diff options
Diffstat (limited to 'authz-batch/src/main/java/com/att/authz/reports/CheckRolePerm.java')
-rw-r--r-- | authz-batch/src/main/java/com/att/authz/reports/CheckRolePerm.java | 164 |
1 files changed, 0 insertions, 164 deletions
diff --git a/authz-batch/src/main/java/com/att/authz/reports/CheckRolePerm.java b/authz-batch/src/main/java/com/att/authz/reports/CheckRolePerm.java deleted file mode 100644 index 2df123de..00000000 --- a/authz-batch/src/main/java/com/att/authz/reports/CheckRolePerm.java +++ /dev/null @@ -1,164 +0,0 @@ -/******************************************************************************* - * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved. - *******************************************************************************/ -package com.att.authz.reports; - -import java.io.IOException; -import java.util.Set; - -import com.att.authz.Batch; -import com.att.authz.env.AuthzTrans; -import com.att.authz.helpers.NS; -import com.att.authz.helpers.Perm; -import com.att.authz.helpers.Role; -import org.onap.aaf.inno.env.APIException; -import org.onap.aaf.inno.env.Env; -import org.onap.aaf.inno.env.TimeTaken; -import org.onap.aaf.inno.env.util.Split; - -public class CheckRolePerm extends Batch{ - - public CheckRolePerm(AuthzTrans trans) throws APIException, IOException { - super(trans.env()); - TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE); - try { - session = cluster.connect(); - } finally { - tt.done(); - } - NS.load(trans,session,NS.v2_0_11); - Role.load(trans, session); - Perm.load(trans, session); - } - - @Override - protected void run(AuthzTrans trans) { - // Run for Roles - trans.info().log("Checking for Role/Perm mis-match"); - - String query; - /// Evaluate from Role side - for(Role roleKey : Role.data.keySet()) { - for(String perm : Role.data.get(roleKey)) { - Perm pk = Perm.keys.get(perm); - if(pk==null) { - NS ns=null; - String msg = perm + " in role " + roleKey.fullName() + " does not exist"; - String newPerm; - String[] s = Split.split('|', perm); - if(s.length==3) { - int i; - String find = s[0]; - for(i=find.lastIndexOf('.');ns==null && i>=0;i=find.lastIndexOf('.', i-1)) { - ns = NS.data.get(find.substring(0,i)); - } - if(ns==null) { - newPerm = perm; - } else { - newPerm = ns.name + '|' + s[0].substring(i+1) + '|' + s[1] + '|' + s[2]; - } - } else { - newPerm = perm; - } - if(dryRun) { - if(ns==null) { - trans.warn().log(msg, "- would remove role from perm;"); - } else { - trans.warn().log(msg, "- would update role in perm;"); - } - } else { - if(ns!=null) { - query = "UPDATE authz.role SET perms = perms + {'" + - newPerm + "'}" - + (roleKey.description==null?", description='clean'":"") - + " WHERE " - + "ns='" + roleKey.ns - + "' AND name='" + roleKey.name + "';"; - trans.warn().log("Fixing role in perm",query); - session.execute(query); - } - - query = "UPDATE authz.role SET perms = perms - {'" - + perm.replace("'", "''") + "'}" - + (roleKey.description==null?", description='clean'":"") - + " WHERE " - + "ns='" + roleKey.ns - + "' AND name='" + roleKey.name + "';"; - session.execute(query); - trans.warn().log(msg, "- removing role from perm"); -// env.info().log( "query: " + query ); - } - } else { - Set<String> p_roles = Perm.data.get(pk); - if(p_roles!=null && !p_roles.contains(roleKey.encode())) { - String msg = perm + " does not have role: " + roleKey; - if(dryRun) { - trans.warn().log(msg,"- should add this role to this perm;"); - } else { - query = "update authz.perm set roles = roles + {'" - + roleKey.encode() + "'}" - + (pk.description==null?", description=''":"") - + " WHERE " - + "ns='" + pk.ns - + "' AND type='" + pk.type - + "' AND instance='" + pk.instance - + "' AND action='" + pk.action - + "';"; - session.execute(query); - trans.warn().log(msg,"- adding perm to role"); - } - - } - } - } - } - - for(Perm permKey : Perm.data.keySet()) { - for(String role : Perm.data.get(permKey)) { - Role rk = Role.keys.get(role); - if(rk==null) { - String s = role + " in perm " + permKey.encode() + " does not exist"; - if(dryRun) { - trans.warn().log(s,"- would remove perm from role;"); - } else { - query = "update authz.perm set roles = roles - {'" - + role.replace("'","''") + "'}" - + (permKey.description==null?", description='clean'":"") - + " WHERE " - + "ns='" + permKey.ns - + "' AND type='" + permKey.type - + "' AND instance='" + permKey.instance - + "' AND action='" + permKey.action + "';"; - session.execute(query); - trans.warn().log(s,"- removing role from perm"); - } - } else { - Set<String> r_perms = Role.data.get(rk); - if(r_perms!=null && !r_perms.contains(permKey.encode())) { - String s ="Role '" + role + "' does not have perm: '" + permKey + '\''; - if(dryRun) { - trans.warn().log(s,"- should add this perm to this role;"); - } else { - query = "update authz.role set perms = perms + {'" - + permKey.encode() + "'}" - + (rk.description==null?", description=''":"") - + " WHERE " - + "ns='" + rk.ns - + "' AND name='" + rk.name + "';"; - session.execute(query); - trans.warn().log(s,"- adding role to perm"); - } - } - } - } - } - - } - - - @Override - protected void _close(AuthzTrans trans) { - session.close(); - aspr.info("End " + this.getClass().getSimpleName() + " processing" ); - } -} |