use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.
the class ServicesManagerEntry method addDestination.
public Destination addDestination(PerunSession sess, Service service, Facility facility, Destination destination) throws InternalErrorException, PrivilegeException, ServiceNotExistsException, FacilityNotExistsException, DestinationAlreadyAssignedException, WrongPatternException {
Utils.checkPerunSession(sess);
Utils.checkDestinationType(destination);
getPerunBl().getFacilitiesManagerBl().checkFacilityExists(sess, facility);
// Authorization
if (!AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facility)) {
throw new PrivilegeException(sess, "addDestination");
}
//prepare lists of facilities
List<Facility> facilitiesByHostname = new ArrayList<Facility>();
List<Facility> facilitiesByDestination = new ArrayList<Facility>();
if (destination.getType().equals(Destination.DESTINATIONHOSTTYPE) || destination.getType().equals(Destination.DESTINATIONUSERHOSTTYPE) || destination.getType().equals(Destination.DESTINATIONUSERHOSTPORTTYPE)) {
facilitiesByHostname = getPerunBl().getFacilitiesManagerBl().getFacilitiesByHostName(sess, destination.getHostNameFromDestination());
if (facilitiesByHostname.isEmpty())
facilitiesByDestination = getPerunBl().getFacilitiesManagerBl().getFacilitiesByDestination(sess, destination.getHostNameFromDestination());
if (!facilitiesByHostname.isEmpty()) {
boolean hasRight = false;
for (Facility facilityByHostname : facilitiesByHostname) {
if (AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facilityByHostname)) {
hasRight = true;
break;
}
}
if (!hasRight)
throw new PrivilegeException("You have no right to add this destination.");
}
if (!facilitiesByDestination.isEmpty()) {
boolean hasRight = false;
for (Facility facilityByDestination : facilitiesByDestination) {
if (AuthzResolver.isAuthorized(sess, Role.FACILITYADMIN, facilityByDestination)) {
hasRight = true;
break;
}
}
if (!hasRight)
throw new PrivilegeException("You have no right to add this destination.");
}
}
getServicesManagerBl().checkServiceExists(sess, service);
getPerunBl().getFacilitiesManagerBl().checkFacilityExists(sess, facility);
Utils.notNull(destination, "destination");
Utils.notNull(destination.getDestination(), "destination.destination");
Utils.notNull(destination.getType(), "destination.type");
return getServicesManagerBl().addDestination(sess, service, facility, destination);
}
use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.
the class urn_perun_group_attribute_def_def_unixGID_namespace method checkAttributeValue.
public void checkAttributeValue(PerunSessionImpl sess, Group group, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
try {
String gidNamespace = attribute.getFriendlyNameParameter();
//Special behaviour if gid is null
if (attribute.getValue() == null) {
List<Facility> groupFacilities = new ArrayList<Facility>();
for (Resource r : sess.getPerunBl().getResourcesManagerBl().getAssignedResources(sess, group)) {
groupFacilities.add(sess.getPerunBl().getResourcesManagerBl().getFacility(sess, r));
}
Set<String> namespacesWhereGroupMustHaveGIDifItHaveUnixNameThere = sess.getPerunBl().getModulesUtilsBl().getSetOfGroupNameNamespacesWhereFacilitiesHasTheSameGIDNamespace(sess, groupFacilities, attribute);
for (String namespace : namespacesWhereGroupMustHaveGIDifItHaveUnixNameThere) {
Attribute unixGroupName = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, group, A_G_unixGroupName_namespace + ":" + namespace);
if (unixGroupName.getValue() != null) {
throw new WrongAttributeValueException(attribute, group, "Group is propagated to the facility where it have set unix group name so it must have unix GID too.");
}
}
//Group is not propagated to any facility in this GID namespace or it doesn't have set unix name there so it doesn't need to have unix GID.
return;
}
//Special behaviour if gid is null
Integer attrValue = null;
if (attribute.getValue() == null) {
throw new WrongAttributeValueException(attribute, group, "Unix GID must be set");
} else {
attrValue = (Integer) attribute.getValue();
}
//check if gid is not already depleted
Attribute usedGids = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, gidNamespace, A_E_usedGids);
//null in value means there is no depleted or used gids
if (usedGids.getValue() != null) {
Map<String, String> usedGidsValue = (Map<String, String>) usedGids.getValue();
//Dx, where x is GID means depleted value for GID x
if (usedGidsValue.containsKey("D" + attrValue.toString())) {
throw new WrongReferenceAttributeValueException(attribute, usedGids, group, null, gidNamespace, null, "This GID is already depleted.");
}
}
//Check if gid GID is within allowed range
sess.getPerunBl().getModulesUtilsBl().checkIfGIDIsWithinRange(sess, attribute);
//Prepare lists for all groups and resources with same GID in the same namespace
List<Group> allGroupsWithSameGIDInSameNamespace = new ArrayList<Group>();
List<Resource> allResourcesWithSameGIDInSameNamespace = new ArrayList<Resource>();
//Prepare attributes for searching through groups and resources
Attribute groupGIDAttribute = attribute;
Attribute resourceGIDAttribute = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, A_R_unixGID_namespace + ":" + gidNamespace));
resourceGIDAttribute.setValue(groupGIDAttribute.getValue());
//Fill lists of Groups and Resources by data
allGroupsWithSameGIDInSameNamespace.addAll(sess.getPerunBl().getGroupsManagerBl().getGroupsByAttribute(sess, groupGIDAttribute));
allResourcesWithSameGIDInSameNamespace.addAll(sess.getPerunBl().getResourcesManagerBl().getResourcesByAttribute(sess, resourceGIDAttribute));
//remove this group
allGroupsWithSameGIDInSameNamespace.remove(group);
//Prepare list of GroupName attributes of this group
List<Attribute> groupNamesOfGroup = sess.getPerunBl().getAttributesManagerBl().getAllAttributesStartWithNameWithoutNullValue(sess, group, A_G_unixGroupName_namespace + ":");
//Searching through groups
if (!allGroupsWithSameGIDInSameNamespace.isEmpty()) {
for (Group g : allGroupsWithSameGIDInSameNamespace) {
for (Attribute a : groupNamesOfGroup) {
int compare = sess.getPerunBl().getModulesUtilsBl().haveTheSameAttributeWithTheSameNamespace(sess, g, a);
if (compare > 0) {
//This is problem, there is the same attribute but have other value
throw new WrongReferenceAttributeValueException(attribute, a, "There is a group with same GID (namespace: " + gidNamespace + ") and different unix group name (namespace: " + a.getFriendlyNameParameter() + "). " + g + " " + group);
}
//Other possibilities are not problem, less than 0 mean that same attribute not exists, and 0 mean that attribute exists but have same value
}
}
}
//Searching through resources
if (!allResourcesWithSameGIDInSameNamespace.isEmpty()) {
for (Resource r : allResourcesWithSameGIDInSameNamespace) {
for (Attribute a : groupNamesOfGroup) {
//Prepare resource version of this group attribute
Attribute resourceGroupName = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, A_R_unixGroupName_namespace + ":" + a.getFriendlyNameParameter()));
resourceGroupName.setValue(a.getValue());
int compare = sess.getPerunBl().getModulesUtilsBl().haveTheSameAttributeWithTheSameNamespace(sess, r, resourceGroupName);
if (compare > 0) {
//This is problem, there is the same attribute but have other value
throw new WrongReferenceAttributeValueException(attribute, a, "There is a resource with same GID (namespace: " + gidNamespace + ") and different unix group name (namespace: " + a.getFriendlyNameParameter() + "). " + r + " " + group);
}
//Other possibilities are not problem, less than 0 mean that same attribute not exists, and 0 mean that attribute exists but have same value
}
}
}
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
}
}
use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.
the class urn_perun_group_attribute_def_def_unixGroupName_namespace method changedAttributeHook.
@Override
public void changedAttributeHook(PerunSessionImpl session, Group group, Attribute attribute) throws InternalErrorException, WrongReferenceAttributeValueException {
//Need to know if this is remove or set, if value is null, its remove, otherway it is set
String groupNameNamespace = attribute.getFriendlyNameParameter();
try {
if (attribute.getValue() == null) {
//This is ok, for now no changes for removing some GroupName of this Group
} else {
//First need to find all facilities for the group
Set<Facility> facilitiesOfGroup = new HashSet<Facility>();
List<Resource> resourcesOfGroup = session.getPerunBl().getResourcesManagerBl().getAssignedResources(session, group);
for (Resource r : resourcesOfGroup) {
facilitiesOfGroup.add(session.getPerunBl().getResourcesManagerBl().getFacility(session, r));
}
//Prepare list of gid namespaces of all facilities which have the same groupName namespace like this unixGroupName namespace
Set<String> gidNamespaces;
gidNamespaces = session.getPerunBl().getModulesUtilsBl().getSetOfGIDNamespacesWhereFacilitiesHasTheSameGroupNameNamespace(session, new ArrayList<Facility>(facilitiesOfGroup), attribute);
//If there is any gidNamespace which is need to be set, do it there
if (!gidNamespaces.isEmpty()) {
List<Attribute> gidsToSet = new ArrayList<>();
for (String s : gidNamespaces) {
Attribute groupUnixGIDNamespace = session.getPerunBl().getAttributesManagerBl().getAttribute(session, group, A_G_unixGID_namespace + ":" + s);
//If attribute is not set, then set it (first fill, then set)
if (groupUnixGIDNamespace.getValue() == null) {
groupUnixGIDNamespace = session.getPerunBl().getAttributesManagerBl().fillAttribute(session, group, groupUnixGIDNamespace);
if (groupUnixGIDNamespace.getValue() == null)
throw new WrongReferenceAttributeValueException(attribute, groupUnixGIDNamespace);
//Set after fill (without check because all namespaces must be set before check (there can be relation between namespaces)
gidsToSet.add(groupUnixGIDNamespace);
}
}
//set and check if there is some gid to set
if (!gidsToSet.isEmpty()) {
try {
session.getPerunBl().getAttributesManagerBl().setAttributes(session, group, gidsToSet);
} catch (WrongAttributeValueException e) {
throw new WrongReferenceAttributeValueException(attribute, e.getAttribute(), group, null, e.getAttributeHolder(), e.getAttributeHolderSecondary(), "Problem when setting all needed GIDs in hook.", e);
}
}
}
}
} catch (WrongAttributeAssignmentException ex) {
//TODO: need to add WrongAttributeAssignmentException to header of modules methods
throw new InternalErrorException(ex);
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
}
}
use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.
the class urn_perun_group_resource_attribute_def_def_freeipaGroupName method checkAttributeValue.
@Override
public void checkAttributeValue(PerunSessionImpl sess, Resource resource, Group group, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
//prepare group name and check its format
String groupName = (String) attribute.getValue();
if (groupName == null) {
throw new WrongAttributeValueException(attribute, group, "Attribute cannot be null.");
}
Matcher match = pattern.matcher(groupName);
if (!match.matches()) {
throw new WrongAttributeValueException(attribute, group, "Bad format of attribute freeipaGroupName. It has to match pattern ^[a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,252}[a-zA-Z0-9_.$-]?$");
}
//Get facility for the resource
Facility facility = sess.getPerunBl().getResourcesManagerBl().getFacility(sess, resource);
// Get all resources from the facility
List<Resource> facilityResources = sess.getPerunBl().getFacilitiesManagerBl().getAssignedResources(sess, facility);
//For each resource get all groups
for (Resource rs : facilityResources) {
List<Group> resourceGroups = sess.getPerunBl().getResourcesManagerBl().getAssignedGroups(sess, rs);
//Remove our group from list of groups
if (rs.getId() == resource.getId()) {
resourceGroups.remove(group);
}
//For all groups get name and check uniqueness
for (Group gr : resourceGroups) {
Attribute freeipaGroupNameAttribute = new Attribute();
try {
freeipaGroupNameAttribute = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, rs, gr, A_GR_freeipaGroupName);
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Attribute " + A_GR_freeipaGroupName + " does not exists for group " + gr + " and resource " + rs, ex);
}
if (freeipaGroupNameAttribute.getValue() != null) {
String name = (String) freeipaGroupNameAttribute.getValue();
if (name.toLowerCase().equals(groupName.toLowerCase())) {
throw new WrongAttributeValueException(attribute, group, "Attribute has to be unique within one facility (case insensitive).");
}
}
}
}
}
use of cz.metacentrum.perun.core.api.Facility in project perun by CESNET.
the class urn_perun_group_resource_attribute_def_def_systemUnixGroupName method checkAttributeValue.
public void checkAttributeValue(PerunSessionImpl sess, Resource resource, Group group, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
String groupName = (String) attribute.getValue();
Attribute isSystemGroup = new Attribute();
if (groupName == null) {
try {
isSystemGroup = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, resource, group, A_GR_systemIsUnixGroup);
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Not exist Attribute " + A_GR_systemIsUnixGroup + " for group " + group, ex);
}
if (isSystemGroup.getValue() != null && (Integer) isSystemGroup.getValue() == 1) {
throw new WrongReferenceAttributeValueException(attribute, "Attribute cant be null if " + group + " on " + resource + " is system unix group.");
}
} else if (groupName.matches("^[-_a-zA-Z0-9]*$") != true) {
throw new WrongAttributeValueException(attribute, "String with other chars than numbers, letters or symbols _ and - is not allowed value.");
}
//Get facility for the resource
Facility facility = sess.getPerunBl().getResourcesManagerBl().getFacility(sess, resource);
//List of pairs (group and resource) which has the attribute with the value
List<Pair<Group, Resource>> listGroupPairsResource = sess.getPerunBl().getGroupsManagerBl().getGroupResourcePairsByAttribute(sess, attribute);
//Searching through all pairs and if is not checking group/resource/attribute, then try for being on the same facility, if yes then throw exception but only if these groups have not the same GID too.
for (Pair<Group, Resource> p : listGroupPairsResource) {
if (!p.getLeft().equals(group) || !p.getRight().equals(resource)) {
Facility facilityForTest = sess.getPerunBl().getResourcesManagerBl().getFacility(sess, p.getRight());
Attribute group1GID = new Attribute();
Attribute group2GID = new Attribute();
try {
group1GID = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, resource, group, A_GR_systemUnixGID);
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Attribute " + A_GR_systemUnixGID + " not exists for group " + group + " and resource " + resource, ex);
}
try {
group2GID = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, p.getRight(), p.getLeft(), A_GR_systemUnixGID);
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Attribute " + A_GR_systemUnixGID + " not exists for group " + p.getLeft() + " and resource " + p.getRight(), ex);
}
if (facilityForTest.equals(facility) && (group1GID.getValue() != null ? (!group1GID.getValue().equals(group2GID.getValue())) : group2GID != null)) {
throw new WrongAttributeValueException(attribute, "Group name " + groupName + "is allready used by another group-resource and these have not the same GID and GroupName. " + p.getLeft() + " " + p.getRight());
}
}
}
}
Aggregations