Search in sources :

Example 1 with Facility

use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.

the class ServicesManagerEntry method addDestination.

public Destination addDestination(PerunSession sess, Service service, Facility facility, Destination destination) throws InternalErrorException, PrivilegeException, ServiceNotExistsException, FacilityNotExistsException, DestinationAlreadyAssignedException, WrongPatternException {
    Utils.checkPerunSession(sess);
    Utils.checkDestinationType(destination);
    getPerunBl().getFacilitiesManagerBl().checkFacilityExists(sess, facility);
    // Authorization
    if (!AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facility)) {
        throw new PrivilegeException(sess, "addDestination");
    }
    //prepare lists of facilities
    List<Facility> facilitiesByHostname = new ArrayList<Facility>();
    List<Facility> facilitiesByDestination = new ArrayList<Facility>();
    if (destination.getType().equals(Destination.DESTINATIONHOSTTYPE) || destination.getType().equals(Destination.DESTINATIONUSERHOSTTYPE) || destination.getType().equals(Destination.DESTINATIONUSERHOSTPORTTYPE)) {
        facilitiesByHostname = getPerunBl().getFacilitiesManagerBl().getFacilitiesByHostName(sess, destination.getHostNameFromDestination());
        if (facilitiesByHostname.isEmpty())
            facilitiesByDestination = getPerunBl().getFacilitiesManagerBl().getFacilitiesByDestination(sess, destination.getHostNameFromDestination());
        if (!facilitiesByHostname.isEmpty()) {
            boolean hasRight = false;
            for (Facility facilityByHostname : facilitiesByHostname) {
                if (AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facilityByHostname)) {
                    hasRight = true;
                    break;
                }
            }
            if (!hasRight)
                throw new PrivilegeException("You have no right to add this destination.");
        }
        if (!facilitiesByDestination.isEmpty()) {
            boolean hasRight = false;
            for (Facility facilityByDestination : facilitiesByDestination) {
                if (AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facilityByDestination)) {
                    hasRight = true;
                    break;
                }
            }
            if (!hasRight)
                throw new PrivilegeException("You have no right to add this destination.");
        }
    }
    getServicesManagerBl().checkServiceExists(sess, service);
    getPerunBl().getFacilitiesManagerBl().checkFacilityExists(sess, facility);
    Utils.notNull(destination, "destination");
    Utils.notNull(destination.getDestination(), "destination.destination");
    Utils.notNull(destination.getType(), "destination.type");
    return getServicesManagerBl().addDestination(sess, service, facility, destination);
}
Also used : PrivilegeException(cz.metacentrum.perun.core.api.exceptions.PrivilegeException) ArrayList(java.util.ArrayList) Facility(cz.metacentrum.perun.core.api.Facility)

Example 2 with Facility

use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.

the class urn_perun_group_attribute_def_def_unixGID_namespace method checkAttributeValue.

public void checkAttributeValue(PerunSessionImpl sess, Group group, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
    try {
        String gidNamespace = attribute.getFriendlyNameParameter();
        //Special behaviour if gid is null
        if (attribute.getValue() == null) {
            List<Facility> groupFacilities = new ArrayList<Facility>();
            for (Resource r : sess.getPerunBl().getResourcesManagerBl().getAssignedResources(sess, group)) {
                groupFacilities.add(sess.getPerunBl().getResourcesManagerBl().getFacility(sess, r));
            }
            Set<String> namespacesWhereGroupMustHaveGIDifItHaveUnixNameThere = sess.getPerunBl().getModulesUtilsBl().getSetOfGroupNameNamespacesWhereFacilitiesHasTheSameGIDNamespace(sess, groupFacilities, attribute);
            for (String namespace : namespacesWhereGroupMustHaveGIDifItHaveUnixNameThere) {
                Attribute unixGroupName = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, group, A_G_unixGroupName_namespace + ":" + namespace);
                if (unixGroupName.getValue() != null) {
                    throw new WrongAttributeValueException(attribute, group, "Group is propagated to the facility where it have set unix group name so it must have unix GID too.");
                }
            }
            //Group is not propagated to any facility in this GID namespace or it doesn't have set unix name there so it doesn't need to have unix GID.
            return;
        }
        //Special behaviour if gid is null
        Integer attrValue = null;
        if (attribute.getValue() == null) {
            throw new WrongAttributeValueException(attribute, group, "Unix GID must be set");
        } else {
            attrValue = (Integer) attribute.getValue();
        }
        //check if gid is not already depleted
        Attribute usedGids = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, gidNamespace, A_E_usedGids);
        //null in value means there is no depleted or used gids
        if (usedGids.getValue() != null) {
            Map<String, String> usedGidsValue = (Map<String, String>) usedGids.getValue();
            //Dx, where x is GID means depleted value for GID x
            if (usedGidsValue.containsKey("D" + attrValue.toString())) {
                throw new WrongReferenceAttributeValueException(attribute, usedGids, group, null, gidNamespace, null, "This GID is already depleted.");
            }
        }
        //Check if gid GID is within allowed range
        sess.getPerunBl().getModulesUtilsBl().checkIfGIDIsWithinRange(sess, attribute);
        //Prepare lists for all groups and resources with same GID in the same namespace
        List<Group> allGroupsWithSameGIDInSameNamespace = new ArrayList<Group>();
        List<Resource> allResourcesWithSameGIDInSameNamespace = new ArrayList<Resource>();
        //Prepare attributes for searching through groups and resources
        Attribute groupGIDAttribute = attribute;
        Attribute resourceGIDAttribute = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, A_R_unixGID_namespace + ":" + gidNamespace));
        resourceGIDAttribute.setValue(groupGIDAttribute.getValue());
        //Fill lists of Groups and Resources by data
        allGroupsWithSameGIDInSameNamespace.addAll(sess.getPerunBl().getGroupsManagerBl().getGroupsByAttribute(sess, groupGIDAttribute));
        allResourcesWithSameGIDInSameNamespace.addAll(sess.getPerunBl().getResourcesManagerBl().getResourcesByAttribute(sess, resourceGIDAttribute));
        //remove this group
        allGroupsWithSameGIDInSameNamespace.remove(group);
        //Prepare list of GroupName attributes of this group
        List<Attribute> groupNamesOfGroup = sess.getPerunBl().getAttributesManagerBl().getAllAttributesStartWithNameWithoutNullValue(sess, group, A_G_unixGroupName_namespace + ":");
        //Searching through groups
        if (!allGroupsWithSameGIDInSameNamespace.isEmpty()) {
            for (Group g : allGroupsWithSameGIDInSameNamespace) {
                for (Attribute a : groupNamesOfGroup) {
                    int compare = sess.getPerunBl().getModulesUtilsBl().haveTheSameAttributeWithTheSameNamespace(sess, g, a);
                    if (compare > 0) {
                        //This is problem, there is the same attribute but have other value
                        throw new WrongReferenceAttributeValueException(attribute, a, "There is a group with same GID (namespace: " + gidNamespace + ") and different unix group name (namespace: " + a.getFriendlyNameParameter() + "). " + g + " " + group);
                    }
                //Other possibilities are not problem, less than 0 mean that same attribute not exists, and 0 mean that attribute exists but have same value
                }
            }
        }
        //Searching through resources
        if (!allResourcesWithSameGIDInSameNamespace.isEmpty()) {
            for (Resource r : allResourcesWithSameGIDInSameNamespace) {
                for (Attribute a : groupNamesOfGroup) {
                    //Prepare resource version of this group attribute
                    Attribute resourceGroupName = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, A_R_unixGroupName_namespace + ":" + a.getFriendlyNameParameter()));
                    resourceGroupName.setValue(a.getValue());
                    int compare = sess.getPerunBl().getModulesUtilsBl().haveTheSameAttributeWithTheSameNamespace(sess, r, resourceGroupName);
                    if (compare > 0) {
                        //This is problem, there is the same attribute but have other value
                        throw new WrongReferenceAttributeValueException(attribute, a, "There is a resource with same GID (namespace: " + gidNamespace + ") and different unix group name (namespace: " + a.getFriendlyNameParameter() + "). " + r + " " + group);
                    }
                //Other possibilities are not problem, less than 0 mean that same attribute not exists, and 0 mean that attribute exists but have same value
                }
            }
        }
    } catch (AttributeNotExistsException ex) {
        throw new ConsistencyErrorException(ex);
    }
}
Also used : Group(cz.metacentrum.perun.core.api.Group) ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException) Attribute(cz.metacentrum.perun.core.api.Attribute) AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException) ArrayList(java.util.ArrayList) Resource(cz.metacentrum.perun.core.api.Resource) WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException) Facility(cz.metacentrum.perun.core.api.Facility) WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map)

Example 3 with Facility

use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.

the class urn_perun_group_attribute_def_def_unixGroupName_namespace method changedAttributeHook.

@Override
public void changedAttributeHook(PerunSessionImpl session, Group group, Attribute attribute) throws InternalErrorException, WrongReferenceAttributeValueException {
    //Need to know if this is remove or set, if value is null, its remove, otherway it is set
    String groupNameNamespace = attribute.getFriendlyNameParameter();
    try {
        if (attribute.getValue() == null) {
        //This is ok, for now no changes for removing some GroupName of this Group
        } else {
            //First need to find all facilities for the group
            Set<Facility> facilitiesOfGroup = new HashSet<Facility>();
            List<Resource> resourcesOfGroup = session.getPerunBl().getResourcesManagerBl().getAssignedResources(session, group);
            for (Resource r : resourcesOfGroup) {
                facilitiesOfGroup.add(session.getPerunBl().getResourcesManagerBl().getFacility(session, r));
            }
            //Prepare list of gid namespaces of all facilities which have the same groupName namespace like this unixGroupName namespace
            Set<String> gidNamespaces;
            gidNamespaces = session.getPerunBl().getModulesUtilsBl().getSetOfGIDNamespacesWhereFacilitiesHasTheSameGroupNameNamespace(session, new ArrayList<Facility>(facilitiesOfGroup), attribute);
            //If there is any gidNamespace which is need to be set, do it there
            if (!gidNamespaces.isEmpty()) {
                List<Attribute> gidsToSet = new ArrayList<>();
                for (String s : gidNamespaces) {
                    Attribute groupUnixGIDNamespace = session.getPerunBl().getAttributesManagerBl().getAttribute(session, group, A_G_unixGID_namespace + ":" + s);
                    //If attribute is not set, then set it (first fill, then set)
                    if (groupUnixGIDNamespace.getValue() == null) {
                        groupUnixGIDNamespace = session.getPerunBl().getAttributesManagerBl().fillAttribute(session, group, groupUnixGIDNamespace);
                        if (groupUnixGIDNamespace.getValue() == null)
                            throw new WrongReferenceAttributeValueException(attribute, groupUnixGIDNamespace);
                        //Set after fill (without check because all namespaces must be set before check (there can be relation between namespaces)
                        gidsToSet.add(groupUnixGIDNamespace);
                    }
                }
                //set and check if there is some gid to set
                if (!gidsToSet.isEmpty()) {
                    try {
                        session.getPerunBl().getAttributesManagerBl().setAttributes(session, group, gidsToSet);
                    } catch (WrongAttributeValueException e) {
                        throw new WrongReferenceAttributeValueException(attribute, e.getAttribute(), group, null, e.getAttributeHolder(), e.getAttributeHolderSecondary(), "Problem when setting all needed GIDs in hook.", e);
                    }
                }
            }
        }
    } catch (WrongAttributeAssignmentException ex) {
        //TODO: need to add WrongAttributeAssignmentException to header of modules methods
        throw new InternalErrorException(ex);
    } catch (AttributeNotExistsException ex) {
        throw new ConsistencyErrorException(ex);
    }
}
Also used : ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException) Attribute(cz.metacentrum.perun.core.api.Attribute) WrongAttributeAssignmentException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException) AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException) Resource(cz.metacentrum.perun.core.api.Resource) ArrayList(java.util.ArrayList) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException) Facility(cz.metacentrum.perun.core.api.Facility) WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException) HashSet(java.util.HashSet)

Example 4 with Facility

use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.

the class urn_perun_group_resource_attribute_def_def_freeipaGroupName method checkAttributeValue.

@Override
public void checkAttributeValue(PerunSessionImpl sess, Resource resource, Group group, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
    //prepare group name and check its format
    String groupName = (String) attribute.getValue();
    if (groupName == null) {
        throw new WrongAttributeValueException(attribute, group, "Attribute cannot be null.");
    }
    Matcher match = pattern.matcher(groupName);
    if (!match.matches()) {
        throw new WrongAttributeValueException(attribute, group, "Bad format of attribute freeipaGroupName. It has to match pattern ^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$");
    }
    //Get facility for the resource
    Facility facility = sess.getPerunBl().getResourcesManagerBl().getFacility(sess, resource);
    // Get all resources from the facility
    List<Resource> facilityResources = sess.getPerunBl().getFacilitiesManagerBl().getAssignedResources(sess, facility);
    //For each resource get all groups
    for (Resource rs : facilityResources) {
        List<Group> resourceGroups = sess.getPerunBl().getResourcesManagerBl().getAssignedGroups(sess, rs);
        //Remove our group from list of groups
        if (rs.getId() == resource.getId()) {
            resourceGroups.remove(group);
        }
        //For all groups get name and check uniqueness
        for (Group gr : resourceGroups) {
            Attribute freeipaGroupNameAttribute = new Attribute();
            try {
                freeipaGroupNameAttribute = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, rs, gr, A_GR_freeipaGroupName);
            } catch (AttributeNotExistsException ex) {
                throw new ConsistencyErrorException("Attribute " + A_GR_freeipaGroupName + " does not exists for group " + gr + " and resource " + rs, ex);
            }
            if (freeipaGroupNameAttribute.getValue() != null) {
                String name = (String) freeipaGroupNameAttribute.getValue();
                if (name.toLowerCase().equals(groupName.toLowerCase())) {
                    throw new WrongAttributeValueException(attribute, group, "Attribute has to be unique within one facility (case insensitive).");
                }
            }
        }
    }
}
Also used : Group(cz.metacentrum.perun.core.api.Group) ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException) Matcher(java.util.regex.Matcher) Attribute(cz.metacentrum.perun.core.api.Attribute) AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException) Resource(cz.metacentrum.perun.core.api.Resource) Facility(cz.metacentrum.perun.core.api.Facility) WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)

Example 5 with Facility

use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.

the class urn_perun_group_resource_attribute_def_def_systemUnixGroupName method checkAttributeValue.

public void checkAttributeValue(PerunSessionImpl sess, Resource resource, Group group, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
    String groupName = (String) attribute.getValue();
    Attribute isSystemGroup = new Attribute();
    if (groupName == null) {
        try {
            isSystemGroup = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, resource, group, A_GR_systemIsUnixGroup);
        } catch (AttributeNotExistsException ex) {
            throw new ConsistencyErrorException("Not exist Attribute " + A_GR_systemIsUnixGroup + " for group " + group, ex);
        }
        if (isSystemGroup.getValue() != null && (Integer) isSystemGroup.getValue() == 1) {
            throw new WrongReferenceAttributeValueException(attribute, "Attribute cant be null if " + group + " on " + resource + " is system unix group.");
        }
    } else if (groupName.matches("^[-_a-zA-Z0-9]*$") != true) {
        throw new WrongAttributeValueException(attribute, "String with other chars than numbers, letters or symbols _ and - is not allowed value.");
    }
    //Get facility for the resource
    Facility facility = sess.getPerunBl().getResourcesManagerBl().getFacility(sess, resource);
    //List of pairs (group and resource) which has the attribute with the value
    List<Pair<Group, Resource>> listGroupPairsResource = sess.getPerunBl().getGroupsManagerBl().getGroupResourcePairsByAttribute(sess, attribute);
    //Searching through all pairs and if is not checking group/resource/attribute, then try for being on the same facility, if yes then throw exception but only if these groups have not the same GID too.
    for (Pair<Group, Resource> p : listGroupPairsResource) {
        if (!p.getLeft().equals(group) || !p.getRight().equals(resource)) {
            Facility facilityForTest = sess.getPerunBl().getResourcesManagerBl().getFacility(sess, p.getRight());
            Attribute group1GID = new Attribute();
            Attribute group2GID = new Attribute();
            try {
                group1GID = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, resource, group, A_GR_systemUnixGID);
            } catch (AttributeNotExistsException ex) {
                throw new ConsistencyErrorException("Attribute " + A_GR_systemUnixGID + " not exists for group " + group + " and resource " + resource, ex);
            }
            try {
                group2GID = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, p.getRight(), p.getLeft(), A_GR_systemUnixGID);
            } catch (AttributeNotExistsException ex) {
                throw new ConsistencyErrorException("Attribute " + A_GR_systemUnixGID + " not exists for group " + p.getLeft() + " and resource " + p.getRight(), ex);
            }
            if (facilityForTest.equals(facility) && (group1GID.getValue() != null ? (!group1GID.getValue().equals(group2GID.getValue())) : group2GID != null)) {
                throw new WrongAttributeValueException(attribute, "Group name " + groupName + "is allready used by another group-resource and these have not the same GID and GroupName.  " + p.getLeft() + " " + p.getRight());
            }
        }
    }
}
Also used : Group(cz.metacentrum.perun.core.api.Group) Attribute(cz.metacentrum.perun.core.api.Attribute) Resource(cz.metacentrum.perun.core.api.Resource) Facility(cz.metacentrum.perun.core.api.Facility) Pair(cz.metacentrum.perun.core.api.Pair)

Aggregations

Facility (cz.metacentrum.perun.core.api.Facility)188 Test (org.junit.Test)95 User (cz.metacentrum.perun.core.api.User)81 Attribute (cz.metacentrum.perun.core.api.Attribute)75 AbstractPerunIntegrationTest (cz.metacentrum.perun.core.AbstractPerunIntegrationTest)61 Resource (cz.metacentrum.perun.core.api.Resource)52 BanOnFacility (cz.metacentrum.perun.core.api.BanOnFacility)51 ArrayList (java.util.ArrayList)48 Group (cz.metacentrum.perun.core.api.Group)24 InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)23 Member (cz.metacentrum.perun.core.api.Member)22 PerunSession (cz.metacentrum.perun.core.api.PerunSession)20 RichFacility (cz.metacentrum.perun.core.api.RichFacility)20 Host (cz.metacentrum.perun.core.api.Host)19 PrivilegeException (cz.metacentrum.perun.core.api.exceptions.PrivilegeException)18 AttributeNotExistsException (cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)17 RichUser (cz.metacentrum.perun.core.api.RichUser)16 WrongAttributeValueException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)15 WrongAttributeAssignmentException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException)14 Vo (cz.metacentrum.perun.core.api.Vo)13