CHANGELOG.md

+## [5.1.3](https://gitlab.ics.muni.cz/perun-proxy-aai/java/perun-spRegistration-app/compare/v5.1.2...v5.1.3) (2023-08-03)
+
+
+### Bug Fixes
+
+* 🐛 Fix updating MFA categories ([a3ab8a2](https://gitlab.ics.muni.cz/perun-proxy-aai/java/perun-spRegistration-app/commit/a3ab8a2b5c9c961ffd57d98a17d7f6224d3fb174))
+
 ## [5.1.2](https://gitlab.ics.muni.cz/perun-proxy-aai/java/perun-spRegistration-app/compare/v5.1.1...v5.1.2) (2023-07-26)
 
 

config_templates/application.yml

@@ -73,57 +73,74 @@ attributes:
     proxy_identifier: "https://idp2.ics.muni.cz/idp/shibboleth"
     master_proxy_identifier: "https://idp2.ics.muni.cz/idp/shibboleth"
     rp_categories:
-      electronic information resources:
-        en: "Electronic information resources"
-        cs: "Elektronické informační zdroje"
-      libraries:
-        en: "Libraries and Publishing"
-        cs: "Knihovny a nakladatelství"
-      maps:
-        en: "Maps and GIS"
-        cs: "Mapy a GIS"
-      security:
-        en: "Information Security"
-        cs: "Informační bezpečnost"
-      IT supporting services:
-        en: "IT supporting services"
-        cs: "Služby IT komunity"
-      network:
-        en: "Networks and Wi-Fi"
-        cs: "Sítě a Wi-Fi"
-      information systems:
-        en: "Information Systems"
-        cs: "Informační systémy"
-      accounts and identities:
-        en: "Accounts, Passwords, ID cards"
-        cs: "Účty, hesla a ID karty"
-      user support:
-        en: "User Support"
-        cs: "Uživatelská podpora"
-      collaboration:
-        en: "E-mail, communication, cooperation"
-        cs: "E-mail, komunikace, spolupráce"
-      audio video:
-        en: "Telephones, Audio and Video"
-        cs: "Telefonování, audio a video"
-      education:
-        en: "Teaching and learning"
-        cs: "Výuka a vzdělávání"
-      software and hardware:
-        en: "Software and Hardware"
-        cs: "Software a hardware"
-      web and PR:
-        en: "Web, Webhosting and Marketing"
-        cs: "Web, hosting, propagace"
-      data:
-        en: "Data management and storage"
-        cs: "Správa a ukládání dat"
-      cloud:
-        en: "Cloud and High Performance Computing"
-        cs: "Cloud a náročné výpočty"
-      other:
-        en: "Other"
-        cs: "Ostatní"
+      - category: "electronic information resources"
+        labels:
+          en: "Electronic information resources"
+          cs: "Elektronické informační zdroje"
+      - category: "libraries"
+        labels:
+          en: "Libraries and Publishing"
+          cs: "Knihovny a nakladatelství"
+      - category: "maps"
+        labels:
+          en: "Maps and GIS"
+          cs: "Mapy a GIS"
+      - category: "security"
+        labels:
+          en: "Information Security"
+          cs: "Informační bezpečnost"
+      - category: "IT supporting services"
+        labels:
+          en: "IT supporting services"
+          cs: "Služby IT komunity"
+      - category: "network"
+        labels:
+          en: "Networks and Wi-Fi"
+          cs: "Sítě a Wi-Fi"
+      - category: "information systems"
+        labels:
+          en: "Information Systems"
+          cs: "Informační systémy"
+      - category: "accounts and identities"
+        labels:
+          en: "Accounts, Passwords, ID cards"
+          cs: "Účty, hesla a ID karty"
+      - category: "user support"
+        labels:
+          en: "User Support"
+          cs: "Uživatelská podpora"
+      - category: "collaboration"
+        labels:
+          en: "E-mail, communication, cooperation"
+          cs: "E-mail, komunikace, spolupráce"
+      - category: "audio video"
+        labels:
+          en: "Telephones, Audio and Video"
+          cs: "Telefonování, audio a video"
+      - category: "education"
+        labels:
+          en: "Teaching and learning"
+          cs: "Výuka a vzdělávání"
+      - category: "software and hardware"
+        labels:
+          en: "Software and Hardware"
+          cs: "Software a hardware"
+      - category: "web and PR"
+        labels:
+          en: "Web, Webhosting and Marketing"
+          cs: "Web, hosting, propagace"
+      - category: "data"
+        labels:
+          en: "Data management and storage"
+          cs: "Správa a ukládání dat"
+      - category: "cloud"
+        labels:
+          en: "Cloud and High Performance Computing"
+          cs: "Cloud a náročné výpočty"
+      - category: "other"
+        labels:
+          en: "Other"
+          cs: "Ostatní"
 
 inputs.config.paths:
   service: "/etc/perun-spRegistration/attrs/service.yml"

pom.xml

@@ -12,7 +12,7 @@
 
     <groupId>cz.metacentrum.perun</groupId>
     <artifactId>spRegistration</artifactId>
-    <version>5.1.2</version>
+    <version>5.1.3</version>
     <packaging>war</packaging>
 
     <name>perun-spRegistration</name>

src/main/java/cz/metacentrum/perun/spRegistration/common/configs/AppBeansContainer.java

@@ -67,7 +67,7 @@ public class AppBeansContainer {
             (!StringUtils.hasText(attributesProperties.getNames().getMfaCategories())
             || !StringUtils.hasText(attributesProperties.getNames().getServiceCategory()))
         ) {
-            throw new IllegalStateException("MFA categories are enabled, but attributes" +
+            throw new IllegalStateException("MFA categories are enabled, but attributes " +
                 "mfaCategories or serviceCategory are not provided");
         }
     }

src/main/java/cz/metacentrum/perun/spRegistration/common/configs/AttributesProperties.java

@@ -3,6 +3,7 @@ package cz.metacentrum.perun.spRegistration.common.configs;
 import java.util.*;
 import javax.annotation.PostConstruct;
 import javax.validation.constraints.NotBlank;
+import javax.validation.constraints.NotEmpty;
 import javax.validation.constraints.NotNull;
 import lombok.AllArgsConstructor;
 import lombok.EqualsAndHashCode;
@@ -36,30 +37,7 @@ public class AttributesProperties {
     }
 
     public List<String> getAttrNames() {
-        List<String> list = Arrays.asList(
-                this.names.getUserEmail(),
-                this.names.getProxyIdentifier(),
-                this.names.getMasterProxyIdentifier(),
-                this.names.getIsTestSp(),
-                this.names.getShowOnServiceList(),
-                this.names.getAdministratorContact(),
-                this.names.getOidcClientId(),
-                this.names.getOidcClientSecret(),
-                this.names.getEntityId(),
-                this.names.getIsOidc(),
-                this.names.getIsSaml(),
-                this.names.getServiceName(),
-                this.names.getServiceDesc(),
-                this.names.getManagerGroup(),
-                this.names.getUpdatedAt()
-        );
-        if (StringUtils.hasText(this.names.getMfaCategories())) {
-            list.add(names.mfaCategories);
-        }
-        if (StringUtils.hasText(this.names.getServiceCategory())) {
-            list.add(names.serviceCategory);
-        }
-        return list;
+        return names.getAttrNames();
     }
 
     @Getter
@@ -117,7 +95,45 @@ public class AttributesProperties {
 
         private String serviceCategory;
 
-        private String mfaCategories = "urn:perun:entityless:attribute-def:def:mfaCategories";
+        private String mfaCategories;
+
+        private final List<String> attrNames = new ArrayList<>();
+
+        private List<String> getAttrNames() {
+            if (attrNames.size() == 0) {
+                addMandatoryAttrName(userEmail);
+                addMandatoryAttrName(proxyIdentifier);
+                addMandatoryAttrName(masterProxyIdentifier);
+                addMandatoryAttrName(isTestSp);
+                addMandatoryAttrName(showOnServiceList);
+                addMandatoryAttrName(administratorContact);
+                addMandatoryAttrName(oidcClientId);
+                addMandatoryAttrName(oidcClientSecret);
+                addMandatoryAttrName(entityId);
+                addMandatoryAttrName(isOidc);
+                addMandatoryAttrName(isSaml);
+                addMandatoryAttrName(serviceName);
+                addMandatoryAttrName(serviceDesc);
+                addMandatoryAttrName(managerGroup);
+                addMandatoryAttrName(updatedAt);
+                addOptionalAttrName(mfaCategories);
+                addOptionalAttrName(serviceCategory);
+            }
+            return attrNames;
+        }
+
+        private void addMandatoryAttrName(String attrName) {
+            if (!StringUtils.hasText(attrName)) {
+                throw new IllegalStateException("Missing mandatory attr name");
+            }
+            attrNames.add(attrName);
+        }
+
+        private void addOptionalAttrName(String attrName) {
+            if (StringUtils.hasText(attrName)) {
+                attrNames.add(attrName);
+            }
+        }
     }
 
     @Getter
@@ -136,8 +152,24 @@ public class AttributesProperties {
         @NotBlank
         private String masterProxyIdentifier = "https://login.cesnet.cz/idp/";
 
+        private final List<RpCategory> rpCategories = new ArrayList<>();
+    }
+
+    @Getter
+    @Setter
+    @ToString
+    @EqualsAndHashCode
+    @NoArgsConstructor
+    @AllArgsConstructor
+    public static class RpCategory {
+
+        @NotBlank
+        private String category;
+
+        @NotEmpty
         @NotNull
-        private final Map<String, Map<String, String>> rpCategories = new HashMap<>();
+        private final Map<String, String> labels = new HashMap<>();
+
     }
 
 }

src/main/java/cz/metacentrum/perun/spRegistration/persistence/adapters/impl/PerunAdapterRpc.java

@@ -62,16 +62,13 @@ public class PerunAdapterRpc implements PerunAdapter {
 	public static final String PARAM_ONLY_DIRECT_ADMINS = "onlyDirectAdmins";
 
 	@NonNull private final PerunConnectorRpc perunRpc;
-	@NonNull private final ApplicationProperties applicationProperties;
 	@NonNull private final AttributesProperties attributesProperties;
 
 	@Autowired
 	public PerunAdapterRpc(PerunConnectorRpc perunConnectorRpc,
-						   ApplicationProperties applicationProperties,
 						   AttributesProperties attributesProperties)
 	{
 		this.perunRpc = perunConnectorRpc;
-		this.applicationProperties = applicationProperties;
 		this.attributesProperties = attributesProperties;
 	}
 

src/main/java/cz/metacentrum/perun/spRegistration/service/impl/RequestsServiceImpl.java

@@ -644,7 +644,7 @@ public class RequestsServiceImpl implements RequestsService {
 
         Map<String, String> oldName = sp.getName();
         Map<String, String> oldDesc = sp.getDescription();
-        boolean spUpdateRollback = false;
+        boolean spObjectUpdateRollback = false;
         try {
             ArrayNode arr = request.getAttributesAsJsonArrayForPerun();
             PerunAttribute syncedAt = utilsService.generateUpdatedAtAttribute();
@@ -652,76 +652,73 @@ public class RequestsServiceImpl implements RequestsService {
             if (!perunAdapter.setFacilityAttributes(request.getFacilityId(), arr)) {
                 throw new InternalErrorException("Failed to update attributes to new ones");
             }
-            spUpdateRollback = true;
+            spObjectUpdateRollback = true;
             sp.setName(request.getFacilityName(attributesProperties.getNames().getServiceName()));
             sp.setDescription(request.getFacilityDescription(attributesProperties.getNames().getServiceDesc()));
             if (!providedServiceManager.update(sp)) {
                 throw new InternalErrorException("Failed to update SP in local DB");
             }
-        } catch (Exception e)
-        {
+            if (applicationProperties.isUpdateMfaCategoriesEnabled()) {
+                updateMfaCategories();
+            }
+        } catch (Exception e) {
+            log.warn("Caught exception {} when updating service. Rolling back any changes made", e.getMessage(), e);
             rollBackAttrChanges(oldAttributes, actualFacility.getId());
-            if (spUpdateRollback) {
+            if (spObjectUpdateRollback) {
                 rollBackSpChanges(sp, oldName, oldDesc, sp.getEnvironment());
             }
             return false;
         }
-        if (applicationProperties.isUpdateMfaCategoriesEnabled()) {
-            updateMfaCategories();
-        }
         return true;
     }
 
     private void updateMfaCategories()
     {
-        Map<String, Map<String, String>> categoryLabels =
+        List<AttributesProperties.RpCategory> rpCategories =
                 applicationBeans.getAttributesProperties().getValues().getRpCategories();
         ObjectMapper mapper = new ObjectMapper();
         ObjectNode rootNode = mapper.createObjectNode();
-        for (Map.Entry<String, Map<String, String>> entry : categoryLabels.entrySet()) {
-            ObjectNode catNode = rootNode.putObject(entry.getKey());
-            catNode.set("label", mapper.valueToTree(entry.getValue()));
+        for (AttributesProperties.RpCategory category: rpCategories) {
+            ObjectNode catNode = rootNode.putObject(category.getCategory());
+            catNode.set("label", mapper.valueToTree(category.getLabels()));
             catNode.putObject("rps");
         }
         Names attributeNames = applicationBeans.getAttributesProperties().getNames();
-        Map<String, String> attrMap = Map.of(
-                attributeNames.getServiceName(), "serviceName",
-                attributeNames.getServiceCategory(), "serviceCategory",
-                attributeNames.getEntityId(), "entityID",
-                attributeNames.getOidcClientId(), "clientID"
+        List<String> attributesToFetch = List.of(
+            attributeNames.getServiceName(),
+            attributeNames.getServiceCategory(),
+            attributeNames.getEntityId(),
+            attributeNames.getOidcClientId()
         );
         List<FacilityWithAttributes> facilitiesWithAttributes;
         try {
             facilitiesWithAttributes = perunAdapter.getFacilitiesWithAttributesByProxyIdentifier(
-                    attributeNames.getProxyIdentifier(),
-                    applicationBeans.getApplicationProperties().getProxyIdentifier(),
-                    new ArrayList<>(attrMap.keySet())
+                attributeNames.getMasterProxyIdentifier(),
+                attributesProperties.getValues().getMasterProxyIdentifier(),
+                attributesToFetch
             );
         } catch (PerunUnknownException | PerunConnectionException e) {
-            log.error("Updating MfaCategories" +
-                    " attribute failed to fetch facilities from perun.", e);
+            log.error(
+                "Updating MfaCategories attribute failed. Failed to fetch facilities from Perun.",
+                e
+            );
             return;
         }
         for (FacilityWithAttributes facilityWithAttributes : facilitiesWithAttributes) {
-            Map<String, String> values = new HashMap<>();
-            for (PerunAttribute attribute :
-                    facilityWithAttributes.getAttributes().values()) {
-                values.put(attrMap.get(attribute.getDefinition().getNamespace() +
-                                ":" + attribute.getDefinition().getFriendlyName()),
-                        attribute.valueAsString());
-            }
-            String cat = values.get("serviceCategory");
-            if (!(cat == null || cat.equals("other") || cat.isEmpty())) {
-                String id = values.get("clientID") != null ?
-                        values.get("clientID") : values.get("entityID");
+            Map<String, PerunAttribute> attrNameToValueMap = facilityWithAttributes.getAttributes();
+            String cat = attrNameToValueMap.get(attributeNames.getServiceCategory()).valueAsString();
+            if (StringUtils.hasText(cat) && !"other".equals(cat)) {
+                String id = ServiceUtils.isOidcAttributes(attrNameToValueMap, attributeNames.getOidcClientId()) ?
+                    attrNameToValueMap.get(attributeNames.getOidcClientId()).valueAsString() :
+                    attrNameToValueMap.get(attributeNames.getEntityId()).valueAsString();
                 JsonNode catRpNode = rootNode.path(cat).path("rps");
-                try {
-                    JsonNode jsonLabels = mapper.readTree(values.get("serviceName"));
-                    ((ObjectNode) catRpNode).set(id, jsonLabels);
-                } catch (JsonProcessingException e) {
-                    log.error("Could not parse service name for " +
-                            "{} while updating MfaCategories attribute", id);
+                if (catRpNode.isMissingNode()) {
+                    log.warn("Unrecognized RPC category found for facility '{}' - {}",
+                        facilityWithAttributes.getFacility().getId(), cat);
+                    continue;
                 }
+                JsonNode jsonLabels = attrNameToValueMap.get(attributeNames.getServiceName()).getValue();
+                ((ObjectNode) catRpNode).set(id, jsonLabels);
             }
         }
         try {
@@ -798,6 +795,7 @@ public class RequestsServiceImpl implements RequestsService {
                 throw new ProcessingException("Failed to update attributes");
             }
         } catch (Exception e) {
+            log.warn("Caught exception {} when moving service to production. Rolling back any changes made", e.getMessage(), e);
             rollBackSpChanges(sp, sp.getName(), sp.getDescription(), ServiceEnvironment.TESTING);
             return false;
         }

src/main/java/cz/metacentrum/perun/spRegistration/service/impl/UtilsServiceImpl.java

@@ -134,7 +134,6 @@ public class UtilsServiceImpl implements UtilsService {
     public PerunAttribute generateUpdatedAtAttribute() {
         PerunAttribute attribute = new PerunAttribute();
         String value = Timestamp.valueOf(LocalDateTime.now()).toString();
-
         attribute.setDefinition(appBeansContainer.getAttrDefinition(attributesProperties.getNames().getUpdatedAt()));
         attribute.setValue(attribute.getDefinition().getType(), JsonNodeFactory.instance.textNode(value));
         return attribute;

src/main/resources/application-dev.yml

@@ -63,57 +63,18 @@ attributes:
     proxy_identifier: "XYZ"
     master_proxy_identifier: "https://login.cesnet.cz/idp/"
     rp_categories:
-      electronic information resources:
-        en: "Electronic information resources"
-        cs: "Elektronické informační zdroje"
-      libraries:
-        en: "Libraries and Publishing"
-        cs: "Knihovny a nakladatelství"
-      maps:
-        en: "Maps and GIS"
-        cs: "Mapy a GIS"
-      security:
-        en: "Information Security"
-        cs: "Informační bezpečnost"
-      IT supporting services:
-        en: "IT supporting services"
-        cs: "Služby IT komunity"
-      network:
-        en: "Networks and Wi-Fi"
-        cs: "Sítě a Wi-Fi"
-      information systems:
-        en: "Information Systems"
-        cs: "Informační systémy"
-      accounts and identities:
-        en: "Accounts, Passwords, ID cards"
-        cs: "Účty, hesla a ID karty"
-      user support:
-        en: "User Support"
-        cs: "Uživatelská podpora"
-      collaboration:
-        en: "E-mail, communication, cooperation"
-        cs: "E-mail, komunikace, spolupráce"
-      audio video:
-        en: "Telephones, Audio and Video"
-        cs: "Telefonování, audio a video"
-      education:
-        en: "Teaching and learning"
-        cs: "Výuka a vzdělávání"
-      software and hardware:
-        en: "Software and Hardware"
-        cs: "Software a hardware"
-      web and PR:
-        en: "Web, Webhosting and Marketing"
-        cs: "Web, hosting, propagace"
-      data:
-        en: "Data management and storage"
-        cs: "Správa a ukládání dat"
-      cloud:
-        en: "Cloud and High Performance Computing"
-        cs: "Cloud a náročné výpočty"
-      other:
-        en: "Other"
-        cs: "Ostatní"
+      - category: "electronic information resources"
+        labels:
+          en: "Electronic information resources"
+          cs: "Elektronické informační zdroje"
+      - category: "libraries"
+        labels:
+          en: "Libraries and Publishing"
+          cs: "Knihovny a nakladatelství"
+      - category: "others"
+        labels:
+          en: "others"
+          cs: "jiné"
 
 inputs.config.paths:
   service: "/etc/perun-spreg/attrs/service.yml"