|  | // Licensed to the Apache Software Foundation (ASF) under one | 
|  | // or more contributor license agreements.  See the NOTICE file | 
|  | // distributed with this work for additional information | 
|  | // regarding copyright ownership.  The ASF licenses this file | 
|  | // to you under the Apache License, Version 2.0 (the | 
|  | // "License"); you may not use this file except in compliance | 
|  | // with the License.  You may obtain a copy of the License at | 
|  | // | 
|  | //   http://www.apache.org/licenses/LICENSE-2.0 | 
|  | // | 
|  | // Unless required by applicable law or agreed to in writing, | 
|  | // software distributed under the License is distributed on an | 
|  | // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | 
|  | // KIND, either express or implied.  See the License for the | 
|  | // specific language governing permissions and limitations | 
|  | // under the License. | 
|  | package com.cloud.user; | 
|  |  | 
|  | import java.util.ArrayList; | 
|  | import java.util.HashSet; | 
|  | import java.util.List; | 
|  | import java.util.Set; | 
|  | import java.util.UUID; | 
|  |  | 
|  | import javax.inject.Inject; | 
|  |  | 
|  | import com.cloud.api.query.dao.NetworkOfferingJoinDao; | 
|  | import com.cloud.api.query.dao.VpcOfferingJoinDao; | 
|  | import com.cloud.api.query.vo.NetworkOfferingJoinVO; | 
|  | import com.cloud.api.query.vo.VpcOfferingJoinVO; | 
|  | import com.cloud.domain.dao.DomainDetailsDao; | 
|  | import com.cloud.network.vpc.dao.VpcOfferingDao; | 
|  | import com.cloud.network.vpc.dao.VpcOfferingDetailsDao; | 
|  | import com.cloud.offerings.dao.NetworkOfferingDao; | 
|  | import com.cloud.offerings.dao.NetworkOfferingDetailsDao; | 
|  | import org.apache.cloudstack.annotation.AnnotationService; | 
|  | import org.apache.cloudstack.annotation.dao.AnnotationDao; | 
|  | import org.apache.cloudstack.api.ApiConstants; | 
|  | import org.apache.cloudstack.api.command.admin.domain.ListDomainChildrenCmd; | 
|  | import org.apache.cloudstack.api.command.admin.domain.ListDomainsCmd; | 
|  | import org.apache.cloudstack.api.command.admin.domain.UpdateDomainCmd; | 
|  | import org.apache.cloudstack.context.CallContext; | 
|  | import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService; | 
|  | import org.apache.cloudstack.framework.messagebus.MessageBus; | 
|  | import org.apache.cloudstack.framework.messagebus.PublishScope; | 
|  | import org.apache.cloudstack.region.RegionManager; | 
|  | import org.apache.cloudstack.resourcedetail.dao.DiskOfferingDetailsDao; | 
|  | import org.apache.commons.collections.CollectionUtils; | 
|  | import org.apache.commons.lang.BooleanUtils; | 
|  | import org.apache.log4j.Logger; | 
|  | import org.springframework.stereotype.Component; | 
|  |  | 
|  | import com.cloud.api.query.dao.DiskOfferingJoinDao; | 
|  | import com.cloud.api.query.dao.ServiceOfferingJoinDao; | 
|  | import com.cloud.api.query.vo.DiskOfferingJoinVO; | 
|  | import com.cloud.api.query.vo.ServiceOfferingJoinVO; | 
|  | import com.cloud.configuration.ConfigurationManager; | 
|  | import com.cloud.configuration.Resource.ResourceOwnerType; | 
|  | import com.cloud.configuration.ResourceLimit; | 
|  | import com.cloud.configuration.dao.ResourceCountDao; | 
|  | import com.cloud.configuration.dao.ResourceLimitDao; | 
|  | import com.cloud.dc.DedicatedResourceVO; | 
|  | import com.cloud.dc.dao.DedicatedResourceDao; | 
|  | import com.cloud.domain.Domain; | 
|  | import com.cloud.domain.DomainVO; | 
|  | import com.cloud.domain.dao.DomainDao; | 
|  | import com.cloud.event.ActionEvent; | 
|  | import com.cloud.event.EventTypes; | 
|  | import com.cloud.exception.ConcurrentOperationException; | 
|  | import com.cloud.exception.InvalidParameterValueException; | 
|  | import com.cloud.exception.PermissionDeniedException; | 
|  | import com.cloud.exception.ResourceUnavailableException; | 
|  | import com.cloud.network.dao.NetworkDomainDao; | 
|  | import com.cloud.projects.ProjectManager; | 
|  | import com.cloud.projects.ProjectVO; | 
|  | import com.cloud.projects.dao.ProjectDao; | 
|  | import com.cloud.service.dao.ServiceOfferingDao; | 
|  | import com.cloud.service.dao.ServiceOfferingDetailsDao; | 
|  | import com.cloud.storage.dao.DiskOfferingDao; | 
|  | import com.cloud.user.dao.AccountDao; | 
|  | import com.cloud.utils.Pair; | 
|  | import com.cloud.utils.component.ManagerBase; | 
|  | import com.cloud.utils.db.DB; | 
|  | import com.cloud.utils.db.Filter; | 
|  | import com.cloud.utils.db.GlobalLock; | 
|  | import com.cloud.utils.db.SearchBuilder; | 
|  | import com.cloud.utils.db.SearchCriteria; | 
|  | import com.cloud.utils.db.Transaction; | 
|  | import com.cloud.utils.db.TransactionCallback; | 
|  | import com.cloud.utils.db.TransactionCallbackNoReturn; | 
|  | import com.cloud.utils.db.TransactionStatus; | 
|  | import com.cloud.utils.exception.CloudRuntimeException; | 
|  | import com.cloud.utils.net.NetUtils; | 
|  | import com.cloud.vm.ReservationContext; | 
|  | import com.cloud.vm.ReservationContextImpl; | 
|  | import org.apache.commons.lang3.StringUtils; | 
|  |  | 
|  | @Component | 
|  | public class DomainManagerImpl extends ManagerBase implements DomainManager, DomainService { | 
|  | public static final Logger s_logger = Logger.getLogger(DomainManagerImpl.class); | 
|  |  | 
|  | @Inject | 
|  | private DomainDao _domainDao; | 
|  | @Inject | 
|  | private AccountManager _accountMgr; | 
|  | @Inject | 
|  | private ResourceCountDao _resourceCountDao; | 
|  | @Inject | 
|  | private AccountDao _accountDao; | 
|  | @Inject | 
|  | private DiskOfferingJoinDao diskOfferingJoinDao; | 
|  | @Inject | 
|  | private DiskOfferingDao diskOfferingDao; | 
|  | @Inject | 
|  | private DiskOfferingDetailsDao diskOfferingDetailsDao; | 
|  | @Inject | 
|  | private NetworkOfferingDao networkOfferingDao; | 
|  | @Inject | 
|  | private NetworkOfferingJoinDao networkOfferingJoinDao; | 
|  | @Inject | 
|  | private NetworkOfferingDetailsDao networkOfferingDetailsDao; | 
|  | @Inject | 
|  | private ServiceOfferingJoinDao serviceOfferingJoinDao; | 
|  | @Inject | 
|  | private ServiceOfferingDao serviceOfferingDao; | 
|  | @Inject | 
|  | private ServiceOfferingDetailsDao serviceOfferingDetailsDao; | 
|  | @Inject | 
|  | private VpcOfferingDao vpcOfferingDao; | 
|  | @Inject | 
|  | private VpcOfferingJoinDao vpcOfferingJoinDao; | 
|  | @Inject | 
|  | private VpcOfferingDetailsDao vpcOfferingDetailsDao; | 
|  | @Inject | 
|  | private ProjectDao _projectDao; | 
|  | @Inject | 
|  | private ProjectManager _projectMgr; | 
|  | @Inject | 
|  | private RegionManager _regionMgr; | 
|  | @Inject | 
|  | private ResourceLimitDao _resourceLimitDao; | 
|  | @Inject | 
|  | private DedicatedResourceDao _dedicatedDao; | 
|  | @Inject | 
|  | private NetworkOrchestrationService _networkMgr; | 
|  | @Inject | 
|  | private NetworkDomainDao _networkDomainDao; | 
|  | @Inject | 
|  | private ConfigurationManager _configMgr; | 
|  | @Inject | 
|  | private DomainDetailsDao _domainDetailsDao; | 
|  | @Inject | 
|  | private AnnotationDao annotationDao; | 
|  |  | 
|  | @Inject | 
|  | MessageBus _messageBus; | 
|  |  | 
|  | protected GlobalLock getGlobalLock(String name) { | 
|  | return GlobalLock.getInternLock(name); | 
|  | } | 
|  |  | 
|  | protected Account getCaller() { | 
|  | return CallContext.current().getCallingAccount(); | 
|  | } | 
|  |  | 
|  | @Override | 
|  | public Domain getDomain(long domainId) { | 
|  | return _domainDao.findById(domainId); | 
|  | } | 
|  |  | 
|  | @Override | 
|  | public Domain getDomain(String domainUuid) { | 
|  | return _domainDao.findByUuid(domainUuid); | 
|  | } | 
|  |  | 
|  | @Override | 
|  | public Domain getDomainByName(String name, long parentId) { | 
|  | SearchCriteria<DomainVO> sc = _domainDao.createSearchCriteria(); | 
|  | sc.addAnd("name", SearchCriteria.Op.EQ, name); | 
|  | sc.addAnd("parent", SearchCriteria.Op.EQ, parentId); | 
|  | Domain domain = _domainDao.findOneBy(sc); | 
|  | return domain; | 
|  | } | 
|  |  | 
|  | @Override | 
|  | public Set<Long> getDomainChildrenIds(String parentDomainPath) { | 
|  | Set<Long> childDomains = new HashSet<Long>(); | 
|  | SearchCriteria<DomainVO> sc = _domainDao.createSearchCriteria(); | 
|  | sc.addAnd("path", SearchCriteria.Op.LIKE, parentDomainPath + "%"); | 
|  |  | 
|  | List<DomainVO> domains = _domainDao.search(sc, null); | 
|  |  | 
|  | for (DomainVO domain : domains) { | 
|  | childDomains.add(domain.getId()); | 
|  | } | 
|  |  | 
|  | return childDomains; | 
|  | } | 
|  |  | 
|  | @Override | 
|  | public boolean isChildDomain(Long parentId, Long childId) { | 
|  | return _domainDao.isChildDomain(parentId, childId); | 
|  | } | 
|  |  | 
|  | @Override | 
|  | @ActionEvent(eventType = EventTypes.EVENT_DOMAIN_CREATE, eventDescription = "creating Domain") | 
|  | public Domain createDomain(String name, Long parentId, String networkDomain, String domainUUID) { | 
|  | Account caller = getCaller(); | 
|  |  | 
|  | if (parentId == null) { | 
|  | parentId = Long.valueOf(Domain.ROOT_DOMAIN); | 
|  | } | 
|  |  | 
|  | DomainVO parentDomain = _domainDao.findById(parentId); | 
|  | if (parentDomain == null) { | 
|  | throw new InvalidParameterValueException("Unable to create domain " + name + ", parent domain " + parentId + " not found."); | 
|  | } | 
|  |  | 
|  | if (parentDomain.getState().equals(Domain.State.Inactive)) { | 
|  | throw new CloudRuntimeException("The domain cannot be created as the parent domain " + parentDomain.getName() + " is being deleted"); | 
|  | } | 
|  |  | 
|  | _accountMgr.checkAccess(caller, parentDomain); | 
|  |  | 
|  | return createDomain(name, parentId, caller.getId(), networkDomain, domainUUID); | 
|  |  | 
|  | } | 
|  |  | 
|  | @Override | 
|  | @DB | 
|  | public Domain createDomain(final String name, final Long parentId, final Long ownerId, final String networkDomain, String domainUuid) { | 
|  | validateDomainNameAndNetworkDomain(name, parentId, networkDomain); | 
|  |  | 
|  | DomainVO domainVO = createDomainVo(name, parentId, ownerId, networkDomain, domainUuid); | 
|  |  | 
|  | DomainVO domain = Transaction.execute(new TransactionCallback<DomainVO>() { | 
|  | @Override | 
|  | public DomainVO doInTransaction(TransactionStatus status) { | 
|  | DomainVO domain = _domainDao.create(domainVO); | 
|  | _resourceCountDao.createResourceCounts(domain.getId(), ResourceLimit.ResourceOwnerType.Domain); | 
|  |  | 
|  | CallContext.current().putContextParameter(Domain.class, domain.getUuid()); | 
|  | return domain; | 
|  | } | 
|  | }); | 
|  | if (domain != null) { | 
|  | _messageBus.publish(_name, MESSAGE_ADD_DOMAIN_EVENT, PublishScope.LOCAL, domain.getId()); | 
|  | _messageBus.publish(_name, MESSAGE_CREATE_TUNGSTEN_DOMAIN_EVENT, PublishScope.LOCAL, domain); | 
|  | } | 
|  | return domain; | 
|  | } | 
|  |  | 
|  | protected DomainVO createDomainVo(String name, Long parentId, Long ownerId, String networkDomain, String domainUuid) { | 
|  | if (StringUtils.isBlank(domainUuid)) { | 
|  | domainUuid = UUID.randomUUID().toString(); | 
|  | s_logger.info(String.format("Domain UUID [%s] generated for domain name [%s].", domainUuid, name)); | 
|  | } | 
|  |  | 
|  | DomainVO domainVO = new DomainVO(name, ownerId, parentId, networkDomain, domainUuid); | 
|  | return domainVO; | 
|  | } | 
|  |  | 
|  | protected void validateDomainNameAndNetworkDomain(String name, Long parentId, String networkDomain) { | 
|  | validateNetworkDomain(networkDomain); | 
|  | validateUniqueDomainName(name, parentId); | 
|  | } | 
|  |  | 
|  | protected void validateUniqueDomainName(String name, Long parentId) { | 
|  | SearchCriteria<DomainVO> sc = _domainDao.createSearchCriteria(); | 
|  | sc.addAnd("name", SearchCriteria.Op.EQ, name); | 
|  | sc.addAnd("parent", SearchCriteria.Op.EQ, parentId); | 
|  | List<DomainVO> domains = _domainDao.search(sc, null); | 
|  |  | 
|  | if (!domains.isEmpty()) { | 
|  | throw new InvalidParameterValueException("Domain with name " + name + " already exists for the parent id=" + parentId); | 
|  | } | 
|  | } | 
|  |  | 
|  | protected void validateNetworkDomain(String networkDomain) { | 
|  | if (networkDomain != null && !NetUtils.verifyDomainName(networkDomain)) { | 
|  | throw new InvalidParameterValueException( | 
|  | "Invalid network domain. Total length should not exceed 190 chars. Each domain label must be between 1 and 63 characters long." + | 
|  | " It can contain ASCII letters 'a' through 'z', the digits '0' through '9', and the hyphen ('-'); it cannot start or end with \"-\"." | 
|  | ); | 
|  | } | 
|  | } | 
|  |  | 
|  | @Override | 
|  | public DomainVO findDomainByPath(String domainPath) { | 
|  | return _domainDao.findDomainByPath(domainPath); | 
|  | } | 
|  |  | 
|  | @Override | 
|  | public Domain findDomainByIdOrPath(final Long id, final String domainPath) { | 
|  | Long domainId = id; | 
|  | if (domainId == null || domainId < 1L) { | 
|  | if (StringUtils.isBlank(domainPath)) { | 
|  | domainId = Domain.ROOT_DOMAIN; | 
|  | } else { | 
|  | final Domain domainVO = findDomainByPath(domainPath.trim()); | 
|  | if (domainVO != null) { | 
|  | return domainVO; | 
|  | } | 
|  | } | 
|  | } | 
|  | if (domainId != null && domainId > 0L) { | 
|  | return _domainDao.findById(domainId); | 
|  | } | 
|  | return null; | 
|  | } | 
|  |  | 
|  | @Override | 
|  | public Set<Long> getDomainParentIds(long domainId) { | 
|  | return _domainDao.getDomainParentIds(domainId); | 
|  | } | 
|  |  | 
|  | @Override | 
|  | public boolean removeDomain(long domainId) { | 
|  | return _domainDao.remove(domainId); | 
|  | } | 
|  |  | 
|  | @Override | 
|  | public List<? extends Domain> findInactiveDomains() { | 
|  | return _domainDao.findInactiveDomains(); | 
|  | } | 
|  |  | 
|  | @Override | 
|  | @ActionEvent(eventType = EventTypes.EVENT_DOMAIN_DELETE, eventDescription = "deleting Domain", async = true) | 
|  | public boolean deleteDomain(long domainId, Boolean cleanup) { | 
|  | Account caller = getCaller(); | 
|  |  | 
|  | DomainVO domain = _domainDao.findById(domainId); | 
|  |  | 
|  | if (domain == null) { | 
|  | throw new InvalidParameterValueException("Failed to delete domain " + domainId + ", domain not found"); | 
|  | } else if (domainId == Domain.ROOT_DOMAIN) { | 
|  | throw new PermissionDeniedException("Can't delete ROOT domain"); | 
|  | } | 
|  |  | 
|  | _accountMgr.checkAccess(caller, domain); | 
|  |  | 
|  | return deleteDomain(domain, cleanup); | 
|  | } | 
|  |  | 
|  | @Override | 
|  | public boolean deleteDomain(DomainVO domain, Boolean cleanup) { | 
|  | GlobalLock lock = getGlobalLock(); | 
|  | if (lock == null) return false; | 
|  |  | 
|  | try { | 
|  | // mark domain as inactive | 
|  | s_logger.debug("Marking domain id=" + domain.getId() + " as " + Domain.State.Inactive + " before actually deleting it"); | 
|  | domain.setState(Domain.State.Inactive); | 
|  | _domainDao.update(domain.getId(), domain); | 
|  |  | 
|  | return cleanDomain(domain, cleanup); | 
|  | } | 
|  | finally { | 
|  | lock.unlock(); | 
|  | } | 
|  | } | 
|  |  | 
|  | private GlobalLock getGlobalLock() { | 
|  | GlobalLock lock = getGlobalLock("DomainCleanup"); | 
|  | if (lock == null) { | 
|  | s_logger.debug("Couldn't get the global lock"); | 
|  | return null; | 
|  | } | 
|  |  | 
|  | if (!lock.lock(30)) { | 
|  | s_logger.debug("Couldn't lock the db"); | 
|  | return null; | 
|  | } | 
|  | return lock; | 
|  | } | 
|  |  | 
|  | private boolean cleanDomain(DomainVO domain, Boolean cleanup) { | 
|  | try { | 
|  | long ownerId = domain.getAccountId(); | 
|  | if (BooleanUtils.toBoolean(cleanup)) { | 
|  | tryCleanupDomain(domain, ownerId); | 
|  | } else { | 
|  | removeDomainWithNoAccountsForCleanupNetworksOrDedicatedResources(domain); | 
|  | } | 
|  |  | 
|  | if (!_configMgr.releaseDomainSpecificVirtualRanges(domain.getId())) { | 
|  | CloudRuntimeException e = new CloudRuntimeException("Can't delete the domain yet because failed to release domain specific virtual ip ranges"); | 
|  | e.addProxyObject(domain.getUuid(), "domainId"); | 
|  | throw e; | 
|  | } else { | 
|  | s_logger.debug("Domain specific Virtual IP ranges " + " are successfully released as a part of domain id=" + domain.getId() + " cleanup."); | 
|  | } | 
|  |  | 
|  | cleanupDomainDetails(domain.getId()); | 
|  | cleanupDomainOfferings(domain.getId()); | 
|  | annotationDao.removeByEntityType(AnnotationService.EntityType.DOMAIN.name(), domain.getUuid()); | 
|  | CallContext.current().putContextParameter(Domain.class, domain.getUuid()); | 
|  | return true; | 
|  | } catch (Exception ex) { | 
|  | s_logger.error("Exception deleting domain with id " + domain.getId(), ex); | 
|  | if (ex instanceof CloudRuntimeException) { | 
|  | rollbackDomainState(domain); | 
|  | throw (CloudRuntimeException)ex; | 
|  | } | 
|  | else | 
|  | return false; | 
|  | } | 
|  | } | 
|  |  | 
|  | /** | 
|  | * Roll back domain state to Active | 
|  | * @param domain domain | 
|  | */ | 
|  | protected void rollbackDomainState(DomainVO domain) { | 
|  | s_logger.debug("Changing domain id=" + domain.getId() + " state back to " + Domain.State.Active + | 
|  | " because it can't be removed due to resources referencing to it"); | 
|  | domain.setState(Domain.State.Active); | 
|  | _domainDao.update(domain.getId(), domain); | 
|  | } | 
|  |  | 
|  | /** | 
|  | * Try cleaning up domain. If it couldn't throws CloudRuntimeException | 
|  | * @param domain domain | 
|  | * @param ownerId owner id | 
|  | * @throws ConcurrentOperationException | 
|  | * @throws ResourceUnavailableException | 
|  | * @throws CloudRuntimeException when cleanupDomain | 
|  | */ | 
|  | protected void tryCleanupDomain(DomainVO domain, long ownerId) throws ConcurrentOperationException, ResourceUnavailableException, CloudRuntimeException { | 
|  | if (!cleanupDomain(domain.getId(), ownerId)) { | 
|  | CloudRuntimeException e = | 
|  | new CloudRuntimeException("Failed to clean up domain resources and sub domains, delete failed on domain " + domain.getName() + " (id: " + | 
|  | domain.getId() + ")."); | 
|  | e.addProxyObject(domain.getUuid(), "domainId"); | 
|  | throw e; | 
|  | } | 
|  | } | 
|  |  | 
|  | /** | 
|  | * First check domain resources before removing domain. There are 2 cases: | 
|  | * <ol> | 
|  | * <li>Domain doesn't have accounts for cleanup, non-removed networks, or dedicated resources</li> | 
|  | * <ul><li>Delete domain</li></ul> | 
|  | * <li>Domain has one of the following: accounts set for cleanup, non-removed networks, dedicated resources</li> | 
|  | * <ul><li>Dont' delete domain</li><li>Fail operation</li></ul> | 
|  | * </ol> | 
|  | * @param domain domain to remove | 
|  | * @throws CloudRuntimeException when case 2 or when domain cannot be deleted on case 1 | 
|  | */ | 
|  | protected void removeDomainWithNoAccountsForCleanupNetworksOrDedicatedResources(DomainVO domain) { | 
|  | boolean hasDedicatedResources = false; | 
|  | List<Long> networkIds = _networkDomainDao.listNetworkIdsByDomain(domain.getId()); | 
|  | List<AccountVO> accountsForCleanup = _accountDao.findCleanupsForRemovedAccounts(domain.getId()); | 
|  | List<DedicatedResourceVO> dedicatedResources = _dedicatedDao.listByDomainId(domain.getId()); | 
|  | if (CollectionUtils.isNotEmpty(dedicatedResources)) { | 
|  | s_logger.error("There are dedicated resources for the domain " + domain.getId()); | 
|  | hasDedicatedResources = true; | 
|  | } | 
|  | if (accountsForCleanup.isEmpty() && networkIds.isEmpty() && !hasDedicatedResources) { | 
|  | publishRemoveEventsAndRemoveDomain(domain); | 
|  | } else { | 
|  | failRemoveOperation(domain, accountsForCleanup, networkIds, hasDedicatedResources); | 
|  | } | 
|  | } | 
|  |  | 
|  | /** | 
|  | * Fail domain remove operation including proper message | 
|  | * @param domain domain | 
|  | * @param accountsForCleanup domain accounts for cleanup | 
|  | * @param networkIds domain network ids | 
|  | * @param hasDedicatedResources indicates if domain has dedicated resources | 
|  | * @throws CloudRuntimeException including descriptive message indicating the reason for failure | 
|  | */ | 
|  | protected void failRemoveOperation(DomainVO domain, List<AccountVO> accountsForCleanup, List<Long> networkIds, boolean hasDedicatedResources) { | 
|  | String msg = null; | 
|  | if (!accountsForCleanup.isEmpty()) { | 
|  | msg = accountsForCleanup.size() + " accounts to cleanup"; | 
|  | } else if (!networkIds.isEmpty()) { | 
|  | msg = networkIds.size() + " non-removed networks"; | 
|  | } else if (hasDedicatedResources) { | 
|  | msg = "dedicated resources."; | 
|  | } | 
|  |  | 
|  | CloudRuntimeException e = new CloudRuntimeException("Can't delete the domain yet because it has " + msg); | 
|  | e.addProxyObject(domain.getUuid(), "domainId"); | 
|  | throw e; | 
|  | } | 
|  |  | 
|  | /** | 
|  | * Publish pre-remove and remove domain events and remove domain | 
|  | * @param domain domain to remove | 
|  | * @throws CloudRuntimeException when domain cannot be removed | 
|  | */ | 
|  | protected void publishRemoveEventsAndRemoveDomain(DomainVO domain) { | 
|  | _messageBus.publish(_name, MESSAGE_PRE_REMOVE_DOMAIN_EVENT, PublishScope.LOCAL, domain); | 
|  | if (!_domainDao.remove(domain.getId())) { | 
|  | CloudRuntimeException e = | 
|  | new CloudRuntimeException("Delete failed on domain " + domain.getName() + " (id: " + domain.getId() + | 
|  | "); Please make sure all users and sub domains have been removed from the domain before deleting"); | 
|  | e.addProxyObject(domain.getUuid(), "domainId"); | 
|  | throw e; | 
|  | } | 
|  | _messageBus.publish(_name, MESSAGE_REMOVE_DOMAIN_EVENT, PublishScope.LOCAL, domain); | 
|  | } | 
|  |  | 
|  | protected void cleanupDomainDetails(Long domainId) { | 
|  | _domainDetailsDao.deleteDetails(domainId); | 
|  | } | 
|  |  | 
|  | protected void cleanupDomainOfferings(Long domainId) { | 
|  | if (domainId == null) { | 
|  | return; | 
|  | } | 
|  |  | 
|  | String domainIdString = String.valueOf(domainId); | 
|  |  | 
|  | removeDiskOfferings(domainId, domainIdString); | 
|  |  | 
|  | removeServiceOfferings(domainId, domainIdString); | 
|  |  | 
|  | removeNetworkOfferings(domainId, domainIdString); | 
|  |  | 
|  | removeVpcOfferings(domainId, domainIdString); | 
|  | } | 
|  |  | 
|  | private void removeVpcOfferings(Long domainId, String domainIdString) { | 
|  | List<Long> vpcOfferingsDetailsToRemove = new ArrayList<>(); | 
|  | List<VpcOfferingJoinVO> vpcOfferingsForThisDomain = vpcOfferingJoinDao.findByDomainId(domainId); | 
|  | for (VpcOfferingJoinVO vpcOffering : vpcOfferingsForThisDomain) { | 
|  | if (domainIdString.equals(vpcOffering.getDomainId())) { | 
|  | vpcOfferingDao.remove(vpcOffering.getId()); | 
|  | } else { | 
|  | vpcOfferingsDetailsToRemove.add(vpcOffering.getId()); | 
|  | } | 
|  | } | 
|  | for (final Long vpcOfferingId : vpcOfferingsDetailsToRemove) { | 
|  | vpcOfferingDetailsDao.removeDetail(vpcOfferingId, ApiConstants.DOMAIN_ID, domainIdString); | 
|  | } | 
|  | } | 
|  |  | 
|  | private void removeNetworkOfferings(Long domainId, String domainIdString) { | 
|  | List<Long> networkOfferingsDetailsToRemove = new ArrayList<>(); | 
|  | List<NetworkOfferingJoinVO> networkOfferingsForThisDomain = networkOfferingJoinDao.findByDomainId(domainId, false); | 
|  | for (NetworkOfferingJoinVO networkOffering : networkOfferingsForThisDomain) { | 
|  | if (domainIdString.equals(networkOffering.getDomainId())) { | 
|  | networkOfferingDao.remove(networkOffering.getId()); | 
|  | } else { | 
|  | networkOfferingsDetailsToRemove.add(networkOffering.getId()); | 
|  | } | 
|  | } | 
|  | for (final Long networkOfferingId : networkOfferingsDetailsToRemove) { | 
|  | networkOfferingDetailsDao.removeDetail(networkOfferingId, ApiConstants.DOMAIN_ID, domainIdString); | 
|  | } | 
|  | } | 
|  |  | 
|  | private void removeServiceOfferings(Long domainId, String domainIdString) { | 
|  | List<Long> serviceOfferingsDetailsToRemove = new ArrayList<>(); | 
|  | List<ServiceOfferingJoinVO> serviceOfferingsForThisDomain = serviceOfferingJoinDao.findByDomainId(domainId); | 
|  | for (ServiceOfferingJoinVO serviceOffering : serviceOfferingsForThisDomain) { | 
|  | if (domainIdString.equals(serviceOffering.getDomainId())) { | 
|  | serviceOfferingDao.remove(serviceOffering.getId()); | 
|  | } else { | 
|  | serviceOfferingsDetailsToRemove.add(serviceOffering.getId()); | 
|  | } | 
|  | } | 
|  | for (final Long serviceOfferingId : serviceOfferingsDetailsToRemove) { | 
|  | serviceOfferingDetailsDao.removeDetail(serviceOfferingId, ApiConstants.DOMAIN_ID, domainIdString); | 
|  | } | 
|  | } | 
|  |  | 
|  | private void removeDiskOfferings(Long domainId, String domainIdString) { | 
|  | List<Long> diskOfferingsDetailsToRemove = new ArrayList<>(); | 
|  | List<DiskOfferingJoinVO> diskOfferingsForThisDomain = diskOfferingJoinDao.findByDomainId(domainId); | 
|  | for (DiskOfferingJoinVO diskOffering : diskOfferingsForThisDomain) { | 
|  | if (domainIdString.equals(diskOffering.getDomainId())) { | 
|  | diskOfferingDao.remove(diskOffering.getId()); | 
|  | } else { | 
|  | diskOfferingsDetailsToRemove.add(diskOffering.getId()); | 
|  | } | 
|  | } | 
|  | // Remove domain IDs for offerings which may be multi-domain | 
|  | for (final Long diskOfferingId : diskOfferingsDetailsToRemove) { | 
|  | diskOfferingDetailsDao.removeDetail(diskOfferingId, ApiConstants.DOMAIN_ID, domainIdString); | 
|  | } | 
|  | } | 
|  |  | 
|  | protected boolean cleanupDomain(Long domainId, Long ownerId) throws ConcurrentOperationException, ResourceUnavailableException { | 
|  | s_logger.debug("Cleaning up domain id=" + domainId); | 
|  | boolean success = true; | 
|  | DomainVO domainHandle = _domainDao.findById(domainId); | 
|  | { | 
|  | domainHandle.setState(Domain.State.Inactive); | 
|  | _domainDao.update(domainId, domainHandle); | 
|  |  | 
|  | SearchCriteria<DomainVO> sc = _domainDao.createSearchCriteria(); | 
|  | sc.addAnd("parent", SearchCriteria.Op.EQ, domainId); | 
|  | List<DomainVO> domains = _domainDao.search(sc, null); | 
|  |  | 
|  | SearchCriteria<DomainVO> sc1 = _domainDao.createSearchCriteria(); | 
|  | sc1.addAnd("path", SearchCriteria.Op.LIKE, "%" + "replace(" + domainHandle.getPath() + ", '%', '[%]')" + "%"); | 
|  | List<DomainVO> domainsToBeInactivated = _domainDao.search(sc1, null); | 
|  |  | 
|  | // update all subdomains to inactive so no accounts/users can be created | 
|  | for (DomainVO domain : domainsToBeInactivated) { | 
|  | domain.setState(Domain.State.Inactive); | 
|  | _domainDao.update(domain.getId(), domain); | 
|  | } | 
|  |  | 
|  | // cleanup sub-domains first | 
|  | for (DomainVO domain : domains) { | 
|  | success = (success && cleanupDomain(domain.getId(), domain.getAccountId())); | 
|  | if (!success) { | 
|  | s_logger.warn("Failed to cleanup domain id=" + domain.getId()); | 
|  | } | 
|  | } | 
|  | } | 
|  |  | 
|  | // delete users which will also delete accounts and release resources for those accounts | 
|  | SearchCriteria<AccountVO> sc = _accountDao.createSearchCriteria(); | 
|  | sc.addAnd("domainId", SearchCriteria.Op.EQ, domainId); | 
|  | List<AccountVO> accounts = _accountDao.search(sc, null); | 
|  | for (AccountVO account : accounts) { | 
|  | if (account.getType() != Account.Type.PROJECT) { | 
|  | s_logger.debug("Deleting account " + account + " as a part of domain id=" + domainId + " cleanup"); | 
|  | boolean deleteAccount = _accountMgr.deleteAccount(account, CallContext.current().getCallingUserId(), getCaller()); | 
|  | if (!deleteAccount) { | 
|  | s_logger.warn("Failed to cleanup account id=" + account.getId() + " as a part of domain cleanup"); | 
|  | } | 
|  | success = (success && deleteAccount); | 
|  | } else { | 
|  | ProjectVO project = _projectDao.findByProjectAccountId(account.getId()); | 
|  | s_logger.debug("Deleting project " + project + " as a part of domain id=" + domainId + " cleanup"); | 
|  | boolean deleteProject = _projectMgr.deleteProject(getCaller(), CallContext.current().getCallingUserId(), project); | 
|  | if (!deleteProject) { | 
|  | s_logger.warn("Failed to cleanup project " + project + " as a part of domain cleanup"); | 
|  | } | 
|  | success = (success && deleteProject); | 
|  | } | 
|  | } | 
|  |  | 
|  | //delete the domain shared networks | 
|  | boolean networksDeleted = true; | 
|  | s_logger.debug("Deleting networks for domain id=" + domainId); | 
|  | List<Long> networkIds = _networkDomainDao.listNetworkIdsByDomain(domainId); | 
|  | CallContext ctx = CallContext.current(); | 
|  | ReservationContext context = new ReservationContextImpl(null, null, _accountMgr.getActiveUser(ctx.getCallingUserId()), ctx.getCallingAccount()); | 
|  | for (Long networkId : networkIds) { | 
|  | s_logger.debug("Deleting network id=" + networkId + " as a part of domain id=" + domainId + " cleanup"); | 
|  | if (!_networkMgr.destroyNetwork(networkId, context, false)) { | 
|  | s_logger.warn("Unable to destroy network id=" + networkId + " as a part of domain id=" + domainId + " cleanup."); | 
|  | networksDeleted = false; | 
|  | } else { | 
|  | s_logger.debug("Network " + networkId + " successfully deleted as a part of domain id=" + domainId + " cleanup."); | 
|  | } | 
|  | } | 
|  |  | 
|  | //don't proceed if networks failed to cleanup. The cleanup will be performed for inactive domain once again | 
|  | if (!networksDeleted) { | 
|  | s_logger.debug("Failed to delete the shared networks as a part of domain id=" + domainId + " clenaup"); | 
|  | return false; | 
|  | } | 
|  |  | 
|  | // don't remove the domain if there are accounts required cleanup | 
|  | boolean deleteDomainSuccess = true; | 
|  | List<AccountVO> accountsForCleanup = _accountDao.findCleanupsForRemovedAccounts(domainId); | 
|  | if (accountsForCleanup.isEmpty()) { | 
|  | //release dedication if any, before deleting the domain | 
|  | List<DedicatedResourceVO> dedicatedResources = _dedicatedDao.listByDomainId(domainId); | 
|  | if (dedicatedResources != null && !dedicatedResources.isEmpty()) { | 
|  | s_logger.debug("Releasing dedicated resources for domain" + domainId); | 
|  | for (DedicatedResourceVO dr : dedicatedResources) { | 
|  | if (!_dedicatedDao.remove(dr.getId())) { | 
|  | s_logger.warn("Fail to release dedicated resources for domain " + domainId); | 
|  | return false; | 
|  | } | 
|  | } | 
|  | } | 
|  | //delete domain | 
|  | _messageBus.publish(_name, MESSAGE_PRE_REMOVE_DOMAIN_EVENT, PublishScope.LOCAL, domainHandle); | 
|  | deleteDomainSuccess = _domainDao.remove(domainId); | 
|  | _messageBus.publish(_name, MESSAGE_REMOVE_DOMAIN_EVENT, PublishScope.LOCAL, domainHandle); | 
|  |  | 
|  | // Delete resource count and resource limits entries set for this domain (if there are any). | 
|  | _resourceCountDao.removeEntriesByOwner(domainId, ResourceOwnerType.Domain); | 
|  | _resourceLimitDao.removeEntriesByOwner(domainId, ResourceOwnerType.Domain); | 
|  | } else { | 
|  | s_logger.debug("Can't delete the domain yet because it has " + accountsForCleanup.size() + "accounts that need a cleanup"); | 
|  | return false; | 
|  | } | 
|  |  | 
|  | return success && deleteDomainSuccess; | 
|  | } | 
|  |  | 
|  | @Override | 
|  | public Pair<List<? extends Domain>, Integer> searchForDomains(ListDomainsCmd cmd) { | 
|  | Account caller = getCaller(); | 
|  | Long domainId = cmd.getId(); | 
|  | boolean listAll = cmd.listAll(); | 
|  | boolean isRecursive = false; | 
|  |  | 
|  | if (domainId != null) { | 
|  | Domain domain = getDomain(domainId); | 
|  | if (domain == null) { | 
|  | throw new InvalidParameterValueException("Domain id=" + domainId + " doesn't exist"); | 
|  | } | 
|  | _accountMgr.checkAccess(caller, domain); | 
|  | } else { | 
|  | if (!_accountMgr.isRootAdmin(caller.getId())) { | 
|  | domainId = caller.getDomainId(); | 
|  | } | 
|  | if (listAll) { | 
|  | isRecursive = true; | 
|  | } | 
|  | } | 
|  |  | 
|  | Filter searchFilter = new Filter(DomainVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal()); | 
|  | String domainName = cmd.getDomainName(); | 
|  | Integer level = cmd.getLevel(); | 
|  | Object keyword = cmd.getKeyword(); | 
|  |  | 
|  | SearchBuilder<DomainVO> sb = _domainDao.createSearchBuilder(); | 
|  | sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ); | 
|  | sb.and("name", sb.entity().getName(), SearchCriteria.Op.EQ); | 
|  | sb.and("level", sb.entity().getLevel(), SearchCriteria.Op.EQ); | 
|  | sb.and("path", sb.entity().getPath(), SearchCriteria.Op.LIKE); | 
|  | sb.and("state", sb.entity().getState(), SearchCriteria.Op.EQ); | 
|  |  | 
|  | SearchCriteria<DomainVO> sc = sb.create(); | 
|  |  | 
|  | if (keyword != null) { | 
|  | SearchCriteria<DomainVO> ssc = _domainDao.createSearchCriteria(); | 
|  | ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%"); | 
|  | sc.addAnd("name", SearchCriteria.Op.SC, ssc); | 
|  | } | 
|  |  | 
|  | if (domainName != null) { | 
|  | sc.setParameters("name", domainName); | 
|  | } | 
|  |  | 
|  | if (level != null) { | 
|  | sc.setParameters("level", level); | 
|  | } | 
|  |  | 
|  | if (domainId != null) { | 
|  | if (isRecursive) { | 
|  | sc.setParameters("path", getDomain(domainId).getPath() + "%"); | 
|  | } else { | 
|  | sc.setParameters("id", domainId); | 
|  | } | 
|  | } | 
|  |  | 
|  | // return only Active domains to the API | 
|  | sc.setParameters("state", Domain.State.Active); | 
|  |  | 
|  | Pair<List<DomainVO>, Integer> result = _domainDao.searchAndCount(sc, searchFilter); | 
|  | return new Pair<List<? extends Domain>, Integer>(result.first(), result.second()); | 
|  | } | 
|  |  | 
|  | @Override | 
|  | public Pair<List<? extends Domain>, Integer> searchForDomainChildren(ListDomainChildrenCmd cmd) throws PermissionDeniedException { | 
|  | Long domainId = cmd.getId(); | 
|  | String domainName = cmd.getDomainName(); | 
|  | Boolean isRecursive = cmd.isRecursive(); | 
|  | Object keyword = cmd.getKeyword(); | 
|  | boolean listAll = cmd.listAll(); | 
|  | String path = null; | 
|  |  | 
|  | Account caller = getCaller(); | 
|  | if (domainId != null) { | 
|  | _accountMgr.checkAccess(caller, getDomain(domainId)); | 
|  | } else { | 
|  | domainId = caller.getDomainId(); | 
|  | } | 
|  |  | 
|  | DomainVO domain = _domainDao.findById(domainId); | 
|  | if (domain != null && isRecursive && !listAll) { | 
|  | path = domain.getPath(); | 
|  | domainId = null; | 
|  | } | 
|  |  | 
|  | Filter searchFilter = new Filter(DomainVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal()); | 
|  | Pair<List<DomainVO>, Integer> result = searchForDomainChildren(searchFilter, domainId, domainName, keyword, path, true); | 
|  |  | 
|  | return new Pair<List<? extends Domain>, Integer>(result.first(), result.second()); | 
|  | } | 
|  |  | 
|  | private Pair<List<DomainVO>, Integer> searchForDomainChildren(Filter searchFilter, Long domainId, String domainName, Object keyword, String path, | 
|  | boolean listActiveOnly) { | 
|  | SearchCriteria<DomainVO> sc = _domainDao.createSearchCriteria(); | 
|  |  | 
|  | if (keyword != null) { | 
|  | SearchCriteria<DomainVO> ssc = _domainDao.createSearchCriteria(); | 
|  | ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%"); | 
|  |  | 
|  | sc.addAnd("name", SearchCriteria.Op.SC, ssc); | 
|  | } | 
|  |  | 
|  | if (domainId != null) { | 
|  | sc.addAnd("parent", SearchCriteria.Op.EQ, domainId); | 
|  | } | 
|  |  | 
|  | if (domainName != null) { | 
|  | sc.addAnd("name", SearchCriteria.Op.LIKE, "%" + domainName + "%"); | 
|  | } | 
|  |  | 
|  | if (path != null) { | 
|  | sc.addAnd("path", SearchCriteria.Op.NEQ, path); | 
|  | sc.addAnd("path", SearchCriteria.Op.LIKE, path + "%"); | 
|  | } | 
|  |  | 
|  | if (listActiveOnly) { | 
|  | sc.addAnd("state", SearchCriteria.Op.EQ, Domain.State.Active); | 
|  | } | 
|  |  | 
|  | return _domainDao.searchAndCount(sc, searchFilter); | 
|  | } | 
|  |  | 
|  | @Override | 
|  | @ActionEvent(eventType = EventTypes.EVENT_DOMAIN_UPDATE, eventDescription = "updating Domain") | 
|  | @DB | 
|  | public DomainVO updateDomain(UpdateDomainCmd cmd) { | 
|  | final Long domainId = cmd.getId(); | 
|  | final String domainName = cmd.getDomainName(); | 
|  | final String networkDomain = cmd.getNetworkDomain(); | 
|  |  | 
|  | // check if domain exists in the system | 
|  | final DomainVO domain = _domainDao.findById(domainId); | 
|  | if (domain == null) { | 
|  | InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find domain with specified domain id"); | 
|  | ex.addProxyObject(domainId.toString(), "domainId"); | 
|  | throw ex; | 
|  | } else if (domain.getParent() == null && domainName != null) { | 
|  | // check if domain is ROOT domain - and deny to edit it with the new name | 
|  | throw new InvalidParameterValueException("ROOT domain can not be edited with a new name"); | 
|  | } | 
|  |  | 
|  | // check permissions | 
|  | Account caller = getCaller(); | 
|  | _accountMgr.checkAccess(caller, domain); | 
|  |  | 
|  | // domain name is unique in the cloud | 
|  | if (domainName != null) { | 
|  | SearchCriteria<DomainVO> sc = _domainDao.createSearchCriteria(); | 
|  | sc.addAnd("name", SearchCriteria.Op.EQ, domainName); | 
|  | sc.addAnd("parent", SearchCriteria.Op.EQ, domain.getParent()); | 
|  | List<DomainVO> domains = _domainDao.search(sc, null); | 
|  |  | 
|  | boolean sameDomain = (domains.size() == 1 && domains.get(0).getId() == domainId); | 
|  |  | 
|  | if (!domains.isEmpty() && !sameDomain) { | 
|  | InvalidParameterValueException ex = | 
|  | new InvalidParameterValueException("Failed to update specified domain id with name '" + domainName + "' since it already exists in the system"); | 
|  | ex.addProxyObject(domain.getUuid(), "domainId"); | 
|  | throw ex; | 
|  | } | 
|  | } | 
|  |  | 
|  | // validate network domain | 
|  | if (networkDomain != null && !networkDomain.isEmpty()) { | 
|  | if (!NetUtils.verifyDomainName(networkDomain)) { | 
|  | throw new InvalidParameterValueException( | 
|  | "Invalid network domain. Total length shouldn't exceed 190 chars. Each domain label must be between 1 and 63 characters long, can contain ASCII letters 'a' through 'z', the digits '0' through '9', " | 
|  | + "and the hyphen ('-'); can't start or end with \"-\""); | 
|  | } | 
|  | } | 
|  |  | 
|  | Transaction.execute(new TransactionCallbackNoReturn() { | 
|  | @Override | 
|  | public void doInTransactionWithoutResult(TransactionStatus status) { | 
|  | if (domainName != null) { | 
|  | String updatedDomainPath = getUpdatedDomainPath(domain.getPath(), domainName); | 
|  | updateDomainChildren(domain, updatedDomainPath); | 
|  | domain.setName(domainName); | 
|  | domain.setPath(updatedDomainPath); | 
|  | } | 
|  |  | 
|  | if (networkDomain != null) { | 
|  | if (networkDomain.isEmpty()) { | 
|  | domain.setNetworkDomain(null); | 
|  | } else { | 
|  | domain.setNetworkDomain(networkDomain); | 
|  | } | 
|  | } | 
|  | _domainDao.update(domainId, domain); | 
|  | CallContext.current().putContextParameter(Domain.class, domain.getUuid()); | 
|  | } | 
|  | }); | 
|  |  | 
|  | return _domainDao.findById(domainId); | 
|  |  | 
|  | } | 
|  |  | 
|  | private String getUpdatedDomainPath(String oldPath, String newName) { | 
|  | String[] tokenizedPath = oldPath.split("/"); | 
|  | tokenizedPath[tokenizedPath.length - 1] = newName; | 
|  | StringBuilder finalPath = new StringBuilder(); | 
|  | for (String token : tokenizedPath) { | 
|  | finalPath.append(token); | 
|  | finalPath.append("/"); | 
|  | } | 
|  | return finalPath.toString(); | 
|  | } | 
|  |  | 
|  | private void updateDomainChildren(DomainVO domain, String updatedDomainPrefix) { | 
|  | List<DomainVO> domainChildren = _domainDao.findAllChildren(domain.getPath(), domain.getId()); | 
|  | // for each child, update the path | 
|  | for (DomainVO dom : domainChildren) { | 
|  | dom.setPath(dom.getPath().replaceFirst(domain.getPath(), updatedDomainPrefix)); | 
|  | _domainDao.update(dom.getId(), dom); | 
|  | } | 
|  | } | 
|  |  | 
|  | } |