Package cz.metacentrum.perun.core.blImpl
Class ModulesUtilsBlImpl
java.lang.Object
cz.metacentrum.perun.core.blImpl.ModulesUtilsBlImpl
- All Implemented Interfaces:
ModulesUtilsBl
- Author:
- Michal Stava invalid input: '<'stavamichal@gmail.com>
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classShared logic for purpose of login generation -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final longstatic final Patternstatic final longstatic final Patternstatic final longstatic final Patternstatic final longstatic final Patternstatic final Patternstatic final Patternstatic final Patternstatic final long -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptioncheckAndConvertIDRanges(Attribute idRangesAttribute) Take attribute with idRanges value (map of strings) and check if all records of this value are valid ranges.checkAndTransferBucketQuota(Attribute quotasAttribute, PerunBean firstPlaceholder, PerunBean secondPlaceholder) Checks the format of and extracts soft and hard quota from the attribute's value (the expected format is: `softQuota:hardQuota`).checkAndTransferQuotas(Attribute quotasAttribute, PerunBean firstPlaceholder, PerunBean secondPlaceholder, boolean withMetrics) Check if value in quotas attribute are in the right format.voidcheckAttributeRegex(Attribute attribute, Pattern defaultRegex) Check if value of attribute (friendlyName) suits regex in perun-namespaces.properties file.voidcheckAttributeValueIsIncludedOrSubgroupId(PerunSessionImpl sess, Group group, Attribute attribute) Checks whether all values of attribute are ids of group's included groups or subgroups.voidcheckFormatOfShell(String shell, Attribute attribute) Check if shell has the right format.voidcheckIfGIDIsWithinRange(PerunSessionImpl sess, Attribute attribute) Check if gid in arguments is free in the namespacevoidcheckIfListOfGIDIsWithinRange(PerunSessionImpl sess, User user, Attribute attribute) Check if list of gids in arguments is free in the namespacevoidcheckIfQuotasIsInLimit(Map<String, Pair<BigDecimal, BigDecimal>> quotaToCheck, Map<String, Pair<BigDecimal, BigDecimal>> limitQuota) Check if quotaToCheck is in limit of limitQuota.voidcheckLoginNamespaceRegex(String namespace, String login, Pattern defaultRegex) Check login value against regex defined for login-namespace.protected voidInternal protected method.voidcheckReservedUnixGroupNames(Attribute groupNameAttribute) Check if value of groupName attribute is not reserved String.countUserFacilityQuotas(List<Map<String, Pair<BigDecimal, BigDecimal>>> allUserQuotas) Count all quotas for user.findCollisionGroupsWithSamgeGroupGid(PerunSessionImpl sess, Group group, String namespace) findCollisionGroupsWithSamgeGroupGid(PerunSessionImpl sess, Resource resource, String namespace) findCollisionGroupsWithSamgeGroupName(PerunSessionImpl sess, Group group, String namespace) findCollisionGroupsWithSamgeGroupName(PerunSessionImpl sess, Resource resource, String namespace) findCollisionResourcesWithSameGid(PerunSessionImpl sess, Group group, String namespace) findCollisionResourcesWithSameGid(PerunSessionImpl sess, Resource resource, String namespace) findCollisionResourcesWithSameGroupName(PerunSessionImpl sess, Group group, String namespace) findCollisionResourcesWithSameGroupName(PerunSessionImpl sess, Resource resource, String namespace) getCommonGIDOfGroupsWithSameNameInSameNamespace(PerunSessionImpl sess, List<Group> groupsWithSameGroupNameInSameNamespace, String gidNamespace, Integer commonGID) This method is looking for exactly one commonGID for all objects in list.getCommonGIDOfResourcesWithSameNameInSameNamespace(PerunSessionImpl sess, List<Resource> resourcesWithSameGroupNameInSameNamespace, String gidNamespace, Integer commonGID) This method is looking for exactly one commonGID for all objects in list.getFreeGID(PerunSessionImpl sess, Attribute attribute) Get free gid for resource or group.Get value of attribute A_F_Def_googleGroupName-Namespace If this value is null, throw WrongReferenceAttributeValueExceptiongetListOfGroupGIDsFromListOfResourceGIDs(PerunSessionImpl sess, List<Attribute> resourceGIDs) Take list of resourceGID attributes and return list of the same GID attributes only for group (with the same original value)getListOfResourceGIDsFromListOfGroupGIDs(PerunSessionImpl sess, List<Attribute> groupGIDs) Take list of groupGID attributes and return list of the same GID attributes only for resource (with the same original value)static Pair<BigDecimal, String> getNumberAndUnitFromString(String attributeValue) Returns pair of number (BigDecimal) and unit (String) from given string.booleangetSendRightFromAttributes(PerunSessionImpl sess, Member member, Group group, String booleanAttribute, String listAttribute) Calculates value of o365SendAs/o365SendOnBehalf attribute based on values of o365SendAs/o365SendOnBehalf member-group attribute and o365SendAsGroups/o365SendOnBehalfGroups group attribute.getSetOfGIDNamespacesWhereFacilitiesHasTheSameGroupNameNamespace(PerunSessionImpl sess, List<Facility> facilities, Attribute unixGroupNameNamespace) Get list of facilities and namespace of group or resource attribute unixGroupName-namespace and if any facility has unixGroupName-namespace with same value like this namespace of unixGroupNameNamespace attribute then get unixGID-namespace of this facility and save it to the hashSet of these namespaces.getSetOfGroupNameNamespacesWhereFacilitiesHasTheSameGIDNamespace(PerunSessionImpl sess, List<Facility> facilities, Attribute unixGIDNamespace) Get list of facilities and namespace of group or resource attribute unixGID-namespace and if any facility has unixGID-namespace with same value like this namespace of unixGIDNamespace attribute then get unixGroupName-namespace of this facility and save it to the hashSet of these namespaces.getUnixGIDNamespaceAttributeWithNotNullValue(PerunSessionImpl sess, Resource resource) Get value of attribute A_F_Def_unixGID-Namespace If this value is null, throw WrongReferenceAttributeValueExceptionGet value of attribute A_F_Def_unixGroupName-Namespace If this value is null, throw WrongReferenceAttributeValueExceptiongetUserByLoginInNamespace(PerunSession sess, String login, String namespace) Gets user by login in specified namespace.getUserFromMessage(PerunSessionImpl sess, String message) Get object User from Perun audit message.booleanhasAccessToWriteToAttributeForAnyGroup(PerunSessionImpl sess, AttributeDefinition attrDef, List<Group> groups) booleanhasAccessToWriteToAttributeForAnyResource(PerunSessionImpl sess, AttributeDefinition attrDef, List<Resource> resources) booleanhaveRightToWriteAttributeInAnyGroupOrResource(PerunSessionImpl sess, List<Group> groups, List<Resource> resources, AttributeDefinition groupAttribute, AttributeDefinition resourceAttribute) Return true if i have right on any of groups or resources to WRITE the attributeinthaveTheSameAttributeWithTheSameNamespace(PerunSessionImpl sess, Group group, Attribute attr) This method get if the group has the same attribute "attr" with the same namespace and same or different valuesinthaveTheSameAttributeWithTheSameNamespace(PerunSessionImpl sess, Resource resource, Attribute attr) This method get if the resource has the same attribute "attr" with the same namespace and same or different valuesbooleanisFQDNValid(PerunSessionImpl sess, String fqdn) Checks fully qualified domain name and returns true, if it is valid.booleanisGroupUnixGIDNamespaceFillable(PerunSessionImpl sess, Group group, Attribute groupUnixGIDNamespace) This method return true if there exists some Facility (get from assigned resources) where is facility_unixGID-namespace attribute with value same like group_unixGID-namespace namespace and if the group has unixGroupName-namespace with notNull value in the same namespace like value of attribute facility_unixGroupName-namespace.booleanisLoginExceptionallyAllowed(String namespace, String login) Return true, if login value is "exception" within its namespace rules.booleanisNameOfEmailValid(PerunSessionImpl sess, String email) Checks name of an email by standard pattern and returns true, if it is valid.booleanisNamespaceEqualsToFacilityUnixGroupNameNamespace(PerunSessionImpl sess, Facility facility, String namespace) If attribute "def_facility_unixGroup_namespace" is "null" return false.booleanisUserLoginPermitted(String namespace, String login) Check if value of login is permitted within the namespace.mergeMemberAndResourceTransferredQuotas(Map<String, Pair<BigDecimal, BigDecimal>> resourceQuotas, Map<String, Pair<BigDecimal, BigDecimal>> memberResourceQuotas, Map<String, Pair<BigDecimal, BigDecimal>> quotasOverride) Merge resource default quotas and member-resource specific quotas together.static StringnormalizeStringForLogin(String toBeNormalized) Normalize string for purpose of generating safe login value.retrieveCertificatesExpiration(Map<String, String> certificates) Extracts expiration of the given certificates.voidsetPerunBl(PerunBl perunBl) transferQuotasBackToAttributeValue(Map<String, Pair<BigDecimal, BigDecimal>> transferedQuotasMap, boolean withMetrics) Reverse method for checkAndTransferQuotas method.
-
Field Details
-
A_E_NAMESPACE_GID_RANGES
- See Also:
-
A_G_UNIX_GID_NAMESPACE
- See Also:
-
A_G_UNIX_GROUP_NAME_NAMESPACE
- See Also:
-
A_R_UNIX_GID_NAMESPACE
- See Also:
-
A_R_UNIX_GROUP_NAME_NAMESPACE
- See Also:
-
A_F_UNIX_GID_NAMESPACE
- See Also:
-
A_F_UNIX_GROUP_NAME_NAMESPACE
- See Also:
-
A_F_GOOGLE_GROUPS_DOMAIN
- See Also:
-
QUOTA_WITH_METRICS_PATTERN
-
QUOTA_WITHOUT_METRICS_PATTERN
-
QUOTA_PATH_PATTERN
-
NUMBER_PATTERN
-
LETTER_PATTERN
-
FQDN_PATTERN
-
SHELL_PATTERN
-
RESERVED_NAMES_FOR_UNIX_GROUPS
-
UNPERMITTED_NAMES_FOR_USER_LOGINS
-
M
public static final long M- See Also:
-
G
public static final long G- See Also:
-
T
public static final long T- See Also:
-
P
public static final long P- See Also:
-
E
public static final long E- See Also:
-
-
Constructor Details
-
ModulesUtilsBlImpl
public ModulesUtilsBlImpl()
-
-
Method Details
-
normalizeStringForLogin
Normalize string for purpose of generating safe login value.- Returns:
- normalized string
-
getNumberAndUnitFromString
Returns pair of number (BigDecimal) and unit (String) from given string. Returns default value Pairinvalid input: '<'0, "G"> if parsing fails. E.g.: "5T" -> Pairinvalid input: '<'5, "T">- Parameters:
attributeValue- string to parse- Returns:
- pair of number and unit
-
retrieveCertificatesExpiration
Extracts expiration of the given certificates.- Parameters:
certificates- as a map where the key is a DN and the value is a certificate- Returns:
- map where the key is certificate DN and the value is a certificate expiration
-
checkAndConvertIDRanges
public Map<Integer,Integer> checkAndConvertIDRanges(Attribute idRangesAttribute) throws WrongAttributeValueException Description copied from interface:ModulesUtilsBlTake attribute with idRanges value (map of strings) and check if all records of this value are valid ranges. Valid range is from minimum to maximum where minimum must be less or equal to maximum. If minimum and maximum are equal, the interval has exactly one element. If all ranges are valid, it also checks if there is any overlap between ranges. If yes, it throws an error.If every check is ok, it will return map of integer values where records are ranges, in keys are minimums of these ranges, in values are maximum of these ranges and there are no overlaps between any two ranges in map.
Attribute in parameter of this method can't be null but can have null value which returns empty map.
If there are empty or null elements (value or key) in map it will throw an exception. If any of minimums and maximums is not a number (convertible to Java Integer) it will throw an exception. If any of minimums is less than 1 it also throw an exception. If one of ranges is not correct range (minimum is not less or equal to maximum) it will throw an exception. If there are any overlaps between two or more ranges, it will throw an exception - ex. 100-102 and 101-103.
Example of valid format of range: key='100', value='1000' - range from 100 to 1000 included key='1', value ='1' - range with exactly one gid with number "1"
- Specified by:
checkAndConvertIDRangesin interfaceModulesUtilsBl- Parameters:
idRangesAttribute- attribute with id ranges value (map of ranges as strings)- Returns:
- map of valid ranges without overlaps
- Throws:
WrongAttributeValueException- if value of attribute in parameter does not contain valid ranges without overlaps
-
checkAndTransferQuotas
public Map<String,Pair<BigDecimal, checkAndTransferQuotasBigDecimal>> (Attribute quotasAttribute, PerunBean firstPlaceholder, PerunBean secondPlaceholder, boolean withMetrics) throws WrongAttributeValueException Description copied from interface:ModulesUtilsBlCheck if value in quotas attribute are in the right format. Also transfer and return data in suitable container.Example of correct quotas with metrics: key=/path/to/volume , value=50T:0 Example of correct quotas without metrics: key=/path/to/volume , value=1000:2000
Example of suitable format: key=/path/to/volume, softQuota=50000000000000, hradQuota=0
The key is always a path tested as checked valid URI without '/' on the end (except the path "/", which is also valid)
Left part of value is softQuota, right part after delimeter ':' is hardQuota. SoftQuota must be less or equals to hardQuota. '0' means unlimited.
- Specified by:
checkAndTransferQuotasin interfaceModulesUtilsBl- Parameters:
quotasAttribute- attribute with paths and quotas (Mapinvalid input: '<'String, String>) (data or files quotas)firstPlaceholder- first attribute placeholder (can't be null, mandatory)secondPlaceholder- second attribute placeholder (can be null if not exists)withMetrics- true if metrics are used, false if not- Returns:
- map with path in key and pair with invalid input: '<'softQuota, hardQuota> in big decimal
- Throws:
WrongAttributeValueException- if something is wrong in format of attribute
-
checkAndTransferBucketQuota
public Pair<Integer,Integer> checkAndTransferBucketQuota(Attribute quotasAttribute, PerunBean firstPlaceholder, PerunBean secondPlaceholder) throws WrongAttributeValueException Description copied from interface:ModulesUtilsBlChecks the format of and extracts soft and hard quota from the attribute's value (the expected format is: `softQuota:hardQuota`). Performs semantics checks - soft quota must be smaller or equal to hard quota, soft quota cannot be unlimited unless hard quota is unlimited as well. Finally, returns the extracted quota in a Pair object, where `Left` is soft quota and `Right` is hard quota.- Specified by:
checkAndTransferBucketQuotain interfaceModulesUtilsBl- Parameters:
quotasAttribute- quota attributefirstPlaceholder- placeholder object for throwing exceptionssecondPlaceholder- placeholder object for throwing exceptions- Returns:
- pair with invalid input: '<'softQuota, hardQuota> in big decimal
- Throws:
WrongAttributeValueException- if something is wrong in format of attribute
-
checkAttributeRegex
public void checkAttributeRegex(Attribute attribute, Pattern defaultRegex) throws WrongAttributeValueException Description copied from interface:ModulesUtilsBlCheck if value of attribute (friendlyName) suits regex in perun-namespaces.properties file. If yes, nothing happens. If no, WrongAttributeValueException is thrown. If there is no property record in the properties file, defaultRegex is used instead (if not null).- Specified by:
checkAttributeRegexin interfaceModulesUtilsBl- Parameters:
attribute-defaultRegex- Default regex to be used if regex is not found in the configuration file.- Throws:
WrongAttributeValueException
-
checkAttributeValueIsIncludedOrSubgroupId
public void checkAttributeValueIsIncludedOrSubgroupId(PerunSessionImpl sess, Group group, Attribute attribute) throws WrongReferenceAttributeValueException Description copied from interface:ModulesUtilsBlChecks whether all values of attribute are ids of group's included groups or subgroups.- Specified by:
checkAttributeValueIsIncludedOrSubgroupIdin interfaceModulesUtilsBl- Parameters:
sess-group- parent groupattribute- attribute to check- Throws:
WrongReferenceAttributeValueException- if any value of attribute is not subgroup's or included group's id
-
checkFormatOfShell
public void checkFormatOfShell(String shell, Attribute attribute) throws WrongAttributeValueException Description copied from interface:ModulesUtilsBlCheck if shell has the right format. Use regex ^(/[-_a-zA-Z0-9]+)+$- Specified by:
checkFormatOfShellin interfaceModulesUtilsBl- Parameters:
shell- value of shellattribute- attribute which need to test shell (needed for right exception)- Throws:
WrongAttributeValueException- if shell has bad format
-
checkIfGIDIsWithinRange
public void checkIfGIDIsWithinRange(PerunSessionImpl sess, Attribute attribute) throws WrongAttributeAssignmentException, AttributeNotExistsException, WrongAttributeValueException, WrongReferenceAttributeValueException Description copied from interface:ModulesUtilsBlCheck if gid in arguments is free in the namespace- Specified by:
checkIfGIDIsWithinRangein interfaceModulesUtilsBl- Parameters:
sess- perun sessionattribute- group or resource unixGID-namespace attribute with value- Throws:
WrongAttributeAssignmentException- if attribute does not belong to appropriate entityAttributeNotExistsException- if attribute does not existWrongAttributeValueException- if the attribute value has wrong/illegal syntaxWrongReferenceAttributeValueException- if the attribute value has wrong/illegal semantics
-
checkIfListOfGIDIsWithinRange
public void checkIfListOfGIDIsWithinRange(PerunSessionImpl sess, User user, Attribute attribute) throws WrongAttributeAssignmentException, AttributeNotExistsException, WrongAttributeValueException Description copied from interface:ModulesUtilsBlCheck if list of gids in arguments is free in the namespace- Specified by:
checkIfListOfGIDIsWithinRangein interfaceModulesUtilsBl- Parameters:
sess-user- handler of atributeattribute- list of unixGIDs-namespace attribute with value- Throws:
WrongAttributeAssignmentExceptionAttributeNotExistsExceptionWrongAttributeValueException
-
checkIfQuotasIsInLimit
public void checkIfQuotasIsInLimit(Map<String, Pair<BigDecimal, BigDecimal>> quotaToCheck, Map<String, Pair<BigDecimal, BigDecimal>> limitQuota) Description copied from interface:ModulesUtilsBlCheck if quotaToCheck is in limit of limitQuota. That means that every key of quotaToCheck map must exist in limitQuota and if such key exists, softQuota (left value) of quotaToCheck map need to be lower or same as softQuota in limitQuota of the same key and the same must be in effect for hardQuota (right value) of both maps.It uses transferred quotas so it can be used for files and data same way. 0 means unlimited. If no quota is allowed, the value for volume shouldn't be in limit quota at all.
Example of possible limitations: quotaToCheck -> ( '/var/log/something' => '10000:50000', '/sys/something' => '0:0', '/tmp/something' => '0:0' ) quotaToLimit -> ( '/var/log/something' => '10000:50000', '/sys/something' => '50:0', '/cache/something' => '0:0' ) --------------- '/var/log/something' => '10000:50000' -- this value is correct, exists in limit quota and both quotas are in limit '/sys/something' => '0:0' -- this is not correct, 0 means unlimited quota and we have limit 50 for softQuota (not in limit) '/tmp/something' => '0:0' -- this value is not correct, because this path is not set in limit quota at all '/cache/something' => '0:0' -- there is no problem, that limit quota has some limited values which are not in quotasToCheck
- Specified by:
checkIfQuotasIsInLimitin interfaceModulesUtilsBl- Parameters:
quotaToCheck- map of volumes (as keys) and pairs of soft quota (left value) and hard quota (right value) for this volume we want to check this map against the limit onelimitQuota- map of volumes (as keys) and pairs of soft quota (left value) and hard quota (right value) for this volume we want to use this map as limit one
-
checkLoginNamespaceRegex
public void checkLoginNamespaceRegex(String namespace, String login, Pattern defaultRegex) throws InvalidLoginException Description copied from interface:ModulesUtilsBlCheck login value against regex defined for login-namespace. It throws InvalidLoginException if matching fails.Regex for each namespace can be defined in /etc/perun/perun-namespaces.properties You can define login exceptions, which override these syntactically wrong login names in the same file. It is to support historically wrong values or specific exception within existing namespaces.
- Specified by:
checkLoginNamespaceRegexin interfaceModulesUtilsBl- Parameters:
namespace- Namespace to perform check inlogin- Login to checkdefaultRegex- Default regex can be used if namespace doesn't define own.- Throws:
InvalidLoginException- If login value doesn't matches the regex- See Also:
-
checkPerunNamespacesMap
protected void checkPerunNamespacesMap()Internal protected method. Checks this.perunNamespaces map, which is always initialized as null. If null, it tries to load the configuration into this map from a perun-namespaces.properties file. If the file does not exist, it creates an empty HashMap, so it's not null anymore. -
checkReservedUnixGroupNames
public void checkReservedUnixGroupNames(Attribute groupNameAttribute) throws WrongAttributeValueException Description copied from interface:ModulesUtilsBlCheck if value of groupName attribute is not reserved String. If not, its ok. If yes, throw WrongAttributeValueException. If attribute is null, then it's ok. For reserved unix group names this method firstly tries to read perun-namespaces.properties file. If there is no property in this file, it reads the default hardcoded values.- Specified by:
checkReservedUnixGroupNamesin interfaceModulesUtilsBl- Parameters:
groupNameAttribute- unixGroupName-namespace- Throws:
WrongAttributeValueException
-
countUserFacilityQuotas
public Map<String,Pair<BigDecimal, countUserFacilityQuotasBigDecimal>> (List<Map<String, Pair<BigDecimal, BigDecimal>>> allUserQuotas) Description copied from interface:ModulesUtilsBlCount all quotas for user. Every record in list is merged quotas map with value from resource attribute and resource-member attribute where user has allowed member.Quotas for same paths are sum together. If value is '0' then result is also '0', because 0 means unlimited.
Example: /path/to/volume 30G:50G , /path/to/volume 40G:0 => /path/to/volume 70G:0
- Specified by:
countUserFacilityQuotasin interfaceModulesUtilsBl- Parameters:
allUserQuotas- list- Returns:
- counted user facility quotas
-
findCollisionGroupsWithSamgeGroupGid
public List<Group> findCollisionGroupsWithSamgeGroupGid(PerunSessionImpl sess, Resource resource, String namespace) throws WrongAttributeAssignmentException, AttributeNotExistsException -
findCollisionGroupsWithSamgeGroupGid
public List<Group> findCollisionGroupsWithSamgeGroupGid(PerunSessionImpl sess, Group group, String namespace) throws WrongAttributeAssignmentException, AttributeNotExistsException -
findCollisionGroupsWithSamgeGroupName
public List<Group> findCollisionGroupsWithSamgeGroupName(PerunSessionImpl sess, Resource resource, String namespace) throws WrongAttributeAssignmentException, AttributeNotExistsException -
findCollisionGroupsWithSamgeGroupName
public List<Group> findCollisionGroupsWithSamgeGroupName(PerunSessionImpl sess, Group group, String namespace) throws WrongAttributeAssignmentException, AttributeNotExistsException -
findCollisionResourcesWithSameGid
public List<Resource> findCollisionResourcesWithSameGid(PerunSessionImpl sess, Resource resource, String namespace) throws WrongAttributeAssignmentException, AttributeNotExistsException -
findCollisionResourcesWithSameGid
public List<Resource> findCollisionResourcesWithSameGid(PerunSessionImpl sess, Group group, String namespace) throws WrongAttributeAssignmentException, AttributeNotExistsException -
findCollisionResourcesWithSameGroupName
public List<Resource> findCollisionResourcesWithSameGroupName(PerunSessionImpl sess, Resource resource, String namespace) throws WrongAttributeAssignmentException, AttributeNotExistsException -
findCollisionResourcesWithSameGroupName
public List<Resource> findCollisionResourcesWithSameGroupName(PerunSessionImpl sess, Group group, String namespace) throws WrongAttributeAssignmentException, AttributeNotExistsException -
getCommonGIDOfGroupsWithSameNameInSameNamespace
public Integer getCommonGIDOfGroupsWithSameNameInSameNamespace(PerunSessionImpl sess, List<Group> groupsWithSameGroupNameInSameNamespace, String gidNamespace, Integer commonGID) throws WrongAttributeAssignmentException Description copied from interface:ModulesUtilsBlThis method is looking for exactly one commonGID for all objects in list. If commonGID in parameter is not null, it checks that all objects in list have this one set as gid.If list of groups is empty, return always commonGID from parameter (it can be null). If there are more than one different commonGIDs, throw ConsistencyErrorException
- Specified by:
getCommonGIDOfGroupsWithSameNameInSameNamespacein interfaceModulesUtilsBl- Parameters:
sess-groupsWithSameGroupNameInSameNamespace-gidNamespace-commonGID- if any common gid already exists (for example from Resources) use it to compare, null in other case- Returns:
- common GID, if no exists return null
- Throws:
WrongAttributeAssignmentException
-
getCommonGIDOfResourcesWithSameNameInSameNamespace
public Integer getCommonGIDOfResourcesWithSameNameInSameNamespace(PerunSessionImpl sess, List<Resource> resourcesWithSameGroupNameInSameNamespace, String gidNamespace, Integer commonGID) throws WrongAttributeAssignmentException Description copied from interface:ModulesUtilsBlThis method is looking for exactly one commonGID for all objects in list. If commonGID in parameter is not null, it checks that all objects in list have this one set as gid.If list of groups is empty, return always commonGID from parameter (it can be null). If there are more than one different commonGIDs, throw ConsistencyErrorException
- Specified by:
getCommonGIDOfResourcesWithSameNameInSameNamespacein interfaceModulesUtilsBl- Parameters:
sess-resourcesWithSameGroupNameInSameNamespace-gidNamespace-commonGID- if any common gid already exists (for example from Resources) use it to compare, null in other case- Returns:
- common GID, if no exists return null
- Throws:
WrongAttributeAssignmentException
-
getFreeGID
public Integer getFreeGID(PerunSessionImpl sess, Attribute attribute) throws AttributeNotExistsException, WrongAttributeAssignmentException Description copied from interface:ModulesUtilsBlGet free gid for resource or group.- Specified by:
getFreeGIDin interfaceModulesUtilsBl- Parameters:
sess-attribute- group or resource unixGID-namespace attribute- Returns:
- if 0 there isn't set any gidRange for this namespace, if null there is no free gid, other less or more than 0 gid
- Throws:
AttributeNotExistsExceptionWrongAttributeAssignmentException
-
getGoogleGroupNameNamespaceAttributeWithNotNullValue
public Attribute getGoogleGroupNameNamespaceAttributeWithNotNullValue(PerunSessionImpl sess, Resource resource) throws WrongReferenceAttributeValueException Description copied from interface:ModulesUtilsBlGet value of attribute A_F_Def_googleGroupName-Namespace If this value is null, throw WrongReferenceAttributeValueException- Specified by:
getGoogleGroupNameNamespaceAttributeWithNotNullValuein interfaceModulesUtilsBl- Parameters:
sess-resource-- Returns:
- namespace if is not null
- Throws:
WrongReferenceAttributeValueException- if value of googleGroupName-namespace attribute is null
-
getListOfGroupGIDsFromListOfResourceGIDs
public List<Attribute> getListOfGroupGIDsFromListOfResourceGIDs(PerunSessionImpl sess, List<Attribute> resourceGIDs) throws AttributeNotExistsException Description copied from interface:ModulesUtilsBlTake list of resourceGID attributes and return list of the same GID attributes only for group (with the same original value)- Specified by:
getListOfGroupGIDsFromListOfResourceGIDsin interfaceModulesUtilsBl- Parameters:
sess-resourceGIDs- list of attributes type of Resource UnixGID- Returns:
- list of attribute type of Group UnixGID with same values like in original list
- Throws:
AttributeNotExistsException
-
getListOfResourceGIDsFromListOfGroupGIDs
public List<Attribute> getListOfResourceGIDsFromListOfGroupGIDs(PerunSessionImpl sess, List<Attribute> groupGIDs) throws AttributeNotExistsException Description copied from interface:ModulesUtilsBlTake list of groupGID attributes and return list of the same GID attributes only for resource (with the same original value)- Specified by:
getListOfResourceGIDsFromListOfGroupGIDsin interfaceModulesUtilsBl- Parameters:
sess-groupGIDs- list of attributes type of Group UnixGID- Returns:
- list of attribute type of Resource UnixGID with same values like in original list
- Throws:
AttributeNotExistsException
-
getPerunBl
-
getSendRightFromAttributes
public boolean getSendRightFromAttributes(PerunSessionImpl sess, Member member, Group group, String booleanAttribute, String listAttribute) Description copied from interface:ModulesUtilsBlCalculates value of o365SendAs/o365SendOnBehalf attribute based on values of o365SendAs/o365SendOnBehalf member-group attribute and o365SendAsGroups/o365SendOnBehalfGroups group attribute.- Specified by:
getSendRightFromAttributesin interfaceModulesUtilsBl- Parameters:
sess-member- member of the groupgroup- parent groupbooleanAttribute- name of o365SendAs/o365SendOnBehalf attributelistAttribute- name of o365SendAsGroups/o365SendOnBehalfGroups attribute- Returns:
- boolean
-
getSetOfGIDNamespacesWhereFacilitiesHasTheSameGroupNameNamespace
public Set<String> getSetOfGIDNamespacesWhereFacilitiesHasTheSameGroupNameNamespace(PerunSessionImpl sess, List<Facility> facilities, Attribute unixGroupNameNamespace) throws WrongAttributeAssignmentException Description copied from interface:ModulesUtilsBlGet list of facilities and namespace of group or resource attribute unixGroupName-namespace and if any facility has unixGroupName-namespace with same value like this namespace of unixGroupNameNamespace attribute then get unixGID-namespace of this facility and save it to the hashSet of these namespaces.- Specified by:
getSetOfGIDNamespacesWhereFacilitiesHasTheSameGroupNameNamespacein interfaceModulesUtilsBl- Parameters:
sess-facilities- list of facilitiesunixGroupNameNamespace- unixGroupName-namespace attribute- Returns:
- list of namespaces
- Throws:
WrongAttributeAssignmentException
-
getSetOfGroupNameNamespacesWhereFacilitiesHasTheSameGIDNamespace
public Set<String> getSetOfGroupNameNamespacesWhereFacilitiesHasTheSameGIDNamespace(PerunSessionImpl sess, List<Facility> facilities, Attribute unixGIDNamespace) throws WrongAttributeAssignmentException, WrongReferenceAttributeValueException Description copied from interface:ModulesUtilsBlGet list of facilities and namespace of group or resource attribute unixGID-namespace and if any facility has unixGID-namespace with same value like this namespace of unixGIDNamespace attribute then get unixGroupName-namespace of this facility and save it to the hashSet of these namespaces.- Specified by:
getSetOfGroupNameNamespacesWhereFacilitiesHasTheSameGIDNamespacein interfaceModulesUtilsBl- Parameters:
sess-facilities- list of facilitiesunixGIDNamespace- unixGroupName-namespace attribute- Returns:
- list of namespaces
- Throws:
WrongAttributeAssignmentExceptionWrongReferenceAttributeValueException
-
getUnixGIDNamespaceAttributeWithNotNullValue
public Attribute getUnixGIDNamespaceAttributeWithNotNullValue(PerunSessionImpl sess, Resource resource) throws WrongReferenceAttributeValueException Description copied from interface:ModulesUtilsBlGet value of attribute A_F_Def_unixGID-Namespace If this value is null, throw WrongReferenceAttributeValueException- Specified by:
getUnixGIDNamespaceAttributeWithNotNullValuein interfaceModulesUtilsBl- Parameters:
sess-resource-- Returns:
- Throws:
WrongReferenceAttributeValueException
-
getUnixGroupNameNamespaceAttributeWithNotNullValue
public Attribute getUnixGroupNameNamespaceAttributeWithNotNullValue(PerunSessionImpl sess, Resource resource) throws WrongReferenceAttributeValueException Description copied from interface:ModulesUtilsBlGet value of attribute A_F_Def_unixGroupName-Namespace If this value is null, throw WrongReferenceAttributeValueException- Specified by:
getUnixGroupNameNamespaceAttributeWithNotNullValuein interfaceModulesUtilsBl- Parameters:
sess-resource-- Returns:
- namespace if is not null
- Throws:
WrongReferenceAttributeValueException- if value of unixGroupName-namespace attribute is null
-
getUserByLoginInNamespace
Description copied from interface:ModulesUtilsBlGets user by login in specified namespace.- Specified by:
getUserByLoginInNamespacein interfaceModulesUtilsBl- Parameters:
sess-login- user's loginnamespace- login-namespace- Returns:
- found user or null if no user was found
-
getUserFromMessage
Description copied from interface:ModulesUtilsBlGet object User from Perun audit message. Try to find it by different objects in this order: User, UserExtSource, Member. Always return first occurrence of User using objects above: - if user has been found, return it (do not look for another user) - if no user has been found, try to find UserExtSource and get user from it - if no UserExtSource has been found, try to find Member and get user from it - if there is no such object, return null- Specified by:
getUserFromMessagein interfaceModulesUtilsBl- Parameters:
message- audit message in machine format (with characters 'invalid input: '<'' as brackets)- Returns:
- user if found or null if not found
-
hasAccessToWriteToAttributeForAnyGroup
public boolean hasAccessToWriteToAttributeForAnyGroup(PerunSessionImpl sess, AttributeDefinition attrDef, List<Group> groups) -
hasAccessToWriteToAttributeForAnyResource
public boolean hasAccessToWriteToAttributeForAnyResource(PerunSessionImpl sess, AttributeDefinition attrDef, List<Resource> resources) -
haveRightToWriteAttributeInAnyGroupOrResource
public boolean haveRightToWriteAttributeInAnyGroupOrResource(PerunSessionImpl sess, List<Group> groups, List<Resource> resources, AttributeDefinition groupAttribute, AttributeDefinition resourceAttribute) Description copied from interface:ModulesUtilsBlReturn true if i have right on any of groups or resources to WRITE the attribute- Specified by:
haveRightToWriteAttributeInAnyGroupOrResourcein interfaceModulesUtilsBl- Parameters:
sess-groups- lists of groups to searchresources- lists of resources to searchgroupAttribute- AttributeDefinition for testing Write privileges for groupsresourceAttribute- AttributeDefinition for testing Write privileges for resource- Returns:
- true if such group or resource exists, false if not
-
haveTheSameAttributeWithTheSameNamespace
public int haveTheSameAttributeWithTheSameNamespace(PerunSessionImpl sess, Resource resource, Attribute attr) throws WrongAttributeAssignmentException Description copied from interface:ModulesUtilsBlThis method get if the resource has the same attribute "attr" with the same namespace and same or different valuesIf return 0 then there exists for the resource the same attribute with the same value if return more than 0 then there exists for the resource the same attribute with different value if return less than 0 then there not exists for the resource the same attribute
- Specified by:
haveTheSameAttributeWithTheSameNamespacein interfaceModulesUtilsBl- Parameters:
sess-resource-attr- any resource attribute with namespace which will be use for comparing- Returns:
- Throws:
WrongAttributeAssignmentException- if attribute name is not RESOURCE attribute
-
haveTheSameAttributeWithTheSameNamespace
public int haveTheSameAttributeWithTheSameNamespace(PerunSessionImpl sess, Group group, Attribute attr) throws WrongAttributeAssignmentException Description copied from interface:ModulesUtilsBlThis method get if the group has the same attribute "attr" with the same namespace and same or different valuesIf return 0 then there exists for the group the same attribute with the same value if return more than 0 then there exists for the group the same attribute with different value if return less than 0 then there not exists for the group the same attribute
- Specified by:
haveTheSameAttributeWithTheSameNamespacein interfaceModulesUtilsBl- Parameters:
sess-group-attr- any group attribute with namespace which will be use for comparing- Returns:
- Throws:
WrongAttributeAssignmentException- if attribute name is not GROUP attribute
-
isFQDNValid
Description copied from interface:ModulesUtilsBlChecks fully qualified domain name and returns true, if it is valid.- Specified by:
isFQDNValidin interfaceModulesUtilsBl- Parameters:
sess-fqdn- fully qualified domain name- Returns:
- true if the fqdn is valid
-
isGroupUnixGIDNamespaceFillable
public boolean isGroupUnixGIDNamespaceFillable(PerunSessionImpl sess, Group group, Attribute groupUnixGIDNamespace) throws WrongReferenceAttributeValueException, WrongAttributeAssignmentException Description copied from interface:ModulesUtilsBlThis method return true if there exists some Facility (get from assigned resources) where is facility_unixGID-namespace attribute with value same like group_unixGID-namespace namespace and if the group has unixGroupName-namespace with notNull value in the same namespace like value of attribute facility_unixGroupName-namespace. Return false if not.- Specified by:
isGroupUnixGIDNamespaceFillablein interfaceModulesUtilsBl- Parameters:
sess-group- the groupgroupUnixGIDNamespace- attribute of the group- Returns:
- Throws:
WrongReferenceAttributeValueExceptionWrongAttributeAssignmentException
-
isLoginExceptionallyAllowed
Description copied from interface:ModulesUtilsBlReturn true, if login value is "exception" within its namespace rules. Eg. when syntax check normally doesn't allow such value, but its manually allowed here in order to support already existing (historic) wrong values. It can be defined for each namespace in /etc/perun/perun-namespaces.properties- Specified by:
isLoginExceptionallyAllowedin interfaceModulesUtilsBl- Parameters:
namespace- Namespace to perform check inlogin- Login to check- Returns:
- TRUE if login value is within exceptions / FALSE otherwise
-
isNameOfEmailValid
Description copied from interface:ModulesUtilsBlChecks name of an email by standard pattern and returns true, if it is valid.- Specified by:
isNameOfEmailValidin interfaceModulesUtilsBl- Parameters:
sess-email- name of the email- Returns:
- true if the name of email is valid
-
isNamespaceEqualsToFacilityUnixGroupNameNamespace
public boolean isNamespaceEqualsToFacilityUnixGroupNameNamespace(PerunSessionImpl sess, Facility facility, String namespace) throws AttributeNotExistsException, WrongAttributeAssignmentException Description copied from interface:ModulesUtilsBlIf attribute "def_facility_unixGroup_namespace" is "null" return false. If value of attribute "def_facility_unixGroup_namespace" is not same like "namespace", return false. Else return true.Facility, sess and namespace can't be null, otherwise throw InternalErrorException
- Specified by:
isNamespaceEqualsToFacilityUnixGroupNameNamespacein interfaceModulesUtilsBl- Parameters:
sess-facility-namespace-- Returns:
- Throws:
AttributeNotExistsExceptionWrongAttributeAssignmentException
-
isUserLoginPermitted
Description copied from interface:ModulesUtilsBlCheck if value of login is permitted within the namespace. Returns FALSE, if login value is not permitted within the namespace (eg. matches system user)Reserved login names can be defined for each namespace in /etc/perun/perun-namespaces.properties If property for namespace is not found, then check is done against hardcoded defaults.
You can define login exceptions, which override these reserved login names in the same file. This method returns TRUE for such exceptions. It is to support historically wrong values or specific exception within existing namespaces.
- Specified by:
isUserLoginPermittedin interfaceModulesUtilsBl- Parameters:
namespace- Namespace to perform check inlogin- Login to check- Returns:
- TRUE if login value is permitted within the namespace / FALSE otherwise
- See Also:
-
mergeMemberAndResourceTransferredQuotas
public Map<String,Pair<BigDecimal, mergeMemberAndResourceTransferredQuotasBigDecimal>> (Map<String, Pair<BigDecimal, BigDecimal>> resourceQuotas, Map<String, Pair<BigDecimal, BigDecimal>> memberResourceQuotas, Map<String, Pair<BigDecimal, BigDecimal>> quotasOverride) Description copied from interface:ModulesUtilsBlMerge resource default quotas and member-resource specific quotas together. Use override if exists instead. Paths are always unique, quotas are merged. (soft together and hard together)Together means by priority: - override has the highest priority but is it used only if path exists in resource or resource-member quotas - member-resource quotas has the second highest priority if override not exists - resource quotas are used only if contain unique path (path not exists as member-resource or as override)
- Specified by:
mergeMemberAndResourceTransferredQuotasin interfaceModulesUtilsBl- Parameters:
resourceQuotas- transferred map with default resource quotasmemberResourceQuotas- transferred map with member-resource specific quotasquotasOverride- transfered map with all manual overrides of quotas- Returns:
- merged quotas transferred map
-
setPerunBl
-
transferQuotasBackToAttributeValue
public Map<String,String> transferQuotasBackToAttributeValue(Map<String, Pair<BigDecimal, BigDecimal>> transferedQuotasMap, boolean withMetrics) Description copied from interface:ModulesUtilsBlReverse method for checkAndTransferQuotas method. Take transfered map and create again not transfered map. From path=/path/to/ , softQuota=50000, hardQuota=0 To path=/path/to/ , value=50M:0 (Do not check again!)- Specified by:
transferQuotasBackToAttributeValuein interfaceModulesUtilsBl- Parameters:
transferedQuotasMap-withMetrics- if true, then use metrics, if not, do not convert data to metrics- Returns:
- not transfered map for saving to attribute value
-