summaryrefslogtreecommitdiffstats
path: root/auth/auth-batch
diff options
context:
space:
mode:
Diffstat (limited to 'auth/auth-batch')
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/Batch.java36
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/CacheTouch.java1
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatch.java13
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Cred.java10
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java8
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java15
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/X509.java24
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java3
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java159
9 files changed, 214 insertions, 55 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/Batch.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/Batch.java
index 3d742167..7920e481 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/Batch.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/Batch.java
@@ -33,6 +33,7 @@ import java.net.URL;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
import java.text.SimpleDateFormat;
+import java.util.ArrayList;
import java.util.GregorianCalendar;
import java.util.HashSet;
import java.util.List;
@@ -51,8 +52,8 @@ import org.onap.aaf.auth.org.Organization;
import org.onap.aaf.auth.org.Organization.Identity;
import org.onap.aaf.auth.org.OrganizationException;
import org.onap.aaf.auth.org.OrganizationFactory;
-import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.Access.Level;
+import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.Env;
@@ -77,6 +78,7 @@ public abstract class Batch {
protected static AuthzEnv env;
protected static Session session;
protected static Set<String> specialNames;
+ protected static List<String> specialDomains;
protected static boolean dryRun;
protected static String batchEnv;
@@ -131,14 +133,18 @@ public abstract class Batch {
// Special names to allow behaviors beyond normal rules
specialNames = new HashSet<>();
+ specialDomains = new ArrayList<>();
String names = env.getProperty( "SPECIAL_NAMES" );
if ( names != null )
{
env.info().log("Loading SPECIAL_NAMES");
- for (String s :names.split(",") )
- {
+ for (String s :names.split(",") ) {
env.info().log("\tspecial: " + s );
- specialNames.add( s.trim() );
+ if(s.indexOf('@')>0) {
+ specialNames.add( s.trim() );
+ } else {
+ specialDomains.add(s.trim());
+ }
}
}
}
@@ -156,13 +162,23 @@ public abstract class Batch {
}
public boolean isSpecial(String user) {
+ if(user==null) {
+ return false;
+ }
if (specialNames != null && specialNames.contains(user)) {
env.info().log("specialName: " + user);
-
return (true);
} else {
- return (false);
+ if(specialDomains!=null) {
+ for(String sd : specialDomains) {
+ if(user.endsWith(sd)) {
+ env.info().log("specialDomain: " + user + " matches " + sd);
+ return (true);
+ }
+ }
+ }
}
+ return (false);
}
@@ -459,16 +475,16 @@ public abstract class Batch {
Class<?> cls;
String classifier = "";
try {
- cls = ClassLoader.getSystemClassLoader().loadClass("org.onap.aaf.auth.update." + toolName);
+ cls = ClassLoader.getSystemClassLoader().loadClass("org.onap.aaf.auth.batch.update." + toolName);
classifier = "Update:";
} catch (ClassNotFoundException e) {
try {
- cls = ClassLoader.getSystemClassLoader().loadClass("org.onap.aaf.auth.reports." + toolName);
+ cls = ClassLoader.getSystemClassLoader().loadClass("org.onap.aaf.auth.batch.reports." + toolName);
classifier = "Report:";
} catch (ClassNotFoundException e2) {
try {
cls = ClassLoader.getSystemClassLoader()
- .loadClass("org.onap.aaf.auth.temp." + toolName);
+ .loadClass("org.onap.aaf.auth.batch.temp." + toolName);
classifier = "Temp Utility:";
} catch (ClassNotFoundException e3) {
cls = null;
@@ -476,7 +492,7 @@ public abstract class Batch {
}
}
if (cls != null) {
- Constructor<?> cnst = cls.getConstructor(new Class[] { AuthzTrans.class });
+ Constructor<?> cnst = cls.getConstructor(AuthzTrans.class);
batch = (Batch) cnst.newInstance(trans);
env.info().log("Begin", classifier, toolName);
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/CacheTouch.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/CacheTouch.java
index a4f4dcf3..94df581b 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/CacheTouch.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/CacheTouch.java
@@ -45,6 +45,7 @@ public class CacheTouch extends ActionDAO<String,Void, String> {
trans.info().printf("Would mark %s cache in DB for clearing: %s",table, text);
return Result.ok();
} else {
+
Result<Void> rv = q.clearCache(trans, table);
trans.info().printf("Set DB Cache %s for clearing: %s",table, text);
return rv;
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatch.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatch.java
index 5df5dcdc..c65026a8 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatch.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/CQLBatch.java
@@ -66,6 +66,17 @@ public class CQLBatch {
} else {
return execute();
}
-
+ }
+
+ public void touch(String table, int begin, int end, boolean dryRun) {
+ StringBuilder sb = begin();
+ for(int i=begin;i<end;++i) {
+ sb.append("UPDATE cache SET touched=dateof(now()) WHERE name='");
+ sb.append(table);
+ sb.append("' AND seg=");
+ sb.append(i);
+ sb.append(";\n");
+ }
+ execute(dryRun);
}
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Cred.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Cred.java
index 979cdf0b..b58506ea 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Cred.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Cred.java
@@ -322,4 +322,14 @@ public class Cred {
return id.equals(obj);
}
+
+ public static String histSubject(List<String> row) {
+ return row.get(1);
+ }
+
+
+ public static String histMemo(String fmt, String orgName, List<String> row) {
+ return String.format(fmt, row.get(1),orgName,row.get(4));
+ }
+
} \ No newline at end of file
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java
index 30069d64..ecf66fed 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java
@@ -321,6 +321,12 @@ public class UserRole implements Cloneable, CacheChange.Data {
sb.append(row.get(3));
sb.append("';\n");
}
-
+ public static String histMemo(String fmt, List<String> row) {
+ return String.format(fmt, row.get(1),row.get(2)+'.'+row.get(3), row.get(4));
+ }
+
+ public static String histSubject(List<String> row) {
+ return row.get(1) + '|' + row.get(2)+'.'+row.get(3);
+ }
} \ No newline at end of file
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java
index a59064ee..17f289a1 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Visitor.java
@@ -22,4 +22,19 @@ package org.onap.aaf.auth.batch.helpers;
public interface Visitor<T> {
void visit(T t);
+
+ public static class Multi<T> implements Visitor<T> {
+ private final Visitor<T>[] visitors;
+ @SafeVarargs
+ public Multi(Visitor<T> ... vs) {
+ visitors = vs;
+ }
+
+ @Override
+ public void visit(T t) {
+ for(Visitor<T> v : visitors) {
+ v.visit(t);
+ }
+ }
+ };
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/X509.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/X509.java
index 8bdcd100..0ffaa8f5 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/X509.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/X509.java
@@ -33,6 +33,7 @@ import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
import org.onap.aaf.misc.env.Trans;
import org.onap.aaf.misc.env.util.Chrono;
+import org.onap.aaf.misc.env.util.Split;
import com.datastax.driver.core.ResultSet;
import com.datastax.driver.core.Row;
@@ -59,7 +60,7 @@ public class X509 {
private static void load(Trans trans, Session session, String query, Visitor<X509> visitor) {
trans.info().log( "query: " + query );
- TimeTaken tt = trans.start("Read Roles", Env.REMOTE);
+ TimeTaken tt = trans.start("Read X509", Env.REMOTE);
ResultSet results;
try {
@@ -116,4 +117,25 @@ public class X509 {
sb.append(";\n");
}
+
+ public static String histSubject(List<String> row) {
+ return row.get(4);
+ }
+
+
+ public static String histMemo(String fmt, List<String> row) {
+ String id="n/a";
+ for(String s : Split.splitTrim(',', row.get(4))) {
+ if(s.startsWith("OU=") && s.indexOf('@')>=0) {
+ int colon = s.indexOf(':');
+ if(colon<0) {
+ colon=s.length();
+ }
+ id=s.substring(3,colon);
+ break;
+ }
+ }
+ return String.format(fmt, "Cert for " + id,"CA " + row.get(1),row.get(3));
+ }
+
} \ No newline at end of file
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java
index 1a7db055..e9fd818d 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java
@@ -80,7 +80,6 @@ public class Expiring extends Batch {
// Load Cred. We don't follow Visitor, because we have to gather up everything into Identity Anyway
Cred.load(trans, session);
- UserRole.load(trans, session, UserRole.v2_0_11, new UserRole.DataLoadVisitor());
minOwners=1;
@@ -100,7 +99,7 @@ public class Expiring extends Batch {
cw.row(INFO,r.name(),Chrono.dateOnlyStamp(expireRange.now),r.reportingLevel());
writerList.put(r.name(),cw);
if("Delete".equals(r.name())) {
- deleteDate = r.getStart();
+ deleteDate = r.getEnd();
}
}
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java
index a884006c..3e1a8df2 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java
@@ -23,15 +23,23 @@ package org.onap.aaf.auth.batch.update;
import java.io.File;
import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Date;
import java.util.List;
import org.onap.aaf.auth.batch.Batch;
import org.onap.aaf.auth.batch.BatchPrincipal;
-import org.onap.aaf.auth.batch.actions.CacheTouch;
import org.onap.aaf.auth.batch.helpers.CQLBatch;
import org.onap.aaf.auth.batch.helpers.Cred;
import org.onap.aaf.auth.batch.helpers.UserRole;
import org.onap.aaf.auth.batch.helpers.X509;
+import org.onap.aaf.auth.dao.CassAccess;
+import org.onap.aaf.auth.dao.cass.CertDAO;
+import org.onap.aaf.auth.dao.cass.CredDAO;
+import org.onap.aaf.auth.dao.cass.HistoryDAO;
+import org.onap.aaf.auth.dao.cass.UserRoleDAO;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.org.OrganizationException;
import org.onap.aaf.cadi.CadiException;
@@ -44,7 +52,7 @@ import org.onap.aaf.misc.env.util.Chrono;
public class Remove extends Batch {
private final AuthzTrans noAvg;
- private CacheTouch cacheTouch;
+ private HistoryDAO historyDAO;
private CQLBatch cqlBatch;
public Remove(AuthzTrans trans) throws APIException, IOException, OrganizationException {
@@ -52,14 +60,14 @@ public class Remove extends Batch {
trans.info().log("Starting Connection Process");
noAvg = env.newTransNoAvg();
- noAvg.setUser(new BatchPrincipal("batch:RemoveExpired"));
+ noAvg.setUser(new BatchPrincipal("Remove"));
TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
try {
- cacheTouch = new CacheTouch(trans, cluster, dryRun);
+ historyDAO = new HistoryDAO(trans, cluster, CassAccess.KEYSPACE);
TimeTaken tt2 = trans.start("Connect to Cluster", Env.REMOTE);
try {
- session = cacheTouch.getSession(trans);
+ session = historyDAO.getSession(trans);
} finally {
tt2.done();
}
@@ -73,52 +81,123 @@ public class Remove extends Batch {
@Override
protected void run(AuthzTrans trans) {
- final int maxBatch = 50;
+ final int maxBatch = 25;
// Create Intermediate Output
File logDir = new File(logDir());
- File expired = new File(logDir,"Delete"+Chrono.dateOnlyStamp()+".csv");
- CSV expiredCSV = new CSV(expired);
- try {
- final StringBuilder sb = cqlBatch.begin();
- final Holder<Integer> hi = new Holder<Integer>(0);
- expiredCSV.visit(new CSV.Visitor() {
- @Override
- public void visit(List<String> row) throws IOException, CadiException {
- int i = hi.get();
- if(i>=maxBatch) {
+ List<File> remove = new ArrayList<>();
+ if(args().length>0) {
+ for(int i=0;i<args().length;++i) {
+ remove.add(new File(logDir, args()[i]));
+ }
+ } else {
+ remove.add(new File(logDir,"Delete"+Chrono.dateOnlyStamp()+".csv"));
+ }
+
+ final Holder<Boolean> ur = new Holder<>(false);
+ final Holder<Boolean> cred = new Holder<>(false);
+ final Holder<Boolean> x509 = new Holder<>(false);
+ final Holder<String> memoFmt = new Holder<String>("");
+ final HistoryDAO.Data hdd = new HistoryDAO.Data();
+ final String orgName = trans.org().getName();
+
+ hdd.action="delete";
+ hdd.reconstruct = ByteBuffer.allocate(0);
+ hdd.user = noAvg.user();
+ SimpleDateFormat sdf = new SimpleDateFormat("yyyyMM");
+ hdd.yr_mon = Integer.parseInt(sdf.format(new Date()));
+
+ try {
+ for(File f : remove) {
+ trans.info().log("Processing ",f.getAbsolutePath(),"for Deletions");
+ if(f.exists()) {
+ CSV removeCSV = new CSV(f);
+
+ try {
+ final StringBuilder sb = cqlBatch.begin();
+ final Holder<Integer> hi = new Holder<Integer>(0);
+ removeCSV.visit(new CSV.Visitor() {
+ @Override
+ public void visit(List<String> row) throws IOException, CadiException {
+ int i = hi.get();
+ if(i>=maxBatch) {
+ cqlBatch.execute(dryRun);
+ hi.set(0);
+ cqlBatch.begin();
+ i=0;
+ }
+ switch(row.get(0)) {
+ case "info":
+ switch(row.get(1)) {
+ case "Delete":
+ memoFmt.set("%s expired from %s on %s");
+ break;
+ case "NotInOrgDelete":
+ memoFmt.set("Identity %s was removed from %s on %s");
+ break;
+ }
+ break;
+ case "ur":
+ if(!ur.get()) {
+ ur.set(true);
+ }
+ hi.set(++i);
+ UserRole.row(sb,row);
+ hdd.target=UserRoleDAO.TABLE;
+ hdd.subject=UserRole.histSubject(row);
+ hdd.memo=UserRole.histMemo(memoFmt.get(), row);
+ historyDAO.createBatch(sb, hdd);
+ break;
+ case "cred":
+ if(!cred.get()) {
+ cred.set(true);
+ }
+ hi.set(++i);
+ Cred.row(sb,row);
+ hdd.target=CredDAO.TABLE;
+ hdd.subject=Cred.histSubject(row);
+ hdd.memo=Cred.histMemo(memoFmt.get(), orgName,row);
+ historyDAO.createBatch(sb, hdd);
+ break;
+ case "x509":
+ if(!x509.get()) {
+ x509.set(true);
+ }
+ hi.set(++i);
+ X509.row(sb,row);
+ hdd.target=CertDAO.TABLE;
+ hdd.subject=X509.histSubject(row);
+ hdd.memo=X509.histMemo(memoFmt.get(),row);
+ historyDAO.createBatch(sb, hdd);
+ break;
+ }
+ }
+ });
cqlBatch.execute(dryRun);
- hi.set(0);
- cqlBatch.begin();
- i=0;
- }
- switch(row.get(0)) {
- case "ur":
- hi.set(++i);
- UserRole.row(sb,row);
- break;
- case "cred":
- hi.set(++i);
- Cred.row(sb,row);
- break;
- case "x509":
- hi.set(++i);
- X509.row(sb,row);
- break;
+ } catch (IOException | CadiException e) {
+ e.printStackTrace();
}
- }
- });
- cqlBatch.execute(dryRun);
- } catch (IOException | CadiException e) {
- e.printStackTrace();
- }
+ } else {
+ trans.error().log("File",f.getAbsolutePath(),"does not exist.");
+ }
+ }
+ } finally {
+ if(ur.get()) {
+ cqlBatch.touch(UserRoleDAO.TABLE, 0, UserRoleDAO.CACHE_SEG, dryRun);
+ }
+ if(cred.get()) {
+ cqlBatch.touch(CredDAO.TABLE, 0, CredDAO.CACHE_SEG, dryRun);
+ }
+ if(x509.get()) {
+ cqlBatch.touch(CertDAO.TABLE, 0, CertDAO.CACHE_SEG, dryRun);
+ }
+ }
}
@Override
protected void _close(AuthzTrans trans) {
session.close();
- cacheTouch.close(trans);
}
}