summaryrefslogtreecommitdiffstats
path: root/auth/auth-cmd/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'auth/auth-cmd/src/main')
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java1
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java104
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java140
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/List.java14
-rw-r--r--auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Role.java121
5 files changed, 160 insertions, 220 deletions
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java
index 49fd4869..6ca09213 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/Cmd.java
@@ -406,6 +406,7 @@ public abstract class Cmd {
return i;
}
}
+ pw().printf("%s is not a valid cmd\n",test);
throw new CadiException(build(new StringBuilder("Invalid Option: "),null).toString());
}
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java
index ca958c20..f27a2609 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java
@@ -43,7 +43,7 @@ import aaf.v2_0.RolePermRequest;
*
*/
public class Grant extends Cmd {
- private static final String[] options = {"grant","ungrant","setTo"};
+ private static final String[] options = {"grant","ungrant"};
public Grant(Perm parent) {
super(parent,null,
@@ -51,7 +51,7 @@ public class Grant extends Cmd {
new Param("type",true),
new Param("instance",true),
new Param("action",true),
- new Param("role[,role]* (!REQ S)",false)
+ new Param("role[,role]*",false)
);
}
@@ -74,63 +74,46 @@ public class Grant extends Cmd {
Future<RolePermRequest> frpr = null;
- if (option != 2) {
- String[] roles = args[idx++].split(",");
- String strA;
- String strB;
- for (String role : roles) {
- rpr.setRole(role);
- if (option==0) {
- // You can request to Grant Permission to a Role
- setQueryParamsOn(client);
- frpr = client.create(
- "/authz/role/perm",
- getDF(RolePermRequest.class),
- rpr
- );
- strA = "Granted Permission [";
- strB = "] to Role [";
- } else {
- // You can request to UnGrant Permission to a Role
- setQueryParamsOn(client);
- frpr = client.delete(
- "/authz/role/" + role + "/perm",
- getDF(RolePermRequest.class),
- rpr
- );
- strA = "UnGranted Permission [";
- strB = "] from Role [";
- }
- if (frpr.get(AAFcli.timeout())) {
- pw().println(strA + pk.getType() + '|' + pk.getInstance() + '|' + pk.getAction()
- + strB + role +']');
- } else {
- if (frpr.code()==202) {
- pw().print("Permission Role ");
- pw().print(option==0?"Granted":"Ungranted");
- pw().println(" Accepted, but requires Approvals before actualizing");
- } else {
- error(frpr);
- idx=Integer.MAX_VALUE;
- }
- }
+ String[] roles = args[idx++].split(",");
+ String strA;
+ String strB;
+ for (String role : roles) {
+ rpr.setRole(role);
+ if (option==0) {
+ // You can request to Grant Permission to a Role
+ setQueryParamsOn(client);
+ frpr = client.create(
+ "/authz/role/perm",
+ getDF(RolePermRequest.class),
+ rpr
+ );
+ strA = "Granted Permission [";
+ strB = "] to Role [";
+ } else {
+ // You can request to UnGrant Permission to a Role
+ setQueryParamsOn(client);
+ frpr = client.delete(
+ "/authz/role/" + role + "/perm",
+ getDF(RolePermRequest.class),
+ rpr
+ );
+ strA = "UnGranted Permission [";
+ strB = "] from Role [";
}
- } else {
- String allRoles = "";
- if (idx < args.length)
- allRoles = args[idx++];
-
- rpr.setRole(allRoles);
- frpr = client.update(
- "/authz/role/perm",
- getDF(RolePermRequest.class),
- rpr);
if (frpr.get(AAFcli.timeout())) {
- pw().println("Set Permission's Roles to [" + allRoles + "]");
+ pw().println(strA + pk.getType() + '|' + pk.getInstance() + '|' + pk.getAction()
+ + strB + role +']');
} else {
- error(frpr);
- }
- }
+ if (frpr.code()==202) {
+ pw().print("Permission Role ");
+ pw().print(option==0?"Granted":"Ungranted");
+ pw().println(" Accepted, but requires Approvals before actualizing");
+ } else {
+ error(frpr);
+ idx=Integer.MAX_VALUE;
+ }
+ }
+ }
return frpr==null?0:frpr.code();
}
});
@@ -138,16 +121,11 @@ public class Grant extends Cmd {
@Override
public void detailedHelp(int indent, StringBuilder sb) {
- detailLine(sb,indent,"Grant a Permission to a Role or Roles OR");
- detailLine(sb,indent,"Ungrant a Permission from a Role or Roles OR");
- detailLine(sb,indent,"Set a Permission's roles to roles supplied.");
- detailLine(sb,indent+4,"WARNING: Roles supplied with setTo will be the ONLY roles attached to this permission");
- detailLine(sb,indent+8,"If no roles are supplied, permission's roles are reset.");
+ detailLine(sb,indent,"Grant a Permission to a Role or Roles OR");
+ detailLine(sb,indent,"Ungrant a Permission from a Role or Roles");
detailLine(sb,indent,"see Create for definitions of type,instance and action");
api(sb,indent,HttpMethods.POST,"authz/role/perm",RolePermRequest.class,true);
api(sb,indent,HttpMethods.DELETE,"authz/role/<role>/perm",RolePermRequest.class,false);
- api(sb,indent,HttpMethods.PUT,"authz/role/perm",RolePermRequest.class,false);
-
}
}
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java
index 364b3980..45361a3f 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java
@@ -40,12 +40,12 @@ import aaf.v2_0.UserRoleRequest;
*
*/
public class User extends Cmd {
- private final static String[] options = {"add","del","setTo","extend"};
+ private final static String[] options = {"add","del","extend"};
public User(Role parent) {
super(parent,"user",
new Param(optionsToString(options),true),
new Param("role",true),
- new Param("id[,id]* (not required for setTo)",false));
+ new Param("id[,id]*",false));
}
@Override
@@ -63,87 +63,62 @@ public class User extends Cmd {
Future<?> fp = null;
- if (option != 2) {
- String[] ids = args[idx++].split(",");
- String verb=null,participle=null;
- // You can request to be added or removed from role.
- setQueryParamsOn(client);
+ String[] ids = args[idx++].split(",");
+ String verb=null,participle=null;
+ // You can request to be added or removed from role.
+ setQueryParamsOn(client);
- for (String id: ids) {
- id=fullID(id);
- urr.setUser(id);
- switch(option) {
- case 0:
- fp = client.create(
- "/authz/userRole",
- getDF(UserRoleRequest.class),
- urr);
- verb = "Added";
- participle = "] to Role [" ;
- break;
- case 1:
- fp = client.delete(
- "/authz/userRole/"+urr.getUser()+'/'+urr.getRole(),
- Void.class);
- verb = "Removed";
- participle = "] from Role [" ;
- break;
- case 3:
- fp = client.update("/authz/userRole/extend/" + urr.getUser() + '/' + urr.getRole());
- verb = "Extended";
- participle = "] in Role [" ;
- break;
+ for (String id: ids) {
+ id=fullID(id);
+ urr.setUser(id);
+ switch(option) {
+ case 0:
+ fp = client.create(
+ "/authz/userRole",
+ getDF(UserRoleRequest.class),
+ urr);
+ verb = "Added";
+ participle = "] to Role [" ;
+ break;
+ case 1:
+ fp = client.delete(
+ "/authz/userRole/"+urr.getUser()+'/'+urr.getRole(),
+ Void.class);
+ verb = "Removed";
+ participle = "] from Role [" ;
+ break;
+ case 2:
+ fp = client.update("/authz/userRole/extend/" + urr.getUser() + '/' + urr.getRole());
+ verb = "Extended";
+ participle = "] in Role [" ;
+ break;
- default: // actually, should never get here...
- throw new CadiException("Invalid action [" + action + ']');
- }
- if (fp.get(AAFcli.timeout())) {
- pw().print(verb);
- pw().print(" User [");
- pw().print(urr.getUser());
- pw().print(participle);
- pw().print(urr.getRole());
- pw().println(']');
- } else {
- switch(fp.code()) {
- case 202:
- pw().print("User Role ");
- pw().print(action);
- pw().println(" is Accepted, but requires Approvals before actualizing");
- break;
- case 404:
- if (option==3) {
- pw().println("Failed with code 404: UserRole is not found, or you do not have permission to view");
- break;
- }
- default:
- error(fp);
- }
- }
+ default: // actually, should never get here...
+ throw new CadiException("Invalid action [" + action + ']');
}
- } else {
- String allUsers = "";
- if (idx < args.length)
- allUsers = args[idx++];
- StringBuilder finalUsers = new StringBuilder();
- for (String u : allUsers.split(",")) {
- if (u != "") {
- u=fullID(u);
- if (finalUsers.length() > 0) finalUsers.append(",");
- finalUsers.append(u);
- }
- }
-
- urr.setUser(finalUsers.toString());
- fp = client.update(
- "/authz/userRole/role",
- getDF(UserRoleRequest.class),
- urr);
if (fp.get(AAFcli.timeout())) {
- pw().println("Set the Role to Users [" + allUsers + "]");
+ pw().print(verb);
+ pw().print(" User [");
+ pw().print(urr.getUser());
+ pw().print(participle);
+ pw().print(urr.getRole());
+ pw().println(']');
} else {
- error(fp);
- }
+ switch(fp.code()) {
+ case 202:
+ pw().print("User Role ");
+ pw().print(action);
+ pw().println(" is Accepted, but requires Approvals before actualizing");
+ break;
+ case 404:
+ if (option==3) {
+ pw().println("Failed with code 404: UserRole is not found, or you do not have permission to view");
+ break;
+ }
+ default:
+ error(fp);
+ }
+ }
}
return fp==null?0:fp.code();
}
@@ -152,18 +127,13 @@ public class User extends Cmd {
@Override
public void detailedHelp(int indent, StringBuilder sb) {
- detailLine(sb,indent,"Add OR Delete a User to/from a Role OR");
- detailLine(sb,indent,"Set a User's Roles to the roles supplied");
+ detailLine(sb,indent,"Add OR Delete a User to/from a Role OR extend Expiration");
detailLine(sb,indent+2,"role - Name of Role to create");
detailLine(sb,indent+2,"id(s) - ID or IDs to add to the Role");
sb.append('\n');
- detailLine(sb,indent+2,"Note: this is the same as \"user role add...\" except allows");
- detailLine(sb,indent+2,"assignment of role to multiple userss");
- detailLine(sb,indent+2,"WARNING: Users supplied with setTo will be the ONLY users attached to this role");
- detailLine(sb,indent+2,"If no users are supplied, the users attached to this role are reset.");
api(sb,indent,HttpMethods.POST,"authz/userRole",UserRoleRequest.class,true);
api(sb,indent,HttpMethods.DELETE,"authz/userRole/<user>/<role>",Void.class,false);
- api(sb,indent,HttpMethods.PUT,"authz/userRole/<role>",UserRoleRequest.class,false);
+ api(sb,indent,HttpMethods.PUT,"authz/userRole/extend/<user>/<role>",Void.class,false);
}
}
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/List.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/List.java
index 6733989e..6d993284 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/List.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/List.java
@@ -56,16 +56,26 @@ public class List extends BaseCmd<User> {
}
return u1.getId().compareTo(u2.getId());
});
- String format = reportColHead("%-40s %-10s %-30s\n","User","Type","Expires");
+ String format = reportColHead("%-48s %-5s %-11s %-16s\n","User","Type","Expires","Tag");
String date = "XXXX-XX-XX";
for (aaf.v2_0.Users.User user : sorted) {
if (!aafcli.isTest()) {
date = Chrono.dateOnlyStamp(user.getExpires());
}
+ String tag=null;
+ if(user.getType()<200) {
+ tag = user.getTag();
+ } else {
+ tag = "\n\tfingerprint: " + user.getTag();
+ }
+ if(tag==null) {
+ tag="";
+ }
pw().format(format,
count? (Integer.valueOf(++idx) + ") " + user.getId()): user.getId(),
org.onap.aaf.auth.cmd.ns.List.getType(user),
- date);
+ date,
+ tag);
}
pw().println();
}
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Role.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Role.java
index 4bc99366..4787cabc 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Role.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Role.java
@@ -41,10 +41,10 @@ import aaf.v2_0.UserRoleRequest;
*
*/
public class Role extends Cmd {
- private static final String[] options = {"add", "del", "setTo","extend"};
+ private static final String[] options = {"add", "del", "extend"};
public Role(User parent) {
- super(parent, "role", new Param(optionsToString(options), true), new Param("user", true), new Param(
- "role[,role]* (!REQ S)", false));
+ super(parent, "role", new Param(optionsToString(options), true), new Param("user", true),
+ new Param("role[,role]*", false));
}
@Override
@@ -64,72 +64,57 @@ public class Role extends Cmd {
Future<?> fp = null;
- if (option != 2) {
- if (args.length < 5) {
- throw new CadiException(build(new StringBuilder("Too few args: "), null).toString());
+ if (args.length < 5) {
+ throw new CadiException(build(new StringBuilder("Too few args: "), null).toString());
+ }
+ String[] roles = args[idx++].split(",");
+ for (String role : roles) {
+ String verb = null,participle=null;
+ urr.setRole(role);
+ // You can request to be added or removed from role.
+ setQueryParamsOn(client);
+ switch(option) {
+ case 0:
+ fp = client.create("/authz/userRole", getDF(UserRoleRequest.class), urr);
+ verb = "Added";
+ participle = "] to User [" ;
+ break;
+ case 1:
+ fp = client.delete("/authz/userRole/" + urr.getUser() + '/' + urr.getRole(), Void.class);
+ verb = "Removed";
+ participle = "] from User [" ;
+ break;
+ case 2:
+ fp = client.update("/authz/userRole/extend/" + urr.getUser() + '/' + urr.getRole());
+ verb = "Extended";
+ participle = "] to User [" ;
+ break;
+ default:
+ throw new CadiException("Invalid action [" + key + ']');
}
- String[] roles = args[idx++].split(",");
- for (String role : roles) {
- String verb = null,participle=null;
- urr.setRole(role);
- // You can request to be added or removed from role.
- setQueryParamsOn(client);
- switch(option) {
- case 0:
- fp = client.create("/authz/userRole", getDF(UserRoleRequest.class), urr);
- verb = "Added";
- participle = "] to User [" ;
- break;
- case 1:
- fp = client.delete("/authz/userRole/" + urr.getUser() + '/' + urr.getRole(), Void.class);
- verb = "Removed";
- participle = "] from User [" ;
- break;
- case 3:
- fp = client.update("/authz/userRole/extend/" + urr.getUser() + '/' + urr.getRole());
- verb = "Extended";
- participle = "] to User [" ;
+ if (fp.get(AAFcli.timeout())) {
+ pw().print(verb);
+ pw().print(" Role [");
+ pw().print(urr.getRole());
+ pw().print(participle);
+ pw().print(urr.getUser());
+ pw().println(']');
+ } else {
+ switch(fp.code()) {
+ case 202:
+ pw().print("UserRole ");
+ pw().print(option == 0 ? "Creation" : option==1?"Deletion":"Extension");
+ pw().println(" Accepted, but requires Approvals before actualizing");
break;
- default:
- throw new CadiException("Invalid action [" + key + ']');
- }
- if (fp.get(AAFcli.timeout())) {
- pw().print(verb);
- pw().print(" Role [");
- pw().print(urr.getRole());
- pw().print(participle);
- pw().print(urr.getUser());
- pw().println(']');
- } else {
- switch(fp.code()) {
- case 202:
- pw().print("UserRole ");
- pw().print(option == 0 ? "Creation" : option==1?"Deletion":"Extension");
- pw().println(" Accepted, but requires Approvals before actualizing");
+ case 404:
+ if (option==3) {
+ pw().println("Failed with code 404: UserRole is not found, or you do not have permission to view");
break;
- case 404:
- if (option==3) {
- pw().println("Failed with code 404: UserRole is not found, or you do not have permission to view");
- break;
- }
- default:
- error(fp);
}
+ default:
+ error(fp);
}
}
- } else {
- // option 2 is setTo command (an update call)
- String allRoles = "";
- if (idx < args.length)
- allRoles = args[idx++];
-
- urr.setRole(allRoles);
- fp = client.update("/authz/userRole/user", getDF(UserRoleRequest.class), urr);
- if (fp.get(AAFcli.timeout())) {
- pw().println("Set User's Roles to [" + allRoles + "]");
- } else {
- error(fp);
- }
}
return fp == null ? 0 : fp.code();
}
@@ -138,18 +123,14 @@ public class Role extends Cmd {
@Override
public void detailedHelp(int indent, StringBuilder sb) {
- detailLine(sb, indent, "Add OR Delete a User to/from a Role OR");
- detailLine(sb, indent, "Set a User's Roles to the roles supplied");
+ detailLine(sb, indent, "Add or Delete a User to/from a Role OR extend Expiration");
detailLine(sb, indent + 2, "user - ID of User");
detailLine(sb, indent + 2, "role(s) - Role or Roles to which to add the User");
sb.append('\n');
- detailLine(sb, indent + 2, "Note: this is the same as \"role user add...\" except allows");
- detailLine(sb, indent + 2, "assignment of user to multiple roles");
- detailLine(sb, indent + 2, "WARNING: Roles supplied with setTo will be the ONLY roles attached to this user");
- detailLine(sb, indent + 2, "If no roles are supplied, user's roles are reset.");
api(sb, indent, HttpMethods.POST, "authz/userRole", UserRoleRequest.class, true);
api(sb, indent, HttpMethods.DELETE, "authz/userRole/<user>/<role>", Void.class, false);
- api(sb, indent, HttpMethods.PUT, "authz/userRole/<user>", UserRoleRequest.class, false);
+ api(sb,indent,HttpMethods.PUT,"authz/userRole/extend/<user>/<role>",Void.class,false);
+
}
}