Merge branch 'master' into production

gen/ad_group_vsup_o365

@@ -123,7 +123,7 @@ perunServicesInit::finalize;
 
 
 #
-# returns 1 if the the latest of given expiration is either in the future, or in the 21 days grace period
+# returns 1 if the the latest of given expiration is either in the future, or in the 28 days grace period
 # otherwise, returns 0
 #
 sub isActive() {
@@ -156,7 +156,7 @@ sub isActive() {
 	# Add time 23:59:59 to the date, since we want accounts to be active on the last day
 	$latest_expiration = $latest_expiration + 86399;
 
-	if (($latest_expiration + (21*24*60*60)) > $currentDate->epoch) {
+	if (($latest_expiration + (28*24*60*60)) > $currentDate->epoch) {
 		return 1;
 	}
 

gen/ad_user_vsup

@@ -250,7 +250,7 @@ perunServicesInit::finalize;
 # Returns Windows FILETIME timestamp of users account expiration
 # - in case of expiration on 1.1.4000 -> Zero is returned as "expiration = never".
 # - in case of any other exact date, pick the largest (future). If it comes from study system (KOS),
-#   add 21 days grace period.
+#   add 28 days grace period.
 #
 sub calculateExpiration() {
 
@@ -285,9 +285,9 @@ sub calculateExpiration() {
 		return 0;
 	}
 
-	# (will) expire by studies - add 21 days grace period
+	# (will) expire by studies - add 28 days grace period
 	if ($expirationKosTime and ($latest_expiration == $expirationKosTime->epoch)) {
-		$result = $latest_expiration + (21*24*60*60);
+		$result = $latest_expiration + (28*24*60*60);
 	} else {
 		# Expired by employment or manual - push exact date
 		$result = $latest_expiration;

gen/ftps_generic

@@ -0,0 +1,11 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+use File::Basename;
+use perunDataGenerator;
+
+local $::SERVICE_NAME = basename($0);
+local $::PROTOCOL_VERSION = "3.0.0";
+
+perunDataGenerator::generateUsersDataInJSON;

gen/perunDataGenerator.pm

@@ -9,45 +9,85 @@ use Exporter 'import';
 our $JSON_FORMAT = "json";
 our @EXPORT = qw($JSON_FORMAT);
 
-our $A_MEMBER_STATUS;                 *A_MEMBER_STATUS =                  \'urn:perun:member:attribute-def:core:status';
+our $USER_ATTR_PREFIX = "urn:perun:user:";
+our $USER_FACILITY_ATTR_PREFIX = "urn:perun:user_facility:";
+our $MEMBER_ATTR_PREFIX = "urn:perun:member:";
+our $MEMBER_RESOURCE_ATTR_PREFIX = "urn:perun:member_resource:";
+our $RESOURCE_ATTR_PREFIX = "urn:perun:resource:";
+our $FACILITY_ATTR_PREFIX = "urn:perun:facility:";
 
-# Generate user and user_facility required attributes for each user into JSON file.
-# Subroutine uses perunServicesInit which REQUIRE access to $::SERVICE_NAME and $::PROTOCOL_VERSION.
-# This can be achieved by following lines in your main script: (for example)
-# local $::SERVICE_NAME = "passwd";
-# local $::PROTOCOL_VERSION = "3.0.0";
-# If not valid VO members should be skipped, member status attribute needs to be set on service and set
-# local $::SKIP_NON_VALID_MEMBERS = 1;
-sub generateUsersDataInJSON {
-	perunServicesInit::init;
+our $A_MEMBER_STATUS;                 *A_MEMBER_STATUS =                  \'urn:perun:member:attribute-def:core:status';
 
-	my $DIRECTORY = perunServicesInit::getDirectory;
-	my $data = perunServicesInit::getHashedHierarchicalData;
-	my $agent = perunServicesInit->getAgent;
-	my $attributesAgent = $agent->getAttributesAgent;
-	my $servicesAgent = $agent->getServicesAgent;
-	my $service = $servicesAgent->getServiceByName( name => $::SERVICE_NAME);
+# Returns attribute definitions related to specified entity (entities) type(s)
+sub getRequiredAttributesByType {
+	my $requiredAttributesDefinitions = shift;
+	my $attributePrefix = shift;
+	my @requiredAttributes = ();
 
-	my @requiredAttributesDefinitions = $attributesAgent->getRequiredAttributesDefinition(service => $service->getId);
-	my @userRequiredAttributes = ();
-	my @userFacilityRequiredAttributes = ();
-	foreach my $attrDef (@requiredAttributesDefinitions) {
-		# if attribute's namespace starts with "urn:perun:user:"
-		my $o = index $attrDef->getNamespace, "urn:perun:user:";
+	foreach my $attrDef (@$requiredAttributesDefinitions) {
+		my $o = index $attrDef->getNamespace, $attributePrefix;
 		if ($o == 0) {
-			push @userRequiredAttributes, $attrDef;
+			push @requiredAttributes, $attrDef;
 			next;
 		}
-		$o = index $attrDef->getNamespace, "urn:perun:user_facility:";
-		if ($o == 0) {
-			push @userFacilityRequiredAttributes, $attrDef;
+	}
+
+	return @requiredAttributes;
+}
+
+sub prepareMembersData {
+	my $data = shift;
+	my $userIds = shift;
+	my $resourceId = shift;
+	my $memberRequiredAttributes = shift;
+	my $memberResourceRequiredAttributes = shift;
+
+	my @members = ();
+	foreach my $memberId ($data->getMemberIdsForResource(resource => $resourceId)) {
+		my $memberData = {};
+		my $perunUserId = $data->getUserIdForMember(member => $memberId);
+		if (! exists $userIds->{$perunUserId}) {
+			# user was skipped
 			next;
 		}
+		$memberData->{"link_id"} = $userIds->{$perunUserId};
+
+		foreach my $memberAttribute (@$memberRequiredAttributes) {
+			my $attrValue = $data->getMemberAttributeValue(member => $memberId, attrName => $memberAttribute->getName);
+			# In case there is an undefined boolean attribute, we have to change it to false
+			if ($memberAttribute->getType eq "boolean" && !defined $attrValue) {
+				$memberData->{$memberAttribute->getName} = \0;
+			} else {
+				$memberData->{$memberAttribute->getName} = $attrValue;
+			}
+		}
+
+		foreach my $memberResourceAttribute (@$memberResourceRequiredAttributes) {
+			my $attrValue = $data->getMemberResourceAttributeValue(member => $memberId, resource => $resourceId, attrName => $memberResourceAttribute->getName);
+			# In case there is an undefined boolean attribute, we have to change it to false
+			if ($memberResourceAttribute->getType eq "boolean" && !defined $attrValue) {
+				$memberData->{$memberResourceAttribute->getName} = \0;
+			} else {
+				$memberData->{$memberResourceAttribute->getName} = $attrValue;
+			}
+		}
+
+		push @members, $memberData;
 	}
-	my @users;
+	return \@members;
+}
+
+# Prepares structure of user attributes
+# If addLinkId is true, it will add "link_id" property which is returned in the usersIds structure as {"perunUserId": linkId}
+sub prepareUsersData {
+	my $data = shift;
+	my $userRequiredAttributes = shift;
+	my $userFacilityRequiredAttributes = shift;
+	my $addLinkId = shift;
 
-	####### prepare data ######################
 	my %usersIds = ();
+	my $linkIdCounter = 0;
+	my @users = ();
 	foreach my $memberId ($data->getMemberIdsForFacility()) {
 
 		if ($::SKIP_NON_VALID_MEMBERS) {
@@ -58,11 +98,12 @@ sub generateUsersDataInJSON {
 		if (exists($usersIds{$userId})) {
 			next;
 		} else {
-			$usersIds{$userId} = 0;
+			$linkIdCounter++;
+			$usersIds{$userId} = $linkIdCounter;
 		}
 		my $userData = {};
 
-		foreach my $userAttribute (@userRequiredAttributes) {
+		foreach my $userAttribute (@$userRequiredAttributes) {
 			my $attrValue = $data->getUserAttributeValue(member => $memberId, attrName => $userAttribute->getName);
 			# In case there is an undefined boolean attribute, we have to change it to false
 			if ($userAttribute->getType eq "boolean" && !defined $attrValue) {
@@ -72,7 +113,7 @@ sub generateUsersDataInJSON {
 			}
 		}
 
-		foreach my $userFacilityAttribute (@userFacilityRequiredAttributes) {
+		foreach my $userFacilityAttribute (@$userFacilityRequiredAttributes) {
 			my $attrValue = $data->getUserFacilityAttributeValue(member => $memberId, attrName => $userFacilityAttribute->getName);
 			# In case there is an undefined boolean attribute, we have to change it to false
 			if ($userFacilityAttribute->getType eq "boolean" && !defined $attrValue) {
@@ -81,13 +122,120 @@ sub generateUsersDataInJSON {
 				$userData->{$userFacilityAttribute->getName} = $attrValue;
 			}
 		}
+
+		if ($addLinkId) {
+			$userData->{"link_id"} = $linkIdCounter;
+		}
 		push @users, $userData;
 	}
 
-	####### output file ######################
+	return (\@users, \%usersIds);
+}
+
+=c
+Generate user and user_facility required attributes for each user into JSON file.
+Subroutine uses perunServicesInit which REQUIRE access to $::SERVICE_NAME and $::PROTOCOL_VERSION.
+This can be achieved by following lines in your main script: (for example)
+local $::SERVICE_NAME = "passwd";
+local $::PROTOCOL_VERSION = "3.0.0";
+If not valid VO members should be skipped, member status attribute needs to be set on service and set
+local $::SKIP_NON_VALID_MEMBERS = 1;
+=cut
+sub generateUsersDataInJSON {
+	perunServicesInit::init;
+
+	my $DIRECTORY = perunServicesInit::getDirectory;
+	my $data = perunServicesInit::getHashedHierarchicalData;
+	my $agent = perunServicesInit->getAgent;
+	my $attributesAgent = $agent->getAttributesAgent;
+	my $servicesAgent = $agent->getServicesAgent;
+	my $service = $servicesAgent->getServiceByName( name => $::SERVICE_NAME);
+
+	my @requiredAttributesDefinitions = $attributesAgent->getRequiredAttributesDefinition(service => $service->getId);
+	my @userRequiredAttributes = getRequiredAttributesByType(\@requiredAttributesDefinitions, $USER_ATTR_PREFIX);
+	my @userFacilityRequiredAttributes = getRequiredAttributesByType(\@requiredAttributesDefinitions, $USER_FACILITY_ATTR_PREFIX);
+
+	my ($users, $ids) = prepareUsersData($data, \@userRequiredAttributes, \@userFacilityRequiredAttributes);
+
+	my $fileName = "$DIRECTORY/$::SERVICE_NAME";
+	open FILE, ">$fileName" or die "Cannot open $fileName: $! \n";
+	print FILE JSON::XS->new->utf8->pretty->canonical->encode($users);
+	close FILE or die "Cannot close $fileName: $! \n";
+
+	perunServicesInit::finalize;
+}
+
+=c
+Generate user, user_facility, member, member_resource, resource and facility required attributes into JSON file.
+The result structure is:
+{
+"facility_attribute_name": "facility_attribute_value",
+"users" => [{"user_attribute_name": "user_attribute_value",
+             "link_id": id linking user to its members}]
+"groups" => [{"resource_attribute_name": "resource_attribute_value",
+              "members": [{"member_attribute_name": "member_attribute_value",
+                         "link_id": id of user this member belongs to}]}]
+}
+Subroutine uses perunServicesInit which REQUIRE access to $::SERVICE_NAME and $::PROTOCOL_VERSION.
+This can be achieved by following lines in your main script: (for example)
+local $::SERVICE_NAME = "passwd";
+local $::PROTOCOL_VERSION = "3.0.0";
+If not valid VO members should be skipped, member status attribute needs to be set on service and set
+local $::SKIP_NON_VALID_MEMBERS = 1;
+=cut
+sub generateMemberUsersDataInJson {
+	perunServicesInit::init;
+
+	my $DIRECTORY = perunServicesInit::getDirectory;
+	my $data = perunServicesInit::getHashedHierarchicalData;
+	my $agent = perunServicesInit->getAgent;
+	my $attributesAgent = $agent->getAttributesAgent;
+	my $servicesAgent = $agent->getServicesAgent;
+	my $service = $servicesAgent->getServiceByName( name => $::SERVICE_NAME);
+
+	my @requiredAttributesDefinitions = $attributesAgent->getRequiredAttributesDefinition(service => $service->getId);
+
+	my @userRequiredAttributes = getRequiredAttributesByType(\@requiredAttributesDefinitions, $USER_ATTR_PREFIX);
+	my @userFacilityRequiredAttributes = getRequiredAttributesByType(\@requiredAttributesDefinitions, $USER_FACILITY_ATTR_PREFIX);
+	my ($users, $userIds) = prepareUsersData($data, \@userRequiredAttributes, \@userFacilityRequiredAttributes, 1);
+
+	my @facilityRequiredAttributes = getRequiredAttributesByType(\@requiredAttributesDefinitions, $FACILITY_ATTR_PREFIX);
+	my @resourceRequiredAttributes = getRequiredAttributesByType(\@requiredAttributesDefinitions, $RESOURCE_ATTR_PREFIX);
+	my @memberRequiredAttributes = getRequiredAttributesByType(\@requiredAttributesDefinitions, $MEMBER_ATTR_PREFIX);
+	my @memberResourceRequiredAttributes = getRequiredAttributesByType(\@requiredAttributesDefinitions, $MEMBER_RESOURCE_ATTR_PREFIX);
+
+	my $result = {};
+	$result->{"users"} = $users;
+	$result->{"groups"} = ();
+
+	foreach my $facilityAttribute (@facilityRequiredAttributes) {
+		my $attrValue = $data->getFacilityAttributeValue(attrName => $facilityAttribute->getName);
+		# In case there is an undefined boolean attribute, we have to change it to false
+		if ($facilityAttribute->getType eq "boolean" && !defined $attrValue) {
+			$result->{$facilityAttribute->getName} = \0;
+		} else {
+			$result->{$facilityAttribute->getName} = $attrValue;
+		}
+	}
+
+	foreach my $resourceId ($data->getResourceIds()) {
+		my $resource = {};
+		foreach my $resourceAttribute (@resourceRequiredAttributes) {
+			my $attrValue = $data->getResourceAttributeValue(resource => $resourceId, attrName => $resourceAttribute->getName);
+			# In case there is an undefined boolean attribute, we have to change it to false
+			if ($resourceAttribute->getType eq "boolean" && !defined $attrValue) {
+				$resource->{$resourceAttribute->getName} = \0;
+			} else {
+				$resource->{$resourceAttribute->getName} = $attrValue;
+			}
+		}
+		$resource->{"members"} = prepareMembersData($data, $userIds, $resourceId, \@memberRequiredAttributes, \@memberResourceRequiredAttributes);
+		push @{$result->{"groups"}}, $resource;
+	}
+
 	my $fileName = "$DIRECTORY/$::SERVICE_NAME";
 	open FILE, ">$fileName" or die "Cannot open $fileName: $! \n";
-	print FILE JSON::XS->new->utf8->pretty->canonical->encode(\@users);
+	print FILE JSON::XS->new->utf8->pretty->canonical->encode($result);
 	close FILE or die "Cannot close $fileName: $! \n";
 
 	perunServicesInit::finalize;

gen/sshkeys

@@ -30,7 +30,7 @@ foreach my $memberId ($data->getMemberIdsForFacility()) {
 
 ####### output ######################
 for my $login (keys %sshKeys) {
-	open SERVICE_FILE,">$sshkeysDirectory/$login" or die "Cannot open $sshkeysDirectory/$login: $! \n";
+	open (SERVICE_FILE,">:encoding(UTF-8)","$sshkeysDirectory/$login") or die "Cannot open $sshkeysDirectory/$login: $! \n";
 	print SERVICE_FILE join "\n", @{$sshKeys{$login}}, "\n" if defined $sshKeys{$login};
 	close SERVICE_FILE;
 }

gen/vsup_google_groups

@@ -123,7 +123,7 @@ perunServicesInit::finalize;
 #
 # Calculate if user is expired or not.
 #
-# 1. param - expiration in KOS (studies)
+# 1. param - expiration in KOS (studies) (we will add 28 days grace period to the calculation)
 # 2. param - expiration in DC2 (employees)
 # 3. param - manually set expiration
 #
@@ -140,8 +140,9 @@ sub isExpired() {
 	my $expirationDc2Time = ($expirationDc2) ? Time::Piece->strptime($expirationDc2,"%Y-%m-%d") : undef;
 	my $expirationManTime = ($expirationMan) ? Time::Piece->strptime($expirationMan,"%Y-%m-%d") : undef;
 
+	# Extend KOS studies expiration with 28 days if there is a defined value
 	my @expirations = ();
-	if (defined $expirationKosTime) { push(@expirations, $expirationKosTime->epoch); }
+	if (defined $expirationKosTime) { push(@expirations, ($expirationKosTime->epoch + (28*24*60*60))); }
 	if (defined $expirationDc2Time) { push(@expirations, $expirationDc2Time->epoch); }
 	if (defined $expirationManTime) { push(@expirations, $expirationManTime->epoch); }
 

gen/vsup_k4

@@ -195,7 +195,7 @@ perunServicesInit::finalize;
 # Returns Unix timestamp of users account expiration
 # - in case of expiration on 1.1.4000 -> Zero is returned as "expiration = never".
 # - in case of any other exact date, pick the largest (future). If it comes from study system (KOS),
-#   add 21 days grace period.
+#   add 28 days grace period.
 #
 sub calculateExpiration() {
 
@@ -230,9 +230,9 @@ sub calculateExpiration() {
 		return 0;
 	}
 
-	# (will) expire by studies - add 21 days grace period
+	# (will) expire by studies - add 28 days grace period
 	if ($expirationKosTime and ($latest_expiration == $expirationKosTime->epoch)) {
-		$result = $latest_expiration + (21*24*60*60);
+		$result = $latest_expiration + (28*24*60*60);
 	} else {
 		# Expired by employment or manual - push exact date
 		$result = $latest_expiration;

send/VsupIfis.pm

@@ -58,7 +58,7 @@ sub load_is() {
 	my $dbh = DBI->connect("dbi:Pg:dbname=$db_name;host=$hostname;port=$port", $db_user, $db_password,{ RaiseError=>1, AutoCommit=>0 }) or die "Connect to database $db_name Error!\n";
 
 	# Select query for input database (IS) - all students with UCO_PERUN not null and STUD_DO >= now or null
-	my $sth = $dbh->prepare(qq{select distinct ex_is2idm_studia.UCO_PERUN as UCO, NS, 'STU' as TYP_VZTAHU, STUD_FORMA as DRUH_VZTAHU, ex_is2idm_studia.ID_STUDIA as VZTAH_CISLO, STUD_FORMA as STU_FORMA, STUD_STAV as STUD_STAV, STUD_TYP as STU_PROGR, STUD_OD, STUD_DO, KARTA_LIC as KARTA_IDENT from ex_is2idm_studia left join ex_is2idm_adresy on ex_is2idm_studia.ID_STUDIA=ex_is2idm_adresy.ID_STUDIA where ex_is2idm_studia.UCO_PERUN is not null and (STUD_DO >= CURRENT_DATE OR STUD_DO is NULL)});
+	my $sth = $dbh->prepare(qq{select distinct ex_is2idm_studia.UCO_PERUN as UCO, NS, 'STU' as TYP_VZTAHU, STUD_FORMA as DRUH_VZTAHU, ex_is2idm_studia.ID_STUDIA as VZTAH_CISLO, STUD_FORMA as STU_FORMA, STUD_STAV as STUD_STAV, STUD_TYP as STU_PROGR, STUD_OD, case when STUD_DO is not null then STUD_DO+28 ELSE STUD_DO END as STUD_DO, KARTA_LIC as KARTA_IDENT from ex_is2idm_studia left join ex_is2idm_adresy on ex_is2idm_studia.ID_STUDIA=ex_is2idm_adresy.ID_STUDIA where ex_is2idm_studia.UCO_PERUN is not null and (STUD_DO >= CURRENT_DATE-28 OR STUD_DO is NULL)});
 	$sth->execute();
 
 	# Structure to store data from input database (IS)