summaryrefslogtreecommitdiffstats
path: root/authz-batch/src/main/java/com/att/authz/reports/CheckRolePerm.java
diff options
context:
space:
mode:
Diffstat (limited to 'authz-batch/src/main/java/com/att/authz/reports/CheckRolePerm.java')
-rw-r--r--authz-batch/src/main/java/com/att/authz/reports/CheckRolePerm.java164
1 files changed, 0 insertions, 164 deletions
diff --git a/authz-batch/src/main/java/com/att/authz/reports/CheckRolePerm.java b/authz-batch/src/main/java/com/att/authz/reports/CheckRolePerm.java
deleted file mode 100644
index 2df123de..00000000
--- a/authz-batch/src/main/java/com/att/authz/reports/CheckRolePerm.java
+++ /dev/null
@@ -1,164 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
- *******************************************************************************/
-package com.att.authz.reports;
-
-import java.io.IOException;
-import java.util.Set;
-
-import com.att.authz.Batch;
-import com.att.authz.env.AuthzTrans;
-import com.att.authz.helpers.NS;
-import com.att.authz.helpers.Perm;
-import com.att.authz.helpers.Role;
-import org.onap.aaf.inno.env.APIException;
-import org.onap.aaf.inno.env.Env;
-import org.onap.aaf.inno.env.TimeTaken;
-import org.onap.aaf.inno.env.util.Split;
-
-public class CheckRolePerm extends Batch{
-
- public CheckRolePerm(AuthzTrans trans) throws APIException, IOException {
- super(trans.env());
- TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
- try {
- session = cluster.connect();
- } finally {
- tt.done();
- }
- NS.load(trans,session,NS.v2_0_11);
- Role.load(trans, session);
- Perm.load(trans, session);
- }
-
- @Override
- protected void run(AuthzTrans trans) {
- // Run for Roles
- trans.info().log("Checking for Role/Perm mis-match");
-
- String query;
- /// Evaluate from Role side
- for(Role roleKey : Role.data.keySet()) {
- for(String perm : Role.data.get(roleKey)) {
- Perm pk = Perm.keys.get(perm);
- if(pk==null) {
- NS ns=null;
- String msg = perm + " in role " + roleKey.fullName() + " does not exist";
- String newPerm;
- String[] s = Split.split('|', perm);
- if(s.length==3) {
- int i;
- String find = s[0];
- for(i=find.lastIndexOf('.');ns==null && i>=0;i=find.lastIndexOf('.', i-1)) {
- ns = NS.data.get(find.substring(0,i));
- }
- if(ns==null) {
- newPerm = perm;
- } else {
- newPerm = ns.name + '|' + s[0].substring(i+1) + '|' + s[1] + '|' + s[2];
- }
- } else {
- newPerm = perm;
- }
- if(dryRun) {
- if(ns==null) {
- trans.warn().log(msg, "- would remove role from perm;");
- } else {
- trans.warn().log(msg, "- would update role in perm;");
- }
- } else {
- if(ns!=null) {
- query = "UPDATE authz.role SET perms = perms + {'" +
- newPerm + "'}"
- + (roleKey.description==null?", description='clean'":"")
- + " WHERE "
- + "ns='" + roleKey.ns
- + "' AND name='" + roleKey.name + "';";
- trans.warn().log("Fixing role in perm",query);
- session.execute(query);
- }
-
- query = "UPDATE authz.role SET perms = perms - {'"
- + perm.replace("'", "''") + "'}"
- + (roleKey.description==null?", description='clean'":"")
- + " WHERE "
- + "ns='" + roleKey.ns
- + "' AND name='" + roleKey.name + "';";
- session.execute(query);
- trans.warn().log(msg, "- removing role from perm");
-// env.info().log( "query: " + query );
- }
- } else {
- Set<String> p_roles = Perm.data.get(pk);
- if(p_roles!=null && !p_roles.contains(roleKey.encode())) {
- String msg = perm + " does not have role: " + roleKey;
- if(dryRun) {
- trans.warn().log(msg,"- should add this role to this perm;");
- } else {
- query = "update authz.perm set roles = roles + {'"
- + roleKey.encode() + "'}"
- + (pk.description==null?", description=''":"")
- + " WHERE "
- + "ns='" + pk.ns
- + "' AND type='" + pk.type
- + "' AND instance='" + pk.instance
- + "' AND action='" + pk.action
- + "';";
- session.execute(query);
- trans.warn().log(msg,"- adding perm to role");
- }
-
- }
- }
- }
- }
-
- for(Perm permKey : Perm.data.keySet()) {
- for(String role : Perm.data.get(permKey)) {
- Role rk = Role.keys.get(role);
- if(rk==null) {
- String s = role + " in perm " + permKey.encode() + " does not exist";
- if(dryRun) {
- trans.warn().log(s,"- would remove perm from role;");
- } else {
- query = "update authz.perm set roles = roles - {'"
- + role.replace("'","''") + "'}"
- + (permKey.description==null?", description='clean'":"")
- + " WHERE "
- + "ns='" + permKey.ns
- + "' AND type='" + permKey.type
- + "' AND instance='" + permKey.instance
- + "' AND action='" + permKey.action + "';";
- session.execute(query);
- trans.warn().log(s,"- removing role from perm");
- }
- } else {
- Set<String> r_perms = Role.data.get(rk);
- if(r_perms!=null && !r_perms.contains(permKey.encode())) {
- String s ="Role '" + role + "' does not have perm: '" + permKey + '\'';
- if(dryRun) {
- trans.warn().log(s,"- should add this perm to this role;");
- } else {
- query = "update authz.role set perms = perms + {'"
- + permKey.encode() + "'}"
- + (rk.description==null?", description=''":"")
- + " WHERE "
- + "ns='" + rk.ns
- + "' AND name='" + rk.name + "';";
- session.execute(query);
- trans.warn().log(s,"- adding role to perm");
- }
- }
- }
- }
- }
-
- }
-
-
- @Override
- protected void _close(AuthzTrans trans) {
- session.close();
- aspr.info("End " + this.getClass().getSimpleName() + " processing" );
- }
-}