use of cz.metacentrum.perun.core.api.exceptions.GroupNotDefinedOnResourceException in project perun by CESNET.
the class ResourcesManagerBlImpl method removeGroupFromResource.
/**
* Remove group from a resource. Remove subgroups automatic assignments.
* After removing, check attributes and fix them if it is needed.
*
* @param sess
* @param group
* @param resource
* @param sourceGroupId id of a source group if an automatic assignment should be deleted, null otherwise
* @throws GroupNotDefinedOnResourceException when there is no such group-resource assignment
* @throws GroupAlreadyRemovedFromResourceException when the assignment was already removed
*/
private void removeGroupFromResource(PerunSession sess, Group group, Resource resource, Integer sourceGroupId) throws GroupNotDefinedOnResourceException, GroupAlreadyRemovedFromResourceException {
Vo groupVo = getPerunBl().getGroupsManagerBl().getVo(sess, group);
// Check if the group and resource belongs to the same VO
if (!groupVo.equals(this.getVo(sess, resource))) {
throw new InternalErrorException("Group " + group + " and resource " + resource + " belongs to the different VOs");
}
// Check if the group-resource assignment is defined
Optional<AssignedGroup> assignmentToRemove = getResourcesManagerImpl().getGroupAssignments(sess, resource).stream().filter(assignedGroup -> assignedGroup.getEnrichedGroup().getGroup().equals(group) && Objects.equals(assignedGroup.getSourceGroupId(), sourceGroupId)).findFirst();
if (assignmentToRemove.isEmpty()) {
// Group is not defined on the resource
throw new GroupNotDefinedOnResourceException(group.getName());
}
// Remove group
if (sourceGroupId != null) {
getResourcesManagerImpl().removeAutomaticGroupFromResource(sess, group, resource, sourceGroupId);
} else {
getResourcesManagerImpl().removeGroupFromResource(sess, group, resource);
// Remove automatically assigned subgroups
List<AssignedGroup> subgroupsAssignments = getResourcesManagerImpl().getGroupAssignments(sess, resource).stream().filter(assignedGroup -> Objects.equals(assignedGroup.getSourceGroupId(), group.getId())).collect(Collectors.toList());
for (AssignedGroup assignedSubgroup : subgroupsAssignments) {
try {
removeAutomaticGroupFromResource(sess, assignedSubgroup.getEnrichedGroup().getGroup(), resource, group.getId());
} catch (GroupAlreadyRemovedFromResourceException e) {
// skip silently
}
}
}
// If it was the last ACTIVE assignment, we can delete group-resource attributes and audit the removal
if (!isGroupAssigned(sess, resource, group)) {
getPerunBl().getAuditer().log(sess, new GroupRemovedFromResource(group, resource));
// Remove group-resource attributes
try {
getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, resource, group);
} catch (WrongAttributeValueException | WrongReferenceAttributeValueException e) {
throw new InternalErrorException(e);
} catch (GroupResourceMismatchException ex) {
throw new ConsistencyErrorException(ex);
}
}
// FIXME - here we should call checkSemantics() and on error re-fill/set user-facility attributes
// for the group members of removed group, which are still allowed on the facility, since we removed
// one relation and attribute constraints might have changed (eg. for shell / default gid/group).
// We don't do this for performance reasons.
}
use of cz.metacentrum.perun.core.api.exceptions.GroupNotDefinedOnResourceException in project perun by CESNET.
the class GroupsManagerBlImpl method deleteAnyGroup.
/**
* If forceDelete is false, delete only group which has no subgroup and no member.
* If forceDelete is true, delete group with all subgroups and members.
*
* @param sess
* @param group
* @param forceDelete if false, delete only empty group without subgroups. If true, delete group including subgroups and members.
* @throws InternalErrorException
* @throws RelationExistsException Raise only if forceDelete is false and the group has any subgroup or member.
* @throws GroupAlreadyRemovedException if there are 0 rows affected by deleting from DB
*/
private void deleteAnyGroup(PerunSession sess, Group group, boolean forceDelete) throws RelationExistsException, GroupAlreadyRemovedException, GroupAlreadyRemovedFromResourceException, GroupNotExistsException, GroupRelationDoesNotExist, GroupRelationCannotBeRemoved {
Vo vo = this.getVo(sess, group);
if (getGroupsManagerImpl().getSubGroupsCount(sess, group) > 0) {
if (!forceDelete)
throw new RelationExistsException("Group group=" + group + " contains subgroups");
// get subgroups of this group
List<Group> subGroups = getSubGroups(sess, group);
for (Group subGroup : subGroups) {
deleteAnyGroup(sess, subGroup, true);
}
}
if ((this.getGroupMembersCount(sess, group) > 0) && !forceDelete) {
throw new RelationExistsException("Group group=" + group + " contains members");
}
List<AssignedResource> assignedResources = getPerunBl().getResourcesManagerBl().getResourceAssignments(sess, group, List.of());
try {
for (AssignedResource assignedResource : assignedResources) {
if (assignedResource.getSourceGroupId() == null) {
getPerunBl().getResourcesManagerBl().removeGroupFromResource(sess, group, assignedResource.getEnrichedResource().getResource());
} else {
getPerunBl().getResourcesManagerBl().removeAutomaticGroupFromResource(sess, group, assignedResource.getEnrichedResource().getResource(), assignedResource.getSourceGroupId());
}
}
// remove group's attributes
getPerunBl().getAttributesManagerBl().removeAllAttributes(sess, group);
} catch (GroupNotDefinedOnResourceException ex) {
throw new ConsistencyErrorException(ex);
} catch (AttributeValueException ex) {
throw new ConsistencyErrorException("All resources was removed from this group, so no attributes should remain assigned.", ex);
}
// delete all Groups reserved logins from KDC
List<Integer> list = getGroupsManagerImpl().getGroupApplicationIds(sess, group);
for (Integer appId : list) {
// for each application
for (Pair<String, String> login : getGroupsManagerImpl().getApplicationReservedLogins(appId)) {
// for all reserved logins - delete them in ext. system (e.g. KDC)
try {
// left = namespace / right = login
getPerunBl().getUsersManagerBl().deletePassword(sess, login.getRight(), login.getLeft());
} catch (LoginNotExistsException ex) {
log.error("Login: {} not exists in namespace: {} while deleting passwords.", login.getRight(), login.getLeft());
} catch (InvalidLoginException e) {
throw new InternalErrorException("We are deleting reserved login from group applications, but its syntax is not allowed by namespace configuration.", e);
} catch (PasswordDeletionFailedException | PasswordOperationTimeoutException ex) {
throw new InternalErrorException("Failed to delete reserved login " + login.getRight() + " from KDC.", ex);
}
}
}
// delete all Groups reserved logins from DB
getGroupsManagerImpl().deleteGroupReservedLogins(sess, group);
// remove all assigned ExtSources to this group
List<ExtSource> assignedSources = getPerunBl().getExtSourcesManagerBl().getGroupExtSources(sess, group);
for (ExtSource source : assignedSources) {
try {
getPerunBl().getExtSourcesManagerBl().removeExtSource(sess, group, source);
} catch (ExtSourceNotAssignedException | ExtSourceAlreadyRemovedException ex) {
// Just log this, because if method can't remove it, it is probably not assigned now
log.warn("Try to remove not existing extSource {} from group {} when deleting group.", source, group);
}
}
// 1. remove all relations with group g as an operand group.
// this removes all relations that depend on this group
List<Integer> relations = groupsManagerImpl.getResultGroupsIds(sess, group.getId());
for (Integer groupId : relations) {
removeGroupUnion(sess, groupsManagerImpl.getGroupById(sess, groupId), group, true);
}
// 2. remove all relations with group as a result group
// We can remove relations without recalculation (@see removeRelationMembers)
// because all dependencies of group were deleted in step 1.
groupsManagerImpl.removeResultGroupRelations(sess, group);
// Group applications, submitted data and app_form are deleted on cascade with "deleteGroup()"
List<Member> membersFromDeletedGroup = getGroupMembers(sess, group);
// delete all member-group attributes
for (Member member : membersFromDeletedGroup) {
try {
perunBl.getAttributesManagerBl().removeAllAttributes(sess, member, group);
} catch (AttributeValueException ex) {
throw new ConsistencyErrorException("All members were removed from this group. So all member-group attribute values can be removed.", ex);
} catch (MemberGroupMismatchException e) {
throw new InternalErrorException("Member we tried to remove all member-group attributes doesn't come from the same VO as group", e);
}
}
// remove admin roles of group
List<Facility> facilitiesWhereGroupIsAdmin = getGroupsManagerImpl().getFacilitiesWhereGroupIsAdmin(sess, group);
for (Facility facility : facilitiesWhereGroupIsAdmin) {
try {
AuthzResolverBlImpl.unsetRole(sess, group, facility, Role.FACILITYADMIN);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of facility {} due to group not admin exception {}.", group, facility, e);
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<Group> groupsWhereGroupIsAdmin = getGroupsManagerImpl().getGroupsWhereGroupIsAdmin(sess, group);
for (Group group1 : groupsWhereGroupIsAdmin) {
try {
AuthzResolverBlImpl.unsetRole(sess, group, group1, Role.GROUPADMIN);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of group {} due to group not admin exception {}.", group, group1, e);
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<Resource> resourcesWhereGroupIsAdmin = getGroupsManagerImpl().getResourcesWhereGroupIsAdmin(sess, group);
for (Resource resource : resourcesWhereGroupIsAdmin) {
try {
AuthzResolverBlImpl.unsetRole(sess, group, resource, Role.RESOURCEADMIN);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of resource {} due to group not admin exception {}.", group, resource, e);
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<Resource> resourcesWhereGroupIsResourceSelfService = getGroupsManagerImpl().getResourcesWhereGroupIsResourceSelfService(sess, group);
for (Resource resource : resourcesWhereGroupIsResourceSelfService) {
try {
perunBl.getResourcesManagerBl().removeResourceSelfServiceGroup(sess, resource, group);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of resource {} due to group not admin exception {}.", group, resource, e);
}
}
List<SecurityTeam> securityTeamsWhereGroupIsAdmin = getGroupsManagerImpl().getSecurityTeamsWhereGroupIsAdmin(sess, group);
for (SecurityTeam securityTeam : securityTeamsWhereGroupIsAdmin) {
try {
AuthzResolverBlImpl.unsetRole(sess, group, securityTeam, Role.SECURITYADMIN);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of security team {} due to group not admin exception {}.", group, securityTeam, e);
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<Vo> vosWhereGroupIsAdmin = getGroupsManagerImpl().getVosWhereGroupIsAdmin(sess, group);
for (Vo vo1 : vosWhereGroupIsAdmin) {
try {
AuthzResolverBlImpl.unsetRole(sess, group, vo1, Role.VOADMIN);
} catch (GroupNotAdminException e) {
log.warn("Can't unset group {} as admin of facility {} due to group not admin exception {}.", group, vo1, e);
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
// remove admins of this group
List<Group> adminGroups = getGroupsManagerImpl().getGroupAdmins(sess, group);
for (Group adminGroup : adminGroups) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminGroup, group, Role.GROUPADMIN);
} catch (GroupNotAdminException e) {
log.warn("When trying to unsetRole GroupAdmin for group {} in the group {} the exception was thrown {}", adminGroup, group, e);
// skip and log as warning
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<User> adminUsers = getGroupsManagerImpl().getAdmins(sess, group);
for (User adminUser : adminUsers) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminUser, group, Role.GROUPADMIN);
} catch (UserNotAdminException e) {
log.warn("When trying to unsetRole GroupAdmin for user {} in the group {} the exception was thrown {}", adminUser, group, e);
// skip and log as warning
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
// Deletes also all direct and indirect members of the group
getGroupsManagerImpl().deleteGroup(sess, vo, group);
logTotallyRemovedMembers(sess, group.getParentGroupId(), membersFromDeletedGroup);
getPerunBl().getAuditer().log(sess, new GroupDeleted(group));
}
use of cz.metacentrum.perun.core.api.exceptions.GroupNotDefinedOnResourceException in project perun by CESNET.
the class ResourceAssignmentChecker method removeSubgroupFromResource.
/**
* Remove assigned subgroup which source group is not assigned as source group.
* Runs in transaction.
* @param resource
* @param sourceGroups
* @param assignedSubgroup
*/
public void removeSubgroupFromResource(Resource resource, List<AssignedGroup> sourceGroups, AssignedGroup assignedSubgroup) {
boolean sourceIsAssigned;
try {
Group srcGroup = perunBl.getGroupsManagerBl().getGroupById(sess, assignedSubgroup.getSourceGroupId());
sourceIsAssigned = sourceGroups.stream().anyMatch(s -> s.getEnrichedGroup().getGroup().equals(srcGroup));
} catch (GroupNotExistsException e) {
sourceIsAssigned = false;
}
if (!sourceIsAssigned) {
try {
perunBl.getResourcesManagerBl().removeAutomaticGroupFromResource(sess, assignedSubgroup.getEnrichedGroup().getGroup(), resource, assignedSubgroup.getSourceGroupId());
} catch (GroupNotDefinedOnResourceException | GroupAlreadyRemovedFromResourceException e) {
// skip silently, already removed
}
}
}
use of cz.metacentrum.perun.core.api.exceptions.GroupNotDefinedOnResourceException in project perun by CESNET.
the class GroupsManagerBlImpl method fixMovedTreeAutoassignments.
/**
* Checks, if moving group would still belong under source group tree of automatic assignments on all assigned resources
* and removes together with subgroups from source group's autoassignments if not
* @param sess
* @param destinationGroup
* @param movingGroup
*/
private void fixMovedTreeAutoassignments(PerunSession sess, Group destinationGroup, Group movingGroup) {
List<AssignedResource> autoAssignedResources = perunBl.getResourcesManagerBl().getResourceAssignments(sess, movingGroup, List.of()).stream().filter(g -> g.getSourceGroupId() != null).collect(toList());
for (AssignedResource autoAssignedResource : autoAssignedResources) {
int sourceGroupId = autoAssignedResource.getSourceGroupId();
try {
Group sourceGroup = this.getGroupById(sess, sourceGroupId);
List<Group> sourceSubgroups = this.getAllSubGroups(sess, sourceGroup);
if (destinationGroup == null || !sourceSubgroups.contains(destinationGroup)) {
// remove automatic group and subgroups' assignments
List<Group> groupsToRemove = this.getAllSubGroups(sess, movingGroup);
groupsToRemove.add(movingGroup);
for (Group groupToRemove : groupsToRemove) {
try {
perunBl.getResourcesManagerBl().removeAutomaticGroupFromResource(sess, groupToRemove, autoAssignedResource.getEnrichedResource().getResource(), sourceGroupId);
} catch (GroupAlreadyRemovedFromResourceException | GroupNotDefinedOnResourceException e) {
// skip
}
}
}
} catch (GroupNotExistsException e) {
log.error("Assignment source group doesn't exist: " + autoAssignedResource, e);
}
}
}
use of cz.metacentrum.perun.core.api.exceptions.GroupNotDefinedOnResourceException in project perun by CESNET.
the class ResourcesManagerBlImpl method deleteResource.
@Override
public void deleteResource(PerunSession sess, Resource resource) throws ResourceAlreadyRemovedException, GroupAlreadyRemovedFromResourceException {
// Get facility for audit messages
Facility facility = this.getFacility(sess, resource);
// remove admins of this resource
List<Group> adminGroups = getResourcesManagerImpl().getAdminGroups(sess, resource);
for (Group adminGroup : adminGroups) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminGroup, resource, Role.RESOURCEADMIN);
} catch (GroupNotAdminException e) {
log.warn("When trying to unsetRole ResourceAdmin for group {} in the resource {} the exception was thrown {}", adminGroup, resource, e);
// skip and log as warning
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
List<User> adminUsers = getResourcesManagerImpl().getAdmins(sess, resource);
for (User adminUser : adminUsers) {
try {
AuthzResolverBlImpl.unsetRole(sess, adminUser, resource, Role.RESOURCEADMIN);
} catch (UserNotAdminException e) {
log.warn("When trying to unsetRole ResourceAdmin for user {} in the resource {} the exception was thrown {}", adminUser, resource, e);
// skip and log as warning
} catch (RoleCannotBeManagedException e) {
throw new InternalErrorException(e);
}
}
// Remove binding between resource and service
List<Service> services = getAssignedServices(sess, resource);
for (Service service : services) {
try {
this.removeService(sess, resource, service);
} catch (ServiceNotAssignedException e) {
throw new ConsistencyErrorException(e);
}
}
List<AssignedGroup> assignedGroups = getGroupAssignments(sess, resource, List.of());
for (AssignedGroup assignedGroup : assignedGroups) {
if (assignedGroup.getSourceGroupId() == null) {
try {
removeGroupFromResource(sess, assignedGroup.getEnrichedGroup().getGroup(), resource);
} catch (GroupNotDefinedOnResourceException ex) {
throw new GroupAlreadyRemovedFromResourceException(ex);
}
}
}
// Remove attr values for the resource
try {
perunBl.getAttributesManagerBl().removeAllAttributes(sess, resource);
} catch (AttributeValueException ex) {
throw new ConsistencyErrorException("All services are removed from this resource. There is no required attribute. So all attribtes for this resource can be removed withou problem.", ex);
}
// Remove group-resource attr values for all group and resource
try {
this.perunBl.getAttributesManagerBl().removeAllGroupResourceAttributes(sess, resource);
} catch (WrongAttributeValueException | GroupResourceMismatchException | WrongReferenceAttributeValueException ex) {
throw new InternalErrorException(ex);
}
// Remove all resources tags
this.removeAllResourcesTagFromResource(sess, resource);
// Remove all resource bans
List<BanOnResource> bansOnResource = this.getBansForResource(sess, resource.getId());
for (BanOnResource banOnResource : bansOnResource) {
try {
this.removeBan(sess, banOnResource.getId());
} catch (BanNotExistsException ex) {
// it is ok, we just want to remove it anyway
}
}
// Because resource will be tottaly deleted, we can also delete all member-resource attributes
this.perunBl.getAttributesManagerBl().removeAllMemberResourceAttributes(sess, resource);
// Get the resource VO
Vo vo = this.getVo(sess, resource);
getResourcesManagerImpl().deleteResource(sess, vo, resource);
getPerunBl().getAuditer().log(sess, new ResourceDeleted(resource, facility));
}
Aggregations