feat(core): push C-SCALE attributes to LDAP

- Extended LDAP schema with 3 new attributes used by C-SCALE project. - Added attribute module to check allowed values in user category attribute. - Updated XML configu to push new attributes to LDAP.
CESNET · Mar 2, 2022 · 8c76dcf · 8c76dcf
1 parent d73f7f3
commit 8c76dcf
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 1 deletion.
diff --git a/...run/core/impl/modules/attributes/urn_perun_user_attribute_def_def_cscaleUserCategory.java b/...run/core/impl/modules/attributes/urn_perun_user_attribute_def_def_cscaleUserCategory.java
@@ -0,0 +1,39 @@
+package cz.metacentrum.perun.core.impl.modules.attributes;
+
+import cz.metacentrum.perun.core.api.Attribute;
+import cz.metacentrum.perun.core.api.User;
+import cz.metacentrum.perun.core.api.exceptions.WrongAttributeValueException;
+import cz.metacentrum.perun.core.impl.PerunSessionImpl;
+import cz.metacentrum.perun.core.implApi.modules.attributes.UserAttributesModuleAbstract;
+import cz.metacentrum.perun.core.implApi.modules.attributes.UserAttributesModuleImplApi;
+
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * Check constraint on C-SCALE user categories
+ *
+ * @author Pavel Zlámal <zlamal@cesnet.cz>
+ */
+public class urn_perun_user_attribute_def_def_cscaleUserCategory extends UserAttributesModuleAbstract implements UserAttributesModuleImplApi {
+
+	private final static List<String> allowedValues = Arrays.asList("commercial", "education", "government", "research", "other");
+
+	/**
+	 * Checks if users category has allowed value
+	 *
+	 * @param sess PerunSession
+	 * @param user user
+	 * @param attribute Attribute of the user
+	 * @throws WrongAttributeValueException if the attribute value has wrong/illegal syntax
+	 */
+	@Override
+	public void checkAttributeSyntax(PerunSessionImpl sess, User user, Attribute attribute) throws WrongAttributeValueException {
+		if (attribute.getValue() == null) return;
+
+		if (!allowedValues.contains(attribute.valueAsString())) {
+			throw new WrongAttributeValueException(attribute, "Attribute must have one of allowed values: commercial, education, government, research, other.");
+		}
+	}
+
+}
diff --git a/perun-ldapc/src/main/resources/perun-ldapc.xml b/perun-ldapc/src/main/resources/perun-ldapc.xml
@@ -1158,6 +1158,36 @@ http://www.springframework.org/schema/aop http://www.springframework.org/schema/
 						</bean>
 					</property>
 				</bean>
+				<bean class="cz.metacentrum.perun.ldapc.model.impl.PerunAttributeDesc">
+					<property name="name" value="cscaleCompany"/>
+					<property name="required" value="false"/>
+					<property name="singleValueExtractor">
+						<bean class="cz.metacentrum.perun.ldapc.model.impl.SingleAttributeValueExtractor">
+							<property name="name" value="cscaleCompany"/>
+							<property name="namespace" value="urn:perun:user:attribute-def:def"/>
+						</bean>
+					</property>
+				</bean>
+				<bean class="cz.metacentrum.perun.ldapc.model.impl.PerunAttributeDesc">
+					<property name="name" value="cscaleUserCategory"/>
+					<property name="required" value="false"/>
+					<property name="singleValueExtractor">
+						<bean class="cz.metacentrum.perun.ldapc.model.impl.SingleAttributeValueExtractor">
+							<property name="name" value="cscaleUserCategory"/>
+							<property name="namespace" value="urn:perun:user:attribute-def:def"/>
+						</bean>
+					</property>
+				</bean>
+				<bean class="cz.metacentrum.perun.ldapc.model.impl.PerunAttributeDesc">
+					<property name="name" value="cscaleAcceptEmail"/>
+					<property name="required" value="false"/>
+					<property name="singleValueExtractor">
+						<bean class="cz.metacentrum.perun.ldapc.model.impl.SingleAttributeValueExtractor">
+							<property name="name" value="cscaleAcceptEmail"/>
+							<property name="namespace" value="urn:perun:user:attribute-def:def"/>
+						</bean>
+					</property>
+				</bean>
 			</list>
 		</property>
 		<property name="attributeDescriptionsExt" ref="perunUserAttributesExt"/>

diff --git a/perun-utils/ldapc-scripts/schemas/perun-schema.ldif b/perun-utils/ldapc-scripts/schemas/perun-schema.ldif
@@ -73,9 +73,12 @@ olcAttributeTypes: {68}( 1.3.6.1.4.1.8057.2.80.74 NAME 'rpEnsureVoDefinition' DE
 olcAttributeTypes: {69}( 1.3.6.1.4.1.8057.2.80.75 NAME 'rpEnableEnsureVoFiltering' DESC 'If set to True, proxy will trigger the ensureVo filter' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 olcAttributeTypes: {70}( 1.3.6.1.4.1.8057.2.80.76 NAME 'rpLoginURL' DESC 'URL where user can log in to the service.' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 olcAttributeTypes: {71}( 1.3.6.1.4.1.8057.2.80.77 NAME 'oouEinfraSignedV1' DESC 'User was informed about actual OOU processing.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {72}( 1.3.6.1.4.1.8057.2.80.78 NAME 'cscaleCompany' DESC 'User Company. Reserved for C-SCALE usage.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {73}( 1.3.6.1.4.1.8057.2.80.79 NAME 'cscaleUserCategory' DESC 'User Category. Reserved for C-SCALE usage.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {74}( 1.3.6.1.4.1.8057.2.80.80 NAME 'cscaleAcceptEmail' DESC 'Flag if user is willing to accept emails. Reserved for C-SCALE usage.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 -
 replace: olcObjectClasses
-olcObjectClasses: {0}( 1.3.6.1.4.1.8057.2.80.4 NAME 'perunUser' DESC 'User managed by Perun' SUP inetOrgPerson STRUCTURAL MUST ( perunUserId $ isServiceUser $ isSponsoredUser ) MAY ( preferredMail $ userCertificateSubject $ uidNumber $ login $ eduPersonPrincipalNames $ userPassword $ memberOfPerunVo $ libraryIDs $ schacHomeOrganizations $ eduPersonScopedAffiliations $ bonaFideStatus $ groupNames $ institutionsCountries $ isCesnetEligible $ loa $ internalUserIdentifiers $ eduPersonOrcid $ loaFenix $ adminOfVo $ adminOfGroup $ adminOfFacility $ eduPersonEntitlement $ europeanStudentID $ eIDASPersonIdentifier $ timezone $ phone $ address $ aups $ tcsMails $ sshPublicKey $ sponsoredMembershipInOrganizations $ userIdentities $ schacPersonalUniqueCodes $ securityImage $ mfaEnforced $ mfaTokens $ uuid $ oouEinfraSignedV1 ) )
+olcObjectClasses: {0}( 1.3.6.1.4.1.8057.2.80.4 NAME 'perunUser' DESC 'User managed by Perun' SUP inetOrgPerson STRUCTURAL MUST ( perunUserId $ isServiceUser $ isSponsoredUser ) MAY ( preferredMail $ userCertificateSubject $ uidNumber $ login $ eduPersonPrincipalNames $ userPassword $ memberOfPerunVo $ libraryIDs $ schacHomeOrganizations $ eduPersonScopedAffiliations $ bonaFideStatus $ groupNames $ institutionsCountries $ isCesnetEligible $ loa $ internalUserIdentifiers $ eduPersonOrcid $ loaFenix $ adminOfVo $ adminOfGroup $ adminOfFacility $ eduPersonEntitlement $ europeanStudentID $ eIDASPersonIdentifier $ timezone $ phone $ address $ aups $ tcsMails $ sshPublicKey $ sponsoredMembershipInOrganizations $ userIdentities $ schacPersonalUniqueCodes $ securityImage $ mfaEnforced $ mfaTokens $ uuid $ oouEinfraSignedV1 $ cscaleCompany $ cscaleUserCategory $ cscaleAcceptEmail ) )
 olcObjectClasses: {1}( 1.3.6.1.4.1.8057.2.80.5 NAME 'perunGroup' DESC 'Group managed by Perun' SUP top  STRUCTURAL MUST ( cn $ perunGroupId $ perunVoId $ perunUniqueGroupName ) MAY ( uniqueMember $ businessCategory $ seeAlso $ owner $ ou $ o $ description $ perunParentGroup $ perunParentGroupId $ assignedToResourceId $ adminOfVo $ adminOfGroup $ adminOfFacility $ groupAffiliations $ uuid ) )
 olcObjectClasses: {2}( 1.3.6.1.4.1.8057.2.80.15 NAME 'perunResource' DESC 'Resource managed by Perun' SUP top STRUCTURAL MUST ( cn $  perunResourceId $ perunVoId $ perunFacilityId ) MAY (uniqueMember $ businessCategory $ seeAlso $ owner $ ou $ o $ description $ assignedGroupId $ perunFacilityDn $ capabilities $ isAssignedWithSubgroups $ uuid ) )
 olcObjectClasses: {3}( 1.3.6.1.4.1.8057.2.80.6 NAME 'perunVO' DESC 'VO managed by Perun' SUP organization STRUCTURAL MUST perunVoId MAY ( uniqueMember $ aup ) )