Example 1 with Resource
use of cz.metacentrum.perun.core.api.Resource in project perun by CESNET.
the class urn_perun_group_attribute_def_def_unixGID_namespace method checkAttributeValue.
public void checkAttributeValue(PerunSessionImpl sess, Group group, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
try {
String gidNamespace = attribute.getFriendlyNameParameter();
//Special behaviour if gid is null
if (attribute.getValue() == null) {
List<Facility> groupFacilities = new ArrayList<Facility>();
for (Resource r : sess.getPerunBl().getResourcesManagerBl().getAssignedResources(sess, group)) {
groupFacilities.add(sess.getPerunBl().getResourcesManagerBl().getFacility(sess, r));
}
Set<String> namespacesWhereGroupMustHaveGIDifItHaveUnixNameThere = sess.getPerunBl().getModulesUtilsBl().getSetOfGroupNameNamespacesWhereFacilitiesHasTheSameGIDNamespace(sess, groupFacilities, attribute);
for (String namespace : namespacesWhereGroupMustHaveGIDifItHaveUnixNameThere) {
Attribute unixGroupName = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, group, A_G_unixGroupName_namespace + ":" + namespace);
if (unixGroupName.getValue() != null) {
throw new WrongAttributeValueException(attribute, group, "Group is propagated to the facility where it have set unix group name so it must have unix GID too.");
}
}
//Group is not propagated to any facility in this GID namespace or it doesn't have set unix name there so it doesn't need to have unix GID.
return;
}
//Special behaviour if gid is null
Integer attrValue = null;
if (attribute.getValue() == null) {
throw new WrongAttributeValueException(attribute, group, "Unix GID must be set");
} else {
attrValue = (Integer) attribute.getValue();
}
//check if gid is not already depleted
Attribute usedGids = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, gidNamespace, A_E_usedGids);
//null in value means there is no depleted or used gids
if (usedGids.getValue() != null) {
Map<String, String> usedGidsValue = (Map<String, String>) usedGids.getValue();
//Dx, where x is GID means depleted value for GID x
if (usedGidsValue.containsKey("D" + attrValue.toString())) {
throw new WrongReferenceAttributeValueException(attribute, usedGids, group, null, gidNamespace, null, "This GID is already depleted.");
}
}
//Check if gid GID is within allowed range
sess.getPerunBl().getModulesUtilsBl().checkIfGIDIsWithinRange(sess, attribute);
//Prepare lists for all groups and resources with same GID in the same namespace
List<Group> allGroupsWithSameGIDInSameNamespace = new ArrayList<Group>();
List<Resource> allResourcesWithSameGIDInSameNamespace = new ArrayList<Resource>();
//Prepare attributes for searching through groups and resources
Attribute groupGIDAttribute = attribute;
Attribute resourceGIDAttribute = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, A_R_unixGID_namespace + ":" + gidNamespace));
resourceGIDAttribute.setValue(groupGIDAttribute.getValue());
//Fill lists of Groups and Resources by data
allGroupsWithSameGIDInSameNamespace.addAll(sess.getPerunBl().getGroupsManagerBl().getGroupsByAttribute(sess, groupGIDAttribute));
allResourcesWithSameGIDInSameNamespace.addAll(sess.getPerunBl().getResourcesManagerBl().getResourcesByAttribute(sess, resourceGIDAttribute));
//remove this group
allGroupsWithSameGIDInSameNamespace.remove(group);
//Prepare list of GroupName attributes of this group
List<Attribute> groupNamesOfGroup = sess.getPerunBl().getAttributesManagerBl().getAllAttributesStartWithNameWithoutNullValue(sess, group, A_G_unixGroupName_namespace + ":");
//Searching through groups
if (!allGroupsWithSameGIDInSameNamespace.isEmpty()) {
for (Group g : allGroupsWithSameGIDInSameNamespace) {
for (Attribute a : groupNamesOfGroup) {
int compare = sess.getPerunBl().getModulesUtilsBl().haveTheSameAttributeWithTheSameNamespace(sess, g, a);
if (compare > 0) {
//This is problem, there is the same attribute but have other value
throw new WrongReferenceAttributeValueException(attribute, a, "There is a group with same GID (namespace: " + gidNamespace + ") and different unix group name (namespace: " + a.getFriendlyNameParameter() + "). " + g + " " + group);
}
//Other possibilities are not problem, less than 0 mean that same attribute not exists, and 0 mean that attribute exists but have same value
}
}
}
//Searching through resources
if (!allResourcesWithSameGIDInSameNamespace.isEmpty()) {
for (Resource r : allResourcesWithSameGIDInSameNamespace) {
for (Attribute a : groupNamesOfGroup) {
//Prepare resource version of this group attribute
Attribute resourceGroupName = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, A_R_unixGroupName_namespace + ":" + a.getFriendlyNameParameter()));
resourceGroupName.setValue(a.getValue());
int compare = sess.getPerunBl().getModulesUtilsBl().haveTheSameAttributeWithTheSameNamespace(sess, r, resourceGroupName);
if (compare > 0) {
//This is problem, there is the same attribute but have other value
throw new WrongReferenceAttributeValueException(attribute, a, "There is a resource with same GID (namespace: " + gidNamespace + ") and different unix group name (namespace: " + a.getFriendlyNameParameter() + "). " + r + " " + group);
}
//Other possibilities are not problem, less than 0 mean that same attribute not exists, and 0 mean that attribute exists but have same value
}
}
}
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
}
}
Also used :
Group(cz.metacentrum.perun.core.api.Group)
ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)
Attribute(cz.metacentrum.perun.core.api.Attribute)
AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)
ArrayList(java.util.ArrayList)
Resource(cz.metacentrum.perun.core.api.Resource)
WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)
Facility(cz.metacentrum.perun.core.api.Facility)
WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
Example 2 with Resource
use of cz.metacentrum.perun.core.api.Resource in project perun by CESNET.
the class urn_perun_group_attribute_def_def_unixGroupName_namespace method checkAttributeValue.
@Override
public void checkAttributeValue(PerunSessionImpl sess, Group group, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
//prepare namespace and groupName value variables
String groupName = null;
if (attribute.getValue() != null)
groupName = (String) attribute.getValue();
String groupNameNamespace = attribute.getFriendlyNameParameter();
if (groupName == null) {
// if this is group attribute, its ok
return;
}
//Check attribute regex
sess.getPerunBl().getModulesUtilsBl().checkAttributeRegex(attribute, "^[-._a-zA-Z0-9]+$");
//Check reserved unix group names
sess.getPerunBl().getModulesUtilsBl().checkReservedUnixGroupNames(attribute);
try {
//prepare attributes group and resource unixGroupName
Attribute groupUnixGroupName = attribute;
Attribute resourceUnixGroupName = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, A_R_unixGroupName_namespace + ":" + groupNameNamespace));
resourceUnixGroupName.setValue(attribute.getValue());
//prepare lists of groups and resources with the same groupName value in the same namespace
List<Group> groupsWithSameGroupNameInTheSameNamespace = new ArrayList<Group>();
List<Resource> resourcesWithSameGroupNameInTheSameNamespace = new ArrayList<Resource>();
//Fill lists of groups and resources
groupsWithSameGroupNameInTheSameNamespace.addAll(sess.getPerunBl().getGroupsManagerBl().getGroupsByAttribute(sess, groupUnixGroupName));
resourcesWithSameGroupNameInTheSameNamespace.addAll(sess.getPerunBl().getResourcesManagerBl().getResourcesByAttribute(sess, resourceUnixGroupName));
//If there is no group or resource with same GroupNameInTheSameNamespace, its ok
if (groupsWithSameGroupNameInTheSameNamespace.isEmpty() && resourcesWithSameGroupNameInTheSameNamespace.isEmpty())
return;
//First need to know that i have right to write any of duplicit groupName-namespace attribute
boolean haveRights = sess.getPerunBl().getModulesUtilsBl().haveRightToWriteAttributeInAnyGroupOrResource(sess, groupsWithSameGroupNameInTheSameNamespace, resourcesWithSameGroupNameInTheSameNamespace, groupUnixGroupName, resourceUnixGroupName);
if (!haveRights)
throw new WrongReferenceAttributeValueException(attribute, "This groupName is already used for other group or resource and user has no rights to use it.");
//Now if rights are ok, prepare lists of UnixGIDs attributes of this group (also equivalent resource GID)
List<Attribute> groupUnixGIDs = sess.getPerunBl().getAttributesManagerBl().getAllAttributesStartWithNameWithoutNullValue(sess, group, A_G_unixGID_namespace + ":");
List<Attribute> resourceVersionOfUnixGIDs = sess.getPerunBl().getModulesUtilsBl().getListOfResourceGIDsFromListOfGroupGIDs(sess, groupUnixGIDs);
//In list of duplicit groups looking for GID in same namespace but with different value, thats not correct
if (!groupsWithSameGroupNameInTheSameNamespace.isEmpty()) {
for (Group g : groupsWithSameGroupNameInTheSameNamespace) {
for (Attribute a : groupUnixGIDs) {
int compare;
compare = sess.getPerunBl().getModulesUtilsBl().haveTheSameAttributeWithTheSameNamespace(sess, g, a);
if (compare > 0) {
throw new WrongReferenceAttributeValueException(attribute, a, "One of the group GIDs is from the same namespace like other group GID but with different values.");
}
}
}
}
//In list of duplicit resources looking for GID in same namespace but with different value, thats not correct
if (!resourcesWithSameGroupNameInTheSameNamespace.isEmpty()) {
for (Resource r : resourcesWithSameGroupNameInTheSameNamespace) {
for (Attribute a : resourceVersionOfUnixGIDs) {
int compare;
compare = sess.getPerunBl().getModulesUtilsBl().haveTheSameAttributeWithTheSameNamespace(sess, r, a);
if (compare > 0) {
throw new WrongReferenceAttributeValueException(attribute, a, "One of the group GIDs is from the same namespace like other resource GIDs but with different values.");
}
}
}
}
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
}
}
Also used :
Group(cz.metacentrum.perun.core.api.Group)
ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)
Attribute(cz.metacentrum.perun.core.api.Attribute)
AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)
ArrayList(java.util.ArrayList)
Resource(cz.metacentrum.perun.core.api.Resource)
WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)
Example 3 with Resource
use of cz.metacentrum.perun.core.api.Resource in project perun by CESNET.
the class urn_perun_group_attribute_def_def_unixGroupName_namespace method changedAttributeHook.
@Override
public void changedAttributeHook(PerunSessionImpl session, Group group, Attribute attribute) throws InternalErrorException, WrongReferenceAttributeValueException {
//Need to know if this is remove or set, if value is null, its remove, otherway it is set
String groupNameNamespace = attribute.getFriendlyNameParameter();
try {
if (attribute.getValue() == null) {
//This is ok, for now no changes for removing some GroupName of this Group
} else {
//First need to find all facilities for the group
Set<Facility> facilitiesOfGroup = new HashSet<Facility>();
List<Resource> resourcesOfGroup = session.getPerunBl().getResourcesManagerBl().getAssignedResources(session, group);
for (Resource r : resourcesOfGroup) {
facilitiesOfGroup.add(session.getPerunBl().getResourcesManagerBl().getFacility(session, r));
}
//Prepare list of gid namespaces of all facilities which have the same groupName namespace like this unixGroupName namespace
Set<String> gidNamespaces;
gidNamespaces = session.getPerunBl().getModulesUtilsBl().getSetOfGIDNamespacesWhereFacilitiesHasTheSameGroupNameNamespace(session, new ArrayList<Facility>(facilitiesOfGroup), attribute);
//If there is any gidNamespace which is need to be set, do it there
if (!gidNamespaces.isEmpty()) {
List<Attribute> gidsToSet = new ArrayList<>();
for (String s : gidNamespaces) {
Attribute groupUnixGIDNamespace = session.getPerunBl().getAttributesManagerBl().getAttribute(session, group, A_G_unixGID_namespace + ":" + s);
//If attribute is not set, then set it (first fill, then set)
if (groupUnixGIDNamespace.getValue() == null) {
groupUnixGIDNamespace = session.getPerunBl().getAttributesManagerBl().fillAttribute(session, group, groupUnixGIDNamespace);
if (groupUnixGIDNamespace.getValue() == null)
throw new WrongReferenceAttributeValueException(attribute, groupUnixGIDNamespace);
//Set after fill (without check because all namespaces must be set before check (there can be relation between namespaces)
gidsToSet.add(groupUnixGIDNamespace);
}
}
//set and check if there is some gid to set
if (!gidsToSet.isEmpty()) {
try {
session.getPerunBl().getAttributesManagerBl().setAttributes(session, group, gidsToSet);
} catch (WrongAttributeValueException e) {
throw new WrongReferenceAttributeValueException(attribute, e.getAttribute(), group, null, e.getAttributeHolder(), e.getAttributeHolderSecondary(), "Problem when setting all needed GIDs in hook.", e);
}
}
}
}
} catch (WrongAttributeAssignmentException ex) {
//TODO: need to add WrongAttributeAssignmentException to header of modules methods
throw new InternalErrorException(ex);
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
}
}
Also used :
ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)
Attribute(cz.metacentrum.perun.core.api.Attribute)
WrongAttributeAssignmentException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException)
AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)
Resource(cz.metacentrum.perun.core.api.Resource)
ArrayList(java.util.ArrayList)
InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)
WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)
Facility(cz.metacentrum.perun.core.api.Facility)
WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)
HashSet(java.util.HashSet)
Example 4 with Resource
use of cz.metacentrum.perun.core.api.Resource in project perun by CESNET.
the class urn_perun_group_resource_attribute_def_def_freeipaGroupName method checkAttributeValue.
@Override
public void checkAttributeValue(PerunSessionImpl sess, Resource resource, Group group, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
//prepare group name and check its format
String groupName = (String) attribute.getValue();
if (groupName == null) {
throw new WrongAttributeValueException(attribute, group, "Attribute cannot be null.");
}
Matcher match = pattern.matcher(groupName);
if (!match.matches()) {
throw new WrongAttributeValueException(attribute, group, "Bad format of attribute freeipaGroupName. It has to match pattern ^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$");
}
//Get facility for the resource
Facility facility = sess.getPerunBl().getResourcesManagerBl().getFacility(sess, resource);
// Get all resources from the facility
List<Resource> facilityResources = sess.getPerunBl().getFacilitiesManagerBl().getAssignedResources(sess, facility);
//For each resource get all groups
for (Resource rs : facilityResources) {
List<Group> resourceGroups = sess.getPerunBl().getResourcesManagerBl().getAssignedGroups(sess, rs);
//Remove our group from list of groups
if (rs.getId() == resource.getId()) {
resourceGroups.remove(group);
}
//For all groups get name and check uniqueness
for (Group gr : resourceGroups) {
Attribute freeipaGroupNameAttribute = new Attribute();
try {
freeipaGroupNameAttribute = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, rs, gr, A_GR_freeipaGroupName);
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Attribute " + A_GR_freeipaGroupName + " does not exists for group " + gr + " and resource " + rs, ex);
}
if (freeipaGroupNameAttribute.getValue() != null) {
String name = (String) freeipaGroupNameAttribute.getValue();
if (name.toLowerCase().equals(groupName.toLowerCase())) {
throw new WrongAttributeValueException(attribute, group, "Attribute has to be unique within one facility (case insensitive).");
}
}
}
}
}
Also used :
Group(cz.metacentrum.perun.core.api.Group)
ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)
Matcher(java.util.regex.Matcher)
Attribute(cz.metacentrum.perun.core.api.Attribute)
AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)
Resource(cz.metacentrum.perun.core.api.Resource)
Facility(cz.metacentrum.perun.core.api.Facility)
WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)
Example 5 with Resource
use of cz.metacentrum.perun.core.api.Resource in project perun by CESNET.
the class urn_perun_group_resource_attribute_def_def_systemUnixGroupName method checkAttributeValue.
public void checkAttributeValue(PerunSessionImpl sess, Resource resource, Group group, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
String groupName = (String) attribute.getValue();
Attribute isSystemGroup = new Attribute();
if (groupName == null) {
try {
isSystemGroup = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, resource, group, A_GR_systemIsUnixGroup);
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Not exist Attribute " + A_GR_systemIsUnixGroup + " for group " + group, ex);
}
if (isSystemGroup.getValue() != null && (Integer) isSystemGroup.getValue() == 1) {
throw new WrongReferenceAttributeValueException(attribute, "Attribute cant be null if " + group + " on " + resource + " is system unix group.");
}
} else if (groupName.matches("^[-_a-zA-Z0-9]*$") != true) {
throw new WrongAttributeValueException(attribute, "String with other chars than numbers, letters or symbols _ and - is not allowed value.");
}
//Get facility for the resource
Facility facility = sess.getPerunBl().getResourcesManagerBl().getFacility(sess, resource);
//List of pairs (group and resource) which has the attribute with the value
List<Pair<Group, Resource>> listGroupPairsResource = sess.getPerunBl().getGroupsManagerBl().getGroupResourcePairsByAttribute(sess, attribute);
//Searching through all pairs and if is not checking group/resource/attribute, then try for being on the same facility, if yes then throw exception but only if these groups have not the same GID too.
for (Pair<Group, Resource> p : listGroupPairsResource) {
if (!p.getLeft().equals(group) || !p.getRight().equals(resource)) {
Facility facilityForTest = sess.getPerunBl().getResourcesManagerBl().getFacility(sess, p.getRight());
Attribute group1GID = new Attribute();
Attribute group2GID = new Attribute();
try {
group1GID = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, resource, group, A_GR_systemUnixGID);
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Attribute " + A_GR_systemUnixGID + " not exists for group " + group + " and resource " + resource, ex);
}
try {
group2GID = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, p.getRight(), p.getLeft(), A_GR_systemUnixGID);
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Attribute " + A_GR_systemUnixGID + " not exists for group " + p.getLeft() + " and resource " + p.getRight(), ex);
}
if (facilityForTest.equals(facility) && (group1GID.getValue() != null ? (!group1GID.getValue().equals(group2GID.getValue())) : group2GID != null)) {
throw new WrongAttributeValueException(attribute, "Group name " + groupName + "is allready used by another group-resource and these have not the same GID and GroupName. " + p.getLeft() + " " + p.getRight());
}
}
}
}Aggregations
Resource (cz.metacentrum.perun.core.api.Resource)176
Test (org.junit.Test)110
Attribute (cz.metacentrum.perun.core.api.Attribute)82
AbstractPerunIntegrationTest (cz.metacentrum.perun.core.AbstractPerunIntegrationTest)79
Facility (cz.metacentrum.perun.core.api.Facility)56
User (cz.metacentrum.perun.core.api.User)55
Group (cz.metacentrum.perun.core.api.Group)49
ArrayList (java.util.ArrayList)41
Vo (cz.metacentrum.perun.core.api.Vo)31
Member (cz.metacentrum.perun.core.api.Member)29
PerunSession (cz.metacentrum.perun.core.api.PerunSession)29
AttributeNotExistsException (cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)26
RichResource (cz.metacentrum.perun.core.api.RichResource)25
InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)20
RichUser (cz.metacentrum.perun.core.api.RichUser)18
ConsistencyErrorException (cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)18
ContactGroup (cz.metacentrum.perun.core.api.ContactGroup)17
RichAttribute (cz.metacentrum.perun.core.api.RichAttribute)17
BanOnFacility (cz.metacentrum.perun.core.api.BanOnFacility)15
WrongReferenceAttributeValueException (cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)14
