Search in sources :

Example 11 with ConsistencyErrorException

use of cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException in project perun by CESNET.

the class urn_perun_resource_attribute_def_def_unixGID_namespace method checkAttributeValue.

public void checkAttributeValue(PerunSessionImpl sess, Resource resource, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongReferenceAttributeValueException, WrongAttributeAssignmentException {
    try {
        String gidNamespace = attribute.getFriendlyNameParameter();
        //Special behaviour if gid is null
        Integer attrValue = null;
        if (attribute.getValue() == null) {
            throw new WrongAttributeValueException(attribute, resource, "Unix GID must be set");
        } else {
            attrValue = (Integer) attribute.getValue();
        }
        //Check if GID is within allowed range
        sess.getPerunBl().getModulesUtilsBl().checkIfGIDIsWithinRange(sess, attribute);
        //check if gid is not already depleted
        Attribute usedGids = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, gidNamespace, A_E_usedGids);
        //null in value means there is no depleted or used gids
        if (usedGids.getValue() != null) {
            Map<String, String> usedGidsValue = (Map<String, String>) usedGids.getValue();
            //Dx, where x is GID means depleted value for GID x
            if (usedGidsValue.containsKey("D" + attrValue.toString())) {
                throw new WrongReferenceAttributeValueException(attribute, usedGids, resource, null, gidNamespace, null, "This GID is already depleted.");
            }
        }
        //Prepare lists for all groups and resources with same GID in the same namespace
        List<Group> allGroupsWithSameGIDInSameNamespace = new ArrayList<Group>();
        List<Resource> allResourcesWithSameGIDInSameNamespace = new ArrayList<Resource>();
        //Prepare attributes for searching through groups and resources
        Attribute resourceGIDAttribute = attribute;
        Attribute groupGIDAttribute = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, A_G_unixGID_namespace + ":" + gidNamespace));
        groupGIDAttribute.setValue(resourceGIDAttribute.getValue());
        //Fill lists of Groups and Resources by data
        allGroupsWithSameGIDInSameNamespace.addAll(sess.getPerunBl().getGroupsManagerBl().getGroupsByAttribute(sess, groupGIDAttribute));
        allResourcesWithSameGIDInSameNamespace.addAll(sess.getPerunBl().getResourcesManagerBl().getResourcesByAttribute(sess, resourceGIDAttribute));
        //remove this resource
        allResourcesWithSameGIDInSameNamespace.remove(resource);
        //Prepare list of GroupName attributes of this resource
        List<Attribute> groupNamesOfResource = sess.getPerunBl().getAttributesManagerBl().getAllAttributesStartWithNameWithoutNullValue(sess, resource, A_R_unixGroupName_namespace + ":");
        //Searching through groups
        if (!allGroupsWithSameGIDInSameNamespace.isEmpty()) {
            for (Group g : allGroupsWithSameGIDInSameNamespace) {
                for (Attribute a : groupNamesOfResource) {
                    //Prepare group version of this group attribute
                    Attribute groupGroupName = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, A_G_unixGroupName_namespace + ":" + a.getFriendlyNameParameter()));
                    groupGroupName.setValue(a.getValue());
                    int compare = sess.getPerunBl().getModulesUtilsBl().haveTheSameAttributeWithTheSameNamespace(sess, g, groupGroupName);
                    if (compare > 0) {
                        //This is problem, there is the same attribute but have other value
                        throw new WrongReferenceAttributeValueException(attribute, a, "There is a group with same GID (namespace: " + gidNamespace + ") and different unix group name (namespace: " + a.getFriendlyNameParameter() + "). " + g + " " + resource);
                    }
                //Other possibilities are not problem, less than 0 mean that same attribute not exists, and 0 mean that attribute exists but have same value
                }
            }
        }
        //Searching through resources
        if (!allResourcesWithSameGIDInSameNamespace.isEmpty()) {
            for (Resource r : allResourcesWithSameGIDInSameNamespace) {
                for (Attribute a : groupNamesOfResource) {
                    int compare = sess.getPerunBl().getModulesUtilsBl().haveTheSameAttributeWithTheSameNamespace(sess, r, a);
                    if (compare > 0) {
                        //This is problem, there is the same attribute but have other value
                        throw new WrongReferenceAttributeValueException(attribute, a, "There is a resource with same GID (namespace: " + gidNamespace + ") and different unix group name (namespace: " + a.getFriendlyNameParameter() + "). " + r + " " + resource);
                    }
                //Other possibilities are not problem, less than 0 mean that same attribute not exists, and 0 mean that attribute exists but have same value
                }
            }
        }
    } catch (AttributeNotExistsException ex) {
        throw new ConsistencyErrorException(ex);
    }
}
Also used : Group(cz.metacentrum.perun.core.api.Group) ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException) Attribute(cz.metacentrum.perun.core.api.Attribute) AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException) ArrayList(java.util.ArrayList) Resource(cz.metacentrum.perun.core.api.Resource) WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException) WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map)

Example 12 with ConsistencyErrorException

use of cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException in project perun by CESNET.

the class urn_perun_resource_attribute_def_virt_unixGID method checkAttributeValue.

@Override
public void checkAttributeValue(PerunSessionImpl sess, Resource resource, Attribute attribute) throws InternalErrorException, WrongAttributeValueException, WrongAttributeAssignmentException, WrongReferenceAttributeValueException {
    Attribute unixGIDNamespaceAttribute = sess.getPerunBl().getModulesUtilsBl().getUnixGIDNamespaceAttributeWithNotNullValue(sess, resource);
    Attribute gidAttribute;
    try {
        gidAttribute = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, resource, AttributesManager.NS_RESOURCE_ATTR_DEF + ":unixGID-namespace:" + unixGIDNamespaceAttribute.getValue());
    } catch (AttributeNotExistsException ex) {
        throw new ConsistencyErrorException(ex);
    }
    gidAttribute.setValue(attribute.getValue());
    try {
        sess.getPerunBl().getAttributesManagerBl().forceCheckAttributeValue(sess, resource, gidAttribute);
    } catch (WrongAttributeValueException ex) {
        throw new WrongAttributeValueException(attribute, ex.getMessage(), ex);
    } catch (WrongReferenceAttributeValueException ex) {
        throw new WrongReferenceAttributeValueException(attribute, ex.getReferenceAttribute(), ex);
    }
}
Also used : ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException) Attribute(cz.metacentrum.perun.core.api.Attribute) WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException) AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException) WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)

Example 13 with ConsistencyErrorException

use of cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException in project perun by CESNET.

the class urn_perun_user_facility_attribute_def_def_defaultUnixGID method checkAttributeValue.

@Override
public /**
	 * Checks the new default GID of the user at the specified facility. The new GID must be equals to any of resource unixGID attribute where resource is from speciafie facility (and user must have acces to this resource) or from groupResource:unixGID attribute (groups if from the resources and user have acess to them)
	 *
	 * TODO Known issues: Can't detect if unixGid is not set on all resources and groups where user is allowed. This will be reported as WrongAttributeValueException, but it should be WrongReferenceAttributeValueException
	 */
void checkAttributeValue(PerunSessionImpl sess, Facility facility, User user, Attribute attribute) throws WrongAttributeValueException, WrongReferenceAttributeValueException, InternalErrorException, WrongAttributeAssignmentException {
    Integer gid = (Integer) attribute.getValue();
    if (gid == null)
        return;
    Attribute namespaceAttribute;
    try {
        namespaceAttribute = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, facility, AttributesManager.NS_FACILITY_ATTR_DEF + ":unixGID-namespace");
    } catch (AttributeNotExistsException ex) {
        throw new ConsistencyErrorException(ex);
    }
    if (namespaceAttribute.getValue() == null)
        throw new WrongReferenceAttributeValueException(attribute, namespaceAttribute, "Reference attribute is null");
    String namespaceName = (String) namespaceAttribute.getValue();
    Attribute unixGroupNameNamespace;
    try {
        unixGroupNameNamespace = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, facility, AttributesManager.NS_FACILITY_ATTR_DEF + ":unixGroupName-namespace");
    } catch (AttributeNotExistsException ex) {
        throw new ConsistencyErrorException(ex);
    }
    if (unixGroupNameNamespace.getValue() == null)
        throw new WrongReferenceAttributeValueException(attribute, unixGroupNameNamespace, user, facility, facility, null, "Reference attribute is null");
    String unixGroupNameNamespaceName = (String) unixGroupNameNamespace.getValue();
    Attribute resourceGidAttribute;
    try {
        resourceGidAttribute = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, AttributesManager.NS_RESOURCE_ATTR_DEF + ":unixGID-namespace:" + namespaceName));
    } catch (AttributeNotExistsException ex) {
        throw new ConsistencyErrorException("Namespace from value of " + namespaceAttribute + " doesn't exists. (Resource attribute " + AttributesManager.NS_RESOURCE_ATTR_DEF + ":unixGID-namespace:" + namespaceName + " doesn't exists", ex);
    }
    resourceGidAttribute.setValue(attribute.getValue());
    List<Resource> allowedResources = sess.getPerunBl().getUsersManagerBl().getAllowedResources(sess, facility, user);
    List<Resource> allowedResourcesWithSameGid = sess.getPerunBl().getResourcesManagerBl().getResourcesByAttribute(sess, resourceGidAttribute);
    allowedResourcesWithSameGid.retainAll(allowedResources);
    //We found at least one allowed resource with same gid as the user have => attribute is OK
    if (!allowedResourcesWithSameGid.isEmpty())
        return;
    Attribute groupGidAttribute;
    try {
        groupGidAttribute = new Attribute(sess.getPerunBl().getAttributesManagerBl().getAttributeDefinition(sess, AttributesManager.NS_GROUP_ATTR_DEF + ":unixGID-namespace:" + namespaceName));
        groupGidAttribute.setValue(attribute.getValue());
    } catch (AttributeNotExistsException ex) {
        throw new ConsistencyErrorException("Namespace from value of " + namespaceAttribute + " doesn't exists. (Group-resource attribute " + AttributesManager.NS_GROUP_ATTR_DEF + ":unixGID-namespace:" + namespaceName + " doesn't exists", ex);
    }
    List<Group> groupWithSameGid = sess.getPerunBl().getGroupsManagerBl().getGroupsByAttribute(sess, groupGidAttribute);
    List<Group> candidateGroups = groupWithSameGid;
    candidateGroups.retainAll(sess.getPerunBl().getFacilitiesManagerBl().getAllowedGroups(sess, facility, null, null));
    for (Group group : candidateGroups) {
        //check if group has unix group name in namespace required by facility
        try {
            Attribute unixGroupName = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, group, AttributesManager.NS_GROUP_ATTR_DEF + ":unixGroupName-namespace:" + unixGroupNameNamespaceName);
            if (unixGroupName.getValue() == null || ((String) unixGroupName.getValue()).isEmpty()) {
                continue;
            }
        } catch (AttributeNotExistsException ex) {
            throw new InternalErrorException(ex);
        }
        //check if the user is member of the group
        if (sess.getPerunBl().getGroupsManagerBl().isUserMemberOfGroup(sess, user, group)) {
            //attribute is OK
            return;
        }
    }
    throw new WrongAttributeValueException(attribute, user, facility, "User isn't allowed to have the default unix group which have this gid (" + gid + ") or such group doesn't exist.  " + user);
}
Also used : Group(cz.metacentrum.perun.core.api.Group) ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException) Attribute(cz.metacentrum.perun.core.api.Attribute) WrongReferenceAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException) AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException) Resource(cz.metacentrum.perun.core.api.Resource) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)

Example 14 with ConsistencyErrorException

use of cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException in project perun by CESNET.

the class urn_perun_user_attribute_def_virt_openNebulaSSHAdminKeys method getAttributeValue.

@Override
public Attribute getAttributeValue(PerunSessionImpl sess, User user, AttributeDefinition attributeDefinition) throws InternalErrorException {
    Attribute attribute = new Attribute(attributeDefinition);
    List<String> userNebulaSSHAdminKeys = new ArrayList<>();
    Attribute userSSHAdminKeys;
    try {
        userSSHAdminKeys = sess.getPerunBl().getAttributesManagerBl().getAttribute(sess, user, A_U_sshPublicAdminKey);
    } catch (AttributeNotExistsException ex) {
        throw new ConsistencyErrorException(ex);
    } catch (WrongAttributeAssignmentException ex) {
        throw new InternalErrorException(ex);
    }
    if (userSSHAdminKeys.getValue() != null) {
        userNebulaSSHAdminKeys = (ArrayList<String>) userSSHAdminKeys.getValue();
    }
    attribute.setValue(userNebulaSSHAdminKeys);
    return attribute;
}
Also used : ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException) Attribute(cz.metacentrum.perun.core.api.Attribute) WrongAttributeAssignmentException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException) AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException)

Example 15 with ConsistencyErrorException

use of cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException in project perun by CESNET.

the class urn_perun_user_attribute_def_def_vsupMailAlias method changedAttributeHook.

@Override
public void changedAttributeHook(PerunSessionImpl session, User user, Attribute attribute) throws InternalErrorException, WrongReferenceAttributeValueException {
    // map of reserved vsup mails
    Attribute reservedMailsAttribute;
    Map<String, String> reservedMailsAttributeValue;
    // other vsup mail attributes to get values from
    Attribute vsupMailAttribute;
    Attribute mailAliasesAttribute;
    Attribute vsupPreferredMailAttribute;
    // output sets used for comparison
    Set<String> reservedMailsOfUser = new HashSet<>();
    Set<String> actualMailsOfUser = new HashSet<>();
    try {
        reservedMailsAttribute = session.getPerunBl().getAttributesManagerBl().getEntitylessAttributeForUpdate(session, usedMailsKeyVsup, usedMailsUrn);
        vsupMailAttribute = session.getPerunBl().getAttributesManagerBl().getAttribute(session, user, vsupMailUrn);
        mailAliasesAttribute = session.getPerunBl().getAttributesManagerBl().getAttribute(session, user, vsupMailAliasesUrn);
        vsupPreferredMailAttribute = session.getPerunBl().getAttributesManagerBl().getAttribute(session, user, vsupPreferredMailUrn);
    } catch (AttributeNotExistsException ex) {
        throw new ConsistencyErrorException("Attribute doesn't exists.", ex);
    } catch (WrongAttributeAssignmentException e) {
        throw new InternalErrorException(e);
    }
    if (attribute.getValue() == null && reservedMailsAttribute.getValue() == null) {
        throw new ConsistencyErrorException("Entityless attribute 'urn:perun:entityless:attribute-def:def:usedMails' is empty, but we are removing 'vsupMailAlias' value, so there should have been entry in entityless attribute.");
    }
    if (reservedMailsAttribute.getValue() == null) {
        reservedMailsAttributeValue = new LinkedHashMap<>();
    } else {
        reservedMailsAttributeValue = (Map<String, String>) reservedMailsAttribute.getValue();
    }
    // if SET action and mail is already reserved by other user
    if (attribute.getValue() != null) {
        String ownersUserId = reservedMailsAttributeValue.get((String) attribute.getValue());
        if (ownersUserId != null && !Objects.equals(ownersUserId, String.valueOf(user.getId()))) {
            // TODO - maybe get actual owners attribute and throw WrongReferenceAttributeException to be nice in a GUI ?
            throw new InternalErrorException("VŠUP mail alias: '" + attribute.getValue() + "' is already in use by User ID: " + ownersUserId + ".");
        }
    }
    for (Map.Entry<String, String> entry : reservedMailsAttributeValue.entrySet()) {
        if (Objects.equals(entry.getValue(), String.valueOf(user.getId()))) {
            // reserved mails of a user
            reservedMailsOfUser.add(entry.getKey());
        }
    }
    if (vsupMailAttribute.getValue() != null) {
        actualMailsOfUser.add((String) vsupMailAttribute.getValue());
    }
    if (vsupPreferredMailAttribute.getValue() != null) {
        actualMailsOfUser.add((String) vsupPreferredMailAttribute.getValue());
    }
    if (mailAliasesAttribute.getValue() != null) {
        actualMailsOfUser.addAll((ArrayList<String>) mailAliasesAttribute.getValue());
    }
    for (String mail : reservedMailsOfUser) {
        if (!actualMailsOfUser.contains(mail)) {
            // Remove mail, which is not in attributes anymore
            reservedMailsAttributeValue.remove(mail);
            // since this attribute holds single value, we can break the cycle here
            break;
        }
    }
    // Put in which is in attribute but not in a map
    if (attribute.getValue() != null) {
        reservedMailsAttributeValue.putIfAbsent((String) attribute.getValue(), String.valueOf(user.getId()));
    }
    // save changes in entityless attribute
    try {
        // always set value to attribute, since we might start with null in attribute and empty map in variable !!
        reservedMailsAttribute.setValue(reservedMailsAttributeValue);
        session.getPerunBl().getAttributesManagerBl().setAttribute(session, usedMailsKeyVsup, reservedMailsAttribute);
    } catch (WrongAttributeValueException | WrongAttributeAssignmentException ex) {
        throw new InternalErrorException(ex);
    }
    // if set, check vsupPreferredMail and set it's value if is currently empty or equals vsupMail
    if (attribute.getValue() != null) {
        String preferredMail = (String) vsupPreferredMailAttribute.getValue();
        if (preferredMail == null || Objects.equals(preferredMail, vsupMailAttribute.getValue())) {
            vsupPreferredMailAttribute.setValue(attribute.getValue());
            try {
                session.getPerunBl().getAttributesManagerBl().setAttribute(session, user, vsupPreferredMailAttribute);
            } catch (WrongAttributeValueException | WrongAttributeAssignmentException e) {
                throw new InternalErrorException("Unable to store generated vsupMailAlias to vsupPreferredMail.", e);
            }
        }
    }
}
Also used : ConsistencyErrorException(cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException) Attribute(cz.metacentrum.perun.core.api.Attribute) WrongAttributeAssignmentException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException) AttributeNotExistsException(cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException) InternalErrorException(cz.metacentrum.perun.core.api.exceptions.InternalErrorException) WrongAttributeValueException(cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Aggregations

ConsistencyErrorException (cz.metacentrum.perun.core.api.exceptions.ConsistencyErrorException)281 Attribute (cz.metacentrum.perun.core.api.Attribute)212 AttributeNotExistsException (cz.metacentrum.perun.core.api.exceptions.AttributeNotExistsException)162 WrongReferenceAttributeValueException (cz.metacentrum.perun.core.api.exceptions.WrongReferenceAttributeValueException)120 InternalErrorException (cz.metacentrum.perun.core.api.exceptions.InternalErrorException)111 WrongAttributeValueException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException)102 WrongAttributeAssignmentException (cz.metacentrum.perun.core.api.exceptions.WrongAttributeAssignmentException)84 User (cz.metacentrum.perun.core.api.User)60 ArrayList (java.util.ArrayList)51 Group (cz.metacentrum.perun.core.api.Group)44 Facility (cz.metacentrum.perun.core.api.Facility)41 Resource (cz.metacentrum.perun.core.api.Resource)37 Member (cz.metacentrum.perun.core.api.Member)30 LinkedHashMap (java.util.LinkedHashMap)23 Vo (cz.metacentrum.perun.core.api.Vo)22 RichAttribute (cz.metacentrum.perun.core.api.RichAttribute)21 GroupResourceMismatchException (cz.metacentrum.perun.core.api.exceptions.GroupResourceMismatchException)20 AttributeDefinition (cz.metacentrum.perun.core.api.AttributeDefinition)19 MemberNotExistsException (cz.metacentrum.perun.core.api.exceptions.MemberNotExistsException)17 VoNotExistsException (cz.metacentrum.perun.core.api.exceptions.VoNotExistsException)17