summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/ExpireRange.java6
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyURBody.java124
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyURBody.java37
-rw-r--r--cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AAFTrustChecker.java9
-rw-r--r--cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_EpiTaf.java19
-rw-r--r--docs/sections/configuration/onboard.rst7
6 files changed, 22 insertions, 180 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/ExpireRange.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/ExpireRange.java
index cbfad7b9..f742a465 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/ExpireRange.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/ExpireRange.java
@@ -71,13 +71,15 @@ public class ExpireRange {
lcred.add(delRange);
lx509.add(delRange);
-
lcred.add(new Range(ONE_WEEK ,3,-1,1,0,0,GregorianCalendar.WEEK_OF_MONTH,1));
lcred.add(new Range(TWO_WEEK ,2,-1,-1,GregorianCalendar.WEEK_OF_MONTH,1,GregorianCalendar.WEEK_OF_MONTH,2));
lcred.add(new Range(ONE_MONTH,1,7,7,GregorianCalendar.WEEK_OF_MONTH,2,GregorianCalendar.MONTH,1));
lcred.add(new Range(TWO_MONTH,1,-1,-1,GregorianCalendar.MONTH,1,GregorianCalendar.MONTH,2));
- lur.add( new Range(ONE_MONTH,1,-1,-1,GregorianCalendar.WEEK_OF_MONTH,2,GregorianCalendar.MONTH,1));
+ lur.add( new Range(ONE_MONTH,1,-1,-1,0,0,GregorianCalendar.MONTH,1));
+ // Comment out until we can get some more clear actions in place for GUI
+ // lur.add( new Range(ONE_MONTH,1,-1,-1,GregorianCalendar.WEEK_OF_MONTH,2,GregorianCalendar.MONTH,1));
+ // lur.add( new Range(ONE_WEEK,2,-1,1,0,0,GregorianCalendar.WEEK_OF_MONTH,1));
lx509.add(new Range(ONE_MONTH,1,-1,-1,GregorianCalendar.WEEK_OF_MONTH,2,GregorianCalendar.MONTH,1));
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyURBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyURBody.java
deleted file mode 100644
index 20ba8166..00000000
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/NotifyURBody.java
+++ /dev/null
@@ -1,124 +0,0 @@
-/**
- * ============LICENSE_START====================================================
- * org.onap.aaf
- * ===========================================================================
- * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
- * ===========================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END====================================================
- *
- */
-package org.onap.aaf.auth.batch.reports.bodies;
-
-import java.io.IOException;
-import java.util.Date;
-import java.util.List;
-
-import org.onap.aaf.auth.batch.helpers.LastNotified;
-import org.onap.aaf.auth.batch.reports.Notify;
-import org.onap.aaf.auth.env.AuthzTrans;
-import org.onap.aaf.auth.org.Organization.Identity;
-import org.onap.aaf.auth.org.OrganizationException;
-import org.onap.aaf.cadi.Access;
-import org.onap.aaf.misc.env.util.Chrono;
-
-public abstract class NotifyURBody extends NotifyBody {
-
- private final String explanation;
- public NotifyURBody(Access access, String name) throws IOException {
- super(access,"ur",name);
-
- // Default
- explanation = "The Roles for the IDs associated with you will expire on the dates shown. "
- + "If the role membership is allowed to expire, "
- + "the ID will no longer have the permissions associated with that role.<br><br>"
- + "It is the responsibility of the Designated Approvers to approve, but you can monitor "
- + "their progress by clicking the ID Link.";
- }
-
- @Override
- public boolean body(AuthzTrans trans, StringBuilder sb, int indent, Notify n, String id) {
- String fullname = "n/a";
- String kind = "Name";
- try {
- Identity identity = trans.org().getIdentity(trans, id);
- if(identity==null) {
- trans.warn().printf("Cannot find %s in Organization",id);
- } else {
- fullname = identity.fullName();
- if(!identity.isPerson()) {
- if((identity = identity.responsibleTo())!=null) {
- kind = "AppID Sponsor";
- fullname = identity.fullName();
- }
- }
- }
- } catch (OrganizationException e) {
- trans.error().log(e);
- fullname = "n/a";
- }
- println(sb,indent,explanation);
- println(sb,indent,"<br><br>");
- println(sb,indent,"<table>");
- indent+=2;
- println(sb,indent,"<tr>");
- indent+=2;
- println(sb,indent,"<th>"+kind+"</th>");
- println(sb,indent,"<th>Fully Qualified ID</th>");
- println(sb,indent,"<th>Role</th>");
- println(sb,indent,"<th>Expires</th>");
- indent-=2;
- println(sb,indent,"</tr>");
-
- String name = null;
- String fqi = null;
- for(List<String> row : rows.get(id)) {
- println(sb,indent,"<tr>");
- indent+=2;
- name = printCell(sb,indent,fullname,name);
- String rid = row.get(1);
- String fqiCell = "<a href=\"" + gui_url + "/myrequests\">" + rid + "</a>";
- fqi = printCell(sb,indent,fqiCell,fqi);
- printCell(sb,indent,row.get(2));
- Date expires = new Date(Long.parseLong(row.get(6)));
- printCell(sb,indent,Chrono.niceUTCStamp(expires));
- indent-=2;
- println(sb,indent,"</tr>");
- }
- indent-=2;
- println(sb,indent,"</table>");
-
- return true;
- }
-
-
- @Override
- public void record(AuthzTrans trans, StringBuilder query, String id, List<String> notified, LastNotified ln) {
- for(List<String> row : rows.get(id)) {
- for(String n : notified) {
- // Need to match LastNotified Key ... ur.user() + '|'+ur.role();
- ln.update(query, n, row.get(0), row.get(1)+'|'+row.get(2));
- }
- }
- }
-
- @Override
- public String user(List<String> row) {
- if( (row != null) && row.size()>1) {
- return row.get(1);
- }
- return null;
- }
-
-
-}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyURBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyURBody.java
deleted file mode 100644
index 5392c187..00000000
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneMonthNotifyURBody.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/**
- * ============LICENSE_START====================================================
- * org.onap.aaf
- * ===========================================================================
- * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
- * ===========================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END====================================================
- *
- */
-package org.onap.aaf.auth.batch.reports.bodies;
-
-import java.io.IOException;
-
-import org.onap.aaf.auth.batch.helpers.ExpireRange;
-import org.onap.aaf.cadi.Access;
-
-public class OneMonthNotifyURBody extends NotifyURBody {
- public OneMonthNotifyURBody(Access access) throws IOException {
- super(access, ExpireRange.ONE_MONTH);
- }
-
- @Override
- public String subject() {
- return String.format("AAF One Month UserRole Notification (ENV: %s)",env);
- }
-}
diff --git a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AAFTrustChecker.java b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AAFTrustChecker.java
index f21aad6f..dddb85a0 100644
--- a/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AAFTrustChecker.java
+++ b/cadi/aaf/src/test/java/org/onap/aaf/cadi/aaf/v2_0/test/JU_AAFTrustChecker.java
@@ -25,16 +25,15 @@ import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
import static org.mockito.Mockito.when;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.Mock;
-import org.mockito.MockitoAnnotations;
-
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import javax.servlet.http.HttpServletRequest;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.Lur;
import org.onap.aaf.cadi.PropAccess;
diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_EpiTaf.java b/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_EpiTaf.java
index ed4591d4..08602cb0 100644
--- a/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_EpiTaf.java
+++ b/cadi/core/src/test/java/org/onap/aaf/cadi/taf/test/JU_EpiTaf.java
@@ -22,22 +22,23 @@
package org.onap.aaf.cadi.taf.test;
-import static org.hamcrest.CoreMatchers.is;
-import static org.junit.Assert.assertThat;
+import static org.junit.Assert.*;
+import static org.hamcrest.CoreMatchers.*;
+import org.junit.*;
import java.io.IOException;
-import org.junit.Test;
import org.onap.aaf.cadi.Access;
import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.cadi.Taf;
-import org.onap.aaf.cadi.Taf.LifeForm;
-import org.onap.aaf.cadi.principal.TaggedPrincipal;
-import org.onap.aaf.cadi.taf.EpiTaf;
-import org.onap.aaf.cadi.taf.NullTaf;
import org.onap.aaf.cadi.taf.TafResp;
import org.onap.aaf.cadi.taf.TafResp.RESP;
+import org.onap.aaf.cadi.taf.EpiTaf;
+import org.onap.aaf.cadi.taf.NullTaf;
+import org.onap.aaf.cadi.Taf.LifeForm;
+import org.onap.aaf.cadi.principal.TaggedPrincipal;
+
public class JU_EpiTaf {
@Test(expected = CadiException.class)
@@ -75,7 +76,7 @@ public class JU_EpiTaf {
@Override public RESP isAuthenticated() { return RESP.TRY_ANOTHER_TAF; }
@Override public RESP authenticate() throws IOException { return null; }
@Override public TaggedPrincipal getPrincipal() { return null; }
- @Override public Access getAccess() { return Access.NULL; }
+ @Override public Access getAccess() { return null; }
@Override public boolean isFailedAttempt() { return false; }
@Override public float timing() { return 0; }
@Override public void timing(long start) {}
@@ -92,7 +93,7 @@ public class JU_EpiTaf {
@Override public RESP isAuthenticated() { return RESP.TRY_AUTHENTICATING; }
@Override public RESP authenticate() throws IOException { return null; }
@Override public TaggedPrincipal getPrincipal() { return null; }
- @Override public Access getAccess() { return Access.NULL; }
+ @Override public Access getAccess() { return null; }
@Override public boolean isFailedAttempt() { return false; }
@Override public float timing() { return 0; }
@Override public void timing(long start) {}
diff --git a/docs/sections/configuration/onboard.rst b/docs/sections/configuration/onboard.rst
index 6e565c80..6f80e6e9 100644
--- a/docs/sections/configuration/onboard.rst
+++ b/docs/sections/configuration/onboard.rst
@@ -27,7 +27,8 @@ Create "As Cert Artifact"
(show web page)
From GUI
-role create org.onap.ngi.service ngi@ngi.onap.org
-perm grant org.onap.ngi.access|*|* org.onap.ngi.service
+ role create org.onap.ngi.service ngi@ngi.onap.org
-<Link to Certificates>
+ perm grant org.onap.ngi.access|*|* org.onap.ngi.service
+
+See Certificate Documentation for adding Certificate Artifacts.