diff options
Diffstat (limited to 'auth/auth-batch')
3 files changed, 59 insertions, 24 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java index 60902f1e..a49fc943 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java @@ -207,8 +207,19 @@ public class Analyze extends Batch { deleteCW.comment("Approval is Orphaned"); Approval.row(deleteCW, appr); } else { - ticket.approvals.add(appr); // add to found Ticket - approvers.add(appr.getApprover()); + // for users and approvers still valid + String user = appr.getUser(); + + if(org.isRevoked(trans, appr.getApprover())) { + deleteCW.comment("Approver ID is revoked"); + Approval.row(deleteCW, appr); + } else if(user!=null && !user.isEmpty() && org.isRevoked(trans, user)) { + deleteCW.comment("USER ID is revoked"); + Approval.row(deleteCW, appr); + } else { + ticket.approvals.add(appr); // add to found Ticket + approvers.add(appr.getApprover()); + } } } } finally { diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java index 9cd0baee..fb562b24 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java @@ -125,27 +125,6 @@ public class NotInOrg extends Batch { } } - /* - * Do we delete now? Or work on Revocation semantics - * - trans.info().log("Checking for X509s without IDs"); - X509.load(trans, session, new Visitor<X509>() { - @Override - public void visit(X509 x509) { - try { - for(Certificate cert : Factory.toX509Certificate(x509.x509)) { - X509Certificate xc = (X509Certificate)cert; - xc.getSubjectDN(); - if(!check(transNoAvg,checked, (X))) { - x509.row(notInOrgW,); - } - } - } catch (CertificateException | IOException e) { - trans.error().log(e, "Error Decrypting X509"); - } - } - }); - */ } catch (OrganizationException e) { trans.info().log(e); } @@ -155,7 +134,7 @@ public class NotInOrg extends Batch { private Writer whichWriter(AuthzTrans transNoAvg, String id) { Writer w = whichWriter.get(id); if(w==null) { - w = org.mayAutoDelete(transNoAvg, id)? + w = org.isRevoked(transNoAvg, id)? notInOrgDeleteW: notInOrgW; whichWriter.put(id,w); diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java new file mode 100644 index 00000000..e28388d5 --- /dev/null +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/bodies/OneWeekNotifyCredBody.java @@ -0,0 +1,45 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ +package org.onap.aaf.auth.batch.reports.bodies; + +import java.io.IOException; + +import org.onap.aaf.auth.batch.helpers.ExpireRange; +import org.onap.aaf.cadi.Access; + +public class OneWeekNotifyCredBody extends NotifyCredBody { + public OneWeekNotifyCredBody(Access access) throws IOException { + super(access, ExpireRange.ONE_WEEK); + } + + @Override + public String subject() { + return String.format("AAF Final Week Credential Notification (ENV: %s)",env); + } + + /* (non-Javadoc) + * @see org.onap.aaf.auth.batch.reports.bodies.NotifyCredBody#dynamic() + */ + @Override + protected String dynamic() { + return "Failure for your App is <b><i>IMMINENT</i></b>. This email is escalated to your superior and General Manager. " + super.dynamic(); + } +} |