Package cz.metacentrum.perun.core.bl

Interface ModulesUtilsBl

All Known Implementing Classes:
ModulesUtilsBlImpl
public interface ModulesUtilsBl
Author:
Michal Stava <stavamichal@gmail.com>

ModuleUtils interface. There are methods for help with modules.

  • Method Details

    • checkAndConvertIDRanges

      Map<Integer,Integer> checkAndConvertIDRanges(Attribute idRangesAttribute) throws WrongAttributeValueException
      Take attribute with idRanges value (map of strings) and check if all records of this value are valid ranges. Valid range is from minimum to maximum where minimum must be less or equal to maximum. If minimum and maximum are equal, the interval has exactly one element. If all ranges are valid, it also checks if there is any overlap between ranges. If yes, it throws an error.

      If every check is ok, it will return map of integer values where records are ranges, in keys are minimums of these ranges, in values are maximum of these ranges and there are no overlaps between any two ranges in map.

      Attribute in parameter of this method can't be null but can have null value which returns empty map.

      If there are empty or null elements (value or key) in map it will throw an exception. If any of minimums and maximums is not a number (convertible to Java Integer) it will throw an exception. If any of minimums is less than 1 it also throw an exception. If one of ranges is not correct range (minimum is not less or equal to maximum) it will throw an exception. If there are any overlaps between two or more ranges, it will throw an exception - ex. 100-102 and 101-103.

      Example of valid format of range: key='100', value='1000' - range from 100 to 1000 included key='1', value ='1' - range with exactly one gid with number "1"

      Parameters:
      idRangesAttribute - attribute with id ranges value (map of ranges as strings)
      Returns:
      map of valid ranges without overlaps
      Throws:
      InternalErrorException - if attribute in parameter of method is null
      WrongAttributeValueException - if value of attribute in parameter does not contain valid ranges without overlaps

    • checkAndTransferQuotas

      Map<String,Pair<BigDecimal,BigDecimal>> checkAndTransferQuotas(Attribute quotasAttribute, PerunBean firstPlaceholder, PerunBean secondPlaceholder, boolean withMetrics) throws WrongAttributeValueException
      Check if value in quotas attribute are in the right format. Also transfer and return data in suitable container.

      Example of correct quotas with metrics: key=/path/to/volume , value=50T:0 Example of correct quotas without metrics: key=/path/to/volume , value=1000:2000

      Example of suitable format: key=/path/to/volume, softQuota=50000000000000, hradQuota=0

      The key is always a path tested as checked valid URI without '/' on the end (except the path "/", which is also valid)

      Left part of value is softQuota, right part after delimeter ':' is hardQuota. SoftQuota must be less or equals to hardQuota. '0' means unlimited.

      Parameters:
      quotasAttribute - attribute with paths and quotas (Map<String, String>) (data or files quotas)
      firstPlaceholder - first attribute placeholder (can't be null, mandatory)
      secondPlaceholder - second attribute placeholder (can be null if not exists)
      withMetrics - true if metrics are used, false if not
      Returns:
      map with path in key and pair with <softQuota, hardQuota> in big decimal
      Throws:
      InternalErrorException - if first mandatory placeholder is null
      WrongAttributeValueException - if something is wrong in format of attribute

    • checkAttributeRegex

      void checkAttributeRegex(Attribute attribute, Pattern defaultRegex) throws WrongAttributeValueException
      Check if value of attribute (friendlyName) suits regex in perun-namespaces.properties file. If yes, nothing happens. If no, WrongAttributeValueException is thrown. If there is no property record in the properties file, defaultRegex is used instead (if not null).
      Parameters:
      attribute -
      defaultRegex - Default regex to be used if regex is not found in the configuration file.
      Throws:
      InternalErrorException
      WrongAttributeValueException

    • checkAttributeValueIsIncludedOrSubgroupId

      void checkAttributeValueIsIncludedOrSubgroupId(PerunSessionImpl sess, Group group, Attribute attribute) throws WrongReferenceAttributeValueException
      Checks whether all values of attribute are ids of group's included groups or subgroups.
      Parameters:
      sess -
      group - parent group
      attribute - attribute to check
      Throws:
      WrongReferenceAttributeValueException - if any value of attribute is not subgroup's or included group's id

    • checkFormatOfShell

      void checkFormatOfShell(String shell, Attribute attribute) throws WrongAttributeValueException
      Check if shell has the right format. Use regex ^(/[-_a-zA-Z0-9]+)+$
      Parameters:
      shell - value of shell
      attribute - attribute which need to test shell (needed for right exception)
      Throws:
      WrongAttributeValueException - if shell has bad format

    • checkIfGIDIsWithinRange

      void checkIfGIDIsWithinRange(PerunSessionImpl sess, Attribute attribute) throws WrongAttributeAssignmentException, AttributeNotExistsException, WrongAttributeValueException, WrongReferenceAttributeValueException
      Check if gid in arguments is free in the namespace
      Parameters:
      sess - perun session
      attribute - group or resource unixGID-namespace attribute with value
      Throws:
      InternalErrorException - if something is not correct or attribute is null
      WrongAttributeAssignmentException - if attribute does not belong to appropriate entity
      AttributeNotExistsException - if attribute does not exist
      WrongAttributeValueException - if the attribute value has wrong/illegal syntax
      WrongReferenceAttributeValueException - if the attribute value has wrong/illegal semantics

    • checkIfListOfGIDIsWithinRange

      void checkIfListOfGIDIsWithinRange(PerunSessionImpl sess, User user, Attribute attribute) throws WrongAttributeAssignmentException, AttributeNotExistsException, WrongAttributeValueException
      Check if list of gids in arguments is free in the namespace
      Parameters:
      sess -
      attribute - list of unixGIDs-namespace attribute with value
      user - handler of atribute
      Throws:
      InternalErrorException
      WrongAttributeAssignmentException
      AttributeNotExistsException
      WrongAttributeValueException

    • checkIfQuotasIsInLimit

      void checkIfQuotasIsInLimit(Map<String,Pair<BigDecimal,BigDecimal>> quotaToCheck, Map<String,Pair<BigDecimal,BigDecimal>> limitQuota)
      Check if quotaToCheck is in limit of limitQuota. That means that every key of quotaToCheck map must exist in limitQuota and if such key exists, softQuota (left value) of quotaToCheck map need to be lower or same as softQuota in limitQuota of the same key and the same must be in effect for hardQuota (right value) of both maps.

      It uses transferred quotas so it can be used for files and data same way. 0 means unlimited. If no quota is allowed, the value for volume shouldn't be in limit quota at all.

      Example of possible limitations: quotaToCheck -> ( '/var/log/something' => '10000:50000', '/sys/something' => '0:0', '/tmp/something' => '0:0' ) quotaToLimit -> ( '/var/log/something' => '10000:50000', '/sys/something' => '50:0', '/cache/something' => '0:0' ) --------------- '/var/log/something' => '10000:50000' -- this value is correct, exists in limit quota and both quotas are in limit '/sys/something' => '0:0' -- this is not correct, 0 means unlimited quota and we have limit 50 for softQuota (not in limit) '/tmp/something' => '0:0' -- this value is not correct, because this path is not set in limit quota at all '/cache/something' => '0:0' -- there is no problem, that limit quota has some limited values which are not in quotasToCheck

      Parameters:
      quotaToCheck - map of volumes (as keys) and pairs of soft quota (left value) and hard quota (right value) for this volume we want to check this map against the limit one
      limitQuota - map of volumes (as keys) and pairs of soft quota (left value) and hard quota (right value) for this volume we want to use this map as limit one
      Throws:
      QuotaNotInAllowedLimitException - throw this exception, if check quota is not in limit of limit quota
      InternalErrorException - if any of inputs is in unexpected format

    • checkLoginNamespaceRegex

      void checkLoginNamespaceRegex(String namespace, String login, Pattern defaultRegex) throws InvalidLoginException
      Check login value against regex defined for login-namespace. It throws InvalidLoginException if matching fails.

      Regex for each namespace can be defined in /etc/perun/perun-namespaces.properties You can define login exceptions, which override these syntactically wrong login names in the same file. It is to support historically wrong values or specific exception within existing namespaces.

      Parameters:
      namespace - Namespace to perform check in
      login - Login to check
      defaultRegex - Default regex can be used if namespace doesn't define own.
      Throws:
      InvalidLoginException - If login value doesn't matches the regex
      See Also:

    • checkReservedUnixGroupNames

      void checkReservedUnixGroupNames(Attribute groupNameAttribute) throws WrongAttributeValueException
      Check if value of groupName attribute is not reserved String. If not, its ok. If yes, throw WrongAttributeValueException. If attribute is null, then it's ok. For reserved unix group names this method firstly tries to read perun-namespaces.properties file. If there is no property in this file, it reads the default hardcoded values.
      Parameters:
      groupNameAttribute - unixGroupName-namespace
      Throws:
      WrongAttributeValueException

    • countUserFacilityQuotas

      Map<String,Pair<BigDecimal,BigDecimal>> countUserFacilityQuotas(List<Map<String,Pair<BigDecimal,BigDecimal>>> allUserQuotas)
      Count all quotas for user. Every record in list is merged quotas map with value from resource attribute and resource-member attribute where user has allowed member.

      Quotas for same paths are sum together. If value is '0' then result is also '0', because 0 means unlimited.

      Example: /path/to/volume 30G:50G , /path/to/volume 40G:0 => /path/to/volume 70G:0

      Parameters:
      allUserQuotas - list
      Returns:
      counted user facility quotas

    • getCommonGIDOfGroupsWithSameNameInSameNamespace

      Integer getCommonGIDOfGroupsWithSameNameInSameNamespace(PerunSessionImpl sess, List<Group> groupsWithSameGroupNameInSameNamespace, String nameOfAttribute, Integer commonGID) throws WrongAttributeAssignmentException
      This method is looking for exactly one commonGID for all objects in list. If commonGID in parameter is not null, it checks that all objects in list have this one set as gid.

      If list of groups is empty, return always commonGID from parameter (it can be null). If there are more than one different commonGIDs, throw ConsistencyErrorException

      Parameters:
      sess -
      groupsWithSameGroupNameInSameNamespace -
      nameOfAttribute -
      commonGID - if any common gid already exists (for example from Resources) use it to compare, null in other case
      Returns:
      common GID, if no exists return null
      Throws:
      InternalErrorException
      WrongAttributeAssignmentException

    • getCommonGIDOfResourcesWithSameNameInSameNamespace

      Integer getCommonGIDOfResourcesWithSameNameInSameNamespace(PerunSessionImpl sess, List<Resource> resourcesWithSameGroupNameInSameNamespace, String nameOfAttribute, Integer commonGID) throws WrongAttributeAssignmentException
      This method is looking for exactly one commonGID for all objects in list. If commonGID in parameter is not null, it checks that all objects in list have this one set as gid.

      If list of groups is empty, return always commonGID from parameter (it can be null). If there are more than one different commonGIDs, throw ConsistencyErrorException

      Parameters:
      sess -
      resourcesWithSameGroupNameInSameNamespace -
      nameOfAttribute -
      commonGID - if any common gid already exists (for example from Resources) use it to compare, null in other case
      Returns:
      common GID, if no exists return null
      Throws:
      InternalErrorException
      WrongAttributeAssignmentException

    • getFreeGID

      Integer getFreeGID(PerunSessionImpl sess, Attribute attribute) throws AttributeNotExistsException, WrongAttributeAssignmentException
      Get free gid for resource or group.
      Parameters:
      sess -
      attribute - group or resource unixGID-namespace attribute
      Returns:
      if 0 there isn't set any gidRange for this namespace, if null there is no free gid, other less or more than 0 gid
      Throws:
      InternalErrorException
      AttributeNotExistsException
      WrongAttributeAssignmentException

    • getGoogleGroupNameNamespaceAttributeWithNotNullValue

      Attribute getGoogleGroupNameNamespaceAttributeWithNotNullValue(PerunSessionImpl sess, Resource resource) throws WrongReferenceAttributeValueException
      Get value of attribute A_F_Def_googleGroupName-Namespace If this value is null, throw WrongReferenceAttributeValueException
      Parameters:
      sess -
      resource -
      Returns:
      namespace if is not null
      Throws:
      InternalErrorException
      WrongReferenceAttributeValueException - if value of googleGroupName-namespace attribute is null

    • getListOfGroupGIDsFromListOfResourceGIDs

      List<Attribute> getListOfGroupGIDsFromListOfResourceGIDs(PerunSessionImpl sess, List<Attribute> resourceGIDs) throws AttributeNotExistsException
      Take list of resourceGID attributes and return list of the same GID attributes only for group (with the same original value)
      Parameters:
      sess -
      resourceGIDs - list of attributes type of Resource UnixGID
      Returns:
      list of attribute type of Group UnixGID with same values like in original list
      Throws:
      InternalErrorException - if something is not correct or attribute is null
      AttributeNotExistsException

    • getListOfResourceGIDsFromListOfGroupGIDs

      List<Attribute> getListOfResourceGIDsFromListOfGroupGIDs(PerunSessionImpl sess, List<Attribute> groupGIDs) throws AttributeNotExistsException
      Take list of groupGID attributes and return list of the same GID attributes only for resource (with the same original value)
      Parameters:
      sess -
      groupGIDs - list of attributes type of Group UnixGID
      Returns:
      list of attribute type of Resource UnixGID with same values like in original list
      Throws:
      InternalErrorException - if something is not correct or attribute is null
      AttributeNotExistsException

    • getSendRightFromAttributes

      boolean getSendRightFromAttributes(PerunSessionImpl sess, Member member, Group group, String booleanAttribute, String listAttribute)
      Calculates value of o365SendAs/o365SendOnBehalf attribute based on values of o365SendAs/o365SendOnBehalf member-group attribute and o365SendAsGroups/o365SendOnBehalfGroups group attribute.
      Parameters:
      sess -
      member - member of the group
      group - parent group
      booleanAttribute - name of o365SendAs/o365SendOnBehalf attribute
      listAttribute - name of o365SendAsGroups/o365SendOnBehalfGroups attribute
      Returns:
      boolean

    • getSetOfGIDNamespacesWhereFacilitiesHasTheSameGroupNameNamespace

      Set<String> getSetOfGIDNamespacesWhereFacilitiesHasTheSameGroupNameNamespace(PerunSessionImpl sess, List<Facility> facilities, Attribute unixGroupNameNamespace) throws WrongAttributeAssignmentException
      Get list of facilities and namespace of group or resource attribute unixGroupName-namespace and if any facility has unixGroupName-namespace with same value like this namespace of unixGroupNameNamespace attribute then get unixGID-namespace of this facility and save it to the hashSet of these namespaces.
      Parameters:
      sess -
      facilities - list of facilities
      unixGroupNameNamespace - unixGroupName-namespace attribute
      Returns:
      list of namespaces
      Throws:
      InternalErrorException
      WrongAttributeAssignmentException

    • getSetOfGroupNameNamespacesWhereFacilitiesHasTheSameGIDNamespace

      Set<String> getSetOfGroupNameNamespacesWhereFacilitiesHasTheSameGIDNamespace(PerunSessionImpl sess, List<Facility> facilities, Attribute unixGroupNameNamespace) throws WrongAttributeAssignmentException, WrongReferenceAttributeValueException
      Get list of facilities and namespace of group or resource attribute unixGID-namespace and if any facility has unixGID-namespace with same value like this namespace of unixGIDNamespace attribute then get unixGroupName-namespace of this facility and save it to the hashSet of these namespaces.
      Parameters:
      sess -
      facilities - list of facilities
      unixGroupNameNamespace - unixGroupName-namespace attribute
      Returns:
      list of namespaces
      Throws:
      InternalErrorException
      WrongAttributeAssignmentException
      WrongReferenceAttributeValueException

    • getUnixGIDNamespaceAttributeWithNotNullValue

      Attribute getUnixGIDNamespaceAttributeWithNotNullValue(PerunSessionImpl sess, Resource resource) throws WrongReferenceAttributeValueException
      Get value of attribute A_F_Def_unixGID-Namespace If this value is null, throw WrongReferenceAttributeValueException
      Parameters:
      sess -
      resource -
      Returns:
      Throws:
      InternalErrorException
      WrongReferenceAttributeValueException

    • getUnixGroupNameNamespaceAttributeWithNotNullValue

      Attribute getUnixGroupNameNamespaceAttributeWithNotNullValue(PerunSessionImpl sess, Resource resource) throws WrongReferenceAttributeValueException
      Get value of attribute A_F_Def_unixGroupName-Namespace If this value is null, throw WrongReferenceAttributeValueException
      Parameters:
      sess -
      resource -
      Returns:
      namespace if is not null
      Throws:
      InternalErrorException
      WrongReferenceAttributeValueException - if value of unixGroupName-namespace attribute is null

    • getUserByLoginInNamespace

      User getUserByLoginInNamespace(PerunSession sess, String login, String namespace)
      Gets user by login in specified namespace.
      Parameters:
      sess -
      login - user's login
      namespace - login-namespace
      Returns:
      found user or null if no user was found

    • getUserFromMessage

      User getUserFromMessage(PerunSessionImpl sess, String message)
      Get object User from Perun audit message. Try to find it by different objects in this order: User, UserExtSource, Member. Always return first occurrence of User using objects above: - if user has been found, return it (do not look for another user) - if no user has been found, try to find UserExtSource and get user from it - if no UserExtSource has been found, try to find Member and get user from it - if there is no such object, return null
      Parameters:
      message - audit message in machine format (with characters '<' as brackets)
      Returns:
      user if found or null if not found
      Throws:
      InternalErrorException

    • haveRightToWriteAttributeInAnyGroupOrResource

      boolean haveRightToWriteAttributeInAnyGroupOrResource(PerunSessionImpl sess, List<Group> groups, List<Resource> resources, AttributeDefinition groupAttribute, AttributeDefinition resourceAttribute)
      Return true if i have right on any of groups or resources to WRITE the attribute
      Parameters:
      sess -
      groups - lists of groups to search
      resources - lists of resources to search
      groupAttribute - AttributeDefinition for testing Write privileges for groups
      resourceAttribute - AttributeDefinition for testing Write privileges for resource
      Returns:
      true if such group or resource exists, false if not
      Throws:
      InternalErrorException - if something is not correct or attribute is null

    • haveTheSameAttributeWithTheSameNamespace

      int haveTheSameAttributeWithTheSameNamespace(PerunSessionImpl sess, Resource resource, Attribute attr) throws WrongAttributeAssignmentException
      This method get if the resource has the same attribute "attr" with the same namespace and same or different values

      If return 0 then there exists for the resource the same attribute with the same value if return more than 0 then there exists for the resource the same attribute with different value if return less than 0 then there not exists for the resource the same attribute

      Parameters:
      sess -
      resource -
      attr - any resource attribute with namespace which will be use for comparing
      Returns:
      Throws:
      InternalErrorException - if something is not correct
      WrongAttributeAssignmentException - if attribute name is not RESOURCE attribute

    • haveTheSameAttributeWithTheSameNamespace

      int haveTheSameAttributeWithTheSameNamespace(PerunSessionImpl sess, Group group, Attribute attr) throws WrongAttributeAssignmentException
      This method get if the group has the same attribute "attr" with the same namespace and same or different values

      If return 0 then there exists for the group the same attribute with the same value if return more than 0 then there exists for the group the same attribute with different value if return less than 0 then there not exists for the group the same attribute

      Parameters:
      sess -
      group -
      attr - any group attribute with namespace which will be use for comparing
      Returns:
      Throws:
      InternalErrorException - if something is not correct
      WrongAttributeAssignmentException - if attribute name is not GROUP attribute

    • isFQDNValid

      boolean isFQDNValid(PerunSessionImpl sess, String fqdn)
      Checks fully qualified domain name and returns true, if it is valid.
      Parameters:
      sess -
      fqdn - fully qualified domain name
      Returns:
      true if the fqdn is valid

    • isGroupUnixGIDNamespaceFillable

      boolean isGroupUnixGIDNamespaceFillable(PerunSessionImpl sess, Group group, Attribute groupUnixGIDNamespace) throws WrongReferenceAttributeValueException, WrongAttributeAssignmentException
      This method return true if there exists some Facility (get from assigned resources) where is facility_unixGID-namespace attribute with value same like group_unixGID-namespace namespace and if the group has unixGroupName-namespace with notNull value in the same namespace like value of attribute facility_unixGroupName-namespace. Return false if not.
      Parameters:
      sess -
      group - the group
      groupUnixGIDNamespace - attribute of the group
      Returns:
      Throws:
      InternalErrorException
      WrongReferenceAttributeValueException
      WrongAttributeAssignmentException

    • isLoginExceptionallyAllowed

      boolean isLoginExceptionallyAllowed(String namespace, String login)
      Return true, if login value is "exception" within its namespace rules. Eg. when syntax check normally doesn't allow such value, but its manually allowed here in order to support already existing (historic) wrong values. It can be defined for each namespace in /etc/perun/perun-namespaces.properties
      Parameters:
      namespace - Namespace to perform check in
      login - Login to check
      Returns:
      TRUE if login value is within exceptions / FALSE otherwise

    • isNameOfEmailValid

      boolean isNameOfEmailValid(PerunSessionImpl sess, String email)
      Checks name of an email by standard pattern and returns true, if it is valid.
      Parameters:
      sess -
      email - name of the email
      Returns:
      true if the name of email is valid

    • isNamespaceEqualsToFacilityUnixGroupNameNamespace

      boolean isNamespaceEqualsToFacilityUnixGroupNameNamespace(PerunSessionImpl sess, Facility facility, String namespace) throws AttributeNotExistsException, WrongAttributeAssignmentException
      If attribute "def_facility_unixGroup_namespace" is "null" return false. If value of attribute "def_facility_unixGroup_namespace" is not same like "namespace", return false. Else return true.

      Facility, sess and namespace can't be null, otherwise throw InternalErrorException

      Parameters:
      sess -
      facility -
      namespace -
      Returns:
      Throws:
      InternalErrorException
      AttributeNotExistsException
      WrongAttributeAssignmentException

    • isUserLoginPermitted

      boolean isUserLoginPermitted(String namespace, String login)
      Check if value of login is permitted within the namespace. Returns FALSE, if login value is not permitted within the namespace (eg. matches system user)

      Reserved login names can be defined for each namespace in /etc/perun/perun-namespaces.properties If property for namespace is not found, then check is done against hardcoded defaults.

      You can define login exceptions, which override these reserved login names in the same file. This method returns TRUE for such exceptions. It is to support historically wrong values or specific exception within existing namespaces.

      Parameters:
      namespace - Namespace to perform check in
      login - Login to check
      Returns:
      TRUE if login value is permitted within the namespace / FALSE otherwise
      See Also:

    • mergeMemberAndResourceTransferredQuotas

      Map<String,Pair<BigDecimal,BigDecimal>> mergeMemberAndResourceTransferredQuotas(Map<String,Pair<BigDecimal,BigDecimal>> resourceQuotas, Map<String,Pair<BigDecimal,BigDecimal>> memberResourceQuotas, Map<String,Pair<BigDecimal,BigDecimal>> quotasOverride)
      Merge resource default quotas and member-resource specific quotas together. Use override if exists instead. Paths are always unique, quotas are merged. (soft together and hard together)

      Together means by priority: - override has the highest priority but is it used only if path exists in resource or resource-member quotas - member-resource quotas has the second highest priority if override not exists - resource quotas are used only if contain unique path (path not exists as member-resource or as override)

      Parameters:
      resourceQuotas - transferred map with default resource quotas
      memberResourceQuotas - transferred map with member-resource specific quotas
      quotasOverride - transfered map with all manual overrides of quotas
      Returns:
      merged quotas transferred map

    • transferQuotasBackToAttributeValue

      Map<String,String> transferQuotasBackToAttributeValue(Map<String,Pair<BigDecimal,BigDecimal>> transferedQuotasMap, boolean withMetrics)
      Reverse method for checkAndTransferQuotas method. Take transfered map and create again not transfered map. From path=/path/to/ , softQuota=50000, hardQuota=0 To path=/path/to/ , value=50M:0 (Do not check again!)
      Parameters:
      transferedQuotasMap -
      withMetrics - if true, then use metrics, if not, do not convert data to metrics
      Returns:
      not transfered map for saving to attribute value
      Throws:
      InternalErrorException