account.ACCOUNT_TYPE_ADMIN || accountType == Account.ACCOUNT_ID_SYSTEM) { + return false; + } if (m_resourceCountLock.lock(120)) { // 2 minutes try { // Check account limits - AccountVO accountVo = _accountDao.findById(account.getAccountId()); - long accountLimit = findCorrectResourceLimit(accountVo, type); - long potentialCount = _resourceCountDao.getAccountCount(account.getId(), type) + numResources; + AccountVO accountVo = _accountDao.findById(account.getAccountId()); + long accountLimit = findCorrectResourceLimit(accountVo, type); + long potentialCount = _resourceCountDao.getAccountCount(account.getId(), type) + numResources; if (potentialCount > accountLimit) { return true; } @@ -353,115 +382,115 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } } - return false; + return false; } @Override public long getResourceCount(AccountVO account, ResourceType type) { - return _resourceCountDao.getAccountCount(account.getId(), type); + return _resourceCountDao.getAccountCount(account.getId(), type); } - + @Override public List searchForLimits(Criteria c) { Long id = (Long) c.getCriteria(Criteria.ID); Long domainId = (Long) c.getCriteria(Criteria.DOMAINID); Long accountId = (Long) c.getCriteria(Criteria.ACCOUNTID); ResourceType type = (ResourceType) c.getCriteria(Criteria.TYPE); - + // For 2.0, we are just limiting the scope to having an user retrieve // limits for himself and if limits don't exist, use the ROOT domain's limits. // - Will List limits = new ArrayList(); if ((accountId != null) && (domainId != null)) { - //if domainId==ROOT_DOMAIN and account belongs to admin - //return all records for resource limits (bug 3778) - - if (domainId == DomainVO.ROOT_DOMAIN) { - AccountVO account = _accountDao.findById(accountId); - - if ((account != null) && (account.getType() == 1)) { - // account belongs to admin return all limits - limits = _resourceLimitDao.listAll(); - return limits; - } - } + // if domainId==ROOT_DOMAIN and account belongs to admin + // return all records for resource limits (bug 3778) + + if (domainId == DomainVO.ROOT_DOMAIN) { + AccountVO account = _accountDao.findById(accountId); + + if ((account != null) && (account.getType() == 1)) { + // account belongs to admin return all limits + limits = _resourceLimitDao.listAll(); + return limits; + } + } } if (accountId != null) { - SearchBuilder sb = _resourceLimitDao.createSearchBuilder(); - sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ); - sb.and("type", sb.entity().getType(), SearchCriteria.Op.EQ); + SearchBuilder sb = _resourceLimitDao.createSearchBuilder(); + sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ); + sb.and("type", sb.entity().getType(), SearchCriteria.Op.EQ); sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ); - SearchCriteria sc = sb.create(); + SearchCriteria sc = sb.create(); - if (accountId != null) { - sc.setParameters("accountId", accountId); - } + if (accountId != null) { + sc.setParameters("accountId", accountId); + } - if (type != null) { - sc.setParameters("type", type); - } + if (type != null) { + sc.setParameters("type", type); + } - if (id != null) { - sc.setParameters("id", id); - } + if (id != null) { + sc.setParameters("id", id); + } - // Listing all limits for an account - if (type == null) { - //List userLimits = _resourceLimitDao.search(sc, searchFilter); - List userLimits = _resourceLimitDao.listByAccountId(accountId); - List rootLimits = _resourceLimitDao.listByDomainId(DomainVO.ROOT_DOMAIN); - ResourceType resourceTypes[] = ResourceType.values(); - - for (ResourceType resourceType: resourceTypes) { - boolean found = false; - for (ResourceLimitVO userLimit : userLimits) { - if (userLimit.getType() == resourceType) { - limits.add(userLimit); - found = true; - break; - } - } - if (!found) { - // Check the ROOT domain - for (ResourceLimitVO rootLimit : rootLimits) { - if (rootLimit.getType() == resourceType) { - limits.add(rootLimit); - found = true; - break; - } - } - } - if (!found) { - limits.add(new ResourceLimitVO(domainId, accountId, resourceType, -1L)); - } - } - } else { - AccountVO account = _accountDao.findById(accountId); - limits.add(new ResourceLimitVO(null, accountId, type, findCorrectResourceLimit(account, type))); - } + // Listing all limits for an account + if (type == null) { + // List userLimits = _resourceLimitDao.search(sc, searchFilter); + List userLimits = _resourceLimitDao.listByAccountId(accountId); + List rootLimits = _resourceLimitDao.listByDomainId(DomainVO.ROOT_DOMAIN); + ResourceType resourceTypes[] = ResourceType.values(); + + for (ResourceType resourceType : resourceTypes) { + boolean found = false; + for (ResourceLimitVO userLimit : userLimits) { + if (userLimit.getType() == resourceType) { + limits.add(userLimit); + found = true; + break; + } + } + if (!found) { + // Check the ROOT domain + for (ResourceLimitVO rootLimit : rootLimits) { + if (rootLimit.getType() == resourceType) { + limits.add(rootLimit); + found = true; + break; + } + } + } + if (!found) { + limits.add(new ResourceLimitVO(domainId, accountId, resourceType, -1L)); + } + } + } else { + AccountVO account = _accountDao.findById(accountId); + limits.add(new ResourceLimitVO(null, accountId, type, findCorrectResourceLimit(account, type))); + } } else if (domainId != null) { - if (type == null) { - ResourceType resourceTypes[] = ResourceType.values(); - List domainLimits = _resourceLimitDao.listByDomainId(domainId); - for (ResourceType resourceType: resourceTypes) { - boolean found = false; - for (ResourceLimitVO domainLimit : domainLimits) { - if (domainLimit.getType() == resourceType) { - limits.add(domainLimit); - found = true; - break; - } - } - if (!found) { - limits.add(new ResourceLimitVO(domainId, null, resourceType, -1L)); - } - } - } else { - limits.add(_resourceLimitDao.findByDomainIdAndType(domainId, type)); - } + if (type == null) { + ResourceType resourceTypes[] = ResourceType.values(); + List domainLimits = _resourceLimitDao.listByDomainId(domainId); + for (ResourceType resourceType : resourceTypes) { + boolean found = false; + for (ResourceLimitVO domainLimit : domainLimits) { + if (domainLimit.getType() == resourceType) { + limits.add(domainLimit); + found = true; + break; + } + } + if (!found) { + limits.add(new ResourceLimitVO(domainId, null, resourceType, -1L)); + } + } + } else { + limits.add(_resourceLimitDao.findByDomainIdAndType(domainId, type)); + } } return limits; } @@ -482,17 +511,18 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } Account userAccount = _accountDao.findActiveAccount(accountName, domainId); - + if (userAccount == null) { throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId); - } else if (account != null && (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN || account.getType() == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN || account.getType() == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN)) { + } else if (account != null + && (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN || account.getType() == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN || account.getType() == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN)) { // If this is a non-root admin, make sure that the admin and the user account belong in the same domain or // that the user account's domain is a child domain of the parent if (account.getDomainId() != userAccount.getDomainId() && !_domainDao.isChildDomain(account.getDomainId(), userAccount.getDomainId())) { throw new PermissionDeniedException("You do not have permission to access limits for this account: " + accountName); } } - + accountId = userAccount.getId(); domainId = null; } else if (domainId != null) { @@ -510,7 +540,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag // Look up limits for the user's account accountId = account.getId(); domainId = null; - } + } // Map resource type ResourceType resourceType = null; @@ -532,31 +562,30 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } @Override - public ResourceLimitVO updateResourceLimit(UpdateResourceLimitCmd cmd) { + public ResourceLimitVO updateResourceLimit(UpdateResourceLimitCmd cmd) { Account account = UserContext.current().getCaller(); - String accountName = cmd.getAccountName(); - Long domainId = cmd.getDomainId(); - Long max = cmd.getMax(); - Integer type = cmd.getResourceType(); - - //Validate input + String accountName = cmd.getAccountName(); + Long domainId = cmd.getDomainId(); + Long max = cmd.getMax(); + Integer type = cmd.getResourceType(); + + // Validate input Long accountId = null; if (max == null) { - max = new Long(-1); + max = new Long(-1); } else if (max < -1) { - throw new InvalidParameterValueException("Please specify either '-1' for an infinite limit, or a limit that is at least '0'."); + throw new InvalidParameterValueException("Please specify either '-1' for an infinite limit, or a limit that is at least '0'."); } // Map resource type ResourceType resourceType; try { - resourceType = ResourceType.values()[type]; + resourceType = ResourceType.values()[type]; } catch (ArrayIndexOutOfBoundsException e) { - throw new InvalidParameterValueException("Please specify a valid resource type."); - } - - + throw new InvalidParameterValueException("Please specify a valid resource type."); + } + // Either a domainId or an accountId must be passed in, but not both. if ((domainId == null) && (accountName == null)) { throw new InvalidParameterValueException("Either a domainId or domainId/account must be passed in."); @@ -565,74 +594,72 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag if (account != null) { if (domainId != null) { if (!_domainDao.isChildDomain(account.getDomainId(), domainId)) { - throw new PermissionDeniedException("Unable to update resource limit for " + ((account.getAccountName() == null) ? "" : "account " + account.getAccountName() + " in ") + "domain " + domainId + ", permission denied"); + throw new PermissionDeniedException("Unable to update resource limit for " + ((account.getAccountName() == null) ? "" : "account " + account.getAccountName() + " in ") + "domain " + + domainId + ", permission denied"); } } else if (account.getType() == Account.ACCOUNT_TYPE_ADMIN) { domainId = DomainVO.ROOT_DOMAIN; // for root admin, default to root domain if domain is not specified - } - + } + if (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN || account.getType() == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) { if ((domainId != null) && (accountName == null) && domainId.equals(account.getDomainId())) { // if the admin is trying to update their own domain, disallow... throw new PermissionDeniedException("Unable to update resource limit for domain " + domainId + ", permission denied"); } - // If there is an existing ROOT domain limit, make sure its max isn't being exceeded - Criteria c = new Criteria(); - c.addCriteria(Criteria.DOMAINID, DomainVO.ROOT_DOMAIN); - c.addCriteria(Criteria.TYPE, resourceType); - List currentRootDomainLimits = searchForLimits(c); - ResourceLimitVO currentRootDomainLimit = (currentRootDomainLimits.size() == 0) ? null : currentRootDomainLimits.get(0); - if (currentRootDomainLimit != null) { - long currentRootDomainMax = currentRootDomainLimits.get(0).getMax(); - if ((max == -1 && currentRootDomainMax != -1) || max > currentRootDomainMax) { - throw new InvalidParameterValueException("The current ROOT domain limit for resource type " + resourceType + " is " + currentRootDomainMax + " and cannot be exceeded."); - } - } + // If there is an existing ROOT domain limit, make sure its max isn't being exceeded + Criteria c = new Criteria(); + c.addCriteria(Criteria.DOMAINID, DomainVO.ROOT_DOMAIN); + c.addCriteria(Criteria.TYPE, resourceType); + List currentRootDomainLimits = searchForLimits(c); + ResourceLimitVO currentRootDomainLimit = (currentRootDomainLimits.size() == 0) ? null : currentRootDomainLimits.get(0); + if (currentRootDomainLimit != null) { + long currentRootDomainMax = currentRootDomainLimits.get(0).getMax(); + if ((max == -1 && currentRootDomainMax != -1) || max > currentRootDomainMax) { + throw new InvalidParameterValueException("The current ROOT domain limit for resource type " + resourceType + " is " + currentRootDomainMax + " and cannot be exceeded."); + } + } } - } + } - - if (accountName != null) { - if (domainId == null) { - throw new InvalidParameterValueException("domainId parameter is required if account is specified"); - } + if (accountName != null) { + if (domainId == null) { + throw new InvalidParameterValueException("domainId parameter is required if account is specified"); + } Account userAccount = _accountDao.findActiveAccount(accountName, domainId); if (userAccount == null) { throw new InvalidParameterValueException("unable to find account by name " + account.getAccountName() + " in domain with id " + domainId); } accountId = userAccount.getId(); - } + } if (accountId != null) { domainId = null; } - - // Check if the domain or account exists and is valid if (accountId != null) { - AccountVO accountHandle = _accountDao.findById(accountId); + AccountVO accountHandle = _accountDao.findById(accountId); if (accountHandle == null) { throw new InvalidParameterValueException("Please specify a valid account ID."); } else if (accountHandle.getRemoved() != null) { - throw new InvalidParameterValueException("Please specify an active account."); + throw new InvalidParameterValueException("Please specify an active account."); } else if (accountHandle.getType() == Account.ACCOUNT_TYPE_ADMIN || accountHandle.getType() == Account.ACCOUNT_ID_SYSTEM) { - throw new InvalidParameterValueException("Please specify a non-admin account."); + throw new InvalidParameterValueException("Please specify a non-admin account."); } DomainVO domain = _domainDao.findById(accountHandle.getDomainId()); long parentMaximum = findCorrectResourceLimit(domain, resourceType); if ((parentMaximum >= 0) && ((max.longValue() == -1) || (max.longValue() > parentMaximum))) { - throw new InvalidParameterValueException("Account " + account.getAccountName() + "(id: " + accountId + ") has maximum allowed resource limit " + parentMaximum + - " for " + type + ", please specify a value less that or equal to " + parentMaximum); + throw new InvalidParameterValueException("Account " + account.getAccountName() + "(id: " + accountId + ") has maximum allowed resource limit " + parentMaximum + " for " + type + + ", please specify a value less that or equal to " + parentMaximum); } } else if (domainId != null) { - DomainVO domain = _domainDao.findById(domainId); + DomainVO domain = _domainDao.findById(domainId); if (domain == null) { throw new InvalidParameterValueException("Please specify a valid domain ID."); } else if (domain.getRemoved() != null) { - throw new InvalidParameterValueException("Please specify an active domain."); + throw new InvalidParameterValueException("Please specify an active domain."); } Long parentDomainId = domain.getParent(); @@ -640,8 +667,8 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag DomainVO parentDomain = _domainDao.findById(parentDomainId); long parentMaximum = findCorrectResourceLimit(parentDomain, resourceType); if ((parentMaximum >= 0) && (max.longValue() > parentMaximum)) { - throw new InvalidParameterValueException("Domain " + domain.getName() + "(id: " + domainId + ") has maximum allowed resource limit " + parentMaximum + - " for " + type + ", please specify a value less that or equal to " + parentMaximum); + throw new InvalidParameterValueException("Domain " + domain.getName() + "(id: " + domainId + ") has maximum allowed resource limit " + parentMaximum + " for " + type + + ", please specify a value less that or equal to " + parentMaximum); } } } @@ -670,12 +697,13 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag List limits = _resourceLimitDao.search(sc, searchFilter); if (limits.size() == 1) { ResourceLimitVO limit = limits.get(0); - //if limit is set to -1, remove the record + // if limit is set to -1, remove the record if (max != null && max.longValue() == -1L) { - //this parameter is needed by API as it expects the object to be returned and updates the UI with the object's new "max" parameter + // this parameter is needed by API as it expects the object to be returned and updates the UI with the object's + // new "max" parameter ResourceLimitVO limitToReturn = limit; limitToReturn.setMax(-1L); - _resourceLimitDao.remove(limit.getId()); + _resourceLimitDao.remove(limit.getId()); return limitToReturn; } else { // Update the existing limit @@ -683,7 +711,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag return _resourceLimitDao.findById(limit.getId()); } } else { - // Persist the new Limit + // Persist the new Limit return _resourceLimitDao.persist(new ResourceLimitVO(domainId, accountId, resourceType, max)); } } @@ -695,22 +723,19 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } return _systemAccount; } - + @Override public boolean isAdmin(short accountType) { - return ((accountType == Account.ACCOUNT_TYPE_ADMIN) || - (accountType == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) || - (accountType == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) || - (accountType == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN)); + return ((accountType == Account.ACCOUNT_TYPE_ADMIN) || (accountType == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) || (accountType == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) || (accountType == Account.ACCOUNT_TYPE_READ_ONLY_ADMIN)); } - + @Override public boolean isRootAdmin(short accountType) { - return (accountType == Account.ACCOUNT_TYPE_ADMIN); + return (accountType == Account.ACCOUNT_TYPE_ADMIN); } - - public boolean isResourceDomainAdmin(short accountType){ - return (accountType == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN); + + public boolean isResourceDomainAdmin(short accountType) { + return (accountType == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN); } @Override @@ -723,15 +748,15 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag return; } } - + assert false : "How can all of the security checkers pass on checking this caller?"; throw new PermissionDeniedException("There's no way to confirm " + caller + " has access to " + domain); } - + @Override public void checkAccess(Account caller, ControlledEntity... entities) { HashMap> domains = new HashMap>(); - + for (ControlledEntity entity : entities) { if (entity.getAccountId() != -1 && entity.getDomainId() != -1) { List toBeChecked = domains.get(entity.getDomainId()); @@ -751,13 +776,13 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag break; } } - + if (!granted) { assert false : "How can all of the security checkers pass on checking this check: " + entity; throw new PermissionDeniedException("There's no way to confirm " + caller + " has access to " + entity); } } - + for (Map.Entry> domain : domains.entrySet()) { for (SecurityChecker checker : _securityCheckers) { Domain d = _domainDao.findById(domain.getKey()); @@ -773,40 +798,40 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } } } - + @Override - public Long checkAccessAndSpecifyAuthority(Account caller, Long zoneId){ - //We just care for resource domain admin for now. He should be permitted to see only his zone. - if (isResourceDomainAdmin(caller.getType())){ - if (zoneId == null) - return getZoneIdForAccount(caller); - else if (getZoneIdForAccount(caller) != zoneId) - throw new PermissionDeniedException("Caller " +caller+ "is not allowed to access the zone " +zoneId); - else - return zoneId; - } - - else - return zoneId; + public Long checkAccessAndSpecifyAuthority(Account caller, Long zoneId) { + // We just care for resource domain admin for now. He should be permitted to see only his zone. + if (isResourceDomainAdmin(caller.getType())) { + if (zoneId == null) + return getZoneIdForAccount(caller); + else if (getZoneIdForAccount(caller) != zoneId) + throw new PermissionDeniedException("Caller " + caller + "is not allowed to access the zone " + zoneId); + else + return zoneId; + } + + else + return zoneId; } - + private Long getZoneIdForAccount(Account account) { - - //Currently just for resource domain admin - List dcList = _dcDao.findZonesByDomainId(account.getDomainId()); - if(dcList != null && dcList.size()!=0) - return dcList.get(0).getId(); - else - throw new CloudRuntimeException("Failed to find any private zone for Resource domain admin."); - } + // Currently just for resource domain admin + List dcList = _dcDao.findZonesByDomainId(account.getDomainId()); + if (dcList != null && dcList.size() != 0) + return dcList.get(0).getId(); + else + throw new CloudRuntimeException("Failed to find any private zone for Resource domain admin."); - private boolean doSetUserStatus(long userId, State state) { + } + + private boolean doSetUserStatus(long userId, State state) { UserVO userForUpdate = _userDao.createForUpdate(); userForUpdate.setState(state); return _userDao.update(Long.valueOf(userId), userForUpdate); } - + public boolean enableAccount(long accountId) { boolean success = false; AccountVO acctForUpdate = _accountDao.createForUpdate(); @@ -814,7 +839,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag success = _accountDao.update(Long.valueOf(accountId), acctForUpdate); return success; } - + private boolean lockAccountInternal(long accountId) { boolean success = false; Account account = _accountDao.findById(accountId); @@ -835,11 +860,11 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } return success; } - + @Override public boolean deleteAccount(AccountVO account, long callerUserId, Account caller) { long accountId = account.getId(); - + if (!_accountDao.remove(accountId)) { s_logger.error("Unable to delete account " + accountId); return false; @@ -847,39 +872,39 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag List users = _userDao.listByAccount(accountId); - for(UserVO user : users){ - _userDao.remove(user.getId()); + for (UserVO user : users) { + _userDao.remove(user.getId()); } - + if (s_logger.isDebugEnabled()) { s_logger.debug("Remove account " + accountId); } return cleanupAccount(account, callerUserId, caller); - + } - + @Override - public boolean cleanupAccount(AccountVO account, long callerUserId, Account caller){ + public boolean cleanupAccount(AccountVO account, long callerUserId, Account caller) { long accountId = account.getId(); boolean accountCleanupNeeded = false; - + try { - //delete all vm groups belonging to accont + // delete all vm groups belonging to accont List groups = _vmGroupDao.listByAccountId(accountId); for (InstanceGroupVO group : groups) { if (!_vmMgr.deleteVmGroup(group.getId())) { s_logger.error("Unable to delete group: " + group.getId()); accountCleanupNeeded = true; - } + } } - + // Delete the snapshots dir for the account. Have to do this before destroying the VMs. boolean success = _snapMgr.deleteSnapshotDirsForAccount(accountId); if (success) { s_logger.debug("Successfully deleted snapshots directories for all volumes under account " + accountId + " across all zones"); } - + // clean up templates List userTemplates = _templateDao.listByAccountId(accountId); boolean allTemplatesDeleted = true; @@ -891,12 +916,12 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag allTemplatesDeleted = false; } } - + if (!allTemplatesDeleted) { s_logger.warn("Failed to delete templates while removing account id=" + accountId); accountCleanupNeeded = true; } - + // Destroy the account's VMs List vms = _userVmDao.listByAccountId(accountId); if (s_logger.isDebugEnabled()) { @@ -908,79 +933,78 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag s_logger.error("Unable to destroy vm: " + vm.getId()); accountCleanupNeeded = true; } - UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_VM_DESTROY, vm.getAccountId(), vm.getDataCenterId(), vm.getId(), vm.getName(), - vm.getServiceOfferingId(), vm.getTemplateId(), vm.getHypervisorType().toString()); + UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_VM_DESTROY, vm.getAccountId(), vm.getDataCenterId(), vm.getId(), vm.getName(), vm.getServiceOfferingId(), + vm.getTemplateId(), vm.getHypervisorType().toString()); _usageEventDao.persist(usageEvent); } - + // Mark the account's volumes as destroyed List volumes = _volumeDao.findDetachedByAccount(accountId); for (VolumeVO volume : volumes) { - if(!volume.getState().equals(Volume.State.Destroy)) { + if (!volume.getState().equals(Volume.State.Destroy)) { try { _storageMgr.destroyVolume(volume); - if(volume.getPoolId() != null){ - UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_VOLUME_DELETE, volume.getAccountId(), volume.getDataCenterId(), volume.getId(), - volume.getName()); - _usageEventDao.persist(usageEvent); + if (volume.getPoolId() != null) { + UsageEventVO usageEvent = new UsageEventVO(EventTypes.EVENT_VOLUME_DELETE, volume.getAccountId(), volume.getDataCenterId(), volume.getId(), volume.getName()); + _usageEventDao.persist(usageEvent); } - }catch (ConcurrentOperationException ex) { + } catch (ConcurrentOperationException ex) { s_logger.warn("Failed to cleanup volumes as a part of account id=" + accountId + " cleanup due to Exception: ", ex); accountCleanupNeeded = true; } } } - - //delete remote access vpns and associated users + + // delete remote access vpns and associated users List remoteAccessVpns = _remoteAccessVpnDao.findByAccount(accountId); List vpnUsers = _vpnUser.listByAccount(accountId); - - for(VpnUserVO vpnUser : vpnUsers) { + + for (VpnUserVO vpnUser : vpnUsers) { _remoteAccessVpnMgr.removeVpnUser(accountId, vpnUser.getUsername()); } - + try { - for(RemoteAccessVpnVO vpn : remoteAccessVpns) { + for (RemoteAccessVpnVO vpn : remoteAccessVpns) { _remoteAccessVpnMgr.destroyRemoteAccessVpn(vpn.getServerAddressId()); } } catch (ResourceUnavailableException ex) { s_logger.warn("Failed to cleanup remote access vpn resources as a part of account id=" + accountId + " cleanup due to Exception: ", ex); accountCleanupNeeded = true; } - - - //Cleanup security groups + + // Cleanup security groups int numRemoved = _securityGroupDao.removeByAccountId(accountId); s_logger.info("deleteAccount: Deleted " + numRemoved + " network groups for account " + accountId); - - //Delete all the networks + + // Delete all the networks boolean networksDeleted = true; s_logger.debug("Deleting networks for account " + account.getId()); List networks = _networkDao.listByOwner(accountId); if (networks != null) { for (NetworkVO network : networks) { - + ReservationContext context = new ReservationContextImpl(null, null, getActiveUser(callerUserId), account); - + if (!_networkMgr.destroyNetwork(network.getId(), context)) { - s_logger.warn("Unable to destroy network " + network + " as a part of account id=" + accountId +" cleanup."); + s_logger.warn("Unable to destroy network " + network + " as a part of account id=" + accountId + " cleanup."); accountCleanupNeeded = true; networksDeleted = false; - } else { + } else { s_logger.debug("Network " + network.getId() + " successfully deleted as a part of account id=" + accountId + " cleanup."); } } } - - //delete account specific Virtual vlans (belong to system Public Network) - only when networks are cleaned up successfully + + // delete account specific Virtual vlans (belong to system Public Network) - only when networks are cleaned up + // successfully if (networksDeleted) { - if (!_configMgr.deleteAccountSpecificVirtualRanges(accountId)){ + if (!_configMgr.deleteAccountSpecificVirtualRanges(accountId)) { accountCleanupNeeded = true; } else { s_logger.debug("Account specific Virtual IP ranges " + " are successfully deleted as a part of account id=" + accountId + " cleanup."); } } - + return true; } finally { s_logger.info("Cleanup for account " + account.getId() + (accountCleanupNeeded ? " is needed." : " is not needed.")); @@ -989,9 +1013,9 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } } } - + @Override - public boolean disableAccount(long accountId) throws ConcurrentOperationException, ResourceUnavailableException{ + public boolean disableAccount(long accountId) throws ConcurrentOperationException, ResourceUnavailableException { boolean success = false; if (accountId <= 2) { if (s_logger.isInfoEnabled()) { @@ -1012,8 +1036,8 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } return success; } - - private boolean doDisableAccount(long accountId) throws ConcurrentOperationException, ResourceUnavailableException{ + + private boolean doDisableAccount(long accountId) throws ConcurrentOperationException, ResourceUnavailableException { List vms = _vmDao.listByAccountId(accountId); boolean success = true; for (VMInstanceVO vm : vms) { @@ -1021,24 +1045,24 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag try { success = (success && _itMgr.advanceStop(vm, true, getSystemUser(), getSystemAccount())); } catch (OperationTimedoutException ote) { - s_logger.warn("Operation for stopping vm timed out, unable to stop vm " + vm.getName(),ote); - success = false; + s_logger.warn("Operation for stopping vm timed out, unable to stop vm " + vm.getName(), ote); + success = false; } } catch (AgentUnavailableException aue) { - s_logger.warn("Agent running on host " + vm.getHostId() + " is unavailable, unable to stop vm " + vm.getName(),aue); + s_logger.warn("Agent running on host " + vm.getHostId() + " is unavailable, unable to stop vm " + vm.getName(), aue); success = false; } } return success; } - - ///////////////////////////////////////////////////// - //////////////// API commands ///////////////////// - ///////////////////////////////////////////////////// - - @Override @ActionEvent (eventType=EventTypes.EVENT_ACCOUNT_CREATE, eventDescription="creating Account") + // /////////////////////////////////////////////////// + // ////////////// API commands ///////////////////// + // /////////////////////////////////////////////////// + + @Override + @ActionEvent(eventType = EventTypes.EVENT_ACCOUNT_CREATE, eventDescription = "creating Account") public UserAccount createAccount(CreateAccountCmd cmd) { Long accountId = null; String username = cmd.getUsername(); @@ -1052,7 +1076,6 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag short userType = cmd.getAccountType().shortValue(); DomainVO domain = _domainDao.findById(domainId); checkAccess(UserContext.current().getCaller(), domain); - try { if (accountName == null) { accountName = username; @@ -1063,14 +1086,14 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag Account account = _accountDao.findActiveAccount(accountName, domainId); if (account != null) { - throw new CloudRuntimeException("The specified account: "+account.getAccountName()+" already exists"); + throw new CloudRuntimeException("The specified account: " + account.getAccountName() + " already exists"); } - - if(domain == null) { - throw new CloudRuntimeException("The domain "+domainId+" does not exist; unable to create account"); + + if (domain == null) { + throw new CloudRuntimeException("The domain " + domainId + " does not exist; unable to create account"); } else { - if(domain.getState().equals(Domain.State.Inactive)) { - throw new CloudRuntimeException("The account cannot be created as domain "+domain.getName()+" is being deleted"); + if (domain.getState().equals(Domain.State.Inactive)) { + throw new CloudRuntimeException("The account cannot be created as domain " + domain.getName() + " is being deleted"); } } @@ -1102,11 +1125,11 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag accountId = newAccount.getId(); } - if(userType == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN){ - List dc = _dcDao.findZonesByDomainId(domainId); - if (dc == null || dc.size() == 0 ){ - throw new CloudRuntimeException("The account cannot be created as domain "+domain.getName()+" is not associated with any private Zone"); - } + if (userType == Account.ACCOUNT_TYPE_RESOURCE_DOMAIN_ADMIN) { + List dc = _dcDao.findZonesByDomainId(domainId); + if (dc == null || dc.size() == 0) { + throw new CloudRuntimeException("The account cannot be created as domain " + domain.getName() + " is not associated with any private Zone"); + } } if (accountId == null) { throw new CloudRuntimeException("Failed to create account for user: " + username + "; unable to create user"); @@ -1122,11 +1145,11 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag user.setEmail(email); user.setTimezone(timezone); if (s_logger.isDebugEnabled()) { - s_logger.debug("Creating user: " + username + ", account: " + accountName + " (id:" + accountId + "), domain: " + domainId + " timezone:"+ timezone); + s_logger.debug("Creating user: " + username + ", account: " + accountName + " (id:" + accountId + "), domain: " + domainId + " timezone:" + timezone); } UserVO dbUser = _userDao.persist(user); - + _networkGroupMgr.createDefaultSecurityGroup(accountId); if (!user.getPassword().equals(dbUser.getPassword())) { @@ -1143,41 +1166,42 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag throw new CloudRuntimeException(e.getMessage()); } } - - @Override @ActionEvent (eventType=EventTypes.EVENT_USER_CREATE, eventDescription="creating User") - public UserVO createUser(CreateUserCmd cmd){ - String accountName = cmd.getAccountName(); - Long domainId = cmd.getDomainId(); - String userName = cmd.getUsername(); - String password = cmd.getPassword(); - String firstName = cmd.getFirstname(); - String lastName = cmd.getLastname(); - String email = cmd.getEmail(); - String timeZone = cmd.getTimezone(); - Long accountId = null; - - //default domain to ROOT if not specified - if (domainId == null) { - domainId = Domain.ROOT_DOMAIN; - } - DomainVO domain = _domainDao.findById(domainId); - checkAccess(UserContext.current().getCaller(), domain); - Account account = _accountDao.findActiveAccount(accountName, domainId); - - if(account == null){ - throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain id=" + domainId + " to create user"); - }else{ - accountId = account.getAccountId(); - } - - if(domain == null) { - throw new CloudRuntimeException("The domain "+domainId+" does not exist; unable to create user"); + + @Override + @ActionEvent(eventType = EventTypes.EVENT_USER_CREATE, eventDescription = "creating User") + public UserVO createUser(CreateUserCmd cmd) { + String accountName = cmd.getAccountName(); + Long domainId = cmd.getDomainId(); + String userName = cmd.getUsername(); + String password = cmd.getPassword(); + String firstName = cmd.getFirstname(); + String lastName = cmd.getLastname(); + String email = cmd.getEmail(); + String timeZone = cmd.getTimezone(); + Long accountId = null; + + // default domain to ROOT if not specified + if (domainId == null) { + domainId = Domain.ROOT_DOMAIN; + } + DomainVO domain = _domainDao.findById(domainId); + checkAccess(UserContext.current().getCaller(), domain); + Account account = _accountDao.findActiveAccount(accountName, domainId); + + if (account == null) { + throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain id=" + domainId + " to create user"); } else { - if(domain.getState().equals(Domain.State.Inactive)) { - throw new CloudRuntimeException("The user cannot be created as domain "+domain.getName()+" is being deleted"); + accountId = account.getAccountId(); + } + + if (domain == null) { + throw new CloudRuntimeException("The domain " + domainId + " does not exist; unable to create user"); + } else { + if (domain.getState().equals(Domain.State.Inactive)) { + throw new CloudRuntimeException("The user cannot be created as domain " + domain.getName() + " is being deleted"); } } - + if (!_userAccountDao.validateUsernameInDomain(userName, domainId)) { throw new CloudRuntimeException("The user " + userName + " already exists in domain " + domainId); } @@ -1192,7 +1216,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag user.setEmail(email); user.setTimezone(timeZone); if (s_logger.isDebugEnabled()) { - s_logger.debug("Creating user: " + userName + ", account: " + accountName + " (id:" + accountId + "), domain: " + domainId + " timezone:"+ timeZone); + s_logger.debug("Creating user: " + userName + ", account: " + accountName + " (id:" + accountId + "), domain: " + domainId + " timezone:" + timeZone); } UserVO dbUser = _userDao.persist(user); @@ -1200,11 +1224,12 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag if (!user.getPassword().equals(dbUser.getPassword())) { throw new CloudRuntimeException("The user " + userName + " being creating is using a password that is different than what's in the db"); } - + return dbUser; } - - @Override @ActionEvent (eventType=EventTypes.EVENT_USER_UPDATE, eventDescription="updating User") + + @Override + @ActionEvent(eventType = EventTypes.EVENT_USER_UPDATE, eventDescription = "updating User") public UserAccount updateUser(UpdateUserCmd cmd) throws InvalidParameterValueException { Long id = cmd.getId(); String apiKey = cmd.getApiKey(); @@ -1215,37 +1240,37 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag String secretKey = cmd.getSecretKey(); String timeZone = cmd.getTimezone(); String userName = cmd.getUsername(); - - - //Input validation + + // Input validation UserVO user = _userDao.getUser(id); - + if (user == null) { throw new InvalidParameterValueException("unable to find user by id"); } - if((apiKey == null && secretKey != null) || (apiKey != null && secretKey == null)) { + if ((apiKey == null && secretKey != null) || (apiKey != null && secretKey == null)) { throw new InvalidParameterValueException("Please provide an api key/secret key pair"); } - - // If the account is an admin type, return an error. We do not allow this + + // If the account is an admin type, return an error. We do not allow this Account account = _accountDao.findById(user.getAccountId()); - + if (account != null && (account.getId() == Account.ACCOUNT_ID_SYSTEM)) { throw new PermissionDeniedException("user id : " + id + " is system account, update is not allowed"); } + checkAccess(UserContext.current().getCaller(), account); - - if (firstName == null) { + + if (firstName == null) { firstName = user.getFirstname(); } - if (lastName == null) { - lastName = user.getLastname(); + if (lastName == null) { + lastName = user.getLastname(); } - if (userName == null) { - userName = user.getUsername(); + if (userName == null) { + userName = user.getUsername(); } - if (password == null) { + if (password == null) { password = user.getPassword(); } if (email == null) { @@ -1267,16 +1292,16 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag s_logger.debug("updating user with id: " + id); } try { - //check if the apiKey and secretKey are globally unique + // check if the apiKey and secretKey are globally unique if (apiKey != null && secretKey != null) { Pair apiKeyOwner = _accountDao.findUserAccountByApiKey(apiKey); - if(apiKeyOwner != null) { + if (apiKeyOwner != null) { User usr = apiKeyOwner.first(); if (usr.getId() != id) { - throw new InvalidParameterValueException("The api key:"+apiKey+" exists in the system for user id:"+id+" ,please provide a unique key"); + throw new InvalidParameterValueException("The api key:" + apiKey + " exists in the system for user id:" + id + " ,please provide a unique key"); } else { - //allow the updation to take place + // allow the updation to take place } } } @@ -1285,21 +1310,22 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } catch (Throwable th) { s_logger.error("error updating user", th); throw new CloudRuntimeException("Unable to update user " + id); - } + } return _userAccountDao.findById(id); } - - @Override @ActionEvent (eventType=EventTypes.EVENT_USER_DISABLE, eventDescription="disabling User", async=true) - public UserAccount disableUser(DisableUserCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ + + @Override + @ActionEvent(eventType = EventTypes.EVENT_USER_DISABLE, eventDescription = "disabling User", async = true) + public UserAccount disableUser(DisableUserCmd cmd) throws InvalidParameterValueException, PermissionDeniedException { Long userId = cmd.getId(); Account adminAccount = UserContext.current().getCaller(); - - //Check if user exists in the system + + // Check if user exists in the system User user = _userDao.findById(userId); if ((user == null) || (user.getRemoved() != null)) { throw new InvalidParameterValueException("Unable to find active user by id " + userId); } - + // If the user is a System user, return an error Account account = _accountDao.findById(user.getAccountId()); if ((account != null) && (account.getId() == Account.ACCOUNT_ID_SYSTEM)) { @@ -1312,25 +1338,26 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag boolean success = doSetUserStatus(userId, State.disabled); if (success) { - //user successfully disabled - return _userAccountDao.findById(userId); + // user successfully disabled + return _userAccountDao.findById(userId); } else { throw new CloudRuntimeException("Unable to disable user " + userId); } } - - @Override @ActionEvent (eventType=EventTypes.EVENT_USER_ENABLE, eventDescription="enabling User") - public UserAccount enableUser(EnableUserCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ + + @Override + @ActionEvent(eventType = EventTypes.EVENT_USER_ENABLE, eventDescription = "enabling User") + public UserAccount enableUser(EnableUserCmd cmd) throws InvalidParameterValueException, PermissionDeniedException { Long userId = cmd.getId(); Account adminAccount = UserContext.current().getCaller(); boolean success = false; - - //Check if user exists in the system + + // Check if user exists in the system User user = _userDao.findById(userId); if ((user == null) || (user.getRemoved() != null)) { throw new InvalidParameterValueException("Unable to find active user by id " + userId); } - + // If the user is a System user, return an error Account account = _accountDao.findById(user.getAccountId()); if ((account != null) && (account.getId() == Account.ACCOUNT_ID_SYSTEM)) { @@ -1340,23 +1367,23 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag if ((adminAccount != null) && !_domainDao.isChildDomain(adminAccount.getDomainId(), account.getDomainId())) { throw new PermissionDeniedException("Failed to enable user " + userId + ", permission denied."); } - + success = doSetUserStatus(userId, State.enabled); // make sure the account is enabled too success = (success && enableAccount(user.getAccountId())); - + if (success) { return _userAccountDao.findById(userId); } else { throw new CloudRuntimeException("Unable to enable user " + userId); } } - + @Override public UserAccount lockUser(LockUserCmd cmd) { boolean success = false; - + Account adminAccount = UserContext.current().getCaller(); Long id = cmd.getId(); @@ -1368,7 +1395,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag throw new InvalidParameterValueException("Unable to find user by id"); } - // If the user is a System user, return an error. We do not allow this + // If the user is a System user, return an error. We do not allow this Account account = _accountDao.findById(user.getAccountId()); if ((account != null) && (account.getId() == Account.ACCOUNT_ID_SYSTEM)) { throw new PermissionDeniedException("user id : " + id + " is a system user, locking is not allowed"); @@ -1403,69 +1430,68 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag s_logger.info("Attempting to lock a non-enabled user, current state is " + user.getState() + " (userId: " + user.getId() + "), locking failed."); } } - + if (success) { return _userAccountDao.findById(id); } else { throw new CloudRuntimeException("Unable to lock user " + id); } } - - @Override @ActionEvent(eventType = EventTypes.EVENT_ACCOUNT_DELETE, eventDescription = "deleting account", async=true) - //This method deletes the account + + @Override + @ActionEvent(eventType = EventTypes.EVENT_ACCOUNT_DELETE, eventDescription = "deleting account", async = true) + // This method deletes the account public boolean deleteUserAccount(DeleteAccountCmd cmd) { UserContext ctx = UserContext.current(); long callerUserId = ctx.getCallerUserId(); Account caller = ctx.getCaller(); - + Long accountId = cmd.getId(); - - // If the user is a System user, return an error. We do not allow this + + // If the user is a System user, return an error. We do not allow this AccountVO account = _accountDao.findById(accountId); - checkAccess(UserContext.current().getCaller(), account); + checkAccess(UserContext.current().getCaller(), account); if ((account != null) && (account.getId() == Account.ACCOUNT_ID_SYSTEM)) { throw new PermissionDeniedException("Account id : " + accountId + " is a system account, delete is not allowed"); } - - if(account == null){ - throw new InvalidParameterValueException("The specified account does not exist in the system"); + + if (account == null) { + throw new InvalidParameterValueException("The specified account does not exist in the system"); } - - if(account.getRemoved() != null){ - s_logger.info("The account:"+account.getAccountName()+" is already removed"); - return true; + + if (account.getRemoved() != null) { + s_logger.info("The account:" + account.getAccountName() + " is already removed"); + return true; } - + return deleteAccount(account, callerUserId, caller); } - - - + @Override - public AccountVO enableAccount(EnableAccountCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ + public AccountVO enableAccount(EnableAccountCmd cmd) throws InvalidParameterValueException, PermissionDeniedException { String accountName = cmd.getAccountName(); Long domainId = cmd.getDomainId(); boolean success = false; Account account = _accountDao.findActiveAccount(accountName, domainId); - //Check if account exists + // Check if account exists if (account == null) { s_logger.error("Unable to find account " + accountName + " in domain " + domainId); throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId); } - - //Don't allow to modify system account + + // Don't allow to modify system account if (account.getId() == Account.ACCOUNT_ID_SYSTEM) { - throw new InvalidParameterValueException ("Can not modify system account"); + throw new InvalidParameterValueException("Can not modify system account"); } - - //Check if user performing the action is allowed to modify this account + + // Check if user performing the action is allowed to modify this account Account adminAccount = UserContext.current().getCaller(); if ((adminAccount != null) && !_domainDao.isChildDomain(adminAccount.getDomainId(), account.getDomainId())) { - throw new PermissionDeniedException("Invalid account " + accountName + " in domain " + domainId + " given, permission denied"); + throw new PermissionDeniedException("Invalid account " + accountName + " in domain " + domainId + " given, permission denied"); } - + success = enableAccount(account.getId()); if (success) { return _accountDao.findById(account.getId()); @@ -1473,8 +1499,9 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag throw new CloudRuntimeException("Unable to enable account " + accountName + " in domain " + domainId); } } - - @Override @ActionEvent(eventType = EventTypes.EVENT_ACCOUNT_DISABLE, eventDescription = "locking account", async=true) + + @Override + @ActionEvent(eventType = EventTypes.EVENT_ACCOUNT_DISABLE, eventDescription = "locking account", async = true) public AccountVO lockAccount(DisableAccountCmd cmd) { Account adminAccount = UserContext.current().getCaller(); Long domainId = cmd.getDomainId(); @@ -1500,8 +1527,9 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag throw new CloudRuntimeException("Unable to lock account " + accountName + " in domain " + domainId); } } - - @Override @ActionEvent(eventType = EventTypes.EVENT_ACCOUNT_DISABLE, eventDescription = "disabling account", async=true) + + @Override + @ActionEvent(eventType = EventTypes.EVENT_ACCOUNT_DISABLE, eventDescription = "disabling account", async = true) public AccountVO disableAccount(DisableAccountCmd cmd) throws InvalidParameterValueException, PermissionDeniedException, ConcurrentOperationException, ResourceUnavailableException { String accountName = cmd.getAccountName(); Long domainId = cmd.getDomainId(); @@ -1523,37 +1551,43 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } @Override - public AccountVO updateAccount(UpdateAccountCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ + public AccountVO updateAccount(UpdateAccountCmd cmd) throws InvalidParameterValueException, PermissionDeniedException { Long domainId = cmd.getDomainId(); String accountName = cmd.getAccountName(); String newAccountName = cmd.getNewName(); - + boolean success = false; Account account = _accountDao.findAccount(accountName, domainId); - - //Check if account exists + + // Check if account exists if (account == null) { s_logger.error("Unable to find account " + accountName + " in domain " + domainId); throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId); } - - //Don't allow to modify system account + + // Don't allow to modify system account if (account.getId() == Account.ACCOUNT_ID_SYSTEM) { - throw new InvalidParameterValueException ("Can not modify system account"); - } - - //Check if user performing the action is allowed to modify this account - Account adminAccount = UserContext.current().getCaller(); - if ((adminAccount != null) && (adminAccount.getType() != Account.ACCOUNT_TYPE_ADMIN) && _domainDao.isChildDomain(adminAccount.getDomainId(), account.getDomainId())) { - throw new PermissionDeniedException("Invalid account " + accountName + " in domain " + domainId + " given, permission denied"); + throw new InvalidParameterValueException("Can not modify system account"); } - //check if the given account name is unique in this domain for updating - Account duplicateAcccount = _accountDao.findAccount(newAccountName, domainId); - if(duplicateAcccount != null && duplicateAcccount.getRemoved() == null && duplicateAcccount.getId() != account.getId()){//allow same account to update itself - throw new PermissionDeniedException("There already exists an account with the name:"+newAccountName+" in the domain:"+domainId+" with existing account id:"+duplicateAcccount.getId()); + // Check if user performing the action is allowed to modify this account + Account adminAccount = UserContext.current().getCaller(); + if ((adminAccount != null) && (adminAccount.getType() != Account.ACCOUNT_TYPE_ADMIN) && _domainDao.isChildDomain(adminAccount.getDomainId(), account.getDomainId())) { + throw new PermissionDeniedException("Invalid account " + accountName + " in domain " + domainId + " given, permission denied"); } - + + // check if the given account name is unique in this domain for updating + Account duplicateAcccount = _accountDao.findAccount(newAccountName, domainId); + if (duplicateAcccount != null && duplicateAcccount.getRemoved() == null && duplicateAcccount.getId() != account.getId()) {// allow + // same + // account + // to + // update + // itself + throw new PermissionDeniedException("There already exists an account with the name:" + newAccountName + " in the domain:" + domainId + " with existing account id:" + + duplicateAcccount.getId()); + } + if (account.getAccountName().equals(newAccountName)) { success = true; } else { @@ -1568,23 +1602,24 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } } - @Override @ActionEvent (eventType=EventTypes.EVENT_USER_DELETE, eventDescription="deleting User") - public boolean deleteUser(DeleteUserCmd deleteUserCmd) { - long id = deleteUserCmd.getId(); - - UserVO user = _userDao.findById(id); - - if(user == null) { + @Override + @ActionEvent(eventType = EventTypes.EVENT_USER_DELETE, eventDescription = "deleting User") + public boolean deleteUser(DeleteUserCmd deleteUserCmd) { + long id = deleteUserCmd.getId(); + + UserVO user = _userDao.findById(id); + + if (user == null) { throw new InvalidParameterValueException("The specified user doesn't exist in the system"); } - + if ((user != null) && (user.getAccountId() == Account.ACCOUNT_ID_SYSTEM)) { throw new InvalidParameterValueException("Account id : " + user.getAccountId() + " is a system account, delete for user associated with this account is not allowed"); } checkAccess(UserContext.current().getCaller(), _accountDao.findById(user.getAccountId())); return _userDao.remove(id); - } - + } + protected class AccountCleanupTask implements Runnable { @Override public void run() { @@ -1603,7 +1638,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag Transaction txn = null; try { txn = Transaction.open(Transaction.CLOUD_DB); - + List accounts = _accountDao.findCleanups(); s_logger.info("Found " + accounts.size() + " accounts to cleanup"); for (AccountVO account : accounts) { @@ -1617,10 +1652,10 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } catch (Exception e) { s_logger.error("Exception ", e); } finally { - if(txn != null) { + if (txn != null) { txn.close(); } - + lock.unlock(); } } catch (Exception e) { @@ -1628,15 +1663,15 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } } } - + @Override public Account finalizeOwner(Account caller, String accountName, Long domainId) { - //don't default the owner to the system account + // don't default the owner to the system account if (caller.getId() == Account.ACCOUNT_ID_SYSTEM && (accountName == null || domainId == null)) { throw new InvalidParameterValueException("Account and domainId are needed for resource creation"); } - - if (isAdmin(caller.getType()) && accountName != null && domainId != null) { + + if (isAdmin(caller.getType()) && accountName != null && domainId != null) { DomainVO domain = _domainDao.findById(domainId); if (domain == null) { throw new InvalidParameterValueException("Unable to find the domain by id=" + domainId); @@ -1647,7 +1682,7 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId); } checkAccess(caller, domain); - + return owner; } else if (!isAdmin(caller.getType()) && accountName != null && domainId != null) { if (!accountName.equals(caller.getAccountName()) || domainId.longValue() != caller.getDomainId()) { @@ -1659,62 +1694,61 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag if ((accountName == null && domainId != null) || (accountName != null && domainId == null)) { throw new InvalidParameterValueException("AccountName and domainId must be specified together"); } - //regular user can't create/list resources for other people + // regular user can't create/list resources for other people return caller; } } - + @Override public Account getActiveAccount(String accountName, Long domainId) { - if (accountName == null || domainId == null) { - throw new InvalidParameterValueException("Both accountName and domainId are required for finding active account in the system"); - } else { - return _accountDao.findActiveAccount(accountName, domainId); - } + if (accountName == null || domainId == null) { + throw new InvalidParameterValueException("Both accountName and domainId are required for finding active account in the system"); + } else { + return _accountDao.findActiveAccount(accountName, domainId); + } } - - + @Override public Account getActiveAccount(Long accountId) { - if (accountId == null) { - throw new InvalidParameterValueException("AccountId is required by account search"); - } else { - return _accountDao.findById(accountId); - } + if (accountId == null) { + throw new InvalidParameterValueException("AccountId is required by account search"); + } else { + return _accountDao.findById(accountId); + } } - + @Override public Account getAccount(Long accountId) { - if (accountId == null) { - throw new InvalidParameterValueException("AccountId is required by account search"); - } else { - return _accountDao.findByIdIncludingRemoved(accountId); - } + if (accountId == null) { + throw new InvalidParameterValueException("AccountId is required by account search"); + } else { + return _accountDao.findByIdIncludingRemoved(accountId); + } } - + @Override public User getActiveUser(long userId) { return _userDao.findById(userId); } - + @Override public Domain getDomain(long domainId) { return _domainDao.findById(domainId); } - + @Override public Pair finalizeAccountDomainForList(Account caller, String accountName, Long domainId) { - if (isAdmin(caller.getType())) { + if (isAdmin(caller.getType())) { if (domainId == null && accountName != null) { throw new InvalidParameterValueException("accountName and domainId might be specified together"); - } else if (domainId != null){ + } else if (domainId != null) { Domain domain = getDomain(domainId); if (domain == null) { throw new InvalidParameterValueException("Unable to find the domain by id=" + domainId); } - + checkAccess(caller, domain); - + if (accountName != null) { Account owner = getActiveAccount(accountName, domainId); if (owner == null) { @@ -1722,15 +1756,15 @@ public class AccountManagerImpl implements AccountManager, AccountService, Manag } } } - } else if (accountName != null && domainId != null) { - if (!accountName.equals(caller.getAccountName()) || domainId.longValue() != caller.getDomainId()) { - throw new PermissionDeniedException("Can't list port forwarding rules for account " + accountName + " in domain " + domainId + ", permission denied"); - } - } else { - accountName = caller.getAccountName(); - domainId = caller.getDomainId(); - } - + } else if (accountName != null && domainId != null) { + if (!accountName.equals(caller.getAccountName()) || domainId.longValue() != caller.getDomainId()) { + throw new PermissionDeniedException("Can't list port forwarding rules for account " + accountName + " in domain " + domainId + ", permission denied"); + } + } else { + accountName = caller.getAccountName(); + domainId = caller.getDomainId(); + } + return new Pair(accountName, domainId); } } diff --git a/setup/db/create-schema.sql b/setup/db/create-schema.sql index 9eb88b0befd..8c4b83f898e 100755 --- a/setup/db/create-schema.sql +++ b/setup/db/create-schema.sql @@ -959,7 +959,7 @@ CREATE TABLE `cloud`.`domain` ( `parent` bigint unsigned, `name` varchar(255), `owner` bigint unsigned NOT NULL, - `path` varchar(255) UNIQUE NOT NULL, + `path` varchar(255) NOT NULL, `level` int(10) NOT NULL DEFAULT 0, `child_count` int(10) NOT NULL DEFAULT 0, `next_child_seq` bigint unsigned NOT NULL DEFAULT 1, diff --git a/setup/db/db/schema-222to224.sql b/setup/db/db/schema-222to224.sql index fc6d3068a4f..c0f0759a4a9 100644 --- a/setup/db/db/schema-222to224.sql +++ b/setup/db/db/schema-222to224.sql @@ -60,6 +60,7 @@ ALTER TABLE `cloud`.`host_pod_ref` ADD INDEX `i_host_pod_ref__allocation_state`( ALTER TABLE `cloud`.`host` ADD COLUMN `allocation_state` varchar(32) NOT NULL DEFAULT 'Enabled'; ALTER TABLE `cloud`.`host` ADD INDEX `i_host__allocation_state`(`allocation_state`); +ALTER TABLE `cloud`.`domain` DROP index `path`; ALTER TABLE `cloud`.`domain` ADD INDEX `i_domain__path`(`path`); CREATE TABLE `cloud`.`data_center_details` (