diff options
| author |   sg481n <sg481n@att.com> | 2017-08-28 12:11:35 -0400 |
|---|---|---|
| committer | sg481n <sg481n@att.com> | 2017-08-28 12:11:47 -0400 |
| commit | bd890c575163e4d87ac24198b9c68a39cf4bbc4d (patch) | |
| tree | 2d6c5baa66d1df8f8c841d39646e93020ed203bc /authz-batch/src/main/java/com/att/authz/reports/Expiring.java | |
| parent | 72b21f2ac109b0d95fef3ef608c0c343337d4ce2 (diff) | |
Update project structure to org.onap.aaf
Update project structure of authz module in aaf from
com.att to org.onap.aaf and add distribution management
and repositories.
Issue-id: AAF-21
Change-Id: Ia2486954e99f2bd60f18122ed60d32d5590781e9
Signed-off-by: sg481n <sg481n@att.com>
Diffstat (limited to 'authz-batch/src/main/java/com/att/authz/reports/Expiring.java')
| -rw-r--r-- | authz-batch/src/main/java/com/att/authz/reports/Expiring.java | 235 |
1 files changed, 235 insertions, 0 deletions
diff --git a/authz-batch/src/main/java/com/att/authz/reports/Expiring.java b/authz-batch/src/main/java/com/att/authz/reports/Expiring.java new file mode 100644 index 00000000..79f37598 --- /dev/null +++ b/authz-batch/src/main/java/com/att/authz/reports/Expiring.java @@ -0,0 +1,235 @@ +/******************************************************************************* + * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. + *******************************************************************************/ +package com.att.authz.reports; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.Date; +import java.util.GregorianCalendar; +import java.util.List; + +import com.att.authz.Batch; +import com.att.authz.actions.Action; +import com.att.authz.actions.ActionDAO; +import com.att.authz.actions.CredDelete; +import com.att.authz.actions.CredPrint; +import com.att.authz.actions.FADelete; +import com.att.authz.actions.FAPrint; +import com.att.authz.actions.Key; +import com.att.authz.actions.URDelete; +import com.att.authz.actions.URFutureApprove; +import com.att.authz.actions.URFuturePrint; +import com.att.authz.actions.URPrint; +import com.att.authz.env.AuthzTrans; +import com.att.authz.helpers.Cred; +import com.att.authz.helpers.Cred.Instance; +import com.att.authz.helpers.Future; +import com.att.authz.helpers.Notification; +import com.att.authz.helpers.UserRole; +import com.att.authz.layer.Result; +import com.att.authz.org.Organization.Identity; +import com.att.dao.aaf.cass.CredDAO; +import org.onap.aaf.inno.env.APIException; +import org.onap.aaf.inno.env.Env; +import org.onap.aaf.inno.env.TimeTaken; + +public class Expiring extends Batch { + + private final Action<UserRole,Void> urDelete,urPrint; + private final Action<UserRole,List<Identity>> urFutureApprove; + private final Action<CredDAO.Data,Void> crDelete,crPrint; + private final Action<Future,Void> faDelete; +// private final Email email; + private final Key<UserRole> memoKey; + + public Expiring(AuthzTrans trans) throws APIException, IOException { + super(trans.env()); + trans.info().log("Starting Connection Process"); + TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB); + try { + urPrint = new URPrint("Expired:"); + crPrint = new CredPrint("Expired:"); + + URFutureApprove ufr = new URFutureApprove(trans,cluster); + memoKey = ufr; + + if(isDryRun()) { + urDelete = new URPrint("Would Delete:"); + // While Testing +// urFutureApprove = ufr; + urFutureApprove = new URFuturePrint("Would setup Future/Approvals"); + crDelete = new CredPrint("Would Delete:"); + faDelete = new FAPrint("Would Delete:"); +// email = new EmailPrint(); + + TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE); + try { + session = cluster.connect(); + } finally { + tt.done(); + } + + } else { + TimeTaken tt = trans.start("Connect to Cluster with DAOs", Env.REMOTE); + try { + ActionDAO<UserRole,Void> adao; + urDelete = adao = new URDelete(trans, cluster); + urFutureApprove = new URFutureApprove(trans,adao); + faDelete = new FADelete(trans, adao); + + crDelete = new CredDelete(trans, adao); +// email = new Email(); + TimeTaken tt2 = trans.start("Connect to Cluster", Env.REMOTE); + try { + session = adao.getSession(trans); + } finally { + tt2.done(); + } + } finally { + tt.done(); + } + } + + UserRole.load(trans, session, UserRole.v2_0_11); + Cred.load(trans, session); + Notification.load(trans, session, Notification.v2_0_14); + Future.load(trans,session,Future.v2_0_15); + } finally { + tt0.done(); + } + } + + @Override + protected void run(AuthzTrans trans) { + // Setup Date boundaries + Date now = new Date(); + GregorianCalendar gc = new GregorianCalendar(); + gc.setTime(now); + gc.add(GregorianCalendar.MONTH, 1); + Date future = gc.getTime(); + gc.setTime(now); + gc.add(GregorianCalendar.MONTH, -1); + Date tooLate = gc.getTime(); + int count = 0, deleted=0; + +// List<Notification> ln = new ArrayList<Notification>(); + TimeTaken tt; + + // Run for Expired Futures + trans.info().log("Checking for Expired Futures"); + tt = trans.start("Delete old Futures", Env.REMOTE); + try { + List<Future> delf = new ArrayList<Future>(); + for(Future f : Future.data) { + AuthzTrans localTrans = env.newTransNoAvg(); + if(f.expires.before(now)) { + faDelete.exec(localTrans, f); + delf.add(f); + } + } + Future.delete(delf); + } finally { + tt.done(); + } + + // Run for Roles + trans.info().log("Checking for Expired Roles"); + try { + for(UserRole ur : UserRole.data) { + AuthzTrans localTrans = env.newTransNoAvg(); + if(ur.expires.before(tooLate)) { + if("owner".equals(ur.rname)) { // don't delete Owners, even if Expired + urPrint.exec(localTrans,ur); + } else { + urDelete.exec(localTrans,ur); + ++deleted; + trans.logAuditTrail(trans.info()); + } + ++count; + } else if(ur.expires.before(future)) { + List<Future> fbm = Future.byMemo.get(memoKey.key(ur)); + if(fbm==null || fbm.isEmpty()) { + Result<List<Identity>> rapprovers = urFutureApprove.exec(localTrans, ur); + if(rapprovers.isOK()) { + for(Identity ou : rapprovers.value) { +// Notification n = Notification.addApproval(localTrans,ou); +// if(n.org==null) { +// n.org = getOrgFromID(localTrans, ur.user); +// } +// ln.add(n); + urPrint.exec(localTrans,ur); + if(isDryRun()) { + trans.logAuditTrail(trans.info()); + } + } + } + } + ++count; + } + } + } finally { + env.info().log("Found",count,"roles expiring before",future); + env.info().log("deleting",deleted,"roles expiring before",tooLate); + } + +// // Email Approval Notification +// email.subject("AAF Role Expiration Warning (ENV: %s)", batchEnv); +// email.indent(""); +// for(Notification n: ln) { +// if(n.org==null) { +// trans.error().log("No Organization for Notification"); +// } else if(n.update(trans, session, isDryRun())) { +// email.clear(); +// email.addTo(n.user); +// email.line(n.text(new StringBuilder()).toString()); +// email.exec(trans,n.org); +// } +// } + // Run for Creds + trans.info().log("Checking for Expired Credentials"); + System.out.flush(); + count = 0; + try { + CredDAO.Data crd = new CredDAO.Data(); + Date last = null; + for( Cred creds : Cred.data.values()) { + AuthzTrans localTrans = env.newTransNoAvg(); + crd.id = creds.id; + for(int type : creds.types()) { + crd.type = type; + for( Instance inst : creds.instances) { + if(inst.expires.before(tooLate)) { + crd.expires = inst.expires; + crDelete.exec(localTrans, crd); + } else if(last==null || inst.expires.after(last)) { + last = inst.expires; + } + } + if(last!=null) { + if(last.before(future)) { + crd.expires = last; + crPrint.exec(localTrans, crd); + ++count; + } + } + } + } + } finally { + env.info().log("Found",count,"current creds expiring before",future); + } + + } + + @Override + protected void _close(AuthzTrans trans) { + aspr.info("End " + this.getClass().getSimpleName() + " processing" ); + for(Action<?,?> action : new Action<?,?>[] {urDelete,crDelete}) { + if(action instanceof ActionDAO) { + ((ActionDAO<?,?>)action).close(trans); + } + } + session.close(); + } + +} |