public boolean shouldCreateCredentials(Account account, ProcessState state) { return ACCOUNT_KIND_CREDENTIALS.get().contains(account.getKind()); }
public ArchaiusPolicyOptions getOptions(Account account) { return getOptions(account.getKind()); }
@Override public HandlerResult handle(ProcessState state, ProcessInstance process) { Account account = (Account)state.getResource(); // For agent accounts do purge logic in remove. if (AccountConstants.AGENT_KIND.equals(account.getKind()) || AccountConstants.REGISTERED_AGENT_KIND.equals(account.getKind())) { accountPurge.handle(state, process); } processAccountLinks(account); return null; }
@Override public Object update(String type, String id, ApiRequest request, ResourceManager next) { long accountId = Long.valueOf(id); Account anAdminAccount = accountDao.getAdminAccountExclude(accountId); if (anAdminAccount == null) { Account accountToEdit = accountDao.getAccountById(accountId); Map<String, Object> requestObject = CollectionUtils.toMap(request.getRequestObject()); boolean hasAdmin = requestObject.containsKey("kind"); if (AccountConstants.ADMIN_KIND.equalsIgnoreCase(accountToEdit.getKind()) && hasAdmin && !AccountConstants.ADMIN_KIND.equalsIgnoreCase(String.valueOf(requestObject.get("kind")))) { throw new ClientVisibleException(ResponseCodes.METHOD_NOT_ALLOWED, AccountConstants.LAST_ADMIN_ACCOUNT, "Cannot change the last admin account to not be admin.", AccountConstants.ADMIN_REQUIRED_MESSAGE); } } return super.update(type, id, request, next); }
@Override public HandlerResult handle(ProcessState state, ProcessInstance process) { HandlerResult result = new HandlerResult(AccountConstants.FIELD_VERSION, AccountConstants.ACCOUNT_VERSION.get()); Account env = (Account) state.getResource(); if (AccountConstants.PROJECT_KIND.equals(env.getKind())) { upgradeServices(env); } return result; }
@Override public String getRole(Account account, Policy policy, Policy authenticatedAsPolicy) { List<? extends ProjectMember> projectMembers; if (account != null && account.getKind().equalsIgnoreCase(ProjectConstants.TYPE)) { return account.getKind(); } else { String role = null; return account.getKind(); } else { return null;
@Override public Object perform(String name, Object obj, ApiRequest request) { if (obj instanceof Account) { Account accountToDeactivate = (Account) obj; if (AccountConstants.ADMIN_KIND.equalsIgnoreCase(accountToDeactivate.getKind())) { Account anAdminAccount = accountDao.getAdminAccountExclude(accountToDeactivate.getId()); if (anAdminAccount == null) { throw new ClientVisibleException(ResponseCodes.METHOD_NOT_ALLOWED, AccountConstants.LAST_ADMIN_ACCOUNT, "Cannot deactivate the last admin account.", AccountConstants.ADMIN_REQUIRED_MESSAGE); } } else if(AccountConstants.PROJECT_KIND.equalsIgnoreCase(accountToDeactivate.getKind())) { accountToDeactivate = accountDao.getAccountById(accountToDeactivate.getId()); if (accountToDeactivate == null) { throw new ClientVisibleException(ResponseCodes.NOT_FOUND); } } objectProcessManager.scheduleStandardProcess(StandardProcess.DEACTIVATE, accountToDeactivate, null); accountToDeactivate = objectManager.reload(accountToDeactivate); return accountToDeactivate; } else { return null; } }
@Override public Token createToken(Set<Identity> identities, Account account, String originalLogin) { Identity user = getUser(identities); if (user == null) { throw new ClientVisibleException(ResponseCodes.UNAUTHORIZED); } account = getOrCreateAccount(user, identities, account); if (account == null){ throw new ClientVisibleException(ResponseCodes.INTERNAL_SERVER_ERROR, "FailedToGetAccount"); } postAuthModification(account); account = authDao.updateAccount(account, user.getName(), account.getKind(), user.getExternalId(), user .getExternalIdType()); Map<String, Object> jsonData = new HashMap<>(); jsonData.put(AbstractTokenUtil.TOKEN, tokenType()); jsonData.put(AbstractTokenUtil.ACCOUNT_ID, user.getExternalId()); jsonData.put(AbstractTokenUtil.ID_LIST, identitiesToIdList(identities)); jsonData.put(AbstractTokenUtil.USER_IDENTITY, user); jsonData.put(AbstractTokenUtil.USER_TYPE, account.getKind()); jsonData.put("originalLogin", originalLogin); String accountId = (String) ApiContext.getContext().getIdFormatter().formatId(objectManager.getType(Account.class), account.getId()); Date expiry = new Date(System.currentTimeMillis() + SecurityConstants.TOKEN_EXPIRY_MILLIS.get()); String jwt = tokenService.generateEncryptedToken(jsonData, expiry); Long authenticatedAsAccountId = account.getId(); return new Token(jwt, accountId, user, new ArrayList<>(identities), account.getKind(), authenticatedAsAccountId); }
@Override public HandlerResult handle(ProcessState state, ProcessInstance process) { Account account = (Account)state.getResource(); if (account.getProjectTemplateId() != null || !AccountConstants.PROJECT_KIND.equals(account.getKind())) { return null; } if (StringUtils.isBlank(DEFAULT_TEMPLATE.get())) { return null; } ProjectTemplate template = objectManager.findAny(ProjectTemplate.class, PROJECT_TEMPLATE.NAME, DEFAULT_TEMPLATE.get(), PROJECT_TEMPLATE.IS_PUBLIC, true, PROJECT_TEMPLATE.REMOVED, null); return new HandlerResult( ACCOUNT.PROJECT_TEMPLATE_ID, template == null ? null : template.getId()); }
@Override public Resource filter(ApiRequest request, Object original, Resource converted) { IdFormatter idFormatter = ApiContext.getContext().getIdFormatter(); Identity identity = null; if (original instanceof Account) { Account account = (Account) original; if (AccountConstants.PROJECT_KIND.equalsIgnoreCase(account.getKind())) { return converted; } if (account.getExternalId() != null && account.getExternalIdType() != null) { identity = new Identity(account.getExternalIdType(), account.getExternalId()); } else { if (!AccountConstants.PROJECT_KIND.equalsIgnoreCase(account.getKind())) { identity = new Identity(ProjectConstants.RANCHER_ID, String.valueOf(account.getId())); } } } if (identity != null) { if (idFormatter != null) { converted.getFields().put("identity", idFormatter.formatId("identity", identity.getId())); } else { converted.getFields().put("identity", identity.getId()); } } return converted; }
containerStats = true; add = true; } else if (original instanceof Account && AccountConstants.PROJECT_KIND.equals(((Account) original).getKind())) { project = true; } else if (original instanceof Service) {
@Override public HandlerResult handle(ProcessState state, ProcessInstance process) { Account env = (Account)state.getResource(); if (!AccountConstants.PROJECT_KIND.equals(env.getKind())) { return null; } String version = env.getVersion(); if (AccountConstants.ACCOUNT_VERSION.get().equals(version)) { return null; } checkDefaultNetwork(env); assignTemplate(env); Network network = getIpSectNetwork(env); networkDao.migrateToNetwork(network); migrateInstances(network); upgradeHosts(env); objectManager.reload(env); return null; }
protected void saveInContext(ApiRequest request, Policy policy, SchemaFactory schemaFactory, Account authorizedAccount) { if (schemaFactory != null) { request.setSchemaFactory(schemaFactory); } String accountId = (String) ApiContext.getContext().getIdFormatter().formatId(objectManager.getType(Account.class), policy.getAccountId()); request.getServletContext().getResponse().addHeader(ACCOUNT_ID_HEADER, accountId); String userId = (String) ApiContext.getContext().getIdFormatter().formatId(objectManager.getType(Account.class), policy.getAuthenticatedAsAccountId()); request.getServletContext().getResponse().addHeader(USER_ID_HEADER, userId); request.getServletContext().getResponse().addHeader(ACCOUNT_KIND_HEADER, authorizedAccount.getKind()); request.getServletContext().getResponse().addHeader(ACCOUNT_NAME_HEADER, authorizedAccount.getName()); ApiContext.getContext().setPolicy(policy); }
@Override public void deleteProjectMemberEntries(Account account) { if (!ProjectConstants.TYPE.equalsIgnoreCase(account.getKind()) && StringUtils.isNotBlank(account.getExternalId()) && StringUtils.isNotBlank(account.getExternalIdType())){ create().delete(PROJECT_MEMBER) .where(PROJECT_MEMBER.EXTERNAL_ID.eq(account.getExternalId()) .and(PROJECT_MEMBER.EXTERNAL_ID_TYPE.eq(account.getExternalIdType()))) .execute(); } create().delete(PROJECT_MEMBER) .where(PROJECT_MEMBER.PROJECT_ID.eq(account.getId())) .execute(); }
@Override public HandlerResult handle(ProcessState state, ProcessInstance process) { Account account = (Account)state.getResource(); if (!KINDS.get().contains(account.getKind())) { return null; } Map<String, Network> networksByKind = getNetworksByUuid(account); createNetwork(NetworkConstants.KIND_DOCKER_HOST, account, networksByKind, "Docker Host Network Mode", null); createNetwork(NetworkConstants.KIND_DOCKER_NONE, account, networksByKind, "Docker None Network Mode", null); createNetwork(NetworkConstants.KIND_DOCKER_CONTAINER, account, networksByKind, "Docker Container Network Mode", null); createNetwork(NetworkConstants.KIND_DOCKER_BRIDGE, account, networksByKind, "Docker Bridge Network Mode", null); ServicesPortRange portRange = DataAccessor.field(account, AccountConstants.FIELD_PORT_RANGE, jsonMapper, ServicesPortRange.class); if (portRange == null) { portRange = AccountConstants.getDefaultServicesPortRange(); } return new HandlerResult(AccountConstants.FIELD_PORT_RANGE, portRange).withShouldContinue(true); }
@SuppressWarnings("unchecked") private Account createProject(String type, ApiRequest apiRequest) { Policy policy = (Policy) ApiContext.getContext().getPolicy(); Map<String, Object> project = CollectionUtils.toMap(apiRequest.getRequestObject()); if (authDao.getAccountById(policy.getAccountId()).getKind().equalsIgnoreCase(ProjectConstants.TYPE)) { throw new ClientVisibleException(ResponseCodes.FORBIDDEN); } Object object = super.createInternal(type, apiRequest); if (object instanceof Account) { Account newProject = (Account) object; newProject.setKind(AccountConstants.PROJECT_KIND); objectManager.persist(newProject); List<Map<String, String>> members = (ArrayList<Map<String, String>>) project.get("members"); projectMemberResourceManager.setMembers(newProject, members, true); policy.grantObjectAccess(newProject); return objectManager.reload(newProject); } else { throw new ClientVisibleException(ResponseCodes.INTERNAL_SERVER_ERROR); } }
@Override public Identity getIdentity(Long id, IdFormatter idFormatter) { Account account = getAccountById(id); if (account == null || account.getKind().equalsIgnoreCase(ProjectConstants.TYPE) || !accountDao.isActiveAccount(account)) { return null; } Credential credential = create() .selectFrom(CREDENTIAL) .where(CREDENTIAL.KIND.equalIgnoreCase(CredentialConstants.KIND_PASSWORD) .and(CREDENTIAL.ACCOUNT_ID.eq(id)) .and(CREDENTIAL.STATE.equalIgnoreCase(CommonStatesConstants.ACTIVE))).fetchAny(); String accountId = idFormatter != null ? (String) idFormatter.formatId(objectManager.getType(Account.class), account.getId()) : String.valueOf(id); return new Identity(ProjectConstants.RANCHER_ID, accountId, account.getName(), null, null, credential == null ? null : credential.getPublicValue(), false); }
log.error("Failed to find a schema for account type [{}]", account.getKind()); if (SecurityConstants.SECURITY.get()) { throwUnauthorized();
private Account giveProjectAccess(Account project, Policy policy) { if (project == null || !ProjectConstants.TYPE.equalsIgnoreCase(project.getKind())) { return null; } if (!authDao.hasAccessToProject(project.getId(), policy.getAccountId(), policy.isOption(Policy.AUTHORIZED_FOR_ALL_ACCOUNTS), policy.getIdentities())) { return null; } boolean isOwner = authDao.isProjectOwner(project.getId(), policy.getAccountId(), policy.isOption(Policy.AUTHORIZED_FOR_ALL_ACCOUNTS), policy .getIdentities()); boolean setMem = authDao.canSetProjectMembers(project.getId(), policy.getAccountId(), policy.isOption(Policy.AUTHORIZED_FOR_ALL_ACCOUNTS), policy .getIdentities()); if (!accountDao.isActiveAccount(project) && !isOwner) { return null; } if (isOwner) { ApiContext.getContext().addCapability(project, ProjectConstants.OWNER); ApiContext.getContext().addCapability(project, ProjectConstants.SET_MEMBERS); } else if (setMem) { ApiContext.getContext().addCapability(project, ProjectConstants.SET_MEMBERS); } else { ApiContext.getContext().setCapabilities(project, new ArrayList<String>()); } policy.grantObjectAccess(project); return project; }
/** * {@inheritDoc} */ @Override public void from(io.cattle.platform.core.model.Account from) { setId(from.getId()); setName(from.getName()); setKind(from.getKind()); setUuid(from.getUuid()); setDescription(from.getDescription()); setState(from.getState()); setCreated(from.getCreated()); setRemoved(from.getRemoved()); setRemoveTime(from.getRemoveTime()); setData(from.getData()); setExternalId(from.getExternalId()); setExternalIdType(from.getExternalIdType()); setHealthState(from.getHealthState()); setProjectTemplateId(from.getProjectTemplateId()); setDefaultNetworkId(from.getDefaultNetworkId()); setVersion(from.getVersion()); setRevision(from.getRevision()); }