/** * Add {@code tenantLinks} constraint to passed query builder, if present. */ public static Query.Builder addTenantLinks(Query.Builder qBuilder, List<String> tenantLinks) { if (tenantLinks != null) { // all given tenant links must be present in the document tenantLinks.forEach(link -> qBuilder .addCollectionItemClause(ResourceState.FIELD_NAME_TENANT_LINKS, link)); } return qBuilder; }
/** * Add {@code tenantLinks} constraint to passed query builder, if present. */ public static Query.Builder addTenantLinks(Query.Builder qBuilder, List<String> tenantLinks) { if (tenantLinks != null) { // all given tenant links must be present in the document tenantLinks.forEach(link -> qBuilder .addCollectionItemClause(ResourceState.FIELD_NAME_TENANT_LINKS, link)); } return qBuilder; }
/** * @param external * @param origin * @return Returns a query with the needed terms for external and origin field */ public static Query createOriginTagQuery(Boolean external, Map<String, Occurance> origin) { QueryTask.Query externalQuery = new Query() .setTermPropertyName(TagService.TagState.FIELD_NAME_EXTERNAL) .setTermMatchValue(external.toString()); externalQuery.occurance = Occurance.SHOULD_OCCUR; QueryTask.Query.Builder originClauseBuilder = QueryTask.Query.Builder.create(); for (Map.Entry<String, Occurance> entry : origin.entrySet()) { Occurance occurance = entry.getValue() == null ? Occurance.MUST_OCCUR : entry.getValue(); if (entry.getKey() != null) { originClauseBuilder.addCollectionItemClause(TagService.TagState.FIELD_NAME_ORIGIN, entry.getKey(), occurance); } } Query originQuery = originClauseBuilder.build() .setOccurance(Occurance.SHOULD_OCCUR); Query originOrExternalQuery = new Query().addBooleanClause(externalQuery) .addBooleanClause(originQuery) .setOccurance(Occurance.MUST_OCCUR); return originOrExternalQuery; }
Occurance.SHOULD_OCCUR) .addCollectionItemClause(ResourceState.FIELD_NAME_TENANT_LINKS, projectSelfLink, Occurance.SHOULD_OCCUR)
.addFieldClause(ResourceState.FIELD_NAME_ENDPOINT_LINK, task.endpointLink, Occurance.SHOULD_OCCUR) .addCollectionItemClause(ResourceState.FIELD_NAME_ENDPOINT_LINKS, task.endpointLink, Occurance.SHOULD_OCCUR) .build();
public static ResourceGroupState buildProjectExtendedMemberResourceGroup(String projectId) { String projectSelfLink = UriUtils.buildUriPath(ProjectFactoryService.SELF_LINK, projectId); Query.Builder queryBuilder = Query.Builder.create(); for (Query query : fullAccessResourcesForAdminsAndMembers(projectSelfLink)) { queryBuilder.addClause(query); } Query projectResourcesQuery = Query.Builder .create(Occurance.SHOULD_OCCUR) // grant access to all project resources denoted by a project link .addCollectionItemClause(ResourceState.FIELD_NAME_TENANT_LINKS, projectSelfLink, Occurance.MUST_OCCUR) // revoke access to project-specific registries .addFieldClause(ServiceDocument.FIELD_NAME_SELF_LINK, buildUriWithWildcard(RegistryFactoryService.SELF_LINK), MatchType.WILDCARD, Occurance.MUST_NOT_OCCUR) .addFieldClause(ServiceDocument.FIELD_NAME_SELF_LINK, buildUriWithWildcard(ComputeService.FACTORY_LINK), MatchType.WILDCARD, Occurance.MUST_NOT_OCCUR) .build(); queryBuilder.addClause(projectResourcesQuery); Query resourceGroupQuery = queryBuilder.build(); ResourceGroupState resourceGroupState = buildResourceGroupState( AuthRole.PROJECT_MEMBER_EXTENDED, projectId, resourceGroupQuery); return resourceGroupState; }
/** * Add {@code endpointLink} constraint to passed query builder depending on document class. */ public static Query.Builder addEndpointLink( Query.Builder qBuilder, Class<? extends ServiceDocument> stateClass, String endpointLink) { if (endpointLink == null || endpointLink.isEmpty()) { return qBuilder; } if (PhotonModelUtils.ENDPOINT_LINK_EXPLICIT_SUPPORT.contains(stateClass)) { qBuilder.addClause(Query.Builder.create() .addFieldClause( PhotonModelConstants.FIELD_NAME_ENDPOINT_LINK, endpointLink, Query.Occurance.SHOULD_OCCUR) .addCollectionItemClause( PhotonModelConstants.FIELD_NAME_ENDPOINT_LINKS, endpointLink, Query.Occurance.SHOULD_OCCUR) .build()); } else if (PhotonModelUtils.ENDPOINT_LINK_CUSTOM_PROP_SUPPORT.contains(stateClass)) { qBuilder.addCompositeFieldClause( ResourceState.FIELD_NAME_CUSTOM_PROPERTIES, PhotonModelConstants.CUSTOM_PROP_ENDPOINT_LINK, endpointLink); } return qBuilder; }
public static ResourceGroupState buildProjectViewerResourceGroup(String projectId) { String projectSelfLink = UriUtils.buildUriPath(ProjectFactoryService.SELF_LINK, projectId); Query.Builder viewersQueryBuilder = Query.Builder.create(); // add access to the project and the Harbor API viewersQueryBuilder .addFieldClause(ServiceDocument.FIELD_NAME_SELF_LINK, projectSelfLink, Occurance.SHOULD_OCCUR) .addFieldClause(ServiceDocument.FIELD_NAME_SELF_LINK, buildUriWithWildcard(HarborApiProxyService.SELF_LINK), MatchType.WILDCARD, Occurance.SHOULD_OCCUR); // add access to the project-specific registries Query projectRegistriesClause = Query.Builder .create(Occurance.SHOULD_OCCUR) .addFieldClause(ServiceDocument.FIELD_NAME_SELF_LINK, buildUriWithWildcard(RegistryFactoryService.SELF_LINK), MatchType.WILDCARD, Occurance.MUST_OCCUR) .addCollectionItemClause(MultiTenantDocument.FIELD_NAME_TENANT_LINKS, projectSelfLink, Occurance.MUST_OCCUR) .build(); viewersQueryBuilder.addClause(projectRegistriesClause); Query resourceGroupQuery = viewersQueryBuilder.build(); ResourceGroupState resourceGroupState = buildResourceGroupState(AuthRole.PROJECT_VIEWER, projectId, resourceGroupQuery); return resourceGroupState; }
private void buildRole(String roleName, Policy policy) { OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext()); TestContext ctx = this.host.testCreate(1); AuthorizationSetupHelper.create().setHost(this.host) .setRoleName(roleName) .setUserGroupQuery(Query.Builder.create() .addCollectionItemClause(UserState.FIELD_NAME_EMAIL, "jane@doe.com") .build()) .setResourceQuery(Query.Builder.create() .addFieldClause(ServiceDocument.FIELD_NAME_SELF_LINK, ExampleService.FACTORY_LINK, MatchType.PREFIX) .build()) .setVerbs(EnumSet.of(Action.POST, Action.PUT, Action.PATCH, Action.GET, Action.DELETE)) .setPolicy(policy) .setCompletion((authEx) -> { if (authEx != null) { ctx.failIteration(authEx); return; } ctx.completeIteration(); }).setupRole(); this.host.testWait(ctx); }
private void buildRole(String roleName, Policy policy) { OperationContext.setAuthorizationContext(this.host.getSystemAuthorizationContext()); TestContext ctx = this.host.testCreate(1); AuthorizationSetupHelper.create().setHost(this.host) .setRoleName(roleName) .setUserGroupQuery(Query.Builder.create() .addCollectionItemClause(UserState.FIELD_NAME_EMAIL, "jane@doe.com") .build()) .setResourceQuery(Query.Builder.create() .addFieldClause(ServiceDocument.FIELD_NAME_SELF_LINK, ExampleService.FACTORY_LINK, MatchType.PREFIX) .build()) .setVerbs(EnumSet.of(Action.POST, Action.PUT, Action.PATCH, Action.GET, Action.DELETE)) .setPolicy(policy) .setCompletion((authEx) -> { if (authEx != null) { ctx.failIteration(authEx); return; } ctx.completeIteration(); }).setupRole(); this.host.testWait(ctx); }
/** * Query count of computes with all given endpointLinks in a set and tenantLink. */ public long getComputeCount(Set<String> endpointLinks, String tenantLink) { Query.Builder query = Query.Builder.create() .addCollectionItemClause(ResourceState.FIELD_NAME_TENANT_LINKS, tenantLink); for (String endpointLink : endpointLinks) { query.addCollectionItemClause(ResourceState.FIELD_NAME_ENDPOINT_LINKS, endpointLink); } QueryTask queryTask = QueryTask.Builder.createDirectTask() .setQuery(query.build()) .addOption(QueryOption.COUNT) .build(); Operation postQuery = Operation .createPost(UriUtils.buildUri(this.host, ServiceUriPaths.CORE_LOCAL_QUERY_TASKS)) .setBody(queryTask) .setReferer(this.host.getUri()); Operation queryResponse = this.host.waitForResponse(postQuery); if (queryResponse.getStatusCode() != 200) { return -1; } QueryTask response = queryResponse.getBody(QueryTask.class); return response.results.documentCount; }
/** * Generates a ComputeState query based on the tag links defined in the elastic placement zone * and the configuration of the underlying resource pool. * * The query includes computes matched by tags and computes explicitly assigned to the RP: * is of type ComputeState AND * (compute RP * ? (match endpoint AND compute type in VM_HOST, ZONE) * : (compute type is VM_GUEST)) AND * (match-tags OR explicitly-assigned) AND * tenant links matches RP tenant links */ private static Query generateRpQuery(ElasticPlacementZoneState epz, ResourcePoolState rp) { Query.Builder tagQueryBuilder = Query.Builder.create(); for (String tagLink : epz.tagLinksToMatch) { // all tagLinksToMatch must be set on the compute tagQueryBuilder.addCollectionItemClause(ResourceState.FIELD_NAME_TAG_LINKS, tagLink); } Query kindClause = Query.Builder.create().addKindFieldClause(ComputeState.class).build(); Query assignmentClause = Query.Builder.create() .addClause(tagQueryBuilder.build().setOccurance(Occurance.SHOULD_OCCUR)) .addFieldClause(ComputeState.FIELD_NAME_RESOURCE_POOL_LINK, epz.resourcePoolLink, Occurance.SHOULD_OCCUR) .build(); Query tenantClause = QueryUtil.addTenantClause(rp.tenantLinks); Query epzQuery = Query.Builder.create() .addClauses(kindClause, assignmentClause, tenantClause) .build(); return epzQuery; }
/** * Query count of computes with all given endpointLinks in a set and tenantLink. */ public long getComputeCount(String endpointLink, String tenantLink) { Query.Builder query = Query.Builder.create() .addFieldClause(ResourceState.FIELD_NAME_ENDPOINT_LINK, endpointLink) .addCollectionItemClause(ResourceState.FIELD_NAME_TENANT_LINKS, tenantLink); QueryTask queryTask = QueryTask.Builder.createDirectTask() .setQuery(query.build()) .addOption(QueryOption.COUNT) .build(); Operation postQuery = Operation .createPost(UriUtils.buildUri(this.host, ServiceUriPaths.CORE_LOCAL_QUERY_TASKS)) .setBody(queryTask) .setReferer(this.host.getUri()); Operation queryResponse = this.host.waitForResponse(postQuery); if (queryResponse.getStatusCode() != 200) { return -1; } QueryTask response = queryResponse.getBody(QueryTask.class); return response.results.documentCount; }