diff options
Diffstat (limited to 'auth/auth-batch')
26 files changed, 977 insertions, 105 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/ApprovalAdd.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/ApprovalAdd.java new file mode 100644 index 00000000..f31de565 --- /dev/null +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/ApprovalAdd.java @@ -0,0 +1,59 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.auth.batch.actions; + +import java.io.IOException; + +import org.onap.aaf.auth.batch.helpers.Approval; +import org.onap.aaf.auth.dao.cass.ApprovalDAO; +import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.layer.Result; +import org.onap.aaf.misc.env.APIException; + +import com.datastax.driver.core.Cluster; + +public class ApprovalAdd extends ActionDAO<Approval,ApprovalDAO.Data,String> { + public ApprovalAdd(AuthzTrans trans, Cluster cluster, boolean dryRun) throws APIException, IOException { + super(trans, cluster,dryRun); + } + + public ApprovalAdd(AuthzTrans trans, ActionDAO<?,?,?> adao) { + super(trans, adao); + } + + @Override + public Result<ApprovalDAO.Data> exec(AuthzTrans trans, Approval app, String text) { + return exec(trans,app.add,text); + } + + public Result<ApprovalDAO.Data> exec(AuthzTrans trans, ApprovalDAO.Data add, String text) { + if (dryRun) { + trans.info().log("Would Add:",text,add.approver,add.memo); + return Result.ok(add); + } else { + Result<ApprovalDAO.Data> rv = q.approvalDAO.create(trans, add); + trans.info().log("Added:",text,add.approver,add.memo); + return rv; + } + } + +}
\ No newline at end of file diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/FutureAdd.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/FutureAdd.java new file mode 100644 index 00000000..29a500c7 --- /dev/null +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/FutureAdd.java @@ -0,0 +1,59 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.auth.batch.actions; + +import java.io.IOException; + +import org.onap.aaf.auth.batch.helpers.Future; +import org.onap.aaf.auth.dao.cass.FutureDAO; +import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.layer.Result; +import org.onap.aaf.misc.env.APIException; + +import com.datastax.driver.core.Cluster; + +public class FutureAdd extends ActionDAO<Future,FutureDAO.Data,String> { + public FutureAdd(AuthzTrans trans, Cluster cluster, boolean dryRun) throws APIException, IOException { + super(trans, cluster,dryRun); + } + + public FutureAdd(AuthzTrans trans, ActionDAO<?,?,?> adao) { + super(trans, adao); + } + + @Override + public Result<FutureDAO.Data> exec(AuthzTrans trans, Future f, String text) { + return exec(trans,f.fdd,text); + } + + public Result<FutureDAO.Data> exec(AuthzTrans trans, FutureDAO.Data fdd, String text) { + if (dryRun) { + trans.info().log("Would Add:",text,fdd.id, fdd.memo); + return Result.ok(fdd); + } else { + Result<FutureDAO.Data> rv = q.futureDAO.create(trans, fdd); + trans.info().log("Added:",text,fdd.id, fdd.memo); + return rv; + } + } + +}
\ No newline at end of file diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/NSDescUpdate.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/NSDescUpdate.java index 2542e045..78e835b3 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/NSDescUpdate.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/NSDescUpdate.java @@ -45,7 +45,7 @@ public class NSDescUpdate extends ActionDAO<NS,Void,String> { trans.info().printf("Would Update '%s' Description to '%s'",ns,desc); return Result.ok(); } else { - Result<Void> rv = q.nsDAO.dao().addDescription(trans, ns.name, desc); + Result<Void> rv = q.nsDAO.dao().addDescription(trans, ns.ndd.name, desc); if (rv.isOK()) { trans.info().printf("Updated '%s' Description to '%s'",ns,desc); } else { diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/PermModify.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/PermModify.java index 4b76baf5..58dd6fbf 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/PermModify.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/PermModify.java @@ -76,7 +76,7 @@ public class PermModify extends ActionDAO<Perm,PermDAO.Data,PermModify.Modify> { } else { for (String r : d.roles) { Role role = Role.keys.get(r); - if (role.perms.contains(p.encode())) { + if (role.rdd.perms.contains(p.encode())) { modify.roleModify().exec(trans, role, new RoleModify.Modify() { @Override public PermModify permModify() { diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleCreate.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleCreate.java index 512d4a31..729d5c10 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleCreate.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleCreate.java @@ -24,7 +24,6 @@ package org.onap.aaf.auth.batch.actions; import java.io.IOException; import org.onap.aaf.auth.batch.helpers.Role; -import org.onap.aaf.auth.dao.cass.RoleDAO; import org.onap.aaf.auth.dao.cass.RoleDAO.Data; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.layer.Result; @@ -43,17 +42,11 @@ public class RoleCreate extends ActionDAO<Role,Data,String> { @Override public Result<Data> exec(AuthzTrans trans, Role r,String text) { - RoleDAO.Data rdd = new RoleDAO.Data(); - rdd.ns = r.ns; - rdd.name = r.name; - rdd.description = r.description; - rdd.perms = r.perms; - if (dryRun) { trans.info().log("Would Create Role:",text,r.fullName()); - return Result.ok(rdd); + return Result.ok(r.rdd); } else { - Result<Data> rv = q.roleDAO.create(trans, rdd); // need to read for undelete + Result<Data> rv = q.roleDAO.create(trans, r.rdd); // need to read for undelete if (rv.isOK()) { trans.info().log("Created Role:",text,r.fullName()); } else { diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleDelete.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleDelete.java index 3e109b2b..edaae0fe 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleDelete.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleDelete.java @@ -24,7 +24,6 @@ package org.onap.aaf.auth.batch.actions; import java.io.IOException; import org.onap.aaf.auth.batch.helpers.Role; -import org.onap.aaf.auth.dao.cass.RoleDAO; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.layer.Result; import org.onap.aaf.misc.env.APIException; @@ -46,10 +45,7 @@ public class RoleDelete extends ActionDAO<Role,Void,String> { trans.info().log("Would Delete Role:",text,r.fullName()); return Result.ok(); } else { - RoleDAO.Data rdd = new RoleDAO.Data(); - rdd.ns = r.ns; - rdd.name = r.name; - Result<Void> rv = q.roleDAO.delete(trans, rdd, true); // need to read for undelete + Result<Void> rv = q.roleDAO.delete(trans, r.rdd, true); // need to read for undelete if (rv.isOK()) { trans.info().log("Deleted Role:",text,r.fullName()); } else { diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleModify.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleModify.java index 388e6692..e00c08c3 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleModify.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleModify.java @@ -47,7 +47,7 @@ public class RoleModify extends ActionDAO<Role,RoleDAO.Data,RoleModify.Modify> { @Override public Result<RoleDAO.Data> exec(final AuthzTrans trans, final Role r,final RoleModify.Modify modify) { - Result<List<Data>> rr = q.roleDAO.read(trans, r.ns,r.name); + Result<List<Data>> rr = q.roleDAO.read(trans, r.rdd.ns,r.rdd.name); if (dryRun) { if (rr.isOKhasData()) { return Result.ok(rr.value.get(0)); @@ -59,18 +59,18 @@ public class RoleModify extends ActionDAO<Role,RoleDAO.Data,RoleModify.Modify> { if (rr.isOKhasData()) { for (final Data d : rr.value) { modify.change(d); - if (d.ns.equals(r.ns) && d.name.equals(r.name)) { + if (d.ns.equals(r.rdd.ns) && d.name.equals(r.rdd.name)) { // update for fields // In either case, adjust Roles for (String p : d.perms) { - if (!r.perms.contains(p)) { + if (!r.rdd.perms.contains(p)) { Result<PermDAO.Data> rpdd = PermDAO.Data.decode(trans, q, p); if (rpdd.isOKhasData()) { q.roleDAO.dao().addPerm(trans, d, rpdd.value); } } } - for (String p : r.perms) { + for (String p : r.rdd.perms) { if (!d.perms.contains(p)) { Result<PermDAO.Data> rpdd = PermDAO.Data.decode(trans, q, p); if (rpdd.isOKhasData()) { @@ -113,11 +113,8 @@ public class RoleModify extends ActionDAO<Role,RoleDAO.Data,RoleModify.Modify> { rv = q.roleDAO.create(trans, d); } if (rv.isOK()) { - trans.info().printf("Updating %s|%s to %s|%s", r.ns, r.name, d.ns, d.name); - RoleDAO.Data rmme = new RoleDAO.Data(); - rmme.ns=r.ns; - rmme.name=r.name; - q.roleDAO.delete(trans, rmme, false); + trans.info().printf("Updating %s|%s to %s|%s", r.rdd.ns, r.rdd.name, d.ns, d.name); + q.roleDAO.delete(trans, r.rdd, false); } else { trans.info().log(rv.errorString()); @@ -143,10 +140,7 @@ public class RoleModify extends ActionDAO<Role,RoleDAO.Data,RoleModify.Modify> { if (dryRun) { return Result.ok(); } else { - RoleDAO.Data data = new RoleDAO.Data(); - data.ns=r.ns; - data.name = r.name; - return q.roleDAO.delete(trans,data,false); + return q.roleDAO.delete(trans,r.rdd,false); } } }
\ No newline at end of file diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/URFutureApproveExec.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/URFutureApproveExec.java index 6636f458..9c44a62a 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/URFutureApproveExec.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/URFutureApproveExec.java @@ -30,9 +30,7 @@ import org.onap.aaf.auth.batch.helpers.Future; import org.onap.aaf.auth.batch.helpers.UserRole; import org.onap.aaf.auth.dao.cass.ApprovalDAO; import org.onap.aaf.auth.dao.cass.UserRoleDAO; -import org.onap.aaf.auth.dao.cass.ApprovalDAO.Data; import org.onap.aaf.auth.dao.hl.Function.FUTURE_OP; -import org.onap.aaf.auth.dao.hl.Function.Lookup; import org.onap.aaf.auth.dao.hl.Function.OP_STATUS; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.layer.Result; diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java new file mode 100644 index 00000000..eeeef15f --- /dev/null +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java @@ -0,0 +1,96 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.auth.batch.approvalsets; + +import java.nio.ByteBuffer; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.util.ArrayList; +import java.util.GregorianCalendar; +import java.util.List; +import java.util.UUID; + +import org.onap.aaf.auth.dao.cass.ApprovalDAO; +import org.onap.aaf.auth.dao.cass.FutureDAO; +import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.layer.Result; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.misc.env.util.Chrono; + +public class ApprovalSet { + private DataView dataview; + protected FutureDAO.Data fdd; + protected List<ApprovalDAO.Data> ladd; + + public ApprovalSet(final GregorianCalendar start, final String target, final DataView dv) throws CadiException { + dataview = dv; + fdd = new FutureDAO.Data(); + try { + fdd.id = newID(target); + } catch (NoSuchAlgorithmException e) { + throw new CadiException(e); + } + fdd.target = target; + fdd.start = start.getTime(); + ladd = new ArrayList<>(); + } + + protected UUID newID(String target) throws NoSuchAlgorithmException { + StringBuilder sb = new StringBuilder(new String(SecureRandom.getInstanceStrong().generateSeed(10))); + sb.append(target); + sb.append(System.currentTimeMillis()); + return Chrono.dateToUUID(System.currentTimeMillis()); + } + + protected void setConstruct(final ByteBuffer bytes) { + fdd.construct = bytes; + } + + protected void setMemo(final String memo) { + fdd.memo = memo; + } + + protected void setExpires(final GregorianCalendar expires) { + fdd.expires = expires.getTime(); + } + + public Result<Void> write(AuthzTrans trans) { + StringBuilder errs = null; + Result<FutureDAO.Data> rf = dataview.write(trans, fdd); + if(rf.notOK()) { + errs = new StringBuilder(); + errs.append(rf.errorString()); + } else { + for(ApprovalDAO.Data add : ladd) { + Result<ApprovalDAO.Data> af = dataview.write(trans, add); + if(af.notOK()) { + if(errs==null) { + errs = new StringBuilder(); + } else { + errs.append('\n'); + } + errs.append(af.errorString()); + } + } + } + return errs==null?Result.ok():Result.err(Result.ERR_Backend,errs.toString()); + } +}
\ No newline at end of file diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/DataView.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/DataView.java new file mode 100644 index 00000000..73e79832 --- /dev/null +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/DataView.java @@ -0,0 +1,68 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.auth.batch.approvalsets; + +import java.util.List; + +import org.onap.aaf.auth.dao.cass.ApprovalDAO; +import org.onap.aaf.auth.dao.cass.FutureDAO; +import org.onap.aaf.auth.dao.cass.NsDAO; +import org.onap.aaf.auth.dao.cass.RoleDAO; +import org.onap.aaf.auth.dao.cass.UserRoleDAO; +import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.layer.Result; + +/** + * I have become convinced that Data for Apps is modeled by abstract access methods against multiple data + * sources. With the insistence of JUnits, it becomes much more paramount to create a model which can + * 1) be easily loaded from Disk "Test Data" without resorting to complex "mokito" schemes + * 2) tested in Memory + * 3) combined for REAL time by running Cached Memory + * 4) Streamable in + * a) Binary + * b) CSV + * c) JSON + * d) XML + * 5) persisted Globally through a store like Cassandra + * + * But in the end, it looks like: + * 1) Data Structures + * 2) Find the Data Structures by various means, accounting for + * a) Multiple Responses + * b) Errors from the deepest level, made available through the call stack + * 3) + * + * @author jonathan.gathman + * + */ +public interface DataView { + // Reads + public Result<NsDAO.Data> ns(final AuthzTrans trans, final String id); + public Result<RoleDAO.Data> roleByName(final AuthzTrans trans, final String name); + public Result<List<UserRoleDAO.Data>> ursByRole(final AuthzTrans trans, final String role); + public Result<List<UserRoleDAO.Data>> ursByUser(final AuthzTrans trans, final String user); + + // Writes + public Result<ApprovalDAO.Data> write(final AuthzTrans trans, final ApprovalDAO.Data add); + public Result<FutureDAO.Data> write(final AuthzTrans trans, final FutureDAO.Data add); + + // Deletes +} diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java new file mode 100644 index 00000000..806599e0 --- /dev/null +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java @@ -0,0 +1,27 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.auth.batch.approvalsets; + +import org.onap.aaf.cadi.CadiException; + +public interface Loader<T> { + public T load() throws CadiException; +} diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java new file mode 100644 index 00000000..b6767d4a --- /dev/null +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java @@ -0,0 +1,125 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.auth.batch.approvalsets; + +import java.io.IOException; +import java.util.GregorianCalendar; +import java.util.List; + +import org.onap.aaf.auth.dao.cass.ApprovalDAO; +import org.onap.aaf.auth.dao.cass.NsDAO; +import org.onap.aaf.auth.dao.cass.RoleDAO; +import org.onap.aaf.auth.dao.cass.UserRoleDAO; +import org.onap.aaf.auth.dao.cass.UserRoleDAO.Data; +import org.onap.aaf.auth.dao.hl.Function.FUTURE_OP; +import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.layer.Result; +import org.onap.aaf.auth.org.Organization; +import org.onap.aaf.auth.org.Organization.Identity; +import org.onap.aaf.auth.org.OrganizationException; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.misc.env.util.Chrono; + +public class URApprovalSet extends ApprovalSet { + public static final String EXTEND_STRING = "Extend access of User [%s] to Role [%s] - Expires %s"; + + public URApprovalSet(final AuthzTrans trans, final GregorianCalendar start, final DataView dv, final Loader<UserRoleDAO.Data> lurdd) throws IOException, CadiException { + super(start, "user_role", dv); + Organization org = trans.org(); + UserRoleDAO.Data urdd = lurdd.load(); + setConstruct(urdd.bytify()); + setMemo(String.format(EXTEND_STRING,urdd.user,urdd.role,Chrono.dateOnlyStamp(urdd.expires))); + setExpires(org.expiration(null, Organization.Expiration.UserInRole)); + + Result<RoleDAO.Data> r = dv.roleByName(trans, urdd.role); + if(r.notOKorIsEmpty()) { + throw new CadiException(String.format("Role '%s' does not exist: %s", urdd.role, r.details)); + } + Result<NsDAO.Data> n = dv.ns(trans, urdd.ns); + if(n.notOKorIsEmpty()) { + throw new CadiException(String.format("Namespace '%s' does not exist: %s", urdd.ns)); + } + UserRoleDAO.Data found = null; + Result<List<Data>> lur = dv.ursByRole(trans, urdd.role); + if(lur.isOK()) { + for(UserRoleDAO.Data ur : lur.value) { + if(urdd.user.equals(ur.user)) { + found = ur; + break; + } + } + } + if(found==null) { + throw new CadiException(String.format("User '%s' in Role '%s' does not exist: %s", urdd.user,urdd.role)); + } + + // Primarily, Owners are responsible, unless it's owned by self + boolean isOwner = false; + Result<List<UserRoleDAO.Data>> owners = dv.ursByRole(trans, urdd.ns+".owner"); + if(owners.isOK()) { + for(UserRoleDAO.Data owner : owners.value) { + if(urdd.user.equals(owner.user)) { + isOwner = true; + } else { + ApprovalDAO.Data add = newApproval(urdd); + add.approver = owner.user; + add.type="owner"; + ladd.add(add); + } + } + } + + if(isOwner) { + try { + List<Identity> apprs = org.getApprovers(trans, urdd.user); + if(apprs!=null) { + for(Identity i : apprs) { + ApprovalDAO.Data add = newApproval(urdd); + Identity reportsTo = i.responsibleTo(); + if(reportsTo!=null) { + add.approver = reportsTo.fullID(); + } else { + throw new CadiException("No Supervisor for '" + urdd.user + '\''); + } + add.type = org.getApproverType(); + ladd.add(add); + } + } + } catch (OrganizationException e) { + throw new CadiException(e); + } + } + } + + private ApprovalDAO.Data newApproval(Data urdd) throws CadiException { + ApprovalDAO.Data add = new ApprovalDAO.Data(); + add.id = Chrono.dateToUUID(System.currentTimeMillis()); + add.ticket = fdd.id; + add.user = urdd.user; + add.operation = FUTURE_OP.A.name(); + add.status = ApprovalDAO.PENDING; + add.memo = String.format("Re-Validate as Owner for AAF Namespace '%s' - expiring %s', ", + urdd.ns, + Chrono.dateOnlyStamp(urdd.expires)); + return add; + } + +} diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Approval.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Approval.java index fb3aefbe..acaf0d58 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Approval.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Approval.java @@ -23,6 +23,7 @@ package org.onap.aaf.auth.batch.helpers; import java.util.ArrayList; import java.util.Date; +import java.util.Iterator; import java.util.List; import java.util.TreeMap; import java.util.UUID; @@ -30,6 +31,7 @@ import java.util.UUID; import org.onap.aaf.auth.dao.cass.ApprovalDAO; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.layer.Result; +import org.onap.aaf.cadi.util.CSV; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; @@ -90,6 +92,41 @@ public class Approval implements CacheChange.Data { return null; } + public static void load(Trans trans, Session session, Creator<Approval> creator, Visitor<Approval> visitor) { + trans.info().log( "query: " + creator.select() ); + TimeTaken tt = trans.start("Read Approval", Env.REMOTE); + + ResultSet results; + try { + Statement stmt = new SimpleStatement( creator.select() ); + results = session.execute(stmt); + } finally { + tt.done(); + } + + int count = 0; + try { + Iterator<Row> iter = results.iterator(); + Row row; + tt = trans.start("Load X509s", Env.SUB); + try { + while (iter.hasNext()) { + ++count; + row = iter.next(); + visitor.visit(creator.create(row)); + } + } finally { + tt.done(); + } + } finally { + trans.info().log("Found",count,"X509 Certificates"); + } + } + + public static void row(CSV.Writer cw, Approval app) { + cw.row("approval",app.add.id,app.add.ticket,app.add.user,app.role,app.add.memo); + } + public static void load(Trans trans, Session session, Creator<Approval> creator ) { trans.info().log( "query: " + creator.select() ); TimeTaken tt = trans.start("Load Notify", Env.REMOTE); @@ -306,4 +343,10 @@ public class Approval implements CacheChange.Data { return cache.contains(a); } + public static void deleteByIDBatch(StringBuilder sb, String id) { + sb.append("DELETE from authz.approval where id="); + sb.append(id); + sb.append(";\n"); + } + } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java new file mode 100644 index 00000000..e934bda6 --- /dev/null +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java @@ -0,0 +1,126 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.auth.batch.helpers; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import org.onap.aaf.auth.batch.actions.ApprovalAdd; +import org.onap.aaf.auth.batch.actions.FutureAdd; +import org.onap.aaf.auth.batch.approvalsets.DataView; +import org.onap.aaf.auth.dao.cass.ApprovalDAO; +import org.onap.aaf.auth.dao.cass.FutureDAO; +import org.onap.aaf.auth.dao.cass.NsDAO; +import org.onap.aaf.auth.dao.cass.RoleDAO; +import org.onap.aaf.auth.dao.cass.UserRoleDAO; +import org.onap.aaf.auth.dao.cass.UserRoleDAO.Data; +import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.layer.Result; +import org.onap.aaf.misc.env.APIException; +import org.onap.aaf.misc.env.TimeTaken; +import org.onap.aaf.misc.env.Trans; + +import com.datastax.driver.core.Cluster; +import com.datastax.driver.core.Session; + +public class BatchDataView implements DataView { + private FutureAdd futureAdd; + private ApprovalAdd approvalAdd; + + public BatchDataView(final AuthzTrans trans, final Cluster cluster, final boolean dryRun ) throws APIException, IOException { + futureAdd = new FutureAdd(trans, cluster, dryRun); + approvalAdd = new ApprovalAdd(trans, futureAdd); + } + + public Session getSession(AuthzTrans trans) throws APIException, IOException { + TimeTaken tt = trans.start("Get Session", Trans.SUB); + try { + return futureAdd.getSession(trans); + } finally { + tt.done(); + } + } + + public Result<NsDAO.Data> ns(AuthzTrans trans, String id) { + NS n; + TimeTaken tt = trans.start("Get NS by ID %s", Trans.SUB, id); + try { + n=NS.data.get(id); + } finally { + tt.done(); + } + + if(n==null || n.ndd==null) { + return Result.err(Result.ERR_Backend,"Namespace '%s' does not exist", id); + } + return Result.ok(n.ndd); + } + + + @Override + public Result<RoleDAO.Data> roleByName(AuthzTrans trans, String name) { + Role r = Role.byName.get(name); + if(r==null || r.rdd==null) { + return Result.err(Result.ERR_Backend,"Role '%s' does not exist", name); + } + return Result.ok(r.rdd); + } + + @Override + public Result<List<UserRoleDAO.Data>> ursByRole(AuthzTrans trans, String role) { + List<UserRole> urs = UserRole.getByRole().get(role); + if(urs==null) { + return Result.err(Result.ERR_Backend, "UserRoles for Role '%s' does not exist", role); + } + return toLURDD(urs); + } + + private Result<List<Data>> toLURDD(List<UserRole> urs) { + List<UserRoleDAO.Data> rv = new ArrayList<>(); + if(urs!=null) { + for(UserRole ur : urs) { + rv.add(ur.urdd()); + } + } + return Result.ok(rv); + } + + @Override + public Result<List<UserRoleDAO.Data>> ursByUser(AuthzTrans trans, String user) { + List<UserRole> urs = UserRole.getByUser().get(user); + if(urs==null) { + return Result.err(Result.ERR_Backend, "UserRoles for User '%s' does not exist", user); + } + return toLURDD(urs); + } + + @Override + public Result<FutureDAO.Data> write(AuthzTrans trans, FutureDAO.Data fdd) { + return futureAdd.exec(trans, fdd, null); + } + + @Override + public Result<ApprovalDAO.Data> write(AuthzTrans trans, ApprovalDAO.Data add) { + return approvalAdd.exec(trans, add, null); + } + +} diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/ExpireRange.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/ExpireRange.java index c459dc66..b06cbce9 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/ExpireRange.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/ExpireRange.java @@ -38,6 +38,7 @@ public class ExpireRange { public Map<String,List<Range>> ranges; public final Date now; public String rangeOneMonth = "OneMonth"; + private Range delRange; public ExpireRange(final Access access) { now = new Date(); @@ -49,10 +50,10 @@ public class ExpireRange { List<Range> lur = getRangeList("ur"); List<Range> lx509 = getRangeList("x509"); - Range del = new Range("Delete",0,0,-1,0,GregorianCalendar.WEEK_OF_MONTH,-2); - lur.add(del); - lcred.add(del); - lx509.add(del); + delRange = new Range("Delete",0,0,-1,0,GregorianCalendar.WEEK_OF_MONTH,-2); + lur.add(delRange); + lcred.add(delRange); + lx509.add(delRange); lcred.add(new Range("CredOneWeek",3,1,0,0,GregorianCalendar.WEEK_OF_MONTH,1)); lcred.add(new Range("CredTwoWeek",2,1,GregorianCalendar.WEEK_OF_MONTH,1,GregorianCalendar.WEEK_OF_MONTH,2)); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Future.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Future.java index d9ee272d..13f81938 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Future.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Future.java @@ -34,6 +34,7 @@ import java.util.UUID; import org.onap.aaf.auth.dao.cass.FutureDAO; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.layer.Result; +import org.onap.aaf.cadi.util.CSV; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; @@ -111,8 +112,27 @@ public class Future implements CacheChange.Data, Comparable<Future> { public final Date expires() { return fdd.expires; } - + public static void load(Trans trans, Session session, Creator<Future> creator) { + load(trans,session,creator, new Visitor<Future>() { + @Override + public void visit(Future f) { + data.put(f.fdd.id,f); + if (f.role==null) { + return; + } + List<Future> lf = byRole.get(f.role); + if (lf==null) { + lf = new ArrayList<>(); + byRole.put(f.role,lf); + } + lf.add(f); + } + }); + } + + + public static void load(Trans trans, Session session, Creator<Future> creator, Visitor<Future> visitor) { trans.info().log( "query: " + creator.select() ); ResultSet results; TimeTaken tt = trans.start("Load Futures", Env.REMOTE); @@ -127,19 +147,8 @@ public class Future implements CacheChange.Data, Comparable<Future> { tt = trans.start("Process Futures", Env.SUB); try { for (Row row : results.all()) { - ++count; - Future f = creator.create(row); - data.put(f.fdd.id,f); - if (f.role==null) { - continue; - } - List<Future> lf = byRole.get(f.role); - if (lf==null) { - lf = new ArrayList<>(); - byRole.put(f.role,lf); - } - lf.add(f); - + ++count; + visitor.visit(creator.create(row)); } } finally { tt.done(); @@ -199,6 +208,16 @@ public class Future implements CacheChange.Data, Comparable<Future> { public static boolean pendingDelete(Future f) { return cache.contains(f); } + + public static void row(CSV.Writer cw, Future f) { + cw.row("future",f.fdd.id,f.fdd.target,f.fdd.expires,f.role,f.fdd.memo); + } + + public static void deleteByIDBatch(StringBuilder sb, String id) { + sb.append("DELETE from authz.future where id="); + sb.append(id); + sb.append(";\n"); + } } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/NS.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/NS.java index cad1c124..55fe22ce 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/NS.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/NS.java @@ -27,6 +27,7 @@ import java.util.Iterator; import java.util.Map; import java.util.TreeMap; +import org.onap.aaf.auth.dao.cass.NsDAO; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; @@ -40,11 +41,7 @@ import com.datastax.driver.core.Statement; public class NS implements Comparable<NS> { public static final Map<String,NS> data = new TreeMap<>(); - public final String name; - public final String description; - public final String parent; - public final int scope; - public final int type; + public NsDAO.Data ndd; public static Creator<NS> v2_0_11 = new Creator<NS> () { @Override @@ -59,11 +56,12 @@ public class NS implements Comparable<NS> { }; public NS(String name, String description, String parent, int type, int scope) { - this.name = name; - this.description = description; - this.parent = parent; - this.scope = scope; - this.type = type; + ndd = new NsDAO.Data(); + ndd.name = name; + ndd.description = description; + ndd.parent = parent; + ndd.type = type; + // ndd.attrib = } public static void load(Trans trans, Session session, Creator<NS> creator) { @@ -101,7 +99,7 @@ public class NS implements Comparable<NS> { while (iter.hasNext()) { row = iter.next(); NS ns = creator.create(row); - data.put(ns.name,ns); + data.put(ns.ndd.name,ns); } } finally { tt.done(); @@ -127,7 +125,7 @@ public class NS implements Comparable<NS> { } public String toString() { - return name; + return ndd.name; } /* (non-Javadoc) @@ -135,7 +133,7 @@ public class NS implements Comparable<NS> { */ @Override public int hashCode() { - return name.hashCode(); + return ndd.name.hashCode(); } /* (non-Javadoc) @@ -143,12 +141,12 @@ public class NS implements Comparable<NS> { */ @Override public boolean equals(Object obj) { - return name.equals(obj); + return ndd.name.equals(obj); } @Override public int compareTo(NS o) { - return name.compareTo(o.name); + return ndd.name.compareTo(o.ndd.name); } public static class NSSplit { @@ -171,5 +169,4 @@ public class NS implements Comparable<NS> { return null; } - }
\ No newline at end of file diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Role.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Role.java index 6d87dedc..ea735d2a 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Role.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Role.java @@ -30,6 +30,7 @@ import java.util.List; import java.util.Set; import java.util.TreeMap; +import org.onap.aaf.auth.dao.cass.RoleDAO; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.Trans; @@ -46,38 +47,39 @@ public class Role implements Comparable<Role> { public static final TreeMap<String,Role> byName = new TreeMap<>(); private static List<Role> deleteRoles = new ArrayList<>(); - public final String ns; - public final String name; - public final String description; + public RoleDAO.Data rdd; private String full; private String encode; - public final Set<String> perms; public Role(String full) { - ns = name = description = ""; + rdd = new RoleDAO.Data(); + rdd.ns = ""; + rdd.name = ""; + rdd.description = ""; + rdd.perms = new HashSet<>(); this.full = full; - perms = new HashSet<>(); } public Role(String ns, String name, String description,Set<String> perms) { - this.ns = ns; - this.name = name; - this.description = description; + rdd = new RoleDAO.Data(); + rdd.ns = ns; + rdd.name = name; + rdd.description = description; + rdd.perms = perms; this.full = null; this.encode = null; - this.perms = perms; } public String encode() { if (encode==null) { - encode = ns + '|' + name; + encode = rdd.ns + '|' + rdd.name; } return encode; } public String fullName() { if (full==null) { - full = ns + '.' + name; + full = rdd.ns + '.' + rdd.name; } return full; } @@ -111,7 +113,7 @@ public class Role implements Comparable<Role> { row = iter.next(); Role rk =new Role(row.getString(0),row.getString(1), row.getString(2),row.getSet(3,String.class)); keys.put(rk.encode(), rk); - data.put(rk,rk.perms); + data.put(rk,rk.rdd.perms); byName.put(rk.fullName(), rk); } } finally { diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java index bea3b5ec..0b6eb7b1 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java @@ -312,7 +312,17 @@ public class UserRole implements Cloneable, CacheChange.Data { csvw.row("ur",user(),ns(),rname(),Chrono.dateOnlyStamp(expires()),expires().getTime()); } - public static void batchDelete(StringBuilder sb, List<String> row) { + public static Data row(List<String> row) { + Data data = new Data(); + data.user = row.get(1); + data.ns = row.get(2); + data.rname = row.get(3); + data.role = data.ns + '.' + data.rname; + data.expires = new Date(Long.parseLong(row.get(5))); + return data; + } + + public static void batchDelete(StringBuilder sb, List<String> row) { sb.append("DELETE from authz.user_role WHERE user='"); sb.append(row.get(1)); sb.append("' AND role='"); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java index 11eacd4e..979bcd50 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java @@ -36,15 +36,17 @@ import java.util.List; import java.util.Map; import java.util.Set; import java.util.TreeMap; +import java.util.UUID; import org.onap.aaf.auth.batch.Batch; +import org.onap.aaf.auth.batch.helpers.Approval; import org.onap.aaf.auth.batch.helpers.Cred; +import org.onap.aaf.auth.batch.helpers.Cred.Instance; import org.onap.aaf.auth.batch.helpers.ExpireRange; +import org.onap.aaf.auth.batch.helpers.ExpireRange.Range; +import org.onap.aaf.auth.batch.helpers.Future; import org.onap.aaf.auth.batch.helpers.UserRole; -import org.onap.aaf.auth.batch.helpers.Visitor; import org.onap.aaf.auth.batch.helpers.X509; -import org.onap.aaf.auth.batch.helpers.Cred.Instance; -import org.onap.aaf.auth.batch.helpers.ExpireRange.Range; import org.onap.aaf.auth.dao.cass.CredDAO; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.org.OrganizationException; @@ -65,6 +67,7 @@ public class Expiring extends Batch { private Map<String, CSV.Writer> writerList; private ExpireRange expireRange; private Date deleteDate; + private CSV.Writer deleteCW; public Expiring(AuthzTrans trans) throws APIException, IOException, OrganizationException { super(trans.env()); @@ -93,18 +96,19 @@ public class Expiring extends Batch { for(Range r : lr ) { if(writerList.get(r.name())==null) { File file = new File(logDir(),r.name() + sdate +CSV); - CSV csv = new CSV(file); + CSV csv = new CSV(env.access(),file); CSV.Writer cw = csv.writer(false); cw.row(INFO,r.name(),Chrono.dateOnlyStamp(expireRange.now),r.reportingLevel()); writerList.put(r.name(),cw); if("Delete".equals(r.name())) { deleteDate = r.getEnd(); + deleteCW = cw; } trans.init().log("Creating File:",file.getAbsolutePath()); } } } - + Approval.load(trans, session, Approval.v2_0_17); } finally { tt0.done(); } @@ -112,12 +116,33 @@ public class Expiring extends Batch { @Override protected void run(AuthzTrans trans) { + + //////////////////// + trans.info().log("Checking for Expired Futures"); + Future.load(trans, session, Future.v2_0_17, fut -> { + if(fut.expires().before(expireRange.now)) { + Future.row(deleteCW,fut); + List<Approval> appls = Approval.byTicket.get(fut.id()); + if(appls!=null) { + for(Approval a : appls) { + Approval.row(deleteCW, a); + } + } + } + }); + try { File file = new File(logDir(), EXPIRED_OWNERS + Chrono.dateOnlyStamp(expireRange.now) + CSV); - final CSV ownerCSV = new CSV(file); + final CSV ownerCSV = new CSV(env.access(),file); Map<String, Set<UserRole>> owners = new TreeMap<String, Set<UserRole>>(); trans.info().log("Process UserRoles"); + + /** + Run through User Roles. + Owners are treated specially in next section. + Regular roles are checked against Date Ranges. If match Date Range, write out to appropriate file. + */ UserRole.load(trans, session, UserRole.v2_0_11, ur -> { // Cannot just delete owners, unless there is at least one left. Process later if ("owner".equals(ur.rname())) { @@ -132,11 +157,12 @@ public class Expiring extends Batch { } }); - // Now Process Owners, one owner Role at a time, ensuring one is left, - // preferably - // a good one. If so, process the others as normal. Otherwise, write - // ExpiredOwners - // report + /** + Now Process Owners, one owner Role at a time, ensuring one is left, + preferably a good one. If so, process the others as normal. + + Otherwise, write to ExpiredOwners Report + */ if (!owners.values().isEmpty()) { // Lazy Create file CSV.Writer expOwner = null; @@ -168,8 +194,12 @@ public class Expiring extends Batch { } } - trans.info().log("Checking for Expired Credentials"); - + /** + * Check for Expired Credentials + * + * + */ + trans.info().log("Checking for Expired Credentials"); for (Cred cred : Cred.data.values()) { List<Instance> linst = cred.instances; if(linst!=null) { @@ -191,7 +221,8 @@ public class Expiring extends Batch { } } } - + + //////////////////// trans.info().log("Checking for Expired X509s"); X509.load(trans, session, x509 -> { try { @@ -203,9 +234,21 @@ public class Expiring extends Batch { } }); + } catch (FileNotFoundException e) { trans.info().log(e); } + + //////////////////// + trans.info().log("Checking for Orphaned Approvals"); + Approval.load(trans, session, Approval.v2_0_17, appr -> { + UUID ticket = appr.add.ticket; + if(ticket==null) { + Approval.row(deleteCW,appr); + } + }); + + } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java index ab8b6e8b..f47fae43 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java @@ -79,7 +79,7 @@ public class NotInOrg extends Batch { now = new Date(); String sdate = Chrono.dateOnlyStamp(now); File file = new File(logDir(),NOT_IN_ORG + sdate +CSV); - CSV csv = new CSV(file); + CSV csv = new CSV(env.access(),file); notInOrgW = csv.writer(false); notInOrgW.row(INFO,NOT_IN_ORG,Chrono.dateOnlyStamp(now),0); writerList.put(NOT_IN_ORG,notInOrgW); @@ -87,7 +87,7 @@ public class NotInOrg extends Batch { // These will have been double-checked by the Organization, and can be deleted immediately. String fn = NOT_IN_ORG+"Delete"; file = new File(logDir(),fn + sdate +CSV); - CSV csvDelete = new CSV(file); + CSV csvDelete = new CSV(env.access(),file); notInOrgDeleteW = csvDelete.writer(false); notInOrgDeleteW.row(INFO,fn,Chrono.dateOnlyStamp(now),0); writerList.put(NOT_IN_ORG,notInOrgW); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java index 547b657f..f8d98882 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java @@ -120,7 +120,7 @@ public class Notify extends Batch { try { for(File f : notifyFile) { - CSV csv = new CSV(f); + CSV csv = new CSV(env.access(),f); try { csv.visit(new CSV.Visitor() { @Override diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NsRoleUserReport.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NsRoleUserReport.java index 1a7d7740..fcdc6631 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NsRoleUserReport.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NsRoleUserReport.java @@ -68,7 +68,7 @@ public class NsRoleUserReport extends Batch { now = new Date(); String sdate = Chrono.dateOnlyStamp(now); File file = new File(logDir(),REPORT + sdate +CSV); - CSV csv = new CSV(file); + CSV csv = new CSV(env.access(),file); report = csv.writer(false); theMap = new TreeMap<>(); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Approvals.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Approvals.java new file mode 100644 index 00000000..341a072e --- /dev/null +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Approvals.java @@ -0,0 +1,207 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.auth.batch.update; + +import java.io.File; +import java.io.IOException; +import java.util.ArrayList; +import java.util.GregorianCalendar; +import java.util.List; + +import org.onap.aaf.auth.batch.Batch; +import org.onap.aaf.auth.batch.BatchPrincipal; +import org.onap.aaf.auth.batch.approvalsets.ApprovalSet; +import org.onap.aaf.auth.batch.approvalsets.URApprovalSet; +import org.onap.aaf.auth.batch.helpers.Approval; +import org.onap.aaf.auth.batch.helpers.BatchDataView; +import org.onap.aaf.auth.batch.helpers.Future; +import org.onap.aaf.auth.batch.helpers.NS; +import org.onap.aaf.auth.batch.helpers.Role; +import org.onap.aaf.auth.batch.helpers.UserRole; +import org.onap.aaf.auth.dao.cass.UserRoleDAO; +import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.layer.Result; +import org.onap.aaf.auth.org.OrganizationException; +import org.onap.aaf.cadi.CadiException; +import org.onap.aaf.cadi.util.CSV; +import org.onap.aaf.misc.env.APIException; +import org.onap.aaf.misc.env.util.Chrono; + +public class Approvals extends Batch { + private final AuthzTrans noAvg; + private BatchDataView dataview; + + public Approvals(AuthzTrans trans) throws APIException, IOException, OrganizationException { + super(trans.env()); + + noAvg = env.newTransNoAvg(); + noAvg.setUser(new BatchPrincipal("batch:Approvals")); + + dataview = new BatchDataView(noAvg,cluster,dryRun); + + session = dataview.getSession(trans); + + Approval.load(trans, session, Approval.v2_0_17); + Future.load(trans, session, Future.v2_0_17); + Role.load(trans, session); + NS.load(trans, session, NS.v2_0_11); + UserRole.load(trans, session, UserRole.v2_0_11); + } + + @Override + protected void run(AuthzTrans trans) { + // Create Intermediate Output + final GregorianCalendar now = new GregorianCalendar(); + + List<File> approveFiles = new ArrayList<>(); + if(args().length>0) { + for(int i=0;i<args().length;++i) { + approveFiles.add(new File(logDir(), args()[i])); + } + } else { + approveFiles.add(new File(logDir(),"OneMonth"+Chrono.dateOnlyStamp()+".csv")); + } + + for(File f : approveFiles) { + trans.init().log("Processing File:",f.getAbsolutePath()); + } + +// GregorianCalendar gc = new GregorianCalendar(); +// Date now = gc.getTime(); +// String today = Chrono.dateOnlyStamp(now); + for(File f : approveFiles) { + trans.info().log("Processing ",f.getAbsolutePath(),"for Approvals"); + if(f.exists()) { + CSV approveCSV = new CSV(env.access(),f).processAll(); + try { + approveCSV.visit(row -> { + switch(row.get(0)) { + case "ur": + UserRoleDAO.Data urdd = UserRole.row(row); + List<Approval> apvs = Approval.byUser.get(urdd.user); + + System.out.println(row); + if(apvs==null) { + // Create an Approval + ApprovalSet uras = new URApprovalSet(noAvg, now, dataview, () -> { + return urdd; + }); + Result<Void> rw = uras.write(noAvg); + if(rw.notOK()) { + System.out.println(rw.errorString()); + } + } else { + // Check that Existing Approval is still valid + for(Approval a : apvs) { + Future ticket = Future.data.get(a.add.ticket); + if(ticket==null) { + // Orphaned Approval - delete + } else { + + } + } + } + break; + default: + System.out.println(row); + //noAvg.debug().printf("Ignoring %s",type); + } + }); + } catch (IOException | CadiException e) { + e.printStackTrace(); + // .... but continue with next row + } + + /* + List<Approval> pending = new ArrayList<>(); + boolean isOwner,isSupervisor; + for (Entry<String, List<Approval>> es : Approval.byApprover.entrySet()) { + isOwner = isSupervisor = false; + String approver = es.getKey(); + if (approver.indexOf('@')<0) { + approver += org.getRealm(); + } + Date latestNotify=null, soonestExpire=null; + GregorianCalendar latest=new GregorianCalendar(); + GregorianCalendar soonest=new GregorianCalendar(); + pending.clear(); + + for (Approval app : es.getValue()) { + Future f = app.getTicket()==null?null:Future.data.get(app.getTicket()); + if (f==null) { // only Ticketed Approvals are valid.. the others are records. + // Approvals without Tickets are no longer valid. + if ("pending".equals(app.getStatus())) { + app.setStatus("lapsed"); + app.update(noAvg,apprDAO,dryRun); // obeys dryRun + } + } else { + if ((soonestExpire==null && f.expires()!=null) || (soonestExpire!=null && f.expires()!=null && soonestExpire.before(f.expires()))) { + soonestExpire=f.expires(); + } + + if ("pending".equals(app.getStatus())) { + if (!isOwner) { + isOwner = "owner".equals(app.getType()); + } + if (!isSupervisor) { + isSupervisor = "supervisor".equals(app.getType()); + } + + if ((latestNotify==null && app.getLast_notified()!=null) ||(latestNotify!=null && app.getLast_notified()!=null && latestNotify.before(app.getLast_notified()))) { + latestNotify=app.getLast_notified(); + } + pending.add(app); + } + } + } + + if (!pending.isEmpty()) { + boolean go = false; + if (latestNotify==null) { // never notified... make it so + go=true; + } else { + if (!today.equals(Chrono.dateOnlyStamp(latest))) { // already notified today + latest.setTime(latestNotify); + soonest.setTime(soonestExpire); + int year; + int days = soonest.get(GregorianCalendar.DAY_OF_YEAR)-latest.get(GregorianCalendar.DAY_OF_YEAR); + days+=((year=soonest.get(GregorianCalendar.YEAR))-latest.get(GregorianCalendar.YEAR))*365 + + (soonest.isLeapYear(year)?1:0); + if (days<7) { // If Expirations get within a Week (or expired), notify everytime. + go = true; + } + } + } + } + */ + } + } + } + + @Override + protected void _close(AuthzTrans trans) { + if(session!=null) { + session.close(); + session = null; + } + } +} diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyCredExpiring.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyCredExpiring.java index 4288b2e7..ab563fe8 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyCredExpiring.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyCredExpiring.java @@ -70,7 +70,7 @@ public class NotifyCredExpiring extends Batch { private CSV csv; private CSVInfo csvInfo; - public NotifyCredExpiring(AuthzTrans trans) throws APIException, IOException, OrganizationException { + public NotifyCredExpiring(AuthzTrans trans) throws APIException, IOException, OrganizationException, CadiException { super(trans.env()); TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE); try { @@ -106,7 +106,7 @@ public class NotifyCredExpiring extends Batch { } else { File f = new File(logDir(),args()[0]); System.out.println("Reading " + f.getCanonicalPath()); - csv = new CSV(f); + csv = new CSV(env.access(),f); } if(args().length<2) { @@ -118,11 +118,7 @@ public class NotifyCredExpiring extends Batch { } csvInfo = new CSVInfo(System.err); - try { - csv.visit(csvInfo); - } catch (CadiException e) { - throw new APIException(e); - } + csv.visit(csvInfo); Notification.load(trans, session, Notification.v2_0_18); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java index f2425f4a..bcc8591a 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java @@ -31,8 +31,10 @@ import java.util.List; import org.onap.aaf.auth.batch.Batch; import org.onap.aaf.auth.batch.BatchPrincipal; +import org.onap.aaf.auth.batch.helpers.Approval; import org.onap.aaf.auth.batch.helpers.CQLBatch; import org.onap.aaf.auth.batch.helpers.Cred; +import org.onap.aaf.auth.batch.helpers.Future; import org.onap.aaf.auth.batch.helpers.UserRole; import org.onap.aaf.auth.batch.helpers.X509; import org.onap.aaf.auth.dao.CassAccess; @@ -116,7 +118,7 @@ public class Remove extends Batch { for(File f : remove) { trans.info().log("Processing ",f.getAbsolutePath(),"for Deletions"); if(f.exists()) { - CSV removeCSV = new CSV(f); + CSV removeCSV = new CSV(env.access(),f); try { final StringBuilder sb = cqlBatch.begin(); @@ -140,6 +142,7 @@ public class Remove extends Batch { case "NotInOrgDelete": memoFmt.set("Identity %s was removed from %s on %s"); break; + } break; case "ur": @@ -175,6 +178,16 @@ public class Remove extends Batch { hdd.memo=X509.histMemo(memoFmt.get(),row); historyDAO.createBatch(sb, hdd); break; + case "future": + // Not cached + hi.set(++i); + Future.deleteByIDBatch(sb,row.get(1)); + break; + case "approval": + // Not cached + hi.set(++i); + Approval.deleteByIDBatch(sb,row.get(1)); + break; } } }); |