diff options
Diffstat (limited to 'auth/auth-batch')
5 files changed, 87 insertions, 70 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/actions/URFutureApproveExec.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/actions/URFutureApproveExec.java index 635efef0..acbadca7 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/actions/URFutureApproveExec.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/actions/URFutureApproveExec.java @@ -75,7 +75,7 @@ public class URFutureApproveExec extends ActionDAO<List<Approval>, OP_STATUS, Fu new Lookup<UserRoleDAO.Data>() { @Override public UserRoleDAO.Data get(AuthzTrans trans, Object ... keys) { - List<UserRole> lur = UserRole.byUser.get(keys[0]); + List<UserRole> lur = UserRole.getByUser().get(keys[0]); if(lur!=null) { for(UserRole ur : lur) { if(ur.role().equals(keys[1])) { diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/UserRole.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/UserRole.java index a289fe00..288211e6 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/UserRole.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/helpers/UserRole.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -26,6 +26,7 @@ import java.util.ArrayList; import java.util.Date; import java.util.Iterator; import java.util.List; +import java.util.SortedMap; import java.util.TreeMap; import org.onap.aaf.auth.actions.URDelete; @@ -44,16 +45,36 @@ import com.datastax.driver.core.SimpleStatement; import com.datastax.driver.core.Statement; public class UserRole implements Cloneable, CacheChange.Data { - public static final List<UserRole> data = new ArrayList<>(); - public static final TreeMap<String,List<UserRole>> byUser = new TreeMap<>(); - public static final TreeMap<String,List<UserRole>> byRole = new TreeMap<>(); - private final static CacheChange<UserRole> cache = new CacheChange<>(); - private static PrintStream urDelete=System.out,urRecover=System.err; + + private static final String SEPARATOR = "\",\""; + + // CACHE Calling + private static final String LOG_FMT = "%s UserRole - %s: %s-%s (%s, %s) expiring %s"; + private static final String REPLAY_FMT = "%s|%s|%s|%s|%s\n"; + private static final String DELETE_FMT = "# %s\n"+ REPLAY_FMT; + + private static final List<UserRole> data = new ArrayList<>(); + private static final SortedMap<String,List<UserRole>> byUser = new TreeMap<>(); + private static final SortedMap<String,List<UserRole>> byRole = new TreeMap<>(); + private static final CacheChange<UserRole> cache = new CacheChange<>(); + private static PrintStream urDelete = System.out; + private static PrintStream urRecover = System.err; private static int totalLoaded; - private static int deleted; - + private int deleted; private Data urdd; + public static final Creator<UserRole> v2_0_11 = new Creator<UserRole>() { + @Override + public UserRole create(Row row) { + return new UserRole(row.getString(0), row.getString(1), row.getString(2),row.getString(3),row.getTimestamp(4)); + } + + @Override + public String select() { + return "select user,role,ns,rname,expires from authz.user_role"; + } + }; + public UserRole(String user, String ns, String rname, Date expires) { urdd = new UserRoleDAO.Data(); urdd.user = user; @@ -72,6 +93,18 @@ public class UserRole implements Cloneable, CacheChange.Data { urdd.expires = expires; } + public static List<UserRole> getData() { + return data; + } + + public static SortedMap<String, List<UserRole>> getByUser() { + return byUser; + } + + public static SortedMap<String, List<UserRole>> getByRole() { + return byRole; + } + public static void load(Trans trans, Session session, Creator<UserRole> creator ) { load(trans,session,creator,null); } @@ -87,9 +120,9 @@ public class UserRole implements Cloneable, CacheChange.Data { private static void load(Trans trans, Session session, Creator<UserRole> creator, String where) { String query = creator.query(where); trans.info().log( "query: " + query ); - TimeTaken tt = trans.start("Read UserRoles", Env.REMOTE); - - ResultSet results; + TimeTaken tt = trans.start("Read UserRoles", Env.REMOTE); + + ResultSet results; try { Statement stmt = new SimpleStatement( query ); results = session.execute(stmt); @@ -97,30 +130,9 @@ public class UserRole implements Cloneable, CacheChange.Data { tt.done(); } try { - Iterator<Row> iter = results.iterator(); - Row row; tt = trans.start("Load UserRole", Env.SUB); try { - while(iter.hasNext()) { - ++totalLoaded; - row = iter.next(); - UserRole ur = creator.create(row); - data.add(ur); - - List<UserRole> lur = byUser.get(ur.urdd.user); - if(lur==null) { - lur = new ArrayList<>(); - byUser.put(ur.urdd.user, lur); - } - lur.add(ur); - - lur = byRole.get(ur.urdd.role); - if(lur==null) { - lur = new ArrayList<>(); - byRole.put(ur.urdd.role, lur); - } - lur.add(ur); - } + iterateResults(creator, results.iterator()); } finally { tt.done(); } @@ -128,7 +140,31 @@ public class UserRole implements Cloneable, CacheChange.Data { trans.info().log("Loaded",totalLoaded,"UserRoles"); } } - + + private static void iterateResults(Creator<UserRole> creator, Iterator<Row> iter ) { + Row row; + while(iter.hasNext()) { + ++totalLoaded; + row = iter.next(); + UserRole ur = creator.create(row); + data.add(ur); + + List<UserRole> lur = byUser.get(ur.urdd.user); + if(lur==null) { + lur = new ArrayList<>(); + byUser.put(ur.urdd.user, lur); + } + lur.add(ur); + + lur = byRole.get(ur.urdd.role); + if(lur==null) { + lur = new ArrayList<>(); + byRole.put(ur.urdd.role, lur); + } + lur.add(ur); + } + } + public int totalLoaded() { return totalLoaded; } @@ -174,26 +210,13 @@ public class UserRole implements Cloneable, CacheChange.Data { } } - - public static Creator<UserRole> v2_0_11 = new Creator<UserRole>() { - @Override - public UserRole create(Row row) { - return new UserRole(row.getString(0), row.getString(1), row.getString(2),row.getString(3),row.getTimestamp(4)); - } - - @Override - public String select() { - return "select user,role,ns,rname,expires from authz.user_role"; - } - }; - public UserRoleDAO.Data urdd() { return urdd; } public String user() { return urdd.user; - }; + } public String role() { return urdd.role; @@ -215,16 +238,16 @@ public class UserRole implements Cloneable, CacheChange.Data { urdd.expires = time; } - - public String toString() { - return "\"" + urdd.user + "\",\"" + urdd.role + "\",\"" + urdd.ns + "\",\"" + urdd.rname + "\",\""+ Chrono.dateOnlyStamp(urdd.expires); + return "\"" + urdd.user + SEPARATOR + urdd.role + SEPARATOR + urdd.ns + SEPARATOR + urdd.rname + SEPARATOR + + Chrono.dateOnlyStamp(urdd.expires); } public static UserRole get(String u, String r) { List<UserRole> lur = byUser.get(u); if(lur!=null) { for(UserRole ur : lur) { + if(ur.urdd.role.equals(r)) { return ur; } @@ -232,23 +255,18 @@ public class UserRole implements Cloneable, CacheChange.Data { } return null; } - - // CACHE Calling - private static final String logfmt = "%s UserRole - %s: %s-%s (%s, %s) expiring %s"; - private static final String replayfmt = "%s|%s|%s|%s|%s\n"; - private static final String deletefmt = "# %s\n"+replayfmt; - + // SAFETY - DO NOT DELETE USER ROLES DIRECTLY FROM BATCH FILES!!! // We write to a file, and validate. If the size is iffy, we email Support public void delayDelete(AuthzTrans trans, String text, boolean dryRun) { String dt = Chrono.dateTime(urdd.expires); if(dryRun) { - trans.info().printf(logfmt,text,"Would Delete",urdd.user,urdd.role,urdd.ns,urdd.rname,dt); + trans.info().printf(LOG_FMT,text,"Would Delete",urdd.user,urdd.role,urdd.ns,urdd.rname,dt); } else { - trans.info().printf(logfmt,text,"Staged Deletion",urdd.user,urdd.role,urdd.ns,urdd.rname,dt); + trans.info().printf(LOG_FMT,text,"Staged Deletion",urdd.user,urdd.role,urdd.ns,urdd.rname,dt); } - urDelete.printf(deletefmt,text,urdd.user,urdd.role,dt,urdd.ns,urdd.rname); - urRecover.printf(replayfmt,urdd.user,urdd.role,dt,urdd.ns,urdd.rname); + urDelete.printf(DELETE_FMT,text,urdd.user,urdd.role,dt,urdd.ns,urdd.rname); + urRecover.printf(REPLAY_FMT,urdd.user,urdd.role,dt,urdd.ns,urdd.rname); cache.delayedDelete(this); ++deleted; @@ -278,5 +296,4 @@ public class UserRole implements Cloneable, CacheChange.Data { cache.resetLocalData(); } - }
\ No newline at end of file diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/reports/ExpiringNext.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/reports/ExpiringNext.java index 8e0257fd..67282915 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/reports/ExpiringNext.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/reports/ExpiringNext.java @@ -76,7 +76,7 @@ public class ExpiringNext extends Batch { List<String> expiring = new ArrayList<>(); trans.info().log("Checking for Expired UserRoles"); - for(UserRole ur : UserRole.data) { + for(UserRole ur : UserRole.getData()) { if(ur.expires().after(now)) { if(ur.expires().before(twoWeeks)) { expiring.add(Chrono.dateOnlyStamp(ur.expires()) + ":\t" + ur.user() + '\t' + ur.role()); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/update/Expiring.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/update/Expiring.java index f3388326..e12a452a 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/update/Expiring.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/update/Expiring.java @@ -305,7 +305,7 @@ public class Expiring extends Batch { // Make sure Owner Role exists String owner = role.ns + ".owner"; if(Role.byName.containsKey(owner)) { - List<UserRole> lur = UserRole.byRole.get(owner); + List<UserRole> lur = UserRole.getByRole().get(owner); if(lur != null) { for(UserRole ur : lur) { if(ur.user().equals(app.getApprover())) { @@ -360,7 +360,7 @@ public class Expiring extends Batch { // Run for User Roles trans.info().log("Checking for Expired User Roles"); try { - for(UserRole ur : UserRole.data) { + for(UserRole ur : UserRole.getData()) { if(org.getIdentity(noAvg, ur.user())==null) { // if not part of Organization; if(isSpecial(ur.user())) { trans.info().log(ur.user(),"is not part of organization, but may not be deleted"); @@ -421,11 +421,11 @@ public class Expiring extends Batch { if(UserRole.sizeForDeletion()>0) { count+=UserRole.sizeForDeletion(); double onePercent = 0.01; - if(((double)UserRole.sizeForDeletion())/UserRole.data.size() > onePercent) { + if(((double)UserRole.sizeForDeletion())/UserRole.getData().size() > onePercent) { Message msg = new Message(); try { msg.line("Found %d of %d UserRoles marked for Deletion in file %s", - delayedURDeletes,UserRole.data.size(),deletesFile.getCanonicalPath()); + delayedURDeletes,UserRole.getData().size(),deletesFile.getCanonicalPath()); } catch (IOException e) { msg.line("Found %d of %d UserRoles marked for Deletion.\n", delayedURDeletes); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/update/NotifyCredExpiring.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/update/NotifyCredExpiring.java index c9f04f73..fe8f16d9 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/update/NotifyCredExpiring.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/update/NotifyCredExpiring.java @@ -142,7 +142,7 @@ public class NotifyCredExpiring extends Batch { for(Cred c : es.getValue()) { last = c.last(CredDAO.BASIC_AUTH,CredDAO.BASIC_AUTH_SHA256); if(last!=null && last.after(tooLate) && last.before(early)) { - List<UserRole> ownerURList = UserRole.byRole.get(es.getKey()+".owner"); + List<UserRole> ownerURList = UserRole.getByRole().get(es.getKey()+".owner"); if(ownerURList!=null) { for(UserRole ur:ownerURList) { String owner = ur.user(); |