Interface ModulesUtilsBl
- All Known Implementing Classes:
ModulesUtilsBlImpl
- Author:
- Michal Stava invalid input: '<'stavamichal@gmail.com>
ModuleUtils interface. There are methods for help with modules.
-
Method Summary
Modifier and TypeMethodDescriptioncheckAndConvertIDRanges
(Attribute idRangesAttribute) Take attribute with idRanges value (map of strings) and check if all records of this value are valid ranges.checkAndTransferBucketQuota
(Attribute quotasAttribute, PerunBean firstPlaceholder, PerunBean secondPlaceholder) Checks the format of and extracts soft and hard quota from the attribute's value (the expected format is: `softQuota:hardQuota`).checkAndTransferQuotas
(Attribute quotasAttribute, PerunBean firstPlaceholder, PerunBean secondPlaceholder, boolean withMetrics) Check if value in quotas attribute are in the right format.void
checkAttributeRegex
(Attribute attribute, Pattern defaultRegex) Check if value of attribute (friendlyName) suits regex in perun-namespaces.properties file.void
checkAttributeValueIsIncludedOrSubgroupId
(PerunSessionImpl sess, Group group, Attribute attribute) Checks whether all values of attribute are ids of group's included groups or subgroups.void
checkFormatOfShell
(String shell, Attribute attribute) Check if shell has the right format.void
checkIfGIDIsWithinRange
(PerunSessionImpl sess, Attribute attribute) Check if gid in arguments is free in the namespacevoid
checkIfListOfGIDIsWithinRange
(PerunSessionImpl sess, User user, Attribute attribute) Check if list of gids in arguments is free in the namespacevoid
checkIfQuotasIsInLimit
(Map<String, Pair<BigDecimal, BigDecimal>> quotaToCheck, Map<String, Pair<BigDecimal, BigDecimal>> limitQuota) Check if quotaToCheck is in limit of limitQuota.void
checkLoginNamespaceRegex
(String namespace, String login, Pattern defaultRegex) Check login value against regex defined for login-namespace.void
checkReservedUnixGroupNames
(Attribute groupNameAttribute) Check if value of groupName attribute is not reserved String.countUserFacilityQuotas
(List<Map<String, Pair<BigDecimal, BigDecimal>>> allUserQuotas) Count all quotas for user.getCommonGIDOfGroupsWithSameNameInSameNamespace
(PerunSessionImpl sess, List<Group> groupsWithSameGroupNameInSameNamespace, String nameOfAttribute, Integer commonGID) This method is looking for exactly one commonGID for all objects in list.getCommonGIDOfResourcesWithSameNameInSameNamespace
(PerunSessionImpl sess, List<Resource> resourcesWithSameGroupNameInSameNamespace, String nameOfAttribute, Integer commonGID) This method is looking for exactly one commonGID for all objects in list.getFreeGID
(PerunSessionImpl sess, Attribute attribute) Get free gid for resource or group.Get value of attribute A_F_Def_googleGroupName-Namespace If this value is null, throw WrongReferenceAttributeValueExceptiongetListOfGroupGIDsFromListOfResourceGIDs
(PerunSessionImpl sess, List<Attribute> resourceGIDs) Take list of resourceGID attributes and return list of the same GID attributes only for group (with the same original value)getListOfResourceGIDsFromListOfGroupGIDs
(PerunSessionImpl sess, List<Attribute> groupGIDs) Take list of groupGID attributes and return list of the same GID attributes only for resource (with the same original value)boolean
getSendRightFromAttributes
(PerunSessionImpl sess, Member member, Group group, String booleanAttribute, String listAttribute) Calculates value of o365SendAs/o365SendOnBehalf attribute based on values of o365SendAs/o365SendOnBehalf member-group attribute and o365SendAsGroups/o365SendOnBehalfGroups group attribute.getSetOfGIDNamespacesWhereFacilitiesHasTheSameGroupNameNamespace
(PerunSessionImpl sess, List<Facility> facilities, Attribute unixGroupNameNamespace) Get list of facilities and namespace of group or resource attribute unixGroupName-namespace and if any facility has unixGroupName-namespace with same value like this namespace of unixGroupNameNamespace attribute then get unixGID-namespace of this facility and save it to the hashSet of these namespaces.getSetOfGroupNameNamespacesWhereFacilitiesHasTheSameGIDNamespace
(PerunSessionImpl sess, List<Facility> facilities, Attribute unixGroupNameNamespace) Get list of facilities and namespace of group or resource attribute unixGID-namespace and if any facility has unixGID-namespace with same value like this namespace of unixGIDNamespace attribute then get unixGroupName-namespace of this facility and save it to the hashSet of these namespaces.getUnixGIDNamespaceAttributeWithNotNullValue
(PerunSessionImpl sess, Resource resource) Get value of attribute A_F_Def_unixGID-Namespace If this value is null, throw WrongReferenceAttributeValueExceptionGet value of attribute A_F_Def_unixGroupName-Namespace If this value is null, throw WrongReferenceAttributeValueExceptiongetUserByLoginInNamespace
(PerunSession sess, String login, String namespace) Gets user by login in specified namespace.getUserFromMessage
(PerunSessionImpl sess, String message) Get object User from Perun audit message.boolean
haveRightToWriteAttributeInAnyGroupOrResource
(PerunSessionImpl sess, List<Group> groups, List<Resource> resources, AttributeDefinition groupAttribute, AttributeDefinition resourceAttribute) Return true if i have right on any of groups or resources to WRITE the attributeint
haveTheSameAttributeWithTheSameNamespace
(PerunSessionImpl sess, Group group, Attribute attr) This method get if the group has the same attribute "attr" with the same namespace and same or different valuesint
haveTheSameAttributeWithTheSameNamespace
(PerunSessionImpl sess, Resource resource, Attribute attr) This method get if the resource has the same attribute "attr" with the same namespace and same or different valuesboolean
isFQDNValid
(PerunSessionImpl sess, String fqdn) Checks fully qualified domain name and returns true, if it is valid.boolean
isGroupUnixGIDNamespaceFillable
(PerunSessionImpl sess, Group group, Attribute groupUnixGIDNamespace) This method return true if there exists some Facility (get from assigned resources) where is facility_unixGID-namespace attribute with value same like group_unixGID-namespace namespace and if the group has unixGroupName-namespace with notNull value in the same namespace like value of attribute facility_unixGroupName-namespace.boolean
isLoginExceptionallyAllowed
(String namespace, String login) Return true, if login value is "exception" within its namespace rules.boolean
isNameOfEmailValid
(PerunSessionImpl sess, String email) Checks name of an email by standard pattern and returns true, if it is valid.boolean
isNamespaceEqualsToFacilityUnixGroupNameNamespace
(PerunSessionImpl sess, Facility facility, String namespace) If attribute "def_facility_unixGroup_namespace" is "null" return false.boolean
isUserLoginPermitted
(String namespace, String login) Check if value of login is permitted within the namespace.mergeMemberAndResourceTransferredQuotas
(Map<String, Pair<BigDecimal, BigDecimal>> resourceQuotas, Map<String, Pair<BigDecimal, BigDecimal>> memberResourceQuotas, Map<String, Pair<BigDecimal, BigDecimal>> quotasOverride) Merge resource default quotas and member-resource specific quotas together.transferQuotasBackToAttributeValue
(Map<String, Pair<BigDecimal, BigDecimal>> transferedQuotasMap, boolean withMetrics) Reverse method for checkAndTransferQuotas method.
-
Method Details
-
checkAndConvertIDRanges
Map<Integer,Integer> checkAndConvertIDRanges(Attribute idRangesAttribute) throws WrongAttributeValueException Take attribute with idRanges value (map of strings) and check if all records of this value are valid ranges. Valid range is from minimum to maximum where minimum must be less or equal to maximum. If minimum and maximum are equal, the interval has exactly one element. If all ranges are valid, it also checks if there is any overlap between ranges. If yes, it throws an error.If every check is ok, it will return map of integer values where records are ranges, in keys are minimums of these ranges, in values are maximum of these ranges and there are no overlaps between any two ranges in map.
Attribute in parameter of this method can't be null but can have null value which returns empty map.
If there are empty or null elements (value or key) in map it will throw an exception. If any of minimums and maximums is not a number (convertible to Java Integer) it will throw an exception. If any of minimums is less than 1 it also throw an exception. If one of ranges is not correct range (minimum is not less or equal to maximum) it will throw an exception. If there are any overlaps between two or more ranges, it will throw an exception - ex. 100-102 and 101-103.
Example of valid format of range: key='100', value='1000' - range from 100 to 1000 included key='1', value ='1' - range with exactly one gid with number "1"
- Parameters:
idRangesAttribute
- attribute with id ranges value (map of ranges as strings)- Returns:
- map of valid ranges without overlaps
- Throws:
InternalErrorException
- if attribute in parameter of method is nullWrongAttributeValueException
- if value of attribute in parameter does not contain valid ranges without overlaps
-
checkAndTransferQuotas
Map<String,Pair<BigDecimal, checkAndTransferQuotasBigDecimal>> (Attribute quotasAttribute, PerunBean firstPlaceholder, PerunBean secondPlaceholder, boolean withMetrics) throws WrongAttributeValueException Check if value in quotas attribute are in the right format. Also transfer and return data in suitable container.Example of correct quotas with metrics: key=/path/to/volume , value=50T:0 Example of correct quotas without metrics: key=/path/to/volume , value=1000:2000
Example of suitable format: key=/path/to/volume, softQuota=50000000000000, hradQuota=0
The key is always a path tested as checked valid URI without '/' on the end (except the path "/", which is also valid)
Left part of value is softQuota, right part after delimeter ':' is hardQuota. SoftQuota must be less or equals to hardQuota. '0' means unlimited.
- Parameters:
quotasAttribute
- attribute with paths and quotas (Mapinvalid input: '<'String, String>) (data or files quotas)firstPlaceholder
- first attribute placeholder (can't be null, mandatory)secondPlaceholder
- second attribute placeholder (can be null if not exists)withMetrics
- true if metrics are used, false if not- Returns:
- map with path in key and pair with invalid input: '<'softQuota, hardQuota> in big decimal
- Throws:
InternalErrorException
- if first mandatory placeholder is nullWrongAttributeValueException
- if something is wrong in format of attribute
-
checkAndTransferBucketQuota
Pair<Integer,Integer> checkAndTransferBucketQuota(Attribute quotasAttribute, PerunBean firstPlaceholder, PerunBean secondPlaceholder) throws WrongAttributeValueException Checks the format of and extracts soft and hard quota from the attribute's value (the expected format is: `softQuota:hardQuota`). Performs semantics checks - soft quota must be smaller or equal to hard quota, soft quota cannot be unlimited unless hard quota is unlimited as well. Finally, returns the extracted quota in a Pair object, where `Left` is soft quota and `Right` is hard quota.- Parameters:
quotasAttribute
- quota attributefirstPlaceholder
- placeholder object for throwing exceptionssecondPlaceholder
- placeholder object for throwing exceptions- Returns:
- pair with invalid input: '<'softQuota, hardQuota> in big decimal
- Throws:
WrongAttributeValueException
- if something is wrong in format of attribute
-
checkAttributeRegex
void checkAttributeRegex(Attribute attribute, Pattern defaultRegex) throws WrongAttributeValueException Check if value of attribute (friendlyName) suits regex in perun-namespaces.properties file. If yes, nothing happens. If no, WrongAttributeValueException is thrown. If there is no property record in the properties file, defaultRegex is used instead (if not null).- Parameters:
attribute
-defaultRegex
- Default regex to be used if regex is not found in the configuration file.- Throws:
InternalErrorException
WrongAttributeValueException
-
checkAttributeValueIsIncludedOrSubgroupId
void checkAttributeValueIsIncludedOrSubgroupId(PerunSessionImpl sess, Group group, Attribute attribute) throws WrongReferenceAttributeValueException Checks whether all values of attribute are ids of group's included groups or subgroups.- Parameters:
sess
-group
- parent groupattribute
- attribute to check- Throws:
WrongReferenceAttributeValueException
- if any value of attribute is not subgroup's or included group's id
-
checkFormatOfShell
Check if shell has the right format. Use regex ^(/[-_a-zA-Z0-9]+)+$- Parameters:
shell
- value of shellattribute
- attribute which need to test shell (needed for right exception)- Throws:
WrongAttributeValueException
- if shell has bad format
-
checkIfGIDIsWithinRange
void checkIfGIDIsWithinRange(PerunSessionImpl sess, Attribute attribute) throws WrongAttributeAssignmentException, AttributeNotExistsException, WrongAttributeValueException, WrongReferenceAttributeValueException Check if gid in arguments is free in the namespace- Parameters:
sess
- perun sessionattribute
- group or resource unixGID-namespace attribute with value- Throws:
InternalErrorException
- if something is not correct or attribute is nullWrongAttributeAssignmentException
- if attribute does not belong to appropriate entityAttributeNotExistsException
- if attribute does not existWrongAttributeValueException
- if the attribute value has wrong/illegal syntaxWrongReferenceAttributeValueException
- if the attribute value has wrong/illegal semantics
-
checkIfListOfGIDIsWithinRange
void checkIfListOfGIDIsWithinRange(PerunSessionImpl sess, User user, Attribute attribute) throws WrongAttributeAssignmentException, AttributeNotExistsException, WrongAttributeValueException Check if list of gids in arguments is free in the namespace- Parameters:
sess
-user
- handler of atributeattribute
- list of unixGIDs-namespace attribute with value- Throws:
InternalErrorException
WrongAttributeAssignmentException
AttributeNotExistsException
WrongAttributeValueException
-
checkIfQuotasIsInLimit
void checkIfQuotasIsInLimit(Map<String, Pair<BigDecimal, BigDecimal>> quotaToCheck, Map<String, Pair<BigDecimal, BigDecimal>> limitQuota) Check if quotaToCheck is in limit of limitQuota. That means that every key of quotaToCheck map must exist in limitQuota and if such key exists, softQuota (left value) of quotaToCheck map need to be lower or same as softQuota in limitQuota of the same key and the same must be in effect for hardQuota (right value) of both maps.It uses transferred quotas so it can be used for files and data same way. 0 means unlimited. If no quota is allowed, the value for volume shouldn't be in limit quota at all.
Example of possible limitations: quotaToCheck -> ( '/var/log/something' => '10000:50000', '/sys/something' => '0:0', '/tmp/something' => '0:0' ) quotaToLimit -> ( '/var/log/something' => '10000:50000', '/sys/something' => '50:0', '/cache/something' => '0:0' ) --------------- '/var/log/something' => '10000:50000' -- this value is correct, exists in limit quota and both quotas are in limit '/sys/something' => '0:0' -- this is not correct, 0 means unlimited quota and we have limit 50 for softQuota (not in limit) '/tmp/something' => '0:0' -- this value is not correct, because this path is not set in limit quota at all '/cache/something' => '0:0' -- there is no problem, that limit quota has some limited values which are not in quotasToCheck
- Parameters:
quotaToCheck
- map of volumes (as keys) and pairs of soft quota (left value) and hard quota (right value) for this volume we want to check this map against the limit onelimitQuota
- map of volumes (as keys) and pairs of soft quota (left value) and hard quota (right value) for this volume we want to use this map as limit one- Throws:
QuotaNotInAllowedLimitException
- throw this exception, if check quota is not in limit of limit quotaInternalErrorException
- if any of inputs is in unexpected format
-
checkLoginNamespaceRegex
void checkLoginNamespaceRegex(String namespace, String login, Pattern defaultRegex) throws InvalidLoginException Check login value against regex defined for login-namespace. It throws InvalidLoginException if matching fails.Regex for each namespace can be defined in /etc/perun/perun-namespaces.properties You can define login exceptions, which override these syntactically wrong login names in the same file. It is to support historically wrong values or specific exception within existing namespaces.
- Parameters:
namespace
- Namespace to perform check inlogin
- Login to checkdefaultRegex
- Default regex can be used if namespace doesn't define own.- Throws:
InvalidLoginException
- If login value doesn't matches the regex- See Also:
-
checkReservedUnixGroupNames
Check if value of groupName attribute is not reserved String. If not, its ok. If yes, throw WrongAttributeValueException. If attribute is null, then it's ok. For reserved unix group names this method firstly tries to read perun-namespaces.properties file. If there is no property in this file, it reads the default hardcoded values.- Parameters:
groupNameAttribute
- unixGroupName-namespace- Throws:
WrongAttributeValueException
-
countUserFacilityQuotas
Map<String,Pair<BigDecimal, countUserFacilityQuotasBigDecimal>> (List<Map<String, Pair<BigDecimal, BigDecimal>>> allUserQuotas) Count all quotas for user. Every record in list is merged quotas map with value from resource attribute and resource-member attribute where user has allowed member.Quotas for same paths are sum together. If value is '0' then result is also '0', because 0 means unlimited.
Example: /path/to/volume 30G:50G , /path/to/volume 40G:0 => /path/to/volume 70G:0
- Parameters:
allUserQuotas
- list- Returns:
- counted user facility quotas
-
getCommonGIDOfGroupsWithSameNameInSameNamespace
Integer getCommonGIDOfGroupsWithSameNameInSameNamespace(PerunSessionImpl sess, List<Group> groupsWithSameGroupNameInSameNamespace, String nameOfAttribute, Integer commonGID) throws WrongAttributeAssignmentException This method is looking for exactly one commonGID for all objects in list. If commonGID in parameter is not null, it checks that all objects in list have this one set as gid.If list of groups is empty, return always commonGID from parameter (it can be null). If there are more than one different commonGIDs, throw ConsistencyErrorException
- Parameters:
sess
-groupsWithSameGroupNameInSameNamespace
-nameOfAttribute
-commonGID
- if any common gid already exists (for example from Resources) use it to compare, null in other case- Returns:
- common GID, if no exists return null
- Throws:
InternalErrorException
WrongAttributeAssignmentException
-
getCommonGIDOfResourcesWithSameNameInSameNamespace
Integer getCommonGIDOfResourcesWithSameNameInSameNamespace(PerunSessionImpl sess, List<Resource> resourcesWithSameGroupNameInSameNamespace, String nameOfAttribute, Integer commonGID) throws WrongAttributeAssignmentException This method is looking for exactly one commonGID for all objects in list. If commonGID in parameter is not null, it checks that all objects in list have this one set as gid.If list of groups is empty, return always commonGID from parameter (it can be null). If there are more than one different commonGIDs, throw ConsistencyErrorException
- Parameters:
sess
-resourcesWithSameGroupNameInSameNamespace
-nameOfAttribute
-commonGID
- if any common gid already exists (for example from Resources) use it to compare, null in other case- Returns:
- common GID, if no exists return null
- Throws:
InternalErrorException
WrongAttributeAssignmentException
-
getFreeGID
Integer getFreeGID(PerunSessionImpl sess, Attribute attribute) throws AttributeNotExistsException, WrongAttributeAssignmentException Get free gid for resource or group.- Parameters:
sess
-attribute
- group or resource unixGID-namespace attribute- Returns:
- if 0 there isn't set any gidRange for this namespace, if null there is no free gid, other less or more than 0 gid
- Throws:
InternalErrorException
AttributeNotExistsException
WrongAttributeAssignmentException
-
getGoogleGroupNameNamespaceAttributeWithNotNullValue
Attribute getGoogleGroupNameNamespaceAttributeWithNotNullValue(PerunSessionImpl sess, Resource resource) throws WrongReferenceAttributeValueException Get value of attribute A_F_Def_googleGroupName-Namespace If this value is null, throw WrongReferenceAttributeValueException- Parameters:
sess
-resource
-- Returns:
- namespace if is not null
- Throws:
InternalErrorException
WrongReferenceAttributeValueException
- if value of googleGroupName-namespace attribute is null
-
getListOfGroupGIDsFromListOfResourceGIDs
List<Attribute> getListOfGroupGIDsFromListOfResourceGIDs(PerunSessionImpl sess, List<Attribute> resourceGIDs) throws AttributeNotExistsException Take list of resourceGID attributes and return list of the same GID attributes only for group (with the same original value)- Parameters:
sess
-resourceGIDs
- list of attributes type of Resource UnixGID- Returns:
- list of attribute type of Group UnixGID with same values like in original list
- Throws:
InternalErrorException
- if something is not correct or attribute is nullAttributeNotExistsException
-
getListOfResourceGIDsFromListOfGroupGIDs
List<Attribute> getListOfResourceGIDsFromListOfGroupGIDs(PerunSessionImpl sess, List<Attribute> groupGIDs) throws AttributeNotExistsException Take list of groupGID attributes and return list of the same GID attributes only for resource (with the same original value)- Parameters:
sess
-groupGIDs
- list of attributes type of Group UnixGID- Returns:
- list of attribute type of Resource UnixGID with same values like in original list
- Throws:
InternalErrorException
- if something is not correct or attribute is nullAttributeNotExistsException
-
getSendRightFromAttributes
boolean getSendRightFromAttributes(PerunSessionImpl sess, Member member, Group group, String booleanAttribute, String listAttribute) Calculates value of o365SendAs/o365SendOnBehalf attribute based on values of o365SendAs/o365SendOnBehalf member-group attribute and o365SendAsGroups/o365SendOnBehalfGroups group attribute.- Parameters:
sess
-member
- member of the groupgroup
- parent groupbooleanAttribute
- name of o365SendAs/o365SendOnBehalf attributelistAttribute
- name of o365SendAsGroups/o365SendOnBehalfGroups attribute- Returns:
- boolean
-
getSetOfGIDNamespacesWhereFacilitiesHasTheSameGroupNameNamespace
Set<String> getSetOfGIDNamespacesWhereFacilitiesHasTheSameGroupNameNamespace(PerunSessionImpl sess, List<Facility> facilities, Attribute unixGroupNameNamespace) throws WrongAttributeAssignmentException Get list of facilities and namespace of group or resource attribute unixGroupName-namespace and if any facility has unixGroupName-namespace with same value like this namespace of unixGroupNameNamespace attribute then get unixGID-namespace of this facility and save it to the hashSet of these namespaces.- Parameters:
sess
-facilities
- list of facilitiesunixGroupNameNamespace
- unixGroupName-namespace attribute- Returns:
- list of namespaces
- Throws:
InternalErrorException
WrongAttributeAssignmentException
-
getSetOfGroupNameNamespacesWhereFacilitiesHasTheSameGIDNamespace
Set<String> getSetOfGroupNameNamespacesWhereFacilitiesHasTheSameGIDNamespace(PerunSessionImpl sess, List<Facility> facilities, Attribute unixGroupNameNamespace) throws WrongAttributeAssignmentException, WrongReferenceAttributeValueException Get list of facilities and namespace of group or resource attribute unixGID-namespace and if any facility has unixGID-namespace with same value like this namespace of unixGIDNamespace attribute then get unixGroupName-namespace of this facility and save it to the hashSet of these namespaces.- Parameters:
sess
-facilities
- list of facilitiesunixGroupNameNamespace
- unixGroupName-namespace attribute- Returns:
- list of namespaces
- Throws:
InternalErrorException
WrongAttributeAssignmentException
WrongReferenceAttributeValueException
-
getUnixGIDNamespaceAttributeWithNotNullValue
Attribute getUnixGIDNamespaceAttributeWithNotNullValue(PerunSessionImpl sess, Resource resource) throws WrongReferenceAttributeValueException Get value of attribute A_F_Def_unixGID-Namespace If this value is null, throw WrongReferenceAttributeValueException- Parameters:
sess
-resource
-- Returns:
- Throws:
InternalErrorException
WrongReferenceAttributeValueException
-
getUnixGroupNameNamespaceAttributeWithNotNullValue
Attribute getUnixGroupNameNamespaceAttributeWithNotNullValue(PerunSessionImpl sess, Resource resource) throws WrongReferenceAttributeValueException Get value of attribute A_F_Def_unixGroupName-Namespace If this value is null, throw WrongReferenceAttributeValueException- Parameters:
sess
-resource
-- Returns:
- namespace if is not null
- Throws:
InternalErrorException
WrongReferenceAttributeValueException
- if value of unixGroupName-namespace attribute is null
-
getUserByLoginInNamespace
Gets user by login in specified namespace.- Parameters:
sess
-login
- user's loginnamespace
- login-namespace- Returns:
- found user or null if no user was found
-
getUserFromMessage
Get object User from Perun audit message. Try to find it by different objects in this order: User, UserExtSource, Member. Always return first occurrence of User using objects above: - if user has been found, return it (do not look for another user) - if no user has been found, try to find UserExtSource and get user from it - if no UserExtSource has been found, try to find Member and get user from it - if there is no such object, return null- Parameters:
message
- audit message in machine format (with characters 'invalid input: '<'' as brackets)- Returns:
- user if found or null if not found
- Throws:
InternalErrorException
-
haveRightToWriteAttributeInAnyGroupOrResource
boolean haveRightToWriteAttributeInAnyGroupOrResource(PerunSessionImpl sess, List<Group> groups, List<Resource> resources, AttributeDefinition groupAttribute, AttributeDefinition resourceAttribute) Return true if i have right on any of groups or resources to WRITE the attribute- Parameters:
sess
-groups
- lists of groups to searchresources
- lists of resources to searchgroupAttribute
- AttributeDefinition for testing Write privileges for groupsresourceAttribute
- AttributeDefinition for testing Write privileges for resource- Returns:
- true if such group or resource exists, false if not
- Throws:
InternalErrorException
- if something is not correct or attribute is null
-
haveTheSameAttributeWithTheSameNamespace
int haveTheSameAttributeWithTheSameNamespace(PerunSessionImpl sess, Resource resource, Attribute attr) throws WrongAttributeAssignmentException This method get if the resource has the same attribute "attr" with the same namespace and same or different valuesIf return 0 then there exists for the resource the same attribute with the same value if return more than 0 then there exists for the resource the same attribute with different value if return less than 0 then there not exists for the resource the same attribute
- Parameters:
sess
-resource
-attr
- any resource attribute with namespace which will be use for comparing- Returns:
- Throws:
InternalErrorException
- if something is not correctWrongAttributeAssignmentException
- if attribute name is not RESOURCE attribute
-
haveTheSameAttributeWithTheSameNamespace
int haveTheSameAttributeWithTheSameNamespace(PerunSessionImpl sess, Group group, Attribute attr) throws WrongAttributeAssignmentException This method get if the group has the same attribute "attr" with the same namespace and same or different valuesIf return 0 then there exists for the group the same attribute with the same value if return more than 0 then there exists for the group the same attribute with different value if return less than 0 then there not exists for the group the same attribute
- Parameters:
sess
-group
-attr
- any group attribute with namespace which will be use for comparing- Returns:
- Throws:
InternalErrorException
- if something is not correctWrongAttributeAssignmentException
- if attribute name is not GROUP attribute
-
isFQDNValid
Checks fully qualified domain name and returns true, if it is valid.- Parameters:
sess
-fqdn
- fully qualified domain name- Returns:
- true if the fqdn is valid
-
isGroupUnixGIDNamespaceFillable
boolean isGroupUnixGIDNamespaceFillable(PerunSessionImpl sess, Group group, Attribute groupUnixGIDNamespace) throws WrongReferenceAttributeValueException, WrongAttributeAssignmentException This method return true if there exists some Facility (get from assigned resources) where is facility_unixGID-namespace attribute with value same like group_unixGID-namespace namespace and if the group has unixGroupName-namespace with notNull value in the same namespace like value of attribute facility_unixGroupName-namespace. Return false if not.- Parameters:
sess
-group
- the groupgroupUnixGIDNamespace
- attribute of the group- Returns:
- Throws:
InternalErrorException
WrongReferenceAttributeValueException
WrongAttributeAssignmentException
-
isLoginExceptionallyAllowed
Return true, if login value is "exception" within its namespace rules. Eg. when syntax check normally doesn't allow such value, but its manually allowed here in order to support already existing (historic) wrong values. It can be defined for each namespace in /etc/perun/perun-namespaces.properties- Parameters:
namespace
- Namespace to perform check inlogin
- Login to check- Returns:
- TRUE if login value is within exceptions / FALSE otherwise
-
isNameOfEmailValid
Checks name of an email by standard pattern and returns true, if it is valid.- Parameters:
sess
-email
- name of the email- Returns:
- true if the name of email is valid
-
isNamespaceEqualsToFacilityUnixGroupNameNamespace
boolean isNamespaceEqualsToFacilityUnixGroupNameNamespace(PerunSessionImpl sess, Facility facility, String namespace) throws AttributeNotExistsException, WrongAttributeAssignmentException If attribute "def_facility_unixGroup_namespace" is "null" return false. If value of attribute "def_facility_unixGroup_namespace" is not same like "namespace", return false. Else return true.Facility, sess and namespace can't be null, otherwise throw InternalErrorException
- Parameters:
sess
-facility
-namespace
-- Returns:
- Throws:
InternalErrorException
AttributeNotExistsException
WrongAttributeAssignmentException
-
isUserLoginPermitted
Check if value of login is permitted within the namespace. Returns FALSE, if login value is not permitted within the namespace (eg. matches system user)Reserved login names can be defined for each namespace in /etc/perun/perun-namespaces.properties If property for namespace is not found, then check is done against hardcoded defaults.
You can define login exceptions, which override these reserved login names in the same file. This method returns TRUE for such exceptions. It is to support historically wrong values or specific exception within existing namespaces.
- Parameters:
namespace
- Namespace to perform check inlogin
- Login to check- Returns:
- TRUE if login value is permitted within the namespace / FALSE otherwise
- See Also:
-
mergeMemberAndResourceTransferredQuotas
Map<String,Pair<BigDecimal, mergeMemberAndResourceTransferredQuotasBigDecimal>> (Map<String, Pair<BigDecimal, BigDecimal>> resourceQuotas, Map<String, Pair<BigDecimal, BigDecimal>> memberResourceQuotas, Map<String, Pair<BigDecimal, BigDecimal>> quotasOverride) Merge resource default quotas and member-resource specific quotas together. Use override if exists instead. Paths are always unique, quotas are merged. (soft together and hard together)Together means by priority: - override has the highest priority but is it used only if path exists in resource or resource-member quotas - member-resource quotas has the second highest priority if override not exists - resource quotas are used only if contain unique path (path not exists as member-resource or as override)
- Parameters:
resourceQuotas
- transferred map with default resource quotasmemberResourceQuotas
- transferred map with member-resource specific quotasquotasOverride
- transfered map with all manual overrides of quotas- Returns:
- merged quotas transferred map
-
transferQuotasBackToAttributeValue
Map<String,String> transferQuotasBackToAttributeValue(Map<String, Pair<BigDecimal, BigDecimal>> transferedQuotasMap, boolean withMetrics) Reverse method for checkAndTransferQuotas method. Take transfered map and create again not transfered map. From path=/path/to/ , softQuota=50000, hardQuota=0 To path=/path/to/ , value=50M:0 (Do not check again!)- Parameters:
transferedQuotasMap
-withMetrics
- if true, then use metrics, if not, do not convert data to metrics- Returns:
- not transfered map for saving to attribute value
- Throws:
InternalErrorException
-