diff options
6 files changed, 34 insertions, 13 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java index 5cab5297..227717b7 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java @@ -57,6 +57,7 @@ import org.onap.aaf.auth.batch.helpers.X509; import org.onap.aaf.auth.dao.cass.CredDAO; import org.onap.aaf.auth.dao.cass.UserRoleDAO; import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.org.Organization.Expiration; import org.onap.aaf.auth.org.Organization.Identity; import org.onap.aaf.auth.org.OrganizationException; import org.onap.aaf.cadi.configure.Factory; @@ -392,12 +393,33 @@ public class Analyze extends Batch { } return; } + if(org.isRevoked(trans, ur.user())) { + GregorianCalendar gc = new GregorianCalendar(); + gc.setTime(ur.expires()); + GregorianCalendar gracePeriodEnds = org.expiration(gc, Expiration.RevokedGracePeriodEnds, ur.user()); + if(now.after(gracePeriodEnds.getTime())) { + ur.row(deleteCW, UserRole.UR,"Revoked ID, no grace period left"); + } else { + ur.row(notCompliantCW, UserRole.UR, "Revoked ID: WARNING! GracePeriod Ends " + gracePeriodEnds.toString()); + } + return; + } ur.row(deleteCW, UserRole.UR,"Not in Organization"); return; } else if(Role.byName.get(ur.role())==null) { ur.row(deleteCW, UserRole.UR,String.format("Role %s does not exist", ur.role())); return; + // Make sure owners can still be owners. + } else if(ur.role().endsWith(".owner")) { + String err = identity.mayOwn(); + if(err!=null) { + ur.row(deleteCW, UserRole.UR,String.format("%s may not be an owner: %s",ur.user(),err)); + return; + } } + + + // Just let expired UserRoles sit until deleted if(futureRange.inRange(ur.expires())&&(!mur.containsKey(ur.user() + '|' + ur.role()))) { // Cannot just delete owners, unless there is at least one left. Process later diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java index 408a17bc..f346f7dd 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java @@ -26,11 +26,9 @@ import java.io.File; import java.io.IOException; import java.util.Date; import java.util.GregorianCalendar; -import java.util.Iterator; import java.util.List; -import java.util.Map; -import java.util.TreeMap; import java.util.UUID; + import org.onap.aaf.auth.batch.Batch; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.org.OrganizationException; @@ -42,11 +40,6 @@ import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.util.Chrono; import org.onap.aaf.misc.env.util.Split; -import com.datastax.driver.core.ResultSet; -import com.datastax.driver.core.Row; -import com.datastax.driver.core.SimpleStatement; -import com.datastax.driver.core.Statement; - public class ApprovedRpt extends Batch { diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java index 73093099..95f37859 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java @@ -214,7 +214,8 @@ public interface Organization { Future, UserInRole, UserDelegate, - ExtendPassword + ExtendPassword, + RevokedGracePeriodEnds } public enum Policy { diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java index 70b3324a..2440e02e 100644 --- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java +++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java @@ -515,6 +515,10 @@ public class DefaultOrg implements Organization { now.add(GregorianCalendar.MONTH, 6); rv = now; break; + case RevokedGracePeriodEnds: + now.add(GregorianCalendar.DATE, 3); + rv = now; + break; default: // Unless other wise set, 6 months is default now.add(GregorianCalendar.MONTH, 6); diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java index 0cebaa77..df2c0764 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java @@ -30,7 +30,6 @@ import java.io.IOException; import java.io.InputStream; import java.io.PrintStream; import java.io.PrintWriter; -import java.io.StringBufferInputStream; import java.io.StringWriter; import java.text.DateFormat; import java.text.SimpleDateFormat; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java index a231b393..2bea195e 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/config/Config.java @@ -73,6 +73,8 @@ public class Config { private static final String AAF_V2_0 = "org.onap.aaf.cadi.aaf.v2_0"; private static final String AAF_V2_0_AAFCON = AAF_V2_0+".AAFCon"; private static final String AAF_V2_0_AAF_LUR_PERM = AAF_V2_0+".AAFLurPerm"; + public static final String AAF_V2_0_AAF_CON_HTTP = AAF_V2_0+".AAFConHttp"; + private static final String OAUTH = "org.onap.auth.oauth"; private static final String OAUTH_TOKEN_MGR = OAUTH+".TokenMgr"; private static final String OAUTH_HTTP_TAF = OAUTH+".OAuth2HttpTaf"; @@ -256,7 +258,6 @@ public class Config { public static final String AAF_ALT_CLIENT_SECRET = "aaf_alt_oauth2_client_secret"; public static final String AAF_OAUTH2_HELLO_URL = "aaf_oauth2_hello_url"; - private static final String AAF_V2_0_AAF_CON_HTTP = "org.onap.aaf.cadi.aaf.v2_0.AAFConHttp"; public static void setDefaultRealm(Access access) { @@ -782,7 +783,8 @@ public class Config { return false; } - public static Object loadAAFConnector(SecurityInfoC<HttpURLConnection> si, String aafURL) { + @SuppressWarnings("unchecked") + public static Object loadAAFConnector(SecurityInfoC<?> si, String aafURL) { Access access = si.access; Object aafcon = null; Class<?> aafConClass = null; @@ -799,7 +801,7 @@ public class Config { if (pc.equals(Access.class)) { lo.add(access); } else if (pc.equals(Locator.class)) { - lo.add(loadLocator(si, aafURL)); + lo.add(loadLocator((SecurityInfoC<HttpURLConnection>)si, aafURL)); } } if (c.getParameterTypes().length != lo.size()) { |