summaryrefslogtreecommitdiffstats
path: root/auth/auth-batch
diff options
context:
space:
mode:
Diffstat (limited to 'auth/auth-batch')
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/ApprovalAdd.java59
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/FutureAdd.java59
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/NSDescUpdate.java2
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/PermModify.java2
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleCreate.java11
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleDelete.java6
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleModify.java20
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/URFutureApproveExec.java2
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java96
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/DataView.java68
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java27
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java125
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Approval.java43
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java126
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/ExpireRange.java9
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Future.java47
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/NS.java29
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Role.java28
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java12
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java71
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java4
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java2
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NsRoleUserReport.java2
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Approvals.java207
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyCredExpiring.java10
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java15
26 files changed, 977 insertions, 105 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/ApprovalAdd.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/ApprovalAdd.java
new file mode 100644
index 00000000..f31de565
--- /dev/null
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/ApprovalAdd.java
@@ -0,0 +1,59 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.auth.batch.actions;
+
+import java.io.IOException;
+
+import org.onap.aaf.auth.batch.helpers.Approval;
+import org.onap.aaf.auth.dao.cass.ApprovalDAO;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.layer.Result;
+import org.onap.aaf.misc.env.APIException;
+
+import com.datastax.driver.core.Cluster;
+
+public class ApprovalAdd extends ActionDAO<Approval,ApprovalDAO.Data,String> {
+ public ApprovalAdd(AuthzTrans trans, Cluster cluster, boolean dryRun) throws APIException, IOException {
+ super(trans, cluster,dryRun);
+ }
+
+ public ApprovalAdd(AuthzTrans trans, ActionDAO<?,?,?> adao) {
+ super(trans, adao);
+ }
+
+ @Override
+ public Result<ApprovalDAO.Data> exec(AuthzTrans trans, Approval app, String text) {
+ return exec(trans,app.add,text);
+ }
+
+ public Result<ApprovalDAO.Data> exec(AuthzTrans trans, ApprovalDAO.Data add, String text) {
+ if (dryRun) {
+ trans.info().log("Would Add:",text,add.approver,add.memo);
+ return Result.ok(add);
+ } else {
+ Result<ApprovalDAO.Data> rv = q.approvalDAO.create(trans, add);
+ trans.info().log("Added:",text,add.approver,add.memo);
+ return rv;
+ }
+ }
+
+} \ No newline at end of file
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/FutureAdd.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/FutureAdd.java
new file mode 100644
index 00000000..29a500c7
--- /dev/null
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/FutureAdd.java
@@ -0,0 +1,59 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.auth.batch.actions;
+
+import java.io.IOException;
+
+import org.onap.aaf.auth.batch.helpers.Future;
+import org.onap.aaf.auth.dao.cass.FutureDAO;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.layer.Result;
+import org.onap.aaf.misc.env.APIException;
+
+import com.datastax.driver.core.Cluster;
+
+public class FutureAdd extends ActionDAO<Future,FutureDAO.Data,String> {
+ public FutureAdd(AuthzTrans trans, Cluster cluster, boolean dryRun) throws APIException, IOException {
+ super(trans, cluster,dryRun);
+ }
+
+ public FutureAdd(AuthzTrans trans, ActionDAO<?,?,?> adao) {
+ super(trans, adao);
+ }
+
+ @Override
+ public Result<FutureDAO.Data> exec(AuthzTrans trans, Future f, String text) {
+ return exec(trans,f.fdd,text);
+ }
+
+ public Result<FutureDAO.Data> exec(AuthzTrans trans, FutureDAO.Data fdd, String text) {
+ if (dryRun) {
+ trans.info().log("Would Add:",text,fdd.id, fdd.memo);
+ return Result.ok(fdd);
+ } else {
+ Result<FutureDAO.Data> rv = q.futureDAO.create(trans, fdd);
+ trans.info().log("Added:",text,fdd.id, fdd.memo);
+ return rv;
+ }
+ }
+
+} \ No newline at end of file
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/NSDescUpdate.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/NSDescUpdate.java
index 2542e045..78e835b3 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/NSDescUpdate.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/NSDescUpdate.java
@@ -45,7 +45,7 @@ public class NSDescUpdate extends ActionDAO<NS,Void,String> {
trans.info().printf("Would Update '%s' Description to '%s'",ns,desc);
return Result.ok();
} else {
- Result<Void> rv = q.nsDAO.dao().addDescription(trans, ns.name, desc);
+ Result<Void> rv = q.nsDAO.dao().addDescription(trans, ns.ndd.name, desc);
if (rv.isOK()) {
trans.info().printf("Updated '%s' Description to '%s'",ns,desc);
} else {
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/PermModify.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/PermModify.java
index 4b76baf5..58dd6fbf 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/PermModify.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/PermModify.java
@@ -76,7 +76,7 @@ public class PermModify extends ActionDAO<Perm,PermDAO.Data,PermModify.Modify> {
} else {
for (String r : d.roles) {
Role role = Role.keys.get(r);
- if (role.perms.contains(p.encode())) {
+ if (role.rdd.perms.contains(p.encode())) {
modify.roleModify().exec(trans, role, new RoleModify.Modify() {
@Override
public PermModify permModify() {
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleCreate.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleCreate.java
index 512d4a31..729d5c10 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleCreate.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleCreate.java
@@ -24,7 +24,6 @@ package org.onap.aaf.auth.batch.actions;
import java.io.IOException;
import org.onap.aaf.auth.batch.helpers.Role;
-import org.onap.aaf.auth.dao.cass.RoleDAO;
import org.onap.aaf.auth.dao.cass.RoleDAO.Data;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.layer.Result;
@@ -43,17 +42,11 @@ public class RoleCreate extends ActionDAO<Role,Data,String> {
@Override
public Result<Data> exec(AuthzTrans trans, Role r,String text) {
- RoleDAO.Data rdd = new RoleDAO.Data();
- rdd.ns = r.ns;
- rdd.name = r.name;
- rdd.description = r.description;
- rdd.perms = r.perms;
-
if (dryRun) {
trans.info().log("Would Create Role:",text,r.fullName());
- return Result.ok(rdd);
+ return Result.ok(r.rdd);
} else {
- Result<Data> rv = q.roleDAO.create(trans, rdd); // need to read for undelete
+ Result<Data> rv = q.roleDAO.create(trans, r.rdd); // need to read for undelete
if (rv.isOK()) {
trans.info().log("Created Role:",text,r.fullName());
} else {
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleDelete.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleDelete.java
index 3e109b2b..edaae0fe 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleDelete.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleDelete.java
@@ -24,7 +24,6 @@ package org.onap.aaf.auth.batch.actions;
import java.io.IOException;
import org.onap.aaf.auth.batch.helpers.Role;
-import org.onap.aaf.auth.dao.cass.RoleDAO;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.layer.Result;
import org.onap.aaf.misc.env.APIException;
@@ -46,10 +45,7 @@ public class RoleDelete extends ActionDAO<Role,Void,String> {
trans.info().log("Would Delete Role:",text,r.fullName());
return Result.ok();
} else {
- RoleDAO.Data rdd = new RoleDAO.Data();
- rdd.ns = r.ns;
- rdd.name = r.name;
- Result<Void> rv = q.roleDAO.delete(trans, rdd, true); // need to read for undelete
+ Result<Void> rv = q.roleDAO.delete(trans, r.rdd, true); // need to read for undelete
if (rv.isOK()) {
trans.info().log("Deleted Role:",text,r.fullName());
} else {
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleModify.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleModify.java
index 388e6692..e00c08c3 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleModify.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/RoleModify.java
@@ -47,7 +47,7 @@ public class RoleModify extends ActionDAO<Role,RoleDAO.Data,RoleModify.Modify> {
@Override
public Result<RoleDAO.Data> exec(final AuthzTrans trans, final Role r,final RoleModify.Modify modify) {
- Result<List<Data>> rr = q.roleDAO.read(trans, r.ns,r.name);
+ Result<List<Data>> rr = q.roleDAO.read(trans, r.rdd.ns,r.rdd.name);
if (dryRun) {
if (rr.isOKhasData()) {
return Result.ok(rr.value.get(0));
@@ -59,18 +59,18 @@ public class RoleModify extends ActionDAO<Role,RoleDAO.Data,RoleModify.Modify> {
if (rr.isOKhasData()) {
for (final Data d : rr.value) {
modify.change(d);
- if (d.ns.equals(r.ns) && d.name.equals(r.name)) {
+ if (d.ns.equals(r.rdd.ns) && d.name.equals(r.rdd.name)) {
// update for fields
// In either case, adjust Roles
for (String p : d.perms) {
- if (!r.perms.contains(p)) {
+ if (!r.rdd.perms.contains(p)) {
Result<PermDAO.Data> rpdd = PermDAO.Data.decode(trans, q, p);
if (rpdd.isOKhasData()) {
q.roleDAO.dao().addPerm(trans, d, rpdd.value);
}
}
}
- for (String p : r.perms) {
+ for (String p : r.rdd.perms) {
if (!d.perms.contains(p)) {
Result<PermDAO.Data> rpdd = PermDAO.Data.decode(trans, q, p);
if (rpdd.isOKhasData()) {
@@ -113,11 +113,8 @@ public class RoleModify extends ActionDAO<Role,RoleDAO.Data,RoleModify.Modify> {
rv = q.roleDAO.create(trans, d);
}
if (rv.isOK()) {
- trans.info().printf("Updating %s|%s to %s|%s", r.ns, r.name, d.ns, d.name);
- RoleDAO.Data rmme = new RoleDAO.Data();
- rmme.ns=r.ns;
- rmme.name=r.name;
- q.roleDAO.delete(trans, rmme, false);
+ trans.info().printf("Updating %s|%s to %s|%s", r.rdd.ns, r.rdd.name, d.ns, d.name);
+ q.roleDAO.delete(trans, r.rdd, false);
} else {
trans.info().log(rv.errorString());
@@ -143,10 +140,7 @@ public class RoleModify extends ActionDAO<Role,RoleDAO.Data,RoleModify.Modify> {
if (dryRun) {
return Result.ok();
} else {
- RoleDAO.Data data = new RoleDAO.Data();
- data.ns=r.ns;
- data.name = r.name;
- return q.roleDAO.delete(trans,data,false);
+ return q.roleDAO.delete(trans,r.rdd,false);
}
}
} \ No newline at end of file
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/URFutureApproveExec.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/URFutureApproveExec.java
index 6636f458..9c44a62a 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/URFutureApproveExec.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/actions/URFutureApproveExec.java
@@ -30,9 +30,7 @@ import org.onap.aaf.auth.batch.helpers.Future;
import org.onap.aaf.auth.batch.helpers.UserRole;
import org.onap.aaf.auth.dao.cass.ApprovalDAO;
import org.onap.aaf.auth.dao.cass.UserRoleDAO;
-import org.onap.aaf.auth.dao.cass.ApprovalDAO.Data;
import org.onap.aaf.auth.dao.hl.Function.FUTURE_OP;
-import org.onap.aaf.auth.dao.hl.Function.Lookup;
import org.onap.aaf.auth.dao.hl.Function.OP_STATUS;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.layer.Result;
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java
new file mode 100644
index 00000000..eeeef15f
--- /dev/null
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/ApprovalSet.java
@@ -0,0 +1,96 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+package org.onap.aaf.auth.batch.approvalsets;
+
+import java.nio.ByteBuffer;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.util.ArrayList;
+import java.util.GregorianCalendar;
+import java.util.List;
+import java.util.UUID;
+
+import org.onap.aaf.auth.dao.cass.ApprovalDAO;
+import org.onap.aaf.auth.dao.cass.FutureDAO;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.layer.Result;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.misc.env.util.Chrono;
+
+public class ApprovalSet {
+ private DataView dataview;
+ protected FutureDAO.Data fdd;
+ protected List<ApprovalDAO.Data> ladd;
+
+ public ApprovalSet(final GregorianCalendar start, final String target, final DataView dv) throws CadiException {
+ dataview = dv;
+ fdd = new FutureDAO.Data();
+ try {
+ fdd.id = newID(target);
+ } catch (NoSuchAlgorithmException e) {
+ throw new CadiException(e);
+ }
+ fdd.target = target;
+ fdd.start = start.getTime();
+ ladd = new ArrayList<>();
+ }
+
+ protected UUID newID(String target) throws NoSuchAlgorithmException {
+ StringBuilder sb = new StringBuilder(new String(SecureRandom.getInstanceStrong().generateSeed(10)));
+ sb.append(target);
+ sb.append(System.currentTimeMillis());
+ return Chrono.dateToUUID(System.currentTimeMillis());
+ }
+
+ protected void setConstruct(final ByteBuffer bytes) {
+ fdd.construct = bytes;
+ }
+
+ protected void setMemo(final String memo) {
+ fdd.memo = memo;
+ }
+
+ protected void setExpires(final GregorianCalendar expires) {
+ fdd.expires = expires.getTime();
+ }
+
+ public Result<Void> write(AuthzTrans trans) {
+ StringBuilder errs = null;
+ Result<FutureDAO.Data> rf = dataview.write(trans, fdd);
+ if(rf.notOK()) {
+ errs = new StringBuilder();
+ errs.append(rf.errorString());
+ } else {
+ for(ApprovalDAO.Data add : ladd) {
+ Result<ApprovalDAO.Data> af = dataview.write(trans, add);
+ if(af.notOK()) {
+ if(errs==null) {
+ errs = new StringBuilder();
+ } else {
+ errs.append('\n');
+ }
+ errs.append(af.errorString());
+ }
+ }
+ }
+ return errs==null?Result.ok():Result.err(Result.ERR_Backend,errs.toString());
+ }
+} \ No newline at end of file
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/DataView.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/DataView.java
new file mode 100644
index 00000000..73e79832
--- /dev/null
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/DataView.java
@@ -0,0 +1,68 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+package org.onap.aaf.auth.batch.approvalsets;
+
+import java.util.List;
+
+import org.onap.aaf.auth.dao.cass.ApprovalDAO;
+import org.onap.aaf.auth.dao.cass.FutureDAO;
+import org.onap.aaf.auth.dao.cass.NsDAO;
+import org.onap.aaf.auth.dao.cass.RoleDAO;
+import org.onap.aaf.auth.dao.cass.UserRoleDAO;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.layer.Result;
+
+/**
+ * I have become convinced that Data for Apps is modeled by abstract access methods against multiple data
+ * sources. With the insistence of JUnits, it becomes much more paramount to create a model which can
+ * 1) be easily loaded from Disk "Test Data" without resorting to complex "mokito" schemes
+ * 2) tested in Memory
+ * 3) combined for REAL time by running Cached Memory
+ * 4) Streamable in
+ * a) Binary
+ * b) CSV
+ * c) JSON
+ * d) XML
+ * 5) persisted Globally through a store like Cassandra
+ *
+ * But in the end, it looks like:
+ * 1) Data Structures
+ * 2) Find the Data Structures by various means, accounting for
+ * a) Multiple Responses
+ * b) Errors from the deepest level, made available through the call stack
+ * 3)
+ *
+ * @author jonathan.gathman
+ *
+ */
+public interface DataView {
+ // Reads
+ public Result<NsDAO.Data> ns(final AuthzTrans trans, final String id);
+ public Result<RoleDAO.Data> roleByName(final AuthzTrans trans, final String name);
+ public Result<List<UserRoleDAO.Data>> ursByRole(final AuthzTrans trans, final String role);
+ public Result<List<UserRoleDAO.Data>> ursByUser(final AuthzTrans trans, final String user);
+
+ // Writes
+ public Result<ApprovalDAO.Data> write(final AuthzTrans trans, final ApprovalDAO.Data add);
+ public Result<FutureDAO.Data> write(final AuthzTrans trans, final FutureDAO.Data add);
+
+ // Deletes
+}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java
new file mode 100644
index 00000000..806599e0
--- /dev/null
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/Loader.java
@@ -0,0 +1,27 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+package org.onap.aaf.auth.batch.approvalsets;
+
+import org.onap.aaf.cadi.CadiException;
+
+public interface Loader<T> {
+ public T load() throws CadiException;
+}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java
new file mode 100644
index 00000000..b6767d4a
--- /dev/null
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java
@@ -0,0 +1,125 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+package org.onap.aaf.auth.batch.approvalsets;
+
+import java.io.IOException;
+import java.util.GregorianCalendar;
+import java.util.List;
+
+import org.onap.aaf.auth.dao.cass.ApprovalDAO;
+import org.onap.aaf.auth.dao.cass.NsDAO;
+import org.onap.aaf.auth.dao.cass.RoleDAO;
+import org.onap.aaf.auth.dao.cass.UserRoleDAO;
+import org.onap.aaf.auth.dao.cass.UserRoleDAO.Data;
+import org.onap.aaf.auth.dao.hl.Function.FUTURE_OP;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.layer.Result;
+import org.onap.aaf.auth.org.Organization;
+import org.onap.aaf.auth.org.Organization.Identity;
+import org.onap.aaf.auth.org.OrganizationException;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.misc.env.util.Chrono;
+
+public class URApprovalSet extends ApprovalSet {
+ public static final String EXTEND_STRING = "Extend access of User [%s] to Role [%s] - Expires %s";
+
+ public URApprovalSet(final AuthzTrans trans, final GregorianCalendar start, final DataView dv, final Loader<UserRoleDAO.Data> lurdd) throws IOException, CadiException {
+ super(start, "user_role", dv);
+ Organization org = trans.org();
+ UserRoleDAO.Data urdd = lurdd.load();
+ setConstruct(urdd.bytify());
+ setMemo(String.format(EXTEND_STRING,urdd.user,urdd.role,Chrono.dateOnlyStamp(urdd.expires)));
+ setExpires(org.expiration(null, Organization.Expiration.UserInRole));
+
+ Result<RoleDAO.Data> r = dv.roleByName(trans, urdd.role);
+ if(r.notOKorIsEmpty()) {
+ throw new CadiException(String.format("Role '%s' does not exist: %s", urdd.role, r.details));
+ }
+ Result<NsDAO.Data> n = dv.ns(trans, urdd.ns);
+ if(n.notOKorIsEmpty()) {
+ throw new CadiException(String.format("Namespace '%s' does not exist: %s", urdd.ns));
+ }
+ UserRoleDAO.Data found = null;
+ Result<List<Data>> lur = dv.ursByRole(trans, urdd.role);
+ if(lur.isOK()) {
+ for(UserRoleDAO.Data ur : lur.value) {
+ if(urdd.user.equals(ur.user)) {
+ found = ur;
+ break;
+ }
+ }
+ }
+ if(found==null) {
+ throw new CadiException(String.format("User '%s' in Role '%s' does not exist: %s", urdd.user,urdd.role));
+ }
+
+ // Primarily, Owners are responsible, unless it's owned by self
+ boolean isOwner = false;
+ Result<List<UserRoleDAO.Data>> owners = dv.ursByRole(trans, urdd.ns+".owner");
+ if(owners.isOK()) {
+ for(UserRoleDAO.Data owner : owners.value) {
+ if(urdd.user.equals(owner.user)) {
+ isOwner = true;
+ } else {
+ ApprovalDAO.Data add = newApproval(urdd);
+ add.approver = owner.user;
+ add.type="owner";
+ ladd.add(add);
+ }
+ }
+ }
+
+ if(isOwner) {
+ try {
+ List<Identity> apprs = org.getApprovers(trans, urdd.user);
+ if(apprs!=null) {
+ for(Identity i : apprs) {
+ ApprovalDAO.Data add = newApproval(urdd);
+ Identity reportsTo = i.responsibleTo();
+ if(reportsTo!=null) {
+ add.approver = reportsTo.fullID();
+ } else {
+ throw new CadiException("No Supervisor for '" + urdd.user + '\'');
+ }
+ add.type = org.getApproverType();
+ ladd.add(add);
+ }
+ }
+ } catch (OrganizationException e) {
+ throw new CadiException(e);
+ }
+ }
+ }
+
+ private ApprovalDAO.Data newApproval(Data urdd) throws CadiException {
+ ApprovalDAO.Data add = new ApprovalDAO.Data();
+ add.id = Chrono.dateToUUID(System.currentTimeMillis());
+ add.ticket = fdd.id;
+ add.user = urdd.user;
+ add.operation = FUTURE_OP.A.name();
+ add.status = ApprovalDAO.PENDING;
+ add.memo = String.format("Re-Validate as Owner for AAF Namespace '%s' - expiring %s', ",
+ urdd.ns,
+ Chrono.dateOnlyStamp(urdd.expires));
+ return add;
+ }
+
+}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Approval.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Approval.java
index fb3aefbe..acaf0d58 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Approval.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Approval.java
@@ -23,6 +23,7 @@ package org.onap.aaf.auth.batch.helpers;
import java.util.ArrayList;
import java.util.Date;
+import java.util.Iterator;
import java.util.List;
import java.util.TreeMap;
import java.util.UUID;
@@ -30,6 +31,7 @@ import java.util.UUID;
import org.onap.aaf.auth.dao.cass.ApprovalDAO;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.layer.Result;
+import org.onap.aaf.cadi.util.CSV;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
import org.onap.aaf.misc.env.Trans;
@@ -90,6 +92,41 @@ public class Approval implements CacheChange.Data {
return null;
}
+ public static void load(Trans trans, Session session, Creator<Approval> creator, Visitor<Approval> visitor) {
+ trans.info().log( "query: " + creator.select() );
+ TimeTaken tt = trans.start("Read Approval", Env.REMOTE);
+
+ ResultSet results;
+ try {
+ Statement stmt = new SimpleStatement( creator.select() );
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+
+ int count = 0;
+ try {
+ Iterator<Row> iter = results.iterator();
+ Row row;
+ tt = trans.start("Load X509s", Env.SUB);
+ try {
+ while (iter.hasNext()) {
+ ++count;
+ row = iter.next();
+ visitor.visit(creator.create(row));
+ }
+ } finally {
+ tt.done();
+ }
+ } finally {
+ trans.info().log("Found",count,"X509 Certificates");
+ }
+ }
+
+ public static void row(CSV.Writer cw, Approval app) {
+ cw.row("approval",app.add.id,app.add.ticket,app.add.user,app.role,app.add.memo);
+ }
+
public static void load(Trans trans, Session session, Creator<Approval> creator ) {
trans.info().log( "query: " + creator.select() );
TimeTaken tt = trans.start("Load Notify", Env.REMOTE);
@@ -306,4 +343,10 @@ public class Approval implements CacheChange.Data {
return cache.contains(a);
}
+ public static void deleteByIDBatch(StringBuilder sb, String id) {
+ sb.append("DELETE from authz.approval where id=");
+ sb.append(id);
+ sb.append(";\n");
+ }
+
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java
new file mode 100644
index 00000000..e934bda6
--- /dev/null
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/BatchDataView.java
@@ -0,0 +1,126 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+package org.onap.aaf.auth.batch.helpers;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.onap.aaf.auth.batch.actions.ApprovalAdd;
+import org.onap.aaf.auth.batch.actions.FutureAdd;
+import org.onap.aaf.auth.batch.approvalsets.DataView;
+import org.onap.aaf.auth.dao.cass.ApprovalDAO;
+import org.onap.aaf.auth.dao.cass.FutureDAO;
+import org.onap.aaf.auth.dao.cass.NsDAO;
+import org.onap.aaf.auth.dao.cass.RoleDAO;
+import org.onap.aaf.auth.dao.cass.UserRoleDAO;
+import org.onap.aaf.auth.dao.cass.UserRoleDAO.Data;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.layer.Result;
+import org.onap.aaf.misc.env.APIException;
+import org.onap.aaf.misc.env.TimeTaken;
+import org.onap.aaf.misc.env.Trans;
+
+import com.datastax.driver.core.Cluster;
+import com.datastax.driver.core.Session;
+
+public class BatchDataView implements DataView {
+ private FutureAdd futureAdd;
+ private ApprovalAdd approvalAdd;
+
+ public BatchDataView(final AuthzTrans trans, final Cluster cluster, final boolean dryRun ) throws APIException, IOException {
+ futureAdd = new FutureAdd(trans, cluster, dryRun);
+ approvalAdd = new ApprovalAdd(trans, futureAdd);
+ }
+
+ public Session getSession(AuthzTrans trans) throws APIException, IOException {
+ TimeTaken tt = trans.start("Get Session", Trans.SUB);
+ try {
+ return futureAdd.getSession(trans);
+ } finally {
+ tt.done();
+ }
+ }
+
+ public Result<NsDAO.Data> ns(AuthzTrans trans, String id) {
+ NS n;
+ TimeTaken tt = trans.start("Get NS by ID %s", Trans.SUB, id);
+ try {
+ n=NS.data.get(id);
+ } finally {
+ tt.done();
+ }
+
+ if(n==null || n.ndd==null) {
+ return Result.err(Result.ERR_Backend,"Namespace '%s' does not exist", id);
+ }
+ return Result.ok(n.ndd);
+ }
+
+
+ @Override
+ public Result<RoleDAO.Data> roleByName(AuthzTrans trans, String name) {
+ Role r = Role.byName.get(name);
+ if(r==null || r.rdd==null) {
+ return Result.err(Result.ERR_Backend,"Role '%s' does not exist", name);
+ }
+ return Result.ok(r.rdd);
+ }
+
+ @Override
+ public Result<List<UserRoleDAO.Data>> ursByRole(AuthzTrans trans, String role) {
+ List<UserRole> urs = UserRole.getByRole().get(role);
+ if(urs==null) {
+ return Result.err(Result.ERR_Backend, "UserRoles for Role '%s' does not exist", role);
+ }
+ return toLURDD(urs);
+ }
+
+ private Result<List<Data>> toLURDD(List<UserRole> urs) {
+ List<UserRoleDAO.Data> rv = new ArrayList<>();
+ if(urs!=null) {
+ for(UserRole ur : urs) {
+ rv.add(ur.urdd());
+ }
+ }
+ return Result.ok(rv);
+ }
+
+ @Override
+ public Result<List<UserRoleDAO.Data>> ursByUser(AuthzTrans trans, String user) {
+ List<UserRole> urs = UserRole.getByUser().get(user);
+ if(urs==null) {
+ return Result.err(Result.ERR_Backend, "UserRoles for User '%s' does not exist", user);
+ }
+ return toLURDD(urs);
+ }
+
+ @Override
+ public Result<FutureDAO.Data> write(AuthzTrans trans, FutureDAO.Data fdd) {
+ return futureAdd.exec(trans, fdd, null);
+ }
+
+ @Override
+ public Result<ApprovalDAO.Data> write(AuthzTrans trans, ApprovalDAO.Data add) {
+ return approvalAdd.exec(trans, add, null);
+ }
+
+}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/ExpireRange.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/ExpireRange.java
index c459dc66..b06cbce9 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/ExpireRange.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/ExpireRange.java
@@ -38,6 +38,7 @@ public class ExpireRange {
public Map<String,List<Range>> ranges;
public final Date now;
public String rangeOneMonth = "OneMonth";
+ private Range delRange;
public ExpireRange(final Access access) {
now = new Date();
@@ -49,10 +50,10 @@ public class ExpireRange {
List<Range> lur = getRangeList("ur");
List<Range> lx509 = getRangeList("x509");
- Range del = new Range("Delete",0,0,-1,0,GregorianCalendar.WEEK_OF_MONTH,-2);
- lur.add(del);
- lcred.add(del);
- lx509.add(del);
+ delRange = new Range("Delete",0,0,-1,0,GregorianCalendar.WEEK_OF_MONTH,-2);
+ lur.add(delRange);
+ lcred.add(delRange);
+ lx509.add(delRange);
lcred.add(new Range("CredOneWeek",3,1,0,0,GregorianCalendar.WEEK_OF_MONTH,1));
lcred.add(new Range("CredTwoWeek",2,1,GregorianCalendar.WEEK_OF_MONTH,1,GregorianCalendar.WEEK_OF_MONTH,2));
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Future.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Future.java
index d9ee272d..13f81938 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Future.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Future.java
@@ -34,6 +34,7 @@ import java.util.UUID;
import org.onap.aaf.auth.dao.cass.FutureDAO;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.layer.Result;
+import org.onap.aaf.cadi.util.CSV;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
import org.onap.aaf.misc.env.Trans;
@@ -111,8 +112,27 @@ public class Future implements CacheChange.Data, Comparable<Future> {
public final Date expires() {
return fdd.expires;
}
-
+
public static void load(Trans trans, Session session, Creator<Future> creator) {
+ load(trans,session,creator, new Visitor<Future>() {
+ @Override
+ public void visit(Future f) {
+ data.put(f.fdd.id,f);
+ if (f.role==null) {
+ return;
+ }
+ List<Future> lf = byRole.get(f.role);
+ if (lf==null) {
+ lf = new ArrayList<>();
+ byRole.put(f.role,lf);
+ }
+ lf.add(f);
+ }
+ });
+ }
+
+
+ public static void load(Trans trans, Session session, Creator<Future> creator, Visitor<Future> visitor) {
trans.info().log( "query: " + creator.select() );
ResultSet results;
TimeTaken tt = trans.start("Load Futures", Env.REMOTE);
@@ -127,19 +147,8 @@ public class Future implements CacheChange.Data, Comparable<Future> {
tt = trans.start("Process Futures", Env.SUB);
try {
for (Row row : results.all()) {
- ++count;
- Future f = creator.create(row);
- data.put(f.fdd.id,f);
- if (f.role==null) {
- continue;
- }
- List<Future> lf = byRole.get(f.role);
- if (lf==null) {
- lf = new ArrayList<>();
- byRole.put(f.role,lf);
- }
- lf.add(f);
-
+ ++count;
+ visitor.visit(creator.create(row));
}
} finally {
tt.done();
@@ -199,6 +208,16 @@ public class Future implements CacheChange.Data, Comparable<Future> {
public static boolean pendingDelete(Future f) {
return cache.contains(f);
}
+
+ public static void row(CSV.Writer cw, Future f) {
+ cw.row("future",f.fdd.id,f.fdd.target,f.fdd.expires,f.role,f.fdd.memo);
+ }
+
+ public static void deleteByIDBatch(StringBuilder sb, String id) {
+ sb.append("DELETE from authz.future where id=");
+ sb.append(id);
+ sb.append(";\n");
+ }
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/NS.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/NS.java
index cad1c124..55fe22ce 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/NS.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/NS.java
@@ -27,6 +27,7 @@ import java.util.Iterator;
import java.util.Map;
import java.util.TreeMap;
+import org.onap.aaf.auth.dao.cass.NsDAO;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
import org.onap.aaf.misc.env.Trans;
@@ -40,11 +41,7 @@ import com.datastax.driver.core.Statement;
public class NS implements Comparable<NS> {
public static final Map<String,NS> data = new TreeMap<>();
- public final String name;
- public final String description;
- public final String parent;
- public final int scope;
- public final int type;
+ public NsDAO.Data ndd;
public static Creator<NS> v2_0_11 = new Creator<NS> () {
@Override
@@ -59,11 +56,12 @@ public class NS implements Comparable<NS> {
};
public NS(String name, String description, String parent, int type, int scope) {
- this.name = name;
- this.description = description;
- this.parent = parent;
- this.scope = scope;
- this.type = type;
+ ndd = new NsDAO.Data();
+ ndd.name = name;
+ ndd.description = description;
+ ndd.parent = parent;
+ ndd.type = type;
+ // ndd.attrib =
}
public static void load(Trans trans, Session session, Creator<NS> creator) {
@@ -101,7 +99,7 @@ public class NS implements Comparable<NS> {
while (iter.hasNext()) {
row = iter.next();
NS ns = creator.create(row);
- data.put(ns.name,ns);
+ data.put(ns.ndd.name,ns);
}
} finally {
tt.done();
@@ -127,7 +125,7 @@ public class NS implements Comparable<NS> {
}
public String toString() {
- return name;
+ return ndd.name;
}
/* (non-Javadoc)
@@ -135,7 +133,7 @@ public class NS implements Comparable<NS> {
*/
@Override
public int hashCode() {
- return name.hashCode();
+ return ndd.name.hashCode();
}
/* (non-Javadoc)
@@ -143,12 +141,12 @@ public class NS implements Comparable<NS> {
*/
@Override
public boolean equals(Object obj) {
- return name.equals(obj);
+ return ndd.name.equals(obj);
}
@Override
public int compareTo(NS o) {
- return name.compareTo(o.name);
+ return ndd.name.compareTo(o.ndd.name);
}
public static class NSSplit {
@@ -171,5 +169,4 @@ public class NS implements Comparable<NS> {
return null;
}
-
} \ No newline at end of file
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Role.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Role.java
index 6d87dedc..ea735d2a 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Role.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Role.java
@@ -30,6 +30,7 @@ import java.util.List;
import java.util.Set;
import java.util.TreeMap;
+import org.onap.aaf.auth.dao.cass.RoleDAO;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
import org.onap.aaf.misc.env.Trans;
@@ -46,38 +47,39 @@ public class Role implements Comparable<Role> {
public static final TreeMap<String,Role> byName = new TreeMap<>();
private static List<Role> deleteRoles = new ArrayList<>();
- public final String ns;
- public final String name;
- public final String description;
+ public RoleDAO.Data rdd;
private String full;
private String encode;
- public final Set<String> perms;
public Role(String full) {
- ns = name = description = "";
+ rdd = new RoleDAO.Data();
+ rdd.ns = "";
+ rdd.name = "";
+ rdd.description = "";
+ rdd.perms = new HashSet<>();
this.full = full;
- perms = new HashSet<>();
}
public Role(String ns, String name, String description,Set<String> perms) {
- this.ns = ns;
- this.name = name;
- this.description = description;
+ rdd = new RoleDAO.Data();
+ rdd.ns = ns;
+ rdd.name = name;
+ rdd.description = description;
+ rdd.perms = perms;
this.full = null;
this.encode = null;
- this.perms = perms;
}
public String encode() {
if (encode==null) {
- encode = ns + '|' + name;
+ encode = rdd.ns + '|' + rdd.name;
}
return encode;
}
public String fullName() {
if (full==null) {
- full = ns + '.' + name;
+ full = rdd.ns + '.' + rdd.name;
}
return full;
}
@@ -111,7 +113,7 @@ public class Role implements Comparable<Role> {
row = iter.next();
Role rk =new Role(row.getString(0),row.getString(1), row.getString(2),row.getSet(3,String.class));
keys.put(rk.encode(), rk);
- data.put(rk,rk.perms);
+ data.put(rk,rk.rdd.perms);
byName.put(rk.fullName(), rk);
}
} finally {
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java
index bea3b5ec..0b6eb7b1 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/UserRole.java
@@ -312,7 +312,17 @@ public class UserRole implements Cloneable, CacheChange.Data {
csvw.row("ur",user(),ns(),rname(),Chrono.dateOnlyStamp(expires()),expires().getTime());
}
- public static void batchDelete(StringBuilder sb, List<String> row) {
+ public static Data row(List<String> row) {
+ Data data = new Data();
+ data.user = row.get(1);
+ data.ns = row.get(2);
+ data.rname = row.get(3);
+ data.role = data.ns + '.' + data.rname;
+ data.expires = new Date(Long.parseLong(row.get(5)));
+ return data;
+ }
+
+ public static void batchDelete(StringBuilder sb, List<String> row) {
sb.append("DELETE from authz.user_role WHERE user='");
sb.append(row.get(1));
sb.append("' AND role='");
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java
index 11eacd4e..979bcd50 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java
@@ -36,15 +36,17 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
+import java.util.UUID;
import org.onap.aaf.auth.batch.Batch;
+import org.onap.aaf.auth.batch.helpers.Approval;
import org.onap.aaf.auth.batch.helpers.Cred;
+import org.onap.aaf.auth.batch.helpers.Cred.Instance;
import org.onap.aaf.auth.batch.helpers.ExpireRange;
+import org.onap.aaf.auth.batch.helpers.ExpireRange.Range;
+import org.onap.aaf.auth.batch.helpers.Future;
import org.onap.aaf.auth.batch.helpers.UserRole;
-import org.onap.aaf.auth.batch.helpers.Visitor;
import org.onap.aaf.auth.batch.helpers.X509;
-import org.onap.aaf.auth.batch.helpers.Cred.Instance;
-import org.onap.aaf.auth.batch.helpers.ExpireRange.Range;
import org.onap.aaf.auth.dao.cass.CredDAO;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.org.OrganizationException;
@@ -65,6 +67,7 @@ public class Expiring extends Batch {
private Map<String, CSV.Writer> writerList;
private ExpireRange expireRange;
private Date deleteDate;
+ private CSV.Writer deleteCW;
public Expiring(AuthzTrans trans) throws APIException, IOException, OrganizationException {
super(trans.env());
@@ -93,18 +96,19 @@ public class Expiring extends Batch {
for(Range r : lr ) {
if(writerList.get(r.name())==null) {
File file = new File(logDir(),r.name() + sdate +CSV);
- CSV csv = new CSV(file);
+ CSV csv = new CSV(env.access(),file);
CSV.Writer cw = csv.writer(false);
cw.row(INFO,r.name(),Chrono.dateOnlyStamp(expireRange.now),r.reportingLevel());
writerList.put(r.name(),cw);
if("Delete".equals(r.name())) {
deleteDate = r.getEnd();
+ deleteCW = cw;
}
trans.init().log("Creating File:",file.getAbsolutePath());
}
}
}
-
+ Approval.load(trans, session, Approval.v2_0_17);
} finally {
tt0.done();
}
@@ -112,12 +116,33 @@ public class Expiring extends Batch {
@Override
protected void run(AuthzTrans trans) {
+
+ ////////////////////
+ trans.info().log("Checking for Expired Futures");
+ Future.load(trans, session, Future.v2_0_17, fut -> {
+ if(fut.expires().before(expireRange.now)) {
+ Future.row(deleteCW,fut);
+ List<Approval> appls = Approval.byTicket.get(fut.id());
+ if(appls!=null) {
+ for(Approval a : appls) {
+ Approval.row(deleteCW, a);
+ }
+ }
+ }
+ });
+
try {
File file = new File(logDir(), EXPIRED_OWNERS + Chrono.dateOnlyStamp(expireRange.now) + CSV);
- final CSV ownerCSV = new CSV(file);
+ final CSV ownerCSV = new CSV(env.access(),file);
Map<String, Set<UserRole>> owners = new TreeMap<String, Set<UserRole>>();
trans.info().log("Process UserRoles");
+
+ /**
+ Run through User Roles.
+ Owners are treated specially in next section.
+ Regular roles are checked against Date Ranges. If match Date Range, write out to appropriate file.
+ */
UserRole.load(trans, session, UserRole.v2_0_11, ur -> {
// Cannot just delete owners, unless there is at least one left. Process later
if ("owner".equals(ur.rname())) {
@@ -132,11 +157,12 @@ public class Expiring extends Batch {
}
});
- // Now Process Owners, one owner Role at a time, ensuring one is left,
- // preferably
- // a good one. If so, process the others as normal. Otherwise, write
- // ExpiredOwners
- // report
+ /**
+ Now Process Owners, one owner Role at a time, ensuring one is left,
+ preferably a good one. If so, process the others as normal.
+
+ Otherwise, write to ExpiredOwners Report
+ */
if (!owners.values().isEmpty()) {
// Lazy Create file
CSV.Writer expOwner = null;
@@ -168,8 +194,12 @@ public class Expiring extends Batch {
}
}
- trans.info().log("Checking for Expired Credentials");
-
+ /**
+ * Check for Expired Credentials
+ *
+ *
+ */
+ trans.info().log("Checking for Expired Credentials");
for (Cred cred : Cred.data.values()) {
List<Instance> linst = cred.instances;
if(linst!=null) {
@@ -191,7 +221,8 @@ public class Expiring extends Batch {
}
}
}
-
+
+ ////////////////////
trans.info().log("Checking for Expired X509s");
X509.load(trans, session, x509 -> {
try {
@@ -203,9 +234,21 @@ public class Expiring extends Batch {
}
});
+
} catch (FileNotFoundException e) {
trans.info().log(e);
}
+
+ ////////////////////
+ trans.info().log("Checking for Orphaned Approvals");
+ Approval.load(trans, session, Approval.v2_0_17, appr -> {
+ UUID ticket = appr.add.ticket;
+ if(ticket==null) {
+ Approval.row(deleteCW,appr);
+ }
+ });
+
+
}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java
index ab8b6e8b..f47fae43 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java
@@ -79,7 +79,7 @@ public class NotInOrg extends Batch {
now = new Date();
String sdate = Chrono.dateOnlyStamp(now);
File file = new File(logDir(),NOT_IN_ORG + sdate +CSV);
- CSV csv = new CSV(file);
+ CSV csv = new CSV(env.access(),file);
notInOrgW = csv.writer(false);
notInOrgW.row(INFO,NOT_IN_ORG,Chrono.dateOnlyStamp(now),0);
writerList.put(NOT_IN_ORG,notInOrgW);
@@ -87,7 +87,7 @@ public class NotInOrg extends Batch {
// These will have been double-checked by the Organization, and can be deleted immediately.
String fn = NOT_IN_ORG+"Delete";
file = new File(logDir(),fn + sdate +CSV);
- CSV csvDelete = new CSV(file);
+ CSV csvDelete = new CSV(env.access(),file);
notInOrgDeleteW = csvDelete.writer(false);
notInOrgDeleteW.row(INFO,fn,Chrono.dateOnlyStamp(now),0);
writerList.put(NOT_IN_ORG,notInOrgW);
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java
index 547b657f..f8d98882 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Notify.java
@@ -120,7 +120,7 @@ public class Notify extends Batch {
try {
for(File f : notifyFile) {
- CSV csv = new CSV(f);
+ CSV csv = new CSV(env.access(),f);
try {
csv.visit(new CSV.Visitor() {
@Override
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NsRoleUserReport.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NsRoleUserReport.java
index 1a7d7740..fcdc6631 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NsRoleUserReport.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NsRoleUserReport.java
@@ -68,7 +68,7 @@ public class NsRoleUserReport extends Batch {
now = new Date();
String sdate = Chrono.dateOnlyStamp(now);
File file = new File(logDir(),REPORT + sdate +CSV);
- CSV csv = new CSV(file);
+ CSV csv = new CSV(env.access(),file);
report = csv.writer(false);
theMap = new TreeMap<>();
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Approvals.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Approvals.java
new file mode 100644
index 00000000..341a072e
--- /dev/null
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Approvals.java
@@ -0,0 +1,207 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.auth.batch.update;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.GregorianCalendar;
+import java.util.List;
+
+import org.onap.aaf.auth.batch.Batch;
+import org.onap.aaf.auth.batch.BatchPrincipal;
+import org.onap.aaf.auth.batch.approvalsets.ApprovalSet;
+import org.onap.aaf.auth.batch.approvalsets.URApprovalSet;
+import org.onap.aaf.auth.batch.helpers.Approval;
+import org.onap.aaf.auth.batch.helpers.BatchDataView;
+import org.onap.aaf.auth.batch.helpers.Future;
+import org.onap.aaf.auth.batch.helpers.NS;
+import org.onap.aaf.auth.batch.helpers.Role;
+import org.onap.aaf.auth.batch.helpers.UserRole;
+import org.onap.aaf.auth.dao.cass.UserRoleDAO;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.layer.Result;
+import org.onap.aaf.auth.org.OrganizationException;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.util.CSV;
+import org.onap.aaf.misc.env.APIException;
+import org.onap.aaf.misc.env.util.Chrono;
+
+public class Approvals extends Batch {
+ private final AuthzTrans noAvg;
+ private BatchDataView dataview;
+
+ public Approvals(AuthzTrans trans) throws APIException, IOException, OrganizationException {
+ super(trans.env());
+
+ noAvg = env.newTransNoAvg();
+ noAvg.setUser(new BatchPrincipal("batch:Approvals"));
+
+ dataview = new BatchDataView(noAvg,cluster,dryRun);
+
+ session = dataview.getSession(trans);
+
+ Approval.load(trans, session, Approval.v2_0_17);
+ Future.load(trans, session, Future.v2_0_17);
+ Role.load(trans, session);
+ NS.load(trans, session, NS.v2_0_11);
+ UserRole.load(trans, session, UserRole.v2_0_11);
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+ // Create Intermediate Output
+ final GregorianCalendar now = new GregorianCalendar();
+
+ List<File> approveFiles = new ArrayList<>();
+ if(args().length>0) {
+ for(int i=0;i<args().length;++i) {
+ approveFiles.add(new File(logDir(), args()[i]));
+ }
+ } else {
+ approveFiles.add(new File(logDir(),"OneMonth"+Chrono.dateOnlyStamp()+".csv"));
+ }
+
+ for(File f : approveFiles) {
+ trans.init().log("Processing File:",f.getAbsolutePath());
+ }
+
+// GregorianCalendar gc = new GregorianCalendar();
+// Date now = gc.getTime();
+// String today = Chrono.dateOnlyStamp(now);
+ for(File f : approveFiles) {
+ trans.info().log("Processing ",f.getAbsolutePath(),"for Approvals");
+ if(f.exists()) {
+ CSV approveCSV = new CSV(env.access(),f).processAll();
+ try {
+ approveCSV.visit(row -> {
+ switch(row.get(0)) {
+ case "ur":
+ UserRoleDAO.Data urdd = UserRole.row(row);
+ List<Approval> apvs = Approval.byUser.get(urdd.user);
+
+ System.out.println(row);
+ if(apvs==null) {
+ // Create an Approval
+ ApprovalSet uras = new URApprovalSet(noAvg, now, dataview, () -> {
+ return urdd;
+ });
+ Result<Void> rw = uras.write(noAvg);
+ if(rw.notOK()) {
+ System.out.println(rw.errorString());
+ }
+ } else {
+ // Check that Existing Approval is still valid
+ for(Approval a : apvs) {
+ Future ticket = Future.data.get(a.add.ticket);
+ if(ticket==null) {
+ // Orphaned Approval - delete
+ } else {
+
+ }
+ }
+ }
+ break;
+ default:
+ System.out.println(row);
+ //noAvg.debug().printf("Ignoring %s",type);
+ }
+ });
+ } catch (IOException | CadiException e) {
+ e.printStackTrace();
+ // .... but continue with next row
+ }
+
+ /*
+ List<Approval> pending = new ArrayList<>();
+ boolean isOwner,isSupervisor;
+ for (Entry<String, List<Approval>> es : Approval.byApprover.entrySet()) {
+ isOwner = isSupervisor = false;
+ String approver = es.getKey();
+ if (approver.indexOf('@')<0) {
+ approver += org.getRealm();
+ }
+ Date latestNotify=null, soonestExpire=null;
+ GregorianCalendar latest=new GregorianCalendar();
+ GregorianCalendar soonest=new GregorianCalendar();
+ pending.clear();
+
+ for (Approval app : es.getValue()) {
+ Future f = app.getTicket()==null?null:Future.data.get(app.getTicket());
+ if (f==null) { // only Ticketed Approvals are valid.. the others are records.
+ // Approvals without Tickets are no longer valid.
+ if ("pending".equals(app.getStatus())) {
+ app.setStatus("lapsed");
+ app.update(noAvg,apprDAO,dryRun); // obeys dryRun
+ }
+ } else {
+ if ((soonestExpire==null && f.expires()!=null) || (soonestExpire!=null && f.expires()!=null && soonestExpire.before(f.expires()))) {
+ soonestExpire=f.expires();
+ }
+
+ if ("pending".equals(app.getStatus())) {
+ if (!isOwner) {
+ isOwner = "owner".equals(app.getType());
+ }
+ if (!isSupervisor) {
+ isSupervisor = "supervisor".equals(app.getType());
+ }
+
+ if ((latestNotify==null && app.getLast_notified()!=null) ||(latestNotify!=null && app.getLast_notified()!=null && latestNotify.before(app.getLast_notified()))) {
+ latestNotify=app.getLast_notified();
+ }
+ pending.add(app);
+ }
+ }
+ }
+
+ if (!pending.isEmpty()) {
+ boolean go = false;
+ if (latestNotify==null) { // never notified... make it so
+ go=true;
+ } else {
+ if (!today.equals(Chrono.dateOnlyStamp(latest))) { // already notified today
+ latest.setTime(latestNotify);
+ soonest.setTime(soonestExpire);
+ int year;
+ int days = soonest.get(GregorianCalendar.DAY_OF_YEAR)-latest.get(GregorianCalendar.DAY_OF_YEAR);
+ days+=((year=soonest.get(GregorianCalendar.YEAR))-latest.get(GregorianCalendar.YEAR))*365 +
+ (soonest.isLeapYear(year)?1:0);
+ if (days<7) { // If Expirations get within a Week (or expired), notify everytime.
+ go = true;
+ }
+ }
+ }
+ }
+ */
+ }
+ }
+ }
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ if(session!=null) {
+ session.close();
+ session = null;
+ }
+ }
+}
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyCredExpiring.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyCredExpiring.java
index 4288b2e7..ab563fe8 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyCredExpiring.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/NotifyCredExpiring.java
@@ -70,7 +70,7 @@ public class NotifyCredExpiring extends Batch {
private CSV csv;
private CSVInfo csvInfo;
- public NotifyCredExpiring(AuthzTrans trans) throws APIException, IOException, OrganizationException {
+ public NotifyCredExpiring(AuthzTrans trans) throws APIException, IOException, OrganizationException, CadiException {
super(trans.env());
TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
try {
@@ -106,7 +106,7 @@ public class NotifyCredExpiring extends Batch {
} else {
File f = new File(logDir(),args()[0]);
System.out.println("Reading " + f.getCanonicalPath());
- csv = new CSV(f);
+ csv = new CSV(env.access(),f);
}
if(args().length<2) {
@@ -118,11 +118,7 @@ public class NotifyCredExpiring extends Batch {
}
csvInfo = new CSVInfo(System.err);
- try {
- csv.visit(csvInfo);
- } catch (CadiException e) {
- throw new APIException(e);
- }
+ csv.visit(csvInfo);
Notification.load(trans, session, Notification.v2_0_18);
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java
index f2425f4a..bcc8591a 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java
@@ -31,8 +31,10 @@ import java.util.List;
import org.onap.aaf.auth.batch.Batch;
import org.onap.aaf.auth.batch.BatchPrincipal;
+import org.onap.aaf.auth.batch.helpers.Approval;
import org.onap.aaf.auth.batch.helpers.CQLBatch;
import org.onap.aaf.auth.batch.helpers.Cred;
+import org.onap.aaf.auth.batch.helpers.Future;
import org.onap.aaf.auth.batch.helpers.UserRole;
import org.onap.aaf.auth.batch.helpers.X509;
import org.onap.aaf.auth.dao.CassAccess;
@@ -116,7 +118,7 @@ public class Remove extends Batch {
for(File f : remove) {
trans.info().log("Processing ",f.getAbsolutePath(),"for Deletions");
if(f.exists()) {
- CSV removeCSV = new CSV(f);
+ CSV removeCSV = new CSV(env.access(),f);
try {
final StringBuilder sb = cqlBatch.begin();
@@ -140,6 +142,7 @@ public class Remove extends Batch {
case "NotInOrgDelete":
memoFmt.set("Identity %s was removed from %s on %s");
break;
+
}
break;
case "ur":
@@ -175,6 +178,16 @@ public class Remove extends Batch {
hdd.memo=X509.histMemo(memoFmt.get(),row);
historyDAO.createBatch(sb, hdd);
break;
+ case "future":
+ // Not cached
+ hi.set(++i);
+ Future.deleteByIDBatch(sb,row.get(1));
+ break;
+ case "approval":
+ // Not cached
+ hi.set(++i);
+ Approval.deleteByIDBatch(sb,row.get(1));
+ break;
}
}
});