use of cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException in project perun by CESNET.
the class urn_perun_resource_attribute_def_def_unixGID_namespace method checkAttributeValue.
public void checkAttributeValue(PerunSessionImpl sess, Resource resource, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
try {
String gidNamespace = attribute.getFriendlyNameParameter();
//Special behaviour if gid is null
Integer attrValue = null;
if (attribute.getValue() == null) {
throw new WrongAttributeValueException(attribute, resource, "Unix GID must be set");
} else {
attrValue = (Integer) attribute.getValue();
}
//Check if GID is within allowed range
sess.getPerunBl().getModulesUtilsBl().checkIfGIDIsWithinRange(sess, attribute);
//check if gid is not already depleted
Attribute usedGids = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, gidNamespace, A_E_usedGids);
//null in value means there is no depleted or used gids
if (usedGids.getValue() != null) {
Map<String, String> usedGidsValue = (Map<String, String>) usedGids.getValue();
//Dx, where x is GID means depleted value for GID x
if (usedGidsValue.containsKey("D" + attrValue.toString())) {
throw new WrongReferenceAttributeValueException(attribute, usedGids, resource, null, gidNamespace, null, "This GID is already depleted.");
}
}
//Prepare lists for all groups and resources with same GID in the same namespace
List<Group> allGroupsWithSameGIDInSameNamespace = new ArrayList<Group>();
List<Resource> allResourcesWithSameGIDInSameNamespace = new ArrayList<Resource>();
//Prepare attributes for searching through groups and resources
Attribute resourceGIDAttribute = attribute;
Attribute groupGIDAttribute = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, A_G_unixGID_namespace + ":" + gidNamespace));
groupGIDAttribute.setValue(resourceGIDAttribute.getValue());
//Fill lists of Groups and Resources by data
allGroupsWithSameGIDInSameNamespace.addAll(sess.getPerunBl().getGroupsManagerBl().getGroupsByAttribute(sess, groupGIDAttribute));
allResourcesWithSameGIDInSameNamespace.addAll(sess.getPerunBl().getResourcesManagerBl().getResourcesByAttribute(sess, resourceGIDAttribute));
//remove this resource
allResourcesWithSameGIDInSameNamespace.remove(resource);
//Prepare list of GroupName attributes of this resource
List<Attribute> groupNamesOfResource = sess.getPerunBl().getAttributesManagerBl().getAllAttributesStartWithNameWithoutNullValue(sess, resource, A_R_unixGroupName_namespace + ":");
//Searching through groups
if (!allGroupsWithSameGIDInSameNamespace.isEmpty()) {
for (Group g : allGroupsWithSameGIDInSameNamespace) {
for (Attribute a : groupNamesOfResource) {
//Prepare group version of this group attribute
Attribute groupGroupName = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, A_G_unixGroupName_namespace + ":" + a.getFriendlyNameParameter()));
groupGroupName.setValue(a.getValue());
int compare = sess.getPerunBl().getModulesUtilsBl().haveTheSameAttributeWithTheSameNamespace(sess, g, groupGroupName);
if (compare > 0) {
//This is problem, there is the same attribute but have other value
throw new WrongReferenceAttributeValueException(attribute, a, "There is a group with same GID (namespace: " + gidNamespace + ") and different unix group name (namespace: " + a.getFriendlyNameParameter() + "). " + g + " " + resource);
}
//Other possibilities are not problem, less than 0 mean that same attribute not exists, and 0 mean that attribute exists but have same value
}
}
}
//Searching through resources
if (!allResourcesWithSameGIDInSameNamespace.isEmpty()) {
for (Resource r : allResourcesWithSameGIDInSameNamespace) {
for (Attribute a : groupNamesOfResource) {
int compare = sess.getPerunBl().getModulesUtilsBl().haveTheSameAttributeWithTheSameNamespace(sess, r, a);
if (compare > 0) {
//This is problem, there is the same attribute but have other value
throw new WrongReferenceAttributeValueException(attribute, a, "There is a resource with same GID (namespace: " + gidNamespace + ") and different unix group name (namespace: " + a.getFriendlyNameParameter() + "). " + r + " " + resource);
}
//Other possibilities are not problem, less than 0 mean that same attribute not exists, and 0 mean that attribute exists but have same value
}
}
}
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
}
}
use of cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException in project perun by CESNET.
the class urn_perun_resource_attribute_def_virt_unixGID method checkAttributeValue.
@Override
public void checkAttributeValue(PerunSessionImpl sess, Resource resource, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongAttributeAssignmentException, WrongReferenceAttributeValueException {
Attribute unixGIDNamespaceAttribute = sess.getPerunBl().getModulesUtilsBl().getUnixGIDNamespaceAttributeWithNotNullValue(sess, resource);
Attribute gidAttribute;
try {
gidAttribute = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, resource, AttributesManager.NS_RESOURCE_ATTR_DEF + ":unixGID-namespace:" + unixGIDNamespaceAttribute.getValue());
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
}
gidAttribute.setValue(attribute.getValue());
try {
sess.getPerunBl().getAttributesManagerBl().forceCheckAttributeValue(sess, resource, gidAttribute);
} catch (WrongAttributeValueException ex) {
throw new WrongAttributeValueException(attribute, ex.getMessage(), ex);
} catch (WrongReferenceAttributeValueException ex) {
throw new WrongReferenceAttributeValueException(attribute, ex.getReferenceAttribute(), ex);
}
}
use of cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException in project perun by CESNET.
the class urn_perun_user_facility_attribute_def_def_defaultUnixGID method checkAttributeValue.
@Override
public /**
* Checks the new default GID of the user at the specified facility. The new GID must be equals to any of resource unixGID attribute where resource is from speciafie facility (and user must have acces to this resource) or from groupResource:unixGID attribute (groups if from the resources and user have acess to them)
*
* TODO Known issues: Can't detect if unixGid is not set on all resources and groups where user is allowed. This will be reported as WrongAttributeValueException, but it should be WrongReferenceAttributeValueException
*/
void checkAttributeValue(PerunSessionImpl sess, Facility facility, User user, Attribute attribute) throws WrongAttributeValueException, WrongReferenceAttributeValueException, InternalErrorException, WrongAttributeAssignmentException {
Integer gid = (Integer) attribute.getValue();
if (gid == null)
return;
Attribute namespaceAttribute;
try {
namespaceAttribute = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, facility, AttributesManager.NS_FACILITY_ATTR_DEF + ":unixGID-namespace");
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
}
if (namespaceAttribute.getValue() == null)
throw new WrongReferenceAttributeValueException(attribute, namespaceAttribute, "Reference attribute is null");
String namespaceName = (String) namespaceAttribute.getValue();
Attribute unixGroupNameNamespace;
try {
unixGroupNameNamespace = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, facility, AttributesManager.NS_FACILITY_ATTR_DEF + ":unixGroupName-namespace");
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
}
if (unixGroupNameNamespace.getValue() == null)
throw new WrongReferenceAttributeValueException(attribute, unixGroupNameNamespace, user, facility, facility, null, "Reference attribute is null");
String unixGroupNameNamespaceName = (String) unixGroupNameNamespace.getValue();
Attribute resourceGidAttribute;
try {
resourceGidAttribute = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, AttributesManager.NS_RESOURCE_ATTR_DEF + ":unixGID-namespace:" + namespaceName));
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Namespace from value of " + namespaceAttribute + " doesn't exists. (Resource attribute " + AttributesManager.NS_RESOURCE_ATTR_DEF + ":unixGID-namespace:" + namespaceName + " doesn't exists", ex);
}
resourceGidAttribute.setValue(attribute.getValue());
List<Resource> allowedResources = sess.getPerunBl().getUsersManagerBl().getAllowedResources(sess, facility, user);
List<Resource> allowedResourcesWithSameGid = sess.getPerunBl().getResourcesManagerBl().getResourcesByAttribute(sess, resourceGidAttribute);
allowedResourcesWithSameGid.retainAll(allowedResources);
//We found at least one allowed resource with same gid as the user have => attribute is OK
if (!allowedResourcesWithSameGid.isEmpty())
return;
Attribute groupGidAttribute;
try {
groupGidAttribute = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, AttributesManager.NS_GROUP_ATTR_DEF + ":unixGID-namespace:" + namespaceName));
groupGidAttribute.setValue(attribute.getValue());
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Namespace from value of " + namespaceAttribute + " doesn't exists. (Group-resource attribute " + AttributesManager.NS_GROUP_ATTR_DEF + ":unixGID-namespace:" + namespaceName + " doesn't exists", ex);
}
List<Group> groupWithSameGid = sess.getPerunBl().getGroupsManagerBl().getGroupsByAttribute(sess, groupGidAttribute);
List<Group> candidateGroups = groupWithSameGid;
candidateGroups.retainAll(sess.getPerunBl().getFacilitiesManagerBl().getAllowedGroups(sess, facility, null, null));
for (Group group : candidateGroups) {
//check if group has unix group name in namespace required by facility
try {
Attribute unixGroupName = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, group, AttributesManager.NS_GROUP_ATTR_DEF + ":unixGroupName-namespace:" + unixGroupNameNamespaceName);
if (unixGroupName.getValue() == null || ((String) unixGroupName.getValue()).isEmpty()) {
continue;
}
} catch (AttributeNotExistsException ex) {
throw new InternalErrorException(ex);
}
//check if the user is member of the group
if (sess.getPerunBl().getGroupsManagerBl().isUserMemberOfGroup(sess, user, group)) {
//attribute is OK
return;
}
}
throw new WrongAttributeValueException(attribute, user, facility, "User isn't allowed to have the default unix group which have this gid (" + gid + ") or such group doesn't exist. " + user);
}
use of cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException in project perun by CESNET.
the class urn_perun_user_attribute_def_virt_openNebulaSSHAdminKeys method getAttributeValue.
@Override
public Attribute getAttributeValue(PerunSessionImpl sess, User user, AttributeDefinition attributeDefinition) throws InternalErrorException {
Attribute attribute = new Attribute(attributeDefinition);
List<String> userNebulaSSHAdminKeys = new ArrayList<>();
Attribute userSSHAdminKeys;
try {
userSSHAdminKeys = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, user, A_U_sshPublicAdminKey);
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException(ex);
} catch (WrongAttributeAssignmentException ex) {
throw new InternalErrorException(ex);
}
if (userSSHAdminKeys.getValue() != null) {
userNebulaSSHAdminKeys = (ArrayList<String>) userSSHAdminKeys.getValue();
}
attribute.setValue(userNebulaSSHAdminKeys);
return attribute;
}
use of cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException in project perun by CESNET.
the class urn_perun_user_attribute_def_def_vsupMailAlias method changedAttributeHook.
@Override
public void changedAttributeHook(PerunSessionImpl session, User user, Attribute attribute) throws InternalErrorException, WrongReferenceAttributeValueException {
// map of reserved vsup mails
Attribute reservedMailsAttribute;
Map<String, String> reservedMailsAttributeValue;
// other vsup mail attributes to get values from
Attribute vsupMailAttribute;
Attribute mailAliasesAttribute;
Attribute vsupPreferredMailAttribute;
// output sets used for comparison
Set<String> reservedMailsOfUser = new HashSet<>();
Set<String> actualMailsOfUser = new HashSet<>();
try {
reservedMailsAttribute = session.getPerunBl().getAttributesManagerBl().getEntitylessAttributeForUpdate(session, usedMailsKeyVsup, usedMailsUrn);
vsupMailAttribute = session.getPerunBl().getAttributesManagerBl().getAttribute(session, user, vsupMailUrn);
mailAliasesAttribute = session.getPerunBl().getAttributesManagerBl().getAttribute(session, user, vsupMailAliasesUrn);
vsupPreferredMailAttribute = session.getPerunBl().getAttributesManagerBl().getAttribute(session, user, vsupPreferredMailUrn);
} catch (AttributeNotExistsException ex) {
throw new ConsistencyErrorException("Attribute doesn't exists.", ex);
} catch (WrongAttributeAssignmentException e) {
throw new InternalErrorException(e);
}
if (attribute.getValue() == null && reservedMailsAttribute.getValue() == null) {
throw new ConsistencyErrorException("Entityless attribute 'urn:perun:entityless:attribute-def:def:usedMails' is empty, but we are removing 'vsupMailAlias' value, so there should have been entry in entityless attribute.");
}
if (reservedMailsAttribute.getValue() == null) {
reservedMailsAttributeValue = new LinkedHashMap<>();
} else {
reservedMailsAttributeValue = (Map<String, String>) reservedMailsAttribute.getValue();
}
// if SET action and mail is already reserved by other user
if (attribute.getValue() != null) {
String ownersUserId = reservedMailsAttributeValue.get((String) attribute.getValue());
if (ownersUserId != null && !Objects.equals(ownersUserId, String.valueOf(user.getId()))) {
// TODO - maybe get actual owners attribute and throw WrongReferenceAttributeException to be nice in a GUI ?
throw new InternalErrorException("VŠUP mail alias: '" + attribute.getValue() + "' is already in use by User ID: " + ownersUserId + ".");
}
}
for (Map.Entry<String, String> entry : reservedMailsAttributeValue.entrySet()) {
if (Objects.equals(entry.getValue(), String.valueOf(user.getId()))) {
// reserved mails of a user
reservedMailsOfUser.add(entry.getKey());
}
}
if (vsupMailAttribute.getValue() != null) {
actualMailsOfUser.add((String) vsupMailAttribute.getValue());
}
if (vsupPreferredMailAttribute.getValue() != null) {
actualMailsOfUser.add((String) vsupPreferredMailAttribute.getValue());
}
if (mailAliasesAttribute.getValue() != null) {
actualMailsOfUser.addAll((ArrayList<String>) mailAliasesAttribute.getValue());
}
for (String mail : reservedMailsOfUser) {
if (!actualMailsOfUser.contains(mail)) {
// Remove mail, which is not in attributes anymore
reservedMailsAttributeValue.remove(mail);
// since this attribute holds single value, we can break the cycle here
break;
}
}
// Put in which is in attribute but not in a map
if (attribute.getValue() != null) {
reservedMailsAttributeValue.putIfAbsent((String) attribute.getValue(), String.valueOf(user.getId()));
}
// save changes in entityless attribute
try {
// always set value to attribute, since we might start with null in attribute and empty map in variable !!
reservedMailsAttribute.setValue(reservedMailsAttributeValue);
session.getPerunBl().getAttributesManagerBl().setAttribute(session, usedMailsKeyVsup, reservedMailsAttribute);
} catch (WrongAttributeValueException | WrongAttributeAssignmentException ex) {
throw new InternalErrorException(ex);
}
// if set, check vsupPreferredMail and set it's value if is currently empty or equals vsupMail
if (attribute.getValue() != null) {
String preferredMail = (String) vsupPreferredMailAttribute.getValue();
if (preferredMail == null || Objects.equals(preferredMail, vsupMailAttribute.getValue())) {
vsupPreferredMailAttribute.setValue(attribute.getValue());
try {
session.getPerunBl().getAttributesManagerBl().setAttribute(session, user, vsupPreferredMailAttribute);
} catch (WrongAttributeValueException | WrongAttributeAssignmentException e) {
throw new InternalErrorException("Unable to store generated vsupMailAlias to vsupPreferredMail.", e);
}
}
}
}
Aggregations