Skip to content

Commit

Permalink
Merge branch 'master' into production
Browse files Browse the repository at this point in the history
  • Loading branch information
Johaney-s committed Mar 14, 2022
2 parents 18ca58d + 527566a commit ca044c8
Show file tree
Hide file tree
Showing 9 changed files with 885 additions and 1,366 deletions.
40 changes: 28 additions & 12 deletions gen/kerberos_renewal_principals
Original file line number Diff line number Diff line change
Expand Up @@ -7,36 +7,52 @@ use perunServicesUtils;
use File::Basename;

local $::SERVICE_NAME = basename($0);
local $::PROTOCOL_VERSION = "3.0.0";
my $SCRIPT_VERSION = "3.0.0";
local $::PROTOCOL_VERSION = "3.1.0";
my $SCRIPT_VERSION = "3.0.1";

perunServicesInit::init;
my $data = perunServicesInit::getHashedHierarchicalData;
my $DIRECTORY = perunServicesInit::getDirectory;

our $A_PRINCIPALS; *A_PRINCIPALS = \'urn:perun:user:attribute-def:def:kerberosLogins';
our $A_MEMBER_STATUS; *A_MEMBER_STATUS = \'urn:perun:member:attribute-def:core:status';
our $A_RESOURCE_KERBEROS_PRINCIPALS_FILE_SUFFIX; *A_RESOURCE_KERBEROS_PRINCIPALS_FILE_SUFFIX = \'urn:perun:resource:attribute-def:def:kerberosPrincipalsFileSuffix';

our $A_PRINCIPALS; *A_PRINCIPALS = \'urn:perun:user:attribute-def:def:kerberosLogins';
our $A_MEMBER_STATUS; *A_MEMBER_STATUS = \'urn:perun:member:attribute-def:core:status';
my $principalsDirectory = "$DIRECTORY/kerberos_renewal_principals";
mkdir $principalsDirectory or die "kerberos_renewal_principals directory can't be created: $!";

my $service_file_name = "$DIRECTORY/$::SERVICE_NAME";
my $fileStructureWithData;

my %userPrincipals;
foreach my $resourceId ($data->getResourceIds()) {
my $fileSuffix = $data->getResourceAttributeValue( resource => $resourceId, attrName => $A_RESOURCE_KERBEROS_PRINCIPALS_FILE_SUFFIX );
my $fileName = $fileSuffix ? "kerberos_renewal_principals_${fileSuffix}" : "kerberos_renewal_principals";
my %userPrincipals;
foreach my $memberId ($data->getMemberIdsForResource( resource => $resourceId )) {
next if $data->getMemberAttributeValue( member => $memberId, attrName => $A_MEMBER_STATUS ) ne 'VALID';
for my $principal (@{$data->getUserAttributeValue( member => $memberId, attrName => $A_PRINCIPALS )}) {
$userPrincipals{$principal} = 1;
}
}

if (defined $fileStructureWithData->{$fileName}) {
foreach my $key (keys %userPrincipals) {
$fileStructureWithData->{$fileName}->{$key} = 1;
}
} else {
$fileStructureWithData->{$fileName} = \%userPrincipals;
}
}

####### output file ######################
open SERVICE_FILE,">$service_file_name" or die "Cannot open $service_file_name: $! \n";
foreach my $file (sort keys %$fileStructureWithData) {
my $principals = $fileStructureWithData->{$file};
my $service_file_name = "$principalsDirectory/$file";
open SERVICE_FILE,">$service_file_name" or die "Cannot open $service_file_name: $! \n";

print SERVICE_FILE "target_clients =\n";
print SERVICE_FILE join("\n", sort keys %userPrincipals), "\n";
print SERVICE_FILE ";\n";
print SERVICE_FILE "target_clients =\n";
print SERVICE_FILE join("\n", sort keys %$principals), "\n";
print SERVICE_FILE ";\n";

close(SERVICE_FILE);
close(SERVICE_FILE);
}

perunServicesInit::finalize;
72 changes: 59 additions & 13 deletions gen/openstack_projects
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ use JSON::XS;

our $SERVICE_NAME = "openstack_projects";
our $PROTOCOL_VERSION = "3.0.0";
my $SCRIPT_VERSION = "3.0.0";
my $SCRIPT_VERSION = "3.0.1";

perunServicesInit::init;
my $DIRECTORY = perunServicesInit::getDirectory;
Expand All @@ -21,11 +21,13 @@ our $A_USER_OPTIONAL_LOGIN; *A_USER_OPTIONAL_LOGIN = \'urn:perun:u
our $A_RESOURCE_NAME; *A_RESOURCE_NAME = \'urn:perun:resource:attribute-def:core:name';
our $A_MEMBER_EXPIRATION; *A_MEMBER_EXPIRATION = \'urn:perun:member:attribute-def:def:membershipExpiration';
our $A_MEMBER_STATUS; *A_MEMBER_STATUS = \'urn:perun:member:attribute-def:core:status';
our $A_M_R_GROUP_STATUS; *A_M_R_GROUP_STATUS = \'urn:perun:member_resource:attribute-def:virt:groupStatus';

our $STATUS_VALID; *STATUS_VALID = \'VALID';

our $members = {};

my $users; # $users->{$identifier}->{ATTR} = $attrValue
my $instance = $data->getFacilityAttributeValue(attrName => $A_FACILITY_PROJECT_NAMESPACE);
my $projectPrefix = lc $instance . "_";

Expand All @@ -46,6 +48,11 @@ foreach my $resourceId ($data->getResourceIds()) {
$projectName = $projectPrefix . substr $resourceName, 0, length($resourceName) - 9;
}

my $isPersonalProjectGracePeriod = 0;
if ($resourceName =~ /-personalProjectsGracePeriod$/) {
$isPersonalProjectGracePeriod = 1;
}

my $isPersonalProject = 0;
if ($resourceName =~ /-personalProjects$/) {
$isPersonalProject = 1;
Expand All @@ -55,7 +62,7 @@ foreach my $resourceId ($data->getResourceIds()) {
my $identifier = $data->getUserFacilityAttributeValue(member => $memberId, attrName => $A_USER_FACILITY_LOGIN);
$identifier = $identifier . "\@muni.cz" if $projectPrefix eq "mu_";

if($members->{$identifier}) {
if ($members->{$identifier}) {
if ($hasAccess) {
push @{$members->{$identifier}->{'projects_access'}}, $projectName;
}
Expand All @@ -64,7 +71,25 @@ foreach my $resourceId ($data->getResourceIds()) {
}
if ($isPersonalProject) {
my $status = $data->getMemberAttributeValue(member => $memberId, attrName => $A_MEMBER_STATUS);
if($status eq $STATUS_VALID) {
my $groupStatus = $data->getMemberResourceAttributeValue(member => $memberId, resource => $resourceId, attrName => $A_M_R_GROUP_STATUS);
$users->{$identifier}->{'pp_status'} = ($status eq $STATUS_VALID && $groupStatus eq $STATUS_VALID);
if ($users->{$identifier}->{'pp_status'} || $users->{$identifier}->{'gp_status'}) {
if ($users->{$identifier}->{'pp_status'}) {
$members->{$identifier}->{'valid'} = JSON::XS::true;
}
$members->{$identifier}->{'personal_project'} = JSON::XS::true;
my $memberExpiration = $data->getMemberAttributeValue(member => $memberId, attrName => $A_MEMBER_EXPIRATION);
if (!$memberExpiration) {
$memberExpiration = "";
}
$members->{$identifier}->{'expiration'} = $memberExpiration;
}
}
if ($isPersonalProjectGracePeriod) {
my $groupStatus = $data->getMemberResourceAttributeValue(member => $memberId, resource => $resourceId, attrName => $A_M_R_GROUP_STATUS);
$users->{$identifier}->{'gp_status'} = $groupStatus eq $STATUS_VALID;
if ($users->{$identifier}->{'gp_status'} && (!$users->{$identifier}->{'pp_status'})) {
$members->{$identifier}->{'valid'} = JSON::XS::false;
$members->{$identifier}->{'personal_project'} = JSON::XS::true;
my $memberExpiration = $data->getMemberAttributeValue(member => $memberId, attrName => $A_MEMBER_EXPIRATION);
if (!$memberExpiration) {
Expand All @@ -73,9 +98,15 @@ foreach my $resourceId ($data->getResourceIds()) {
$members->{$identifier}->{'expiration'} = $memberExpiration;
}
}
} else {

}
else {
my @additionalIdentifier = ();
my $muLogin = $data->getUserAttributeValue(member => $memberId, attrName => $A_USER_OPTIONAL_LOGIN);

$users->{$identifier}->{'pp_status'} = 0;
$users->{$identifier}->{'gp_status'} = 0;

if ($muLogin) {
push @additionalIdentifier, $muLogin . "\@muni.cz";
}
Expand All @@ -92,34 +123,49 @@ foreach my $resourceId ($data->getResourceIds()) {
}

my $member = {
identifier => $identifier,
identifier => $identifier,
additional_identifier => \@additionalIdentifier,
mail => $mail,
projects_access => \@projects_access,
projects_managers => \@projects_managers
mail => $mail,
projects_access => \@projects_access,
projects_managers => \@projects_managers
};

my $status = $data->getMemberAttributeValue(member => $memberId, attrName => $A_MEMBER_STATUS);
if ($isPersonalProject && $status eq $STATUS_VALID) {
my $groupStatus = $data->getMemberResourceAttributeValue(member => $memberId, resource => $resourceId, attrName => $A_M_R_GROUP_STATUS);

if ($isPersonalProject && $status eq $STATUS_VALID && $groupStatus eq $STATUS_VALID) {
$users->{$identifier}->{'pp_status'} = ($status eq $STATUS_VALID && $groupStatus eq $STATUS_VALID);
$member->{'valid'} = JSON::XS::true;
$member->{'personal_project'} = JSON::XS::true;
my $memberExpiration = $data->getMemberAttributeValue(member => $memberId, attrName => $A_MEMBER_EXPIRATION);
if(!$memberExpiration) {
if (!$memberExpiration) {
$memberExpiration = "";
}
$member->{'expiration'} = $memberExpiration;
} else {
}
else {
$member->{'personal_project'} = JSON::XS::false;
}

if ($isPersonalProjectGracePeriod && $groupStatus eq $STATUS_VALID) {
$users->{$identifier}->{'gp_status'} = $groupStatus eq $STATUS_VALID;
$member->{'valid'} = JSON::XS::false;
$member->{'personal_project'} = JSON::XS::true;
my $memberExpiration = $data->getMemberAttributeValue(member => $memberId, attrName => $A_MEMBER_EXPIRATION);
if (!$memberExpiration) {
$memberExpiration = "";
}
$member->{'expiration'} = $memberExpiration;
}
$members->{$identifier} = $member;
}
}
}

my @values = values(%$members);
my $fileData = {
instance => $instance,
access => \@values
instance => $instance,
access => \@values
};
my $file = $DIRECTORY . "access.json";
open FILE_USERS, ">$file" or die "Cannot open $file: $! \n";
Expand Down
2 changes: 1 addition & 1 deletion gen/pbsmon_json
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ my $service = $servicesAgent->getServiceByName(name => $SERVICE_NAME);
my $pbsmonServer = $agent->getAttributesAgent->getAttribute(attributeName => $A_FACILITY_PBSMON_SERVER, facility => perunServicesInit::getFacility->getId)->getValue;
unless($pbsmonServer) { die "pbsmonServer not specified for facility ".(perunServicesInit::getFacility->getId()); }

if($pbsmonServer eq 'metavo.metacentrum.cz') { $pbsmonServer = 'documents.metacentrum.cz'; } #FIXME
if($pbsmonServer eq 'metavo.metacentrum.cz') { $pbsmonServer = 'segin.vm.cesnet.cz'; } #FIXME

if($pbsmonServer ne perunServicesInit::getFacility->getName) {
my $pbsmonServerFacility;
Expand Down
Loading

0 comments on commit ca044c8

Please sign in to comment.