summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java22
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java9
-rw-r--r--auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java3
-rw-r--r--auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java4
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java1
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java8
6 files changed, 34 insertions, 13 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
index 5cab5297..227717b7 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
@@ -57,6 +57,7 @@ import org.onap.aaf.auth.batch.helpers.X509;
import org.onap.aaf.auth.dao.cass.CredDAO;
import org.onap.aaf.auth.dao.cass.UserRoleDAO;
import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.org.Organization.Expiration;
import org.onap.aaf.auth.org.Organization.Identity;
import org.onap.aaf.auth.org.OrganizationException;
import org.onap.aaf.cadi.configure.Factory;
@@ -392,12 +393,33 @@ public class Analyze extends Batch {
}
return;
}
+ if(org.isRevoked(trans, ur.user())) {
+ GregorianCalendar gc = new GregorianCalendar();
+ gc.setTime(ur.expires());
+ GregorianCalendar gracePeriodEnds = org.expiration(gc, Expiration.RevokedGracePeriodEnds, ur.user());
+ if(now.after(gracePeriodEnds.getTime())) {
+ ur.row(deleteCW, UserRole.UR,"Revoked ID, no grace period left");
+ } else {
+ ur.row(notCompliantCW, UserRole.UR, "Revoked ID: WARNING! GracePeriod Ends " + gracePeriodEnds.toString());
+ }
+ return;
+ }
ur.row(deleteCW, UserRole.UR,"Not in Organization");
return;
} else if(Role.byName.get(ur.role())==null) {
ur.row(deleteCW, UserRole.UR,String.format("Role %s does not exist", ur.role()));
return;
+ // Make sure owners can still be owners.
+ } else if(ur.role().endsWith(".owner")) {
+ String err = identity.mayOwn();
+ if(err!=null) {
+ ur.row(deleteCW, UserRole.UR,String.format("%s may not be an owner: %s",ur.user(),err));
+ return;
+ }
}
+
+
+
// Just let expired UserRoles sit until deleted
if(futureRange.inRange(ur.expires())&&(!mur.containsKey(ur.user() + '|' + ur.role()))) {
// Cannot just delete owners, unless there is at least one left. Process later
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java
index 408a17bc..f346f7dd 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java
@@ -26,11 +26,9 @@ import java.io.File;
import java.io.IOException;
import java.util.Date;
import java.util.GregorianCalendar;
-import java.util.Iterator;
import java.util.List;
-import java.util.Map;
-import java.util.TreeMap;
import java.util.UUID;
+
import org.onap.aaf.auth.batch.Batch;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.org.OrganizationException;
@@ -42,11 +40,6 @@ import org.onap.aaf.misc.env.TimeTaken;
import org.onap.aaf.misc.env.util.Chrono;
import org.onap.aaf.misc.env.util.Split;
-import com.datastax.driver.core.ResultSet;
-import com.datastax.driver.core.Row;
-import com.datastax.driver.core.SimpleStatement;
-import com.datastax.driver.core.Statement;
-
public class ApprovedRpt extends Batch {
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
index 73093099..95f37859 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
@@ -214,7 +214,8 @@ public interface Organization {
Future,
UserInRole,
UserDelegate,
- ExtendPassword
+ ExtendPassword,
+ RevokedGracePeriodEnds
}
public enum Policy {
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
index 70b3324a..2440e02e 100644
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -515,6 +515,10 @@ public class DefaultOrg implements Organization {
now.add(GregorianCalendar.MONTH, 6);
rv = now;
break;
+ case RevokedGracePeriodEnds:
+ now.add(GregorianCalendar.DATE, 3);
+ rv = now;
+ break;
default:
// Unless other wise set, 6 months is default
now.add(GregorianCalendar.MONTH, 6);
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
index 0cebaa77..df2c0764 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
@@ -30,7 +30,6 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.PrintStream;
import java.io.PrintWriter;
-import java.io.StringBufferInputStream;
import java.io.StringWriter;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
index a231b393..2bea195e 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java
@@ -73,6 +73,8 @@ public class Config {
private static final String AAF_V2_0 = "org.onap.aaf.cadi.aaf.v2_0";
private static final String AAF_V2_0_AAFCON = AAF_V2_0+".AAFCon";
private static final String AAF_V2_0_AAF_LUR_PERM = AAF_V2_0+".AAFLurPerm";
+ public static final String AAF_V2_0_AAF_CON_HTTP = AAF_V2_0+".AAFConHttp";
+
private static final String OAUTH = "org.onap.auth.oauth";
private static final String OAUTH_TOKEN_MGR = OAUTH+".TokenMgr";
private static final String OAUTH_HTTP_TAF = OAUTH+".OAuth2HttpTaf";
@@ -256,7 +258,6 @@ public class Config {
public static final String AAF_ALT_CLIENT_SECRET = "aaf_alt_oauth2_client_secret";
public static final String AAF_OAUTH2_HELLO_URL = "aaf_oauth2_hello_url";
- private static final String AAF_V2_0_AAF_CON_HTTP = "org.onap.aaf.cadi.aaf.v2_0.AAFConHttp";
public static void setDefaultRealm(Access access) {
@@ -782,7 +783,8 @@ public class Config {
return false;
}
- public static Object loadAAFConnector(SecurityInfoC<HttpURLConnection> si, String aafURL) {
+ @SuppressWarnings("unchecked")
+ public static Object loadAAFConnector(SecurityInfoC<?> si, String aafURL) {
Access access = si.access;
Object aafcon = null;
Class<?> aafConClass = null;
@@ -799,7 +801,7 @@ public class Config {
if (pc.equals(Access.class)) {
lo.add(access);
} else if (pc.equals(Locator.class)) {
- lo.add(loadLocator(si, aafURL));
+ lo.add(loadLocator((SecurityInfoC<HttpURLConnection>)si, aafURL));
}
}
if (c.getParameterTypes().length != lo.size()) {