summaryrefslogtreecommitdiffstats
path: root/auth
diff options
context:
space:
mode:
Diffstat (limited to 'auth')
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java17
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Approval.java184
-rw-r--r--auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java1
-rw-r--r--auth/auth-batch/src/test/java/org/onap/aaf/auth/batch/helpers/test/JU_Approval.java11
4 files changed, 102 insertions, 111 deletions
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java
index a25ad6e7..bf77b77b 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java
@@ -25,6 +25,7 @@ import java.util.Date;
import java.util.GregorianCalendar;
import java.util.List;
+import org.onap.aaf.auth.batch.helpers.Approval;
import org.onap.aaf.auth.dao.cass.ApprovalDAO;
import org.onap.aaf.auth.dao.cass.NsDAO;
import org.onap.aaf.auth.dao.cass.RoleDAO;
@@ -40,7 +41,11 @@ import org.onap.aaf.cadi.CadiException;
import org.onap.aaf.misc.env.util.Chrono;
public class URApprovalSet extends ApprovalSet {
-
+ private static final String FMT_SUFFIX = "%s] - Expires %s";
+ private static final String EXTEND_ACCESS_FMT = Approval.RE_APPROVAL_IN_ROLE + "%s] to Role [" + FMT_SUFFIX;
+ private static final String REVALIDATE_AS_ADMIN_FMT = Approval.RE_VALIDATE_ADMIN + FMT_SUFFIX;
+ private static final String REVALIDATE_AS_OWNER_FMT = Approval.RE_VALIDATE_OWNER + FMT_SUFFIX;
+
public URApprovalSet(final AuthzTrans trans, final GregorianCalendar start, final DataView dv, final Loader<UserRoleDAO.Data> lurdd) throws IOException, CadiException {
super(start, "user_role", dv);
Organization org = trans.org();
@@ -132,15 +137,11 @@ public class URApprovalSet extends ApprovalSet {
private String getMemo(Data urdd) {
switch(urdd.rname) {
case "owner":
- return String.format("Revalidate as Owner of AAF Namespace [%s] - Expires %s",
- urdd.ns,
- Chrono.dateOnlyStamp(urdd.expires));
+ return String.format(REVALIDATE_AS_OWNER_FMT,urdd.ns,Chrono.dateOnlyStamp(urdd.expires));
case "admin":
- return String.format("Revalidate as Admin of AAF Namespace [%s] - Expires %s",
- urdd.ns,
- Chrono.dateOnlyStamp(urdd.expires));
+ return String.format(REVALIDATE_AS_ADMIN_FMT,urdd.ns,Chrono.dateOnlyStamp(urdd.expires));
default:
- return String.format("Extend access of User [%s] to Role [%s] - Expires %s",
+ return String.format(EXTEND_ACCESS_FMT,
urdd.user,
urdd.role,
Chrono.dateOnlyStamp(urdd.expires));
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Approval.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Approval.java
index dc96a1ce..8aee4f8a 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Approval.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/helpers/Approval.java
@@ -23,9 +23,9 @@ package org.onap.aaf.auth.batch.helpers;
import java.util.ArrayList;
import java.util.Date;
-import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
+import java.util.Set;
import java.util.TreeMap;
import java.util.UUID;
@@ -33,7 +33,6 @@ import org.onap.aaf.auth.dao.cass.ApprovalDAO;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.layer.Result;
import org.onap.aaf.cadi.util.CSV;
-import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
import org.onap.aaf.misc.env.Trans;
@@ -44,9 +43,10 @@ import com.datastax.driver.core.SimpleStatement;
import com.datastax.driver.core.Statement;
public class Approval implements CacheChange.Data {
- public static final String RE_APPROVAL_IN_ROLE = "Re-Approval in Role '";
- public static final String RE_VALIDATE_ADMIN = "Re-Validate as Administrator for AAF Namespace '";
- public static final String RE_VALIDATE_OWNER = "Re-Validate Ownership for AAF Namespace '";
+ public static final String ADD_USER_TO_ROLE = "Add User [";
+ public static final String RE_APPROVAL_IN_ROLE = "Extend access of User [";
+ public static final String RE_VALIDATE_ADMIN = "Revalidate as Admin of AAF Namespace [";
+ public static final String RE_VALIDATE_OWNER = "Revalidate as Owner of AAF Namespace [";
public static TreeMap<String,List<Approval>> byApprover = new TreeMap<>();
public static TreeMap<String,List<Approval>> byUser = new TreeMap<>();
@@ -77,118 +77,79 @@ public class Approval implements CacheChange.Data {
if (memo==null) {
return null;
}
- int first = memo.indexOf('\'');
+ int first = memo.indexOf('[');
if (first>=0) {
- int second = memo.indexOf('\'', ++first);
+ int second = memo.indexOf(']', ++first);
if (second>=0) {
String role = memo.substring(first, second);
if (memo.startsWith(RE_VALIDATE_ADMIN)) {
return role + ".admin";
} else if (memo.startsWith(RE_VALIDATE_OWNER)) {
return role + ".owner";
- } else if (memo.startsWith(RE_APPROVAL_IN_ROLE)) {
- return role;
+ } else {
+ first = memo.indexOf('[',second);
+ if(first>=0) {
+ second = memo.indexOf(']', ++first);
+ if(second>=0) {
+ if(memo.startsWith(RE_APPROVAL_IN_ROLE) ||
+ memo.startsWith(ADD_USER_TO_ROLE)) {
+ return memo.substring(first, second);
+ }
+ }
+ }
}
}
}
return null;
}
- public static void load(Trans trans, Session session, Creator<Approval> creator, Visitor<Approval> visitor) {
- trans.info().log( "query: " + creator.select() );
- TimeTaken tt = trans.start("Read Approval", Env.REMOTE);
-
- ResultSet results;
- try {
- Statement stmt = new SimpleStatement( creator.select() );
- results = session.execute(stmt);
+ public static int load(Trans trans, Session session, Creator<Approval> creator, Visitor<Approval> visitor) {
+ int count = 0;
+ try {
+ count+=call(trans,session,creator.query(null), creator, visitor);
} finally {
- tt.done();
+ trans.info().log("Found",count,"Approval Records");
}
-
- int count = 0;
- try {
- Iterator<Row> iter = results.iterator();
- Row row;
- tt = trans.start("Load X509s", Env.SUB);
- try {
- while (iter.hasNext()) {
- ++count;
- row = iter.next();
- visitor.visit(creator.create(row));
- }
- } finally {
- tt.done();
- }
+ return count;
+ }
+
+ public static int load(Trans trans, Session session, Creator<Approval> creator ) {
+ int count = 0;
+ try {
+ count+=call(trans,session,creator.query(null), creator, FullLoad);
} finally {
- trans.info().log("Found",count,"X509 Certificates");
+ trans.info().log("Found",count,"Approval Records");
}
+ return count;
+ }
+
+ public static int loadUsers(Trans trans, Session session, Set<String> users, Visitor<Approval> visitor) {
+ int total = 0;
+ for(String user : users) {
+ total+=call(trans,session,String.format("%s WHERE user='%s';",v2_0_17.select(), user),v2_0_17,visitor);
+ }
+ return total;
}
- public static void row(CSV.RowSetter crs, Approval app) {
+ public static void row(CSV.RowSetter crs, Approval app) {
crs.row("approval",app.add.id,app.add.ticket,app.add.user,app.role,app.add.memo);
}
-
- public static void load(Trans trans, Session session, Creator<Approval> creator ) {
- trans.info().log( "query: " + creator.select() );
- TimeTaken tt = trans.start("Load Notify", Env.REMOTE);
-
+ private static int call(Trans trans, Session session, String query, Creator<Approval> creator, Visitor<Approval> visitor) {
+ TimeTaken tt = trans.start("DB Query", Trans.REMOTE);
ResultSet results;
try {
- Statement stmt = new SimpleStatement(creator.select());
+ Statement stmt = new SimpleStatement( query );
results = session.execute(stmt);
+ int count = 0;
+ for (Row row : results.all()) {
+ ++count;
+ visitor.visit(creator.create(row));
+ }
+ return count;
} finally {
tt.done();
}
- int count = 0;
- tt = trans.start("Process Notify", Env.SUB);
-
- try {
- List<Approval> ln;
- for (Row row : results.all()) {
- ++count;
- try {
- Approval app = creator.create(row);
- list.add(app);
-
- String person = app.getApprover();
- if (person!=null) {
- ln = byApprover.get(person);
- if (ln==null) {
- ln = new ArrayList<>();
- byApprover.put(app.getApprover(), ln);
- }
- ln.add(app);
- }
-
-
- person = app.getUser();
- if (person!=null) {
- ln = byUser.get(person);
- if (ln==null) {
- ln = new ArrayList<>();
- byUser.put(app.getUser(), ln);
- }
- ln.add(app);
- }
- UUID ticket = app.getTicket();
- if (ticket!=null) {
- ln = byTicket.get(ticket);
- if (ln==null) {
- ln = new ArrayList<>();
- byTicket.put(app.getTicket(), ln);
- }
- ln.add(app);
- }
- } finally {
- tt.done();
- }
- }
- } finally {
- tt.done();
- trans.info().log("Found",count,"Approval Records");
- }
}
@Override
@@ -218,14 +179,6 @@ public class Approval implements CacheChange.Data {
list.clear();
cache.resetLocalData();
}
-// public void update(AuthzTrans trans, ApprovalDAO apprDAO, boolean dryRun) {
-// if (dryRun) {
-// trans.info().printf("Would update Approval %s, %s, last_notified %s",add.id,add.status,add.last_notified);
-// } else {
-// trans.info().printf("Update Approval %s, %s, last_notified %s",add.id,add.status,add.last_notified);
-// apprDAO.update(trans, add);
-// }
-// }
public static Creator<Approval> v2_0_17 = new Creator<Approval>() {
@Override
@@ -240,6 +193,43 @@ public class Approval implements CacheChange.Data {
return "select id,ticket,approver,user,memo,operation,status,type,WRITETIME(status) from authz.approval";
}
};
+
+ public static Visitor<Approval> FullLoad = new Visitor<Approval>() {
+ @Override
+ public void visit(Approval app) {
+ List<Approval> ln;
+ list.add(app);
+
+ String person = app.getApprover();
+ if (person!=null) {
+ ln = byApprover.get(person);
+ if (ln==null) {
+ ln = new ArrayList<>();
+ byApprover.put(app.getApprover(), ln);
+ }
+ ln.add(app);
+ }
+
+ person = app.getUser();
+ if (person!=null) {
+ ln = byUser.get(person);
+ if (ln==null) {
+ ln = new ArrayList<>();
+ byUser.put(app.getUser(), ln);
+ }
+ ln.add(app);
+ }
+ UUID ticket = app.getTicket();
+ if (ticket!=null) {
+ ln = byTicket.get(ticket);
+ if (ln==null) {
+ ln = new ArrayList<>();
+ byTicket.put(app.getTicket(), ln);
+ }
+ ln.add(app);
+ }
+ }
+ };
// /**
// * @return the lastNotified
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
index 51400f87..eb998b04 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java
@@ -345,7 +345,6 @@ public class Analyze extends Batch {
pendingTemp = null;
pendingApprs = null;
} finally {
- Approval.clear();
}
/**
diff --git a/auth/auth-batch/src/test/java/org/onap/aaf/auth/batch/helpers/test/JU_Approval.java b/auth/auth-batch/src/test/java/org/onap/aaf/auth/batch/helpers/test/JU_Approval.java
index 2e51d076..8fa20ef1 100644
--- a/auth/auth-batch/src/test/java/org/onap/aaf/auth/batch/helpers/test/JU_Approval.java
+++ b/auth/auth-batch/src/test/java/org/onap/aaf/auth/batch/helpers/test/JU_Approval.java
@@ -57,11 +57,12 @@ public class JU_Approval {
@Test
public void testRoleFromMemo() {
- Assert.assertNull(approval.roleFromMemo(null));
- Assert.assertEquals(".admin",
- approval.roleFromMemo("Re-Validate as Administrator for AAF Namespace '\'test\'test"));
- Assert.assertEquals(".owner", approval.roleFromMemo("Re-Validate Ownership for AAF Namespace '\'test\'test"));
- Assert.assertEquals("", approval.roleFromMemo("Re-Approval in Role '\'test\'test"));
+ Assert.assertNull(Approval.roleFromMemo(null));
+ Assert.assertEquals("org.onap.ns.admin",
+ Approval.roleFromMemo(Approval.RE_VALIDATE_ADMIN + "org.onap.ns]"));
+ Assert.assertEquals("org.onap.ns.owner", Approval.roleFromMemo(Approval.RE_VALIDATE_OWNER + "org.onap.ns]"));
+ Assert.assertEquals("org.onap.ns.member", Approval.roleFromMemo(Approval.RE_APPROVAL_IN_ROLE
+ + "bob] + [org.onap.ns.member] - Expires 2018-12-25"));
}
@Test