summaryrefslogtreecommitdiffstats
path: root/authz-batch/src/main/java/com
diff options
context:
space:
mode:
Diffstat (limited to 'authz-batch/src/main/java/com')
-rw-r--r--authz-batch/src/main/java/com/att/authz/Batch.java471
-rw-r--r--authz-batch/src/main/java/com/att/authz/BatchException.java33
-rw-r--r--authz-batch/src/main/java/com/att/authz/CassBatch.java58
-rw-r--r--authz-batch/src/main/java/com/att/authz/FileCassBatch.java53
-rw-r--r--authz-batch/src/main/java/com/att/authz/JobChange.java743
-rw-r--r--authz-batch/src/main/java/com/att/authz/UserRoleDataGeneration.java100
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/Action.java11
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/ActionDAO.java43
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/ActionPuntDAO.java45
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/CredDelete.java31
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/CredPrint.java38
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/CredPunt.java47
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/Email.java113
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/EmailPrint.java51
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/FADelete.java52
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/FAPrint.java23
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/Key.java8
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/Message.java33
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/URAdd.java39
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/URDelete.java35
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/URFutureApprove.java83
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/URFuturePrint.java28
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/URPrint.java24
-rw-r--r--authz-batch/src/main/java/com/att/authz/actions/URPunt.java46
-rw-r--r--authz-batch/src/main/java/com/att/authz/entryConverters/AafEntryConverter.java28
-rw-r--r--authz-batch/src/main/java/com/att/authz/entryConverters/CredEntryConverter.java29
-rw-r--r--authz-batch/src/main/java/com/att/authz/entryConverters/NsEntryConverter.java27
-rw-r--r--authz-batch/src/main/java/com/att/authz/entryConverters/PermEntryConverter.java24
-rw-r--r--authz-batch/src/main/java/com/att/authz/entryConverters/RoleEntryConverter.java23
-rw-r--r--authz-batch/src/main/java/com/att/authz/entryConverters/UserRoleEntryConverter.java26
-rw-r--r--authz-batch/src/main/java/com/att/authz/helpers/Approver.java44
-rw-r--r--authz-batch/src/main/java/com/att/authz/helpers/Creator.java23
-rw-r--r--authz-batch/src/main/java/com/att/authz/helpers/Cred.java142
-rw-r--r--authz-batch/src/main/java/com/att/authz/helpers/Future.java99
-rw-r--r--authz-batch/src/main/java/com/att/authz/helpers/InputIterator.java51
-rw-r--r--authz-batch/src/main/java/com/att/authz/helpers/MiscID.java169
-rw-r--r--authz-batch/src/main/java/com/att/authz/helpers/NS.java134
-rw-r--r--authz-batch/src/main/java/com/att/authz/helpers/Notification.java273
-rw-r--r--authz-batch/src/main/java/com/att/authz/helpers/NsAttrib.java88
-rw-r--r--authz-batch/src/main/java/com/att/authz/helpers/Perm.java124
-rw-r--r--authz-batch/src/main/java/com/att/authz/helpers/Role.java125
-rw-r--r--authz-batch/src/main/java/com/att/authz/helpers/UserRole.java133
-rw-r--r--authz-batch/src/main/java/com/att/authz/reports/ApprNotify.java107
-rw-r--r--authz-batch/src/main/java/com/att/authz/reports/CheckCred.java90
-rw-r--r--authz-batch/src/main/java/com/att/authz/reports/CheckNS.java425
-rw-r--r--authz-batch/src/main/java/com/att/authz/reports/CheckRolePerm.java164
-rw-r--r--authz-batch/src/main/java/com/att/authz/reports/CheckUR.java74
-rw-r--r--authz-batch/src/main/java/com/att/authz/reports/Expiring.java235
-rw-r--r--authz-batch/src/main/java/com/att/authz/reports/NSDump.java136
49 files changed, 5001 insertions, 0 deletions
diff --git a/authz-batch/src/main/java/com/att/authz/Batch.java b/authz-batch/src/main/java/com/att/authz/Batch.java
new file mode 100644
index 00000000..f812d310
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/Batch.java
@@ -0,0 +1,471 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.PrintStream;
+import java.lang.reflect.Constructor;
+import java.net.InetAddress;
+import java.net.URL;
+import java.net.UnknownHostException;
+import java.nio.ByteBuffer;
+import java.text.SimpleDateFormat;
+import java.util.GregorianCalendar;
+import java.util.HashSet;
+import java.util.Properties;
+import java.util.Set;
+import java.util.TimeZone;
+
+import org.apache.log4j.Logger;
+
+import com.att.authz.env.AuthzEnv;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.org.Organization;
+import com.att.authz.org.OrganizationException;
+import com.att.authz.org.OrganizationFactory;
+import com.att.dao.CassAccess;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.StaticSlot;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.impl.Log4JLogTarget;
+import com.att.inno.env.log4j.LogFileNamer;
+import com.datastax.driver.core.Cluster;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.Statement;
+
+public abstract class Batch {
+ private static StaticSlot ssargs;
+
+ protected static final String STARS = "*****";
+
+ protected final Cluster cluster;
+ protected static AuthzEnv env;
+ protected static Session session;
+ protected static Logger aspr;
+ private static Set<String> specialNames = null;
+ protected static boolean dryRun;
+ protected static String batchEnv;
+
+ public static final String CASS_ENV = "CASS_ENV";
+ protected final static String PUNT="punt";
+ protected final static String VERSION="VERSION";
+ public final static String GUI_URL="GUI_URL";
+
+ protected final static String ORA_URL="ora_url";
+ protected final static String ORA_PASSWORD="ora_password";
+
+
+
+ protected Batch(AuthzEnv env) throws APIException, IOException {
+ // TODO - Property Driven Organization
+// try {
+// // att = new ATT(env);
+// } catch (OrganizationException e) {
+// throw new APIException(e);
+// }
+
+ // Be able to change Environments
+ // load extra properties, i.e.
+ // PERF.cassandra.clusters=....
+ batchEnv = env.getProperty(CASS_ENV);
+ if(batchEnv != null) {
+ batchEnv = batchEnv.trim();
+ env.info().log("Redirecting to ",batchEnv,"environment");
+ String str;
+ for(String key : new String[]{
+ CassAccess.CASSANDRA_CLUSTERS,
+ CassAccess.CASSANDRA_CLUSTERS_PORT,
+ CassAccess.CASSANDRA_CLUSTERS_USER_NAME,
+ CassAccess.CASSANDRA_CLUSTERS_PASSWORD,
+ VERSION,GUI_URL,PUNT,
+ // TEMP
+ ORA_URL, ORA_PASSWORD
+ }) {
+ if((str = env.getProperty(batchEnv+'.'+key))!=null) {
+ env.setProperty(key, str);
+ }
+ }
+ }
+
+ // Setup for Dry Run
+ cluster = CassAccess.cluster(env,batchEnv);
+ env.info().log("cluster name - ",cluster.getClusterName());
+ String dryRunStr = env.getProperty( "DRY_RUN" );
+ if ( dryRunStr == null || dryRunStr.equals("false") ) {
+ dryRun = false;
+ } else {
+ dryRun = true;
+ env.info().log("dryRun set to TRUE");
+ }
+
+ // Special names to allow behaviors beyond normal rules
+ String names = env.getProperty( "SPECIAL_NAMES" );
+ if ( names != null )
+ {
+ env.info().log("Loading SPECIAL_NAMES");
+ specialNames = new HashSet<String>();
+ for (String s :names.split(",") )
+ {
+ env.info().log("\tspecial: " + s );
+ specialNames.add( s.trim() );
+ }
+ }
+ }
+
+ protected abstract void run(AuthzTrans trans);
+ protected abstract void _close(AuthzTrans trans);
+
+ public String[] args() {
+ return (String[])env.get(ssargs);
+ }
+
+ public boolean isDryRun()
+ {
+ return( dryRun );
+ }
+
+ public boolean isSpecial(String user) {
+ if (specialNames != null && specialNames.contains(user)) {
+ env.info().log("specialName: " + user);
+
+ return (true);
+ } else {
+ return (false);
+ }
+ }
+
+ public boolean isMechID(String user) {
+ if (user.matches("m[0-9][0-9][0-9][0-9][0-9]")) {
+ return (true);
+ } else {
+ return (false);
+ }
+ }
+
+ protected PrintStream fallout(PrintStream _fallout, String logType)
+ throws IOException {
+ PrintStream fallout = _fallout;
+ if (fallout == null) {
+ File dir = new File("logs");
+ if (!dir.exists()) {
+ dir.mkdirs();
+ }
+
+ File f = null;
+ // String os = System.getProperty("os.name").toLowerCase();
+ long uniq = System.currentTimeMillis();
+
+ f = new File(dir, getClass().getSimpleName() + "_" + logType + "_"
+ + uniq + ".log");
+
+ fallout = new PrintStream(new FileOutputStream(f, true));
+ }
+ return fallout;
+ }
+
+ public Organization getOrgFromID(AuthzTrans trans, String user) {
+ Organization org;
+ try {
+ org = OrganizationFactory.obtain(trans.env(),user.toLowerCase());
+ } catch (OrganizationException e1) {
+ trans.error().log(e1);
+ org=null;
+ }
+
+ if (org == null) {
+ PrintStream fallout = null;
+
+ try {
+ fallout = fallout(fallout, "Fallout");
+ fallout.print("INVALID_ID,");
+ fallout.println(user);
+ } catch (Exception e) {
+ env.error().log("Could not write to Fallout File", e);
+ }
+ return (null);
+ }
+
+ return (org);
+ }
+
+ public static Row executeDeleteQuery(Statement stmt) {
+ Row row = null;
+ if (!dryRun) {
+ row = session.execute(stmt).one();
+ }
+
+ return (row);
+
+ }
+
+ public static int acquireRunLock(String className) {
+ Boolean testEnv = true;
+ String envStr = env.getProperty("AFT_ENVIRONMENT");
+
+ if (envStr != null) {
+ if (envStr.equals("AFTPRD")) {
+ testEnv = false;
+ }
+ } else {
+ env.fatal()
+ .log("AFT_ENVIRONMENT property is required and was not found. Exiting.");
+ System.exit(1);
+ }
+
+ if (testEnv) {
+ env.info().log("TESTMODE: skipping RunLock");
+ return (1);
+ }
+
+ String hostname = null;
+ try {
+ hostname = InetAddress.getLocalHost().getHostName();
+ } catch (UnknownHostException e) {
+ e.printStackTrace();
+ env.warn().log("Unable to get hostname");
+ return (0);
+ }
+
+ ResultSet existing = session.execute(String.format(
+ "select * from authz.run_lock where class = '%s'", className));
+
+ for (Row row : existing) {
+ long curr = System.currentTimeMillis();
+ ByteBuffer lastRun = row.getBytesUnsafe(2); // Can I get this field
+ // by name?
+
+ long interval = (1 * 60 * 1000); // @@ Create a value in props file
+ // for this
+ long prev = lastRun.getLong();
+
+ if ((curr - prev) <= interval) {
+ env.warn().log(
+ String.format("Too soon! Last run was %d minutes ago.",
+ ((curr - prev) / 1000) / 60));
+ env.warn().log(
+ String.format("Min time between runs is %d minutes ",
+ (interval / 1000) / 60));
+ env.warn().log(
+ String.format("Last ran on machine: %s at %s",
+ row.getString("host"), row.getDate("start")));
+ return (0);
+ } else {
+ env.info().log("Delete old lock");
+ deleteLock(className);
+ }
+ }
+
+ GregorianCalendar current = new GregorianCalendar();
+
+ // We want our time in UTC, hence "+0000"
+ SimpleDateFormat fmt = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss+0000");
+ fmt.setTimeZone(TimeZone.getTimeZone("UTC"));
+
+ String cql = String
+ .format("INSERT INTO authz.run_lock (class,host,start) VALUES ('%s','%s','%s') IF NOT EXISTS",
+ className, hostname, fmt.format(current.getTime()));
+
+ env.info().log(cql);
+
+ Row row = session.execute(cql).one();
+ if (!row.getBool("[applied]")) {
+ env.warn().log("Lightweight Transaction failed to write lock.");
+ env.warn().log(
+ String.format("host with lock: %s, running at %s",
+ row.getString("host"), row.getDate("start")));
+ return (0);
+ }
+ return (1);
+ }
+
+ private static void deleteLock( String className) {
+ Row row = session.execute( String.format( "DELETE FROM authz.run_lock WHERE class = '%s' IF EXISTS", className ) ).one();
+ if (! row.getBool("[applied]")) {
+ env.info().log( "delete failed" );
+ }
+ }
+
+ private static void transferVMProps(AuthzEnv env, String ... props) {
+ String value;
+ for(String key : props) {
+ if((value = System.getProperty(key))!=null) {
+ env.setProperty(key, value);
+ }
+ }
+
+ }
+
+ protected int count(String str, char c) {
+ int count=str==null||str.isEmpty()?0:1;
+ for(int i=str.indexOf(c);i>=0;i=str.indexOf(c,i+1)) {
+ ++count;
+ }
+ return count;
+ }
+
+ public final void close(AuthzTrans trans) {
+ _close(trans);
+ cluster.close();
+ }
+
+ public static void main(String[] args) {
+ Properties props = new Properties();
+ InputStream is=null;
+ String filename;
+ String propLoc;
+ try {
+ File f = new File("etc/authBatch.props");
+ try {
+ if(f.exists()) {
+ filename = f.getCanonicalPath();
+ is = new FileInputStream(f);
+ propLoc=f.getPath();
+ } else {
+ URL rsrc = ClassLoader.getSystemResource("authBatch.props");
+ filename = rsrc.toString();
+ is = rsrc.openStream();
+ propLoc=rsrc.getPath();
+ }
+ props.load(is);
+ } finally {
+ if(is==null) {
+ System.err.println("authBatch.props must exist in etc dir, or in Classpath");
+ System.exit(1);
+ }
+ is.close();
+ }
+
+ env = new AuthzEnv(props);
+
+ transferVMProps(env,CASS_ENV,"DRY_RUN","NS","Organization");
+
+ // Flow all Env Logs to Log4j, with ENV
+
+ LogFileNamer lfn;
+ if((batchEnv=env.getProperty(CASS_ENV))==null) {
+ lfn = new LogFileNamer("logs/").noPID();
+ } else {
+ lfn = new LogFileNamer("logs/" + batchEnv+'/').noPID();
+ }
+
+ lfn.setAppender("authz-batch");
+ lfn.setAppender("aspr|ASPR");
+ lfn.setAppender("sync");
+ lfn.setAppender("jobchange");
+ lfn.setAppender("validateuser");
+ aspr = Logger.getLogger("aspr");
+ Log4JLogTarget.setLog4JEnv("authz-batch", env);
+ if(filename!=null) {
+ env.init().log("Instantiated properties from",filename);
+ }
+
+
+ // Log where Config found
+ env.info().log("Configuring from",propLoc);
+ propLoc=null;
+
+ Batch batch = null;
+ // setup ATTUser and Organization Slots before starting this:
+ //TODO Property Driven Organization
+// env.slot(ATT.ATT_USERSLOT);
+// OrganizationFactory.setDefaultOrg(env, ATT.class.getName());
+ AuthzTrans trans = env.newTrans();
+
+ TimeTaken tt = trans.start("Total Run", Env.SUB);
+ try {
+ int len = args.length;
+ if(len>0) {
+ String toolName = args[0];
+ len-=1;
+ if(len<0)len=0;
+ String nargs[] = new String[len];
+ if(len>0) {
+ System.arraycopy(args, 1, nargs, 0, len);
+ }
+
+ env.put(ssargs=env.staticSlot("ARGS"), nargs);
+
+ /*
+ * Add New Batch Programs (inherit from Batch) here
+ */
+
+ if( JobChange.class.getSimpleName().equals(toolName)) {
+ aspr.info( "Begin jobchange processing" );
+ batch = new JobChange(trans);
+ }
+ //// else if( ValidateUsers.class.getSimpleName().equals(toolName)) {
+ //// aspr.info( "Begin ValidateUsers processing" );
+ //// batch = new ValidateUsers(trans);
+ // }
+ else if( UserRoleDataGeneration.class.getSimpleName().equals(toolName)) {
+ // This job duplicates User Role add/delete History items
+ // so that we can search them by Role. Intended as a one-time
+ // script! but written as batch job because Java has better
+ // UUID support. Multiple runs will generate multiple copies of
+ // these history elements!
+ aspr.info( "Begin User Role Data Generation Processing ");
+ batch = new UserRoleDataGeneration(trans);
+ } else { // Might be a Report, Update or Temp Batch
+ Class<?> cls;
+ String classifier = "";
+ try {
+ cls = ClassLoader.getSystemClassLoader().loadClass("com.att.authz.update."+toolName);
+ classifier = "Update:";
+ } catch(ClassNotFoundException e) {
+ try {
+ cls = ClassLoader.getSystemClassLoader().loadClass("com.att.authz.reports."+toolName);
+ classifier = "Report:";
+ } catch (ClassNotFoundException e2) {
+ try {
+ cls = ClassLoader.getSystemClassLoader().loadClass("com.att.authz.temp."+toolName);
+ classifier = "Temp Utility:";
+ } catch (ClassNotFoundException e3) {
+ cls = null;
+ }
+ }
+ }
+ if(cls!=null) {
+ Constructor<?> cnst = cls.getConstructor(new Class[]{AuthzTrans.class});
+ batch = (Batch)cnst.newInstance(trans);
+ env.info().log("Begin",classifier,toolName);
+ }
+ }
+
+ if(batch==null) {
+ trans.error().log("No Batch named",toolName,"found");
+ }
+ /*
+ * End New Batch Programs (inherit from Batch) here
+ */
+
+ }
+ if(batch!=null) {
+ batch.run(trans);
+ }
+ } finally {
+ tt.done();
+ if(batch!=null) {
+ batch.close(trans);
+ }
+ StringBuilder sb = new StringBuilder("Task Times\n");
+ trans.auditTrail(4, sb, AuthzTrans.REMOTE);
+ trans.info().log(sb);
+ }
+ } catch (Exception e) {
+ e.printStackTrace(System.err);
+ // Exceptions thrown by DB aren't stopping the whole process.
+ System.exit(1);
+ }
+ }
+
+
+}
+
diff --git a/authz-batch/src/main/java/com/att/authz/BatchException.java b/authz-batch/src/main/java/com/att/authz/BatchException.java
new file mode 100644
index 00000000..72475033
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/BatchException.java
@@ -0,0 +1,33 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz;
+
+public class BatchException extends Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -3877245367723491192L;
+
+ public BatchException() {
+ }
+
+ public BatchException(String message) {
+ super(message);
+ }
+
+ public BatchException(Throwable cause) {
+ super(cause);
+ }
+
+ public BatchException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public BatchException(String message, Throwable cause,
+ boolean enableSuppression, boolean writableStackTrace) {
+ super(message, cause, enableSuppression, writableStackTrace);
+ }
+
+}
diff --git a/authz-batch/src/main/java/com/att/authz/CassBatch.java b/authz-batch/src/main/java/com/att/authz/CassBatch.java
new file mode 100644
index 00000000..5c247245
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/CassBatch.java
@@ -0,0 +1,58 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz;
+
+import java.io.IOException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.impl.Log4JLogTarget;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.exceptions.InvalidQueryException;
+
+public abstract class CassBatch extends Batch {
+
+ protected CassBatch(AuthzTrans trans, String log4JName) throws APIException, IOException {
+ super(trans.env());
+ // Flow all Env Logs to Log4j
+ Log4JLogTarget.setLog4JEnv(log4JName, env);
+
+ TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+ try {
+ session = cluster.connect();
+ } finally {
+ tt.done();
+ }
+ }
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ session.close();
+ trans.info().log("Closed Session");
+ }
+
+ public ResultSet executeQuery(String cql) {
+ return executeQuery(cql,"");
+ }
+
+ public ResultSet executeQuery(String cql, String extra) {
+ if(isDryRun() && !cql.startsWith("SELECT")) {
+ if(extra!=null)env.info().log("Would query" + extra + ": " + cql);
+ } else {
+ if(extra!=null)env.info().log("query" + extra + ": " + cql);
+ try {
+ return session.execute(cql);
+ } catch (InvalidQueryException e) {
+ if(extra==null) {
+ env.info().log("query: " + cql);
+ }
+ throw e;
+ }
+ }
+ return null;
+ }
+
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/FileCassBatch.java b/authz-batch/src/main/java/com/att/authz/FileCassBatch.java
new file mode 100644
index 00000000..d037e75f
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/FileCassBatch.java
@@ -0,0 +1,53 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.DirectoryIteratorException;
+import java.nio.file.DirectoryStream;
+import java.nio.file.FileSystem;
+import java.nio.file.FileSystems;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.PathMatcher;
+import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.List;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.inno.env.APIException;
+
+public abstract class FileCassBatch extends CassBatch {
+
+ public FileCassBatch(AuthzTrans trans, String log4jName) throws APIException, IOException {
+ super(trans, log4jName);
+ }
+
+ protected List<File> findAllFiles(String regex) {
+ List<File> files = new ArrayList<File>();
+ FileSystem fileSystem = FileSystems.getDefault();
+ PathMatcher pathMatcher = fileSystem.getPathMatcher("glob:" + regex);
+ Path path = Paths.get(System.getProperty("user.dir"), "data");
+
+ try {
+ DirectoryStream<Path> directoryStream = Files.newDirectoryStream(
+ path, regex);
+ for (Path file : directoryStream) {
+ if (pathMatcher.matches(file.getFileName())) {
+ files.add(file.toFile());
+ }
+ }
+ } catch (IOException ex) {
+ ex.printStackTrace();
+ } catch (DirectoryIteratorException ex) {
+ ex.printStackTrace();
+ }
+
+ return files;
+ }
+
+
+
+}
diff --git a/authz-batch/src/main/java/com/att/authz/JobChange.java b/authz-batch/src/main/java/com/att/authz/JobChange.java
new file mode 100644
index 00000000..235ebacc
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/JobChange.java
@@ -0,0 +1,743 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+// test for case where I'm an admin
+
+package com.att.authz;
+
+import java.io.BufferedInputStream;
+import java.io.BufferedReader;
+import java.io.BufferedWriter;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.PrintStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.text.SimpleDateFormat;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Set;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.org.Organization;
+import com.att.authz.org.OrganizationFactory;
+import com.att.inno.env.APIException;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class JobChange extends Batch
+{
+ private class UserRole
+ {
+ String user;
+ String role;
+ }
+ private class UserCred
+ {
+ String user;
+ String ns;
+ }
+
+ private class NamespaceOwner
+ {
+ String user;
+ String ns;
+ boolean responsible;
+ int ownerCount;
+ }
+
+
+ private AuthzTrans myTrans;
+
+ private Map<String, ArrayList<UserRole>> rolesMap = new HashMap<String, ArrayList<UserRole>>();
+ private Map<String, ArrayList<NamespaceOwner>> ownersMap = new HashMap<String, ArrayList<NamespaceOwner>>();
+ private Map<String, ArrayList<UserCred>> credsMap = new HashMap<String, ArrayList<UserCred>>();
+
+
+ public static void createDirectory( String dir )
+ {
+ File f = new File( dir );
+
+ if ( ! f.exists())
+ {
+ env.info().log( "creating directory: " + dir );
+ boolean result = false;
+
+ try
+ {
+ f.mkdir();
+ result = true;
+ } catch(SecurityException e){
+ e.printStackTrace();
+ }
+ if(result) {
+ System.out.println("DIR created");
+ }
+ }
+ }
+
+ public static String getJobChangeDataFile()
+ {
+ File outFile = null;
+ BufferedWriter writer = null;
+ BufferedReader reader = null;
+ String line;
+ boolean errorFlag = false;
+
+ try
+ {
+ createDirectory( "etc" );
+
+ outFile = new File("etc/jobchange." + getCurrentDate() );
+ if (!outFile.exists())
+ {
+ outFile.createNewFile();
+ }
+ else
+ {
+ return( "etc/jobchange." + getCurrentDate() );
+ }
+
+ env.info().log("Creating the local file with the webphone data");
+
+
+
+ writer = new BufferedWriter(new FileWriter(
+ outFile.getAbsoluteFile()));
+
+ URL u = new URL( "ftp://thprod37.sbc.com/jobchange_Delta.dat" );
+ reader = new BufferedReader(new InputStreamReader(
+ new BufferedInputStream(u.openStream())));
+ while ((line = reader.readLine()) != null) {
+ writer.write(line + "\n");
+ }
+
+ writer.close();
+ reader.close();
+
+ env.info().log("Finished fetching the data from the webphone ftp site.");
+ return( "etc/jobchange." + getCurrentDate() );
+
+ } catch (MalformedURLException e) {
+ env.error().log("Could not open the remote job change data file.", e);
+ errorFlag = true;
+
+ } catch (IOException e) {
+ env.error().log(
+ "Error while opening or writing to the local data file.", e);
+ errorFlag = true;
+
+ } catch (Exception e) {
+ env.error().log("Error while fetching the data file.", e);
+ errorFlag = true;
+
+ } finally {
+ if (errorFlag)
+ outFile.delete();
+ }
+ return null;
+ }
+
+ public static String getCurrentDate()
+ {
+ SimpleDateFormat sdfDate = new SimpleDateFormat("yyyy-MM-dd");
+ Date now = new Date();
+ String strDate = sdfDate.format(now);
+ return strDate;
+ }
+
+ public void loadUsersFromCred()
+ {
+ String query = "select id,ns from authz.cred" ;
+
+ env.info().log( "query: " + query );
+
+ Statement stmt = new SimpleStatement( query );
+ ResultSet results = session.execute(stmt);
+
+ Iterator<Row> iter = results.iterator();
+ while( iter.hasNext() )
+ {
+ Row row = iter.next();
+ String user = row.getString( "id" );
+ String ns = row.getString( "ns" );
+ String simpleUser = user.substring( 0, user.indexOf( "@" ) );
+
+ if ( isMechID( simpleUser ) )
+ {
+ continue;
+ }
+ else if ( credsMap.get( simpleUser ) == null )
+ {
+ credsMap.put( simpleUser, new ArrayList<UserCred>() );
+
+ UserCred newEntry = new UserCred();
+ newEntry.user = user;
+ newEntry.ns = ns;
+
+ credsMap.get( simpleUser ).add( newEntry );
+ }
+ else
+ {
+ UserCred newEntry = new UserCred();
+ newEntry.user = user;
+ newEntry.ns = ns;
+
+ credsMap.get( simpleUser ).add( newEntry );
+ }
+
+ env.debug().log( String.format( "\tUser: %s NS: %s", user, ns ) );
+ }
+ }
+
+ public void loadUsersFromRoles()
+ {
+ String query = "select user,role from authz.user_role" ;
+
+ env.info().log( "query: " + query );
+
+ Statement stmt = new SimpleStatement( query );
+ ResultSet results = session.execute(stmt);
+ int total=0, flagged=0;
+
+ Iterator<Row> iter = results.iterator();
+ while( iter.hasNext() )
+ {
+ Row row = iter.next();
+ String user = row.getString( "user" );
+ String role = row.getString( "role" );
+ String simpleUser = user.substring( 0, user.indexOf( "@" ) );
+
+ if ( isMechID( simpleUser ) )
+ {
+ continue;
+ }
+ else if ( rolesMap.get( simpleUser ) == null )
+ {
+ rolesMap.put( simpleUser, new ArrayList<UserRole>() );
+
+ UserRole newEntry = new UserRole();
+ newEntry.user = user;
+ newEntry.role = role;
+
+ rolesMap.get( simpleUser ).add( newEntry );
+ }
+ else
+ {
+ UserRole newEntry = new UserRole();
+ newEntry.user = user;
+ newEntry.role = role;
+
+ rolesMap.get( simpleUser ).add( newEntry );
+ }
+
+ env.debug().log( String.format( "\tUser: %s Role: %s", user, role ) );
+
+ ++total;
+ }
+ env.info().log( String.format( "rows read: %d expiring: %d", total, flagged ) );
+ }
+
+ public void loadOwnersFromNS()
+ {
+ String query = "select name,admin,responsible from authz.ns" ;
+
+ env.info().log( "query: " + query );
+
+ Statement stmt = new SimpleStatement( query );
+ ResultSet results = session.execute(stmt);
+
+ Iterator<Row> iter = results.iterator();
+ while( iter.hasNext() )
+ {
+ Row row = iter.next();
+ Set<String> responsibles = row.getSet( "responsible", String.class );
+
+ for ( String user : responsibles )
+ {
+ env.info().log( String.format( "Found responsible %s", user ) );
+ String simpleUser = user.substring( 0, user.indexOf( "@" ) );
+
+ if ( isMechID( simpleUser ) )
+ {
+ continue;
+ }
+ else if ( ownersMap.get( simpleUser ) == null )
+ {
+ ownersMap.put( simpleUser, new ArrayList<NamespaceOwner>() );
+
+ NamespaceOwner newEntry = new NamespaceOwner();
+ newEntry.user = user;
+ newEntry.ns = row.getString( "name" );
+ newEntry.ownerCount = responsibles.size();
+ newEntry.responsible = true;
+ ownersMap.get( simpleUser ).add( newEntry );
+ }
+ else
+ {
+ NamespaceOwner newEntry = new NamespaceOwner();
+ newEntry.user = user;
+ newEntry.ns = row.getString( "name" );
+ newEntry.ownerCount = responsibles.size();
+ newEntry.responsible = true;
+ ownersMap.get( simpleUser ).add( newEntry );
+ }
+ }
+ Set<String> admins = row.getSet( "admin", String.class );
+
+ for ( String user : admins )
+ {
+ env.info().log( String.format( "Found admin %s", user ) );
+ String simpleUser = user.substring( 0, user.indexOf( "@" ) );
+
+ if ( isMechID( simpleUser ) )
+ {
+ continue;
+ }
+ else if ( ownersMap.get( simpleUser ) == null )
+ {
+ ownersMap.put( simpleUser, new ArrayList<NamespaceOwner>() );
+
+ NamespaceOwner newEntry = new NamespaceOwner();
+ newEntry.user = user;
+ newEntry.ns = row.getString( "name" );
+ newEntry.responsible = false;
+ newEntry.ownerCount = -1; //
+ ownersMap.get( simpleUser ).add( newEntry );
+ }
+ else
+ {
+ NamespaceOwner newEntry = new NamespaceOwner();
+ newEntry.user = user;
+ newEntry.ns = row.getString( "name" );
+ newEntry.responsible = false;
+ newEntry.ownerCount = -1; //
+ ownersMap.get( simpleUser ).add( newEntry );
+ }
+ }
+
+ }
+ }
+
+ /**
+ * Processes the specified JobChange data file obtained from Webphone. Each line is
+ * read and processed and any fallout is written to the specified fallout file.
+ * If fallout file already exists it is deleted and a new one is created. A
+ * comparison of the supervisor id in the job data file is done against the one returned
+ * by the authz service and if the supervisor Id has changed then the record is updated
+ * using the authz service. An email is sent to the new supervisor to approve the roles
+ * assigned to the user.
+ *
+ * @param fileName - name of the file to process including its path
+ * @param falloutFileName - the file where the fallout entries have to be written
+ * @param validDate - the valid effective date when the user had moved to the new supervisor
+ * @throws Exception
+ */
+ public void processJobChangeDataFile(String fileName,
+ String falloutFileName, Date validDate) throws Exception
+ {
+
+ BufferedWriter writer = null;
+
+ try {
+
+ env.info().log("Reading file: " + fileName );
+
+ FileInputStream fstream = new FileInputStream(fileName);
+ BufferedReader br = new BufferedReader(new InputStreamReader(fstream));
+
+ String strLine;
+
+ while ((strLine = br.readLine()) != null) {
+ processLine( strLine, writer );
+ }
+
+ br.close();
+
+
+ } catch (IOException e) {
+ env.error().log( "Error while reading from the input data file: " + e );
+ throw e;
+ }
+ }
+
+ public void handleAdminChange( String user )
+ {
+ ArrayList<NamespaceOwner> val = ownersMap.get( user );
+
+ for ( NamespaceOwner r : val )
+ {
+ env.info().log( "handleAdminChange: " + user );
+ AuthzTrans trans = env.newTransNoAvg();
+
+
+ if ( r.responsible )
+ {
+ env.info().log( String.format( "delete from NS owner: %s, NS: %s, count: %s",
+ r.user, r.ns, r.ownerCount ) );
+
+ aspr.info( String.format( "action=DELETE_NS_OWNER, user=%s, ns=%s",
+ r.user, r.ns ) );
+ if ( r.ownerCount < 2 )
+ {
+ // send warning email to aaf-support, after this deletion, no owner for NS
+ ArrayList<String> toAddress = new ArrayList<String>();
+ toAddress.add( "XXX_EMAIL" );
+
+ env.warn().log( "removing last owner from namespace" );
+
+ Organization org = null;
+ org = getOrgFromID( myTrans, org, toAddress.get(0) );
+
+ env.info().log( "calling getOrgFromID with " + toAddress.get(0) );
+
+ if ( org != null )
+ {
+ try
+ {
+ aspr.info( String.format( "action=EMAIL_NO_OWNER_NS to=%s, user=%s, ns=%s",
+ toAddress.get(0), r.user, r.ns ) );
+ org.sendEmail( trans, toAddress,
+ new ArrayList<String>(),
+ String.format( "WARNING: no owners for AAF namespace '%s'", r.ns ), // subject:
+ String.format( "AAF recieved a jobchange notification for user %s who was the owner of the '%s' namespace. Please identify a new owner for this namespace and update AAF.", r.user, r.ns ), // body of msg
+ true );
+ } catch (Exception e) {
+ env.error().log("calling sendEmail()");
+
+ e.printStackTrace();
+ }
+ }
+ else
+ {
+ env.error().log( "Failed getOrgFromID" );
+ }
+ }
+ }
+ else
+ {
+ env.info().log( String.format( "delete from NS admin: %s, NS: %s",
+ r.user, r.ns ) );
+
+ aspr.info( String.format( "action=DELETE_NS_ADMIN, user=%s, ns=%s",
+ r.user, r.ns ) );
+ }
+
+ String field = (r.responsible == true) ? "responsible" : "admin";
+
+ String query = String.format( "update authz.ns set %s = %s - {'%s'} where name = '%s'",
+ field, field, r.user, r.ns ) ;
+ env.info().log( "query: " + query );
+ Statement stmt = new SimpleStatement( query );
+ /*Row row = */session.execute(stmt).one();
+
+ String attribQuery = String.format( "delete from authz.ns_attrib where ns = '%s' AND type='%s' AND name='%s'",
+ r.ns, field, r.user);
+ env.info().log( "ns_attrib query: " + attribQuery);
+ Statement attribStmt = new SimpleStatement( attribQuery );
+ /*Row attribRow = */session.execute(attribStmt).one();
+
+ }
+ }
+
+ public void handleRoleChange( String user )
+ {
+ ArrayList<UserRole> val = rolesMap.get( user );
+
+ for ( UserRole r : val )
+ {
+ env.info().log( "handleRoleChange: " + user );
+
+ env.info().log( String.format( "delete from %s from user_role: %s",
+ r.user, r.role ) );
+
+ aspr.info( String.format( "action=DELETE_FROM_ROLE, user=%s, role=%s",
+ r.user, r.role ) );
+
+
+ String query = String.format( "delete from authz.user_role where user = '%s' and role = '%s'",
+ r.user, r.role );
+
+ env.info().log( "query: " + query );
+
+ Statement stmt = new SimpleStatement( query );
+ /* Row row = */ session.execute(stmt).one();
+
+ }
+ }
+
+ public void handleCredChange( String user )
+ {
+ ArrayList<UserCred> val = credsMap.get( user );
+
+ for ( UserCred r : val )
+ {
+ env.info().log( "handleCredChange: " + user );
+
+ env.info().log( String.format( "delete user %s cred from ns: %s",
+ r.user, r.ns ) );
+
+ aspr.info( String.format( "action=DELETE_FROM_CRED, user=%s, ns=%s",
+ r.user, r.ns ) );
+
+ String query = String.format( "delete from authz.cred where id = '%s'",
+ r.user );
+
+ env.info().log( "query: " + query );
+
+ Statement stmt = new SimpleStatement( query );
+ /*Row row = */session.execute(stmt).one();
+
+ }
+
+ }
+
+ public boolean processLine(String line, BufferedWriter writer) throws IOException
+ {
+ SimpleDateFormat sdfDate = new SimpleDateFormat("yyyyMMdd");
+ boolean errorFlag = false;
+ String errorMsg = "";
+
+ try
+ {
+ String[] phoneInfo = line.split( "\\|" );
+
+ if ((phoneInfo != null) && (phoneInfo.length >= 8)
+ && (!phoneInfo[0].startsWith("#")))
+ {
+ String user = phoneInfo[0];
+ String newSupervisor = phoneInfo[7];
+ Date effectiveDate = sdfDate.parse(phoneInfo[8].trim());
+
+ env.debug().log( String.format( "checking user: %s, newSupervisor: %s, date: %s",
+ user, newSupervisor, effectiveDate ) );
+
+ // Most important case, user is owner of a namespace
+ //
+ if ( ownersMap.get( user ) != null )
+ {
+ env.info().log( String.format( "Found %s as a namespace admin/owner", user ) );
+ handleAdminChange( user );
+ }
+
+ if ( credsMap.get( user ) != null )
+ {
+ env.info().log( String.format( "Found %s in cred table", user ) );
+ handleCredChange( user );
+ }
+
+ if ( rolesMap.get( user ) != null )
+ {
+ env.info().log( String.format( "Found %s in a role ", user ) );
+ handleRoleChange( user );
+ }
+ }
+
+ else if (phoneInfo[0].startsWith("#"))
+ {
+ return true;
+ }
+ else
+ {
+ env.warn().log("Can't parse. Skipping the line." + line);
+ errorFlag = true;
+ }
+ } catch (Exception e) {
+ errorFlag = true;
+ errorMsg = e.getMessage();
+ env.error().log( "Error while processing line:" + line + e );
+ e.printStackTrace();
+ } finally {
+ if (errorFlag) {
+ env.info().log( "Fallout enrty being written for line:" + line );
+ writer.write(line + "|Failed to update supervisor for user:" + errorMsg + "\n");
+ }
+ }
+ return true;
+ }
+
+
+ public JobChange(AuthzTrans trans) throws APIException, IOException {
+ super( trans.env() );
+ myTrans = trans;
+ session = cluster.connect();
+ }
+
+ public Organization getOrgFromID( AuthzTrans trans, Organization _org, String user ) {
+ Organization org = _org;
+ if ( org == null || ! user.endsWith( org.getRealm() ) ) {
+ int idx = user.lastIndexOf('.');
+ if ( idx > 0 )
+ idx = user.lastIndexOf( '.', idx-1 );
+
+ org = null;
+ if ( idx > 0 ) {
+ try {
+ org = OrganizationFactory.obtain( trans.env(), user.substring( idx+1 ) );
+ } catch (Exception e) {
+ trans.error().log(e,"Failure Obtaining Organization");
+ }
+ }
+
+ if ( org == null ) {
+ PrintStream fallout = null;
+
+ try {
+ fallout= fallout(fallout, "Fallout");
+ fallout.print("INVALID_ID,");
+ fallout.println(user);
+ } catch (Exception e) {
+ env.error().log("Could not write to Fallout File",e);
+ }
+ return( null );
+ }
+ }
+ return( org );
+ }
+
+ public void dumpOwnersMap()
+ {
+ for ( Map.Entry<String, ArrayList<NamespaceOwner>> e : ownersMap.entrySet() )
+ {
+ String key = e.getKey();
+ ArrayList<NamespaceOwner> values = e.getValue();
+
+ env.info().log( "ns user: " + key );
+
+ for ( NamespaceOwner r : values )
+ {
+ env.info().log( String.format( "\tNS-user: %s, NS-name: %s, ownerCount: %d",
+ r.user, r.ns, r.ownerCount ) );
+
+ }
+ }
+ }
+
+ public void dumpRolesMap()
+ {
+ for ( Map.Entry<String, ArrayList<UserRole>> e : rolesMap.entrySet() )
+ {
+ String key = e.getKey();
+ ArrayList<UserRole> values = e.getValue();
+
+ env.info().log( "user: " + key );
+
+ for ( UserRole r : values )
+ {
+ env.info().log( String.format( "\trole-user: %s, role-name: %s",
+ r.user, r.role ) );
+ }
+ }
+ }
+ public void dumpCredMap()
+ {
+ for ( Map.Entry<String, ArrayList<UserCred>> e : credsMap.entrySet() )
+ {
+ String key = e.getKey();
+ ArrayList<UserCred> values = e.getValue();
+
+ env.info().log( "user: " + key );
+
+ for ( UserCred r : values )
+ {
+ env.info().log( String.format( "\tcred-user: %s, ns: %s",
+ r.user, r.ns ) );
+ }
+
+ }
+ }
+
+ @Override
+ protected void run (AuthzTrans trans)
+ {
+ if ( acquireRunLock( this.getClass().getName() ) != 1 ) {
+ env.warn().log( "Cannot acquire run lock, exiting" );
+ System.exit( 1 );
+ }
+
+ try {
+// Map<String,EmailMsg> email = new HashMap<String,EmailMsg>();
+
+ try
+ {
+ String workingDir = System.getProperty("user.dir");
+ env.info().log( "Process jobchange file. PWD is " + workingDir );
+
+ loadUsersFromRoles();
+ loadOwnersFromNS();
+ loadUsersFromCred();
+
+ dumpRolesMap();
+ dumpOwnersMap();
+ dumpCredMap();
+
+ String fname = getJobChangeDataFile();
+
+ if ( fname == null )
+ {
+ env.warn().log("getJobChangedatafile returned null");
+ }
+ else
+ {
+ env.info().log("done with FTP");
+ }
+ processJobChangeDataFile( fname, "fallout", null );
+ }
+ catch (Exception e)
+ {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+
+ } catch (IllegalArgumentException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (SecurityException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
+
+/*
+ private class EmailMsg {
+ private boolean urgent = false;
+ public String url;
+ public Organization org;
+ public String summary;
+
+ public EmailMsg() {
+ org = null;
+ summary = "";
+ }
+
+ public boolean getUrgent() {
+ return( this.urgent );
+ }
+
+ public void setUrgent( boolean val ) {
+ this.urgent = val;
+ }
+ public void setOrg( Organization newOrg ) {
+ this.org = newOrg;
+ }
+ public Organization getOrg() {
+ return( this.org );
+ }
+ }
+*/
+ @Override
+ protected void _close(AuthzTrans trans) {
+ session.close();
+ }
+}
+
+
diff --git a/authz-batch/src/main/java/com/att/authz/UserRoleDataGeneration.java b/authz-batch/src/main/java/com/att/authz/UserRoleDataGeneration.java
new file mode 100644
index 00000000..f638a001
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/UserRoleDataGeneration.java
@@ -0,0 +1,100 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz;
+
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.Random;
+import java.util.UUID;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.inno.env.APIException;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class UserRoleDataGeneration extends Batch {
+
+ protected UserRoleDataGeneration(AuthzTrans trans) throws APIException, IOException {
+ super(trans.env());
+ session = cluster.connect();
+
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+
+ String query = "select * from authz.history" ;
+
+ env.info().log( "query: " + query );
+
+ Statement stmt = new SimpleStatement( query );
+ ResultSet results = session.execute(stmt);
+ int total=0;
+
+ Iterator<Row> iter = results.iterator();
+
+ Random rand = new Random();
+
+ int min = 1;
+ int max = 32;
+
+ while( iter.hasNext() ) {
+ Row row = iter.next();
+ if (row.getString("target").equals("user_role")) {
+ int randomNum = rand.nextInt((max - min) + 1) + min;
+
+ String newId = modifiedTimeuid(row.getUUID("id").toString(), randomNum);
+ String subject = row.getString("subject");
+ String newSubject = subject.split("\\|")[1];
+
+ String newInsert = insertStmt(row, newId, "role", newSubject);
+ Statement statement = new SimpleStatement(newInsert);
+ session.executeAsync(statement);
+
+ total++;
+ }
+ }
+
+ env.info().log(total+ " history elements inserted for user roles");
+
+ }
+
+ private String insertStmt(Row row, String newId, String newTarget, String newSubject) {
+ StringBuilder sb = new StringBuilder();
+ sb.append("INSERT INTO authz.history (id,action,memo,reconstruct,subject,target,user,yr_mon) VALUES (");
+ sb.append(newId+",");
+ sb.append("'"+row.getString("action")+"',");
+ sb.append("'"+row.getString("memo")+"',");
+ sb.append("null,");
+ sb.append("'"+newSubject+"',");
+ sb.append("'"+newTarget+"',");
+ sb.append("'"+row.getString("user")+"',");
+ sb.append(row.getInt("yr_mon"));
+ sb.append(")");
+
+ return sb.toString();
+ }
+
+ private String modifiedTimeuid(String origTimeuuid, int rand) {
+ UUID uuid = UUID.fromString(origTimeuuid);
+
+ long bottomBits = uuid.getLeastSignificantBits();
+ long newBottomBits = bottomBits + (1 << rand);
+ if (newBottomBits - bottomBits == 0)
+ env.info().log("Duplicate!\t"+uuid + " not duplicated for role history function.");
+
+ UUID newUuid = new UUID(uuid.getMostSignificantBits(),newBottomBits);
+ return newUuid.toString();
+ }
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ session.close();
+ aspr.info( "End UserRoleDataGeneration processing" );
+
+ }
+
+}
diff --git a/authz-batch/src/main/java/com/att/authz/actions/Action.java b/authz-batch/src/main/java/com/att/authz/actions/Action.java
new file mode 100644
index 00000000..f69bb22a
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/Action.java
@@ -0,0 +1,11 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.layer.Result;
+
+public interface Action<T,RV> {
+ public Result<RV> exec(AuthzTrans trans, T ur);
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/actions/ActionDAO.java b/authz-batch/src/main/java/com/att/authz/actions/ActionDAO.java
new file mode 100644
index 00000000..4e951f81
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/ActionDAO.java
@@ -0,0 +1,43 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.dao.CassAccess;
+import com.att.dao.aaf.hl.Function;
+import com.att.dao.aaf.hl.Question;
+import com.att.inno.env.APIException;
+import com.datastax.driver.core.Cluster;
+import com.datastax.driver.core.Session;
+
+public abstract class ActionDAO<T,RV> implements Action<T,RV> {
+ protected final Question q;
+ protected final Function f;
+ private boolean clean;
+
+ public ActionDAO(AuthzTrans trans, Cluster cluster) throws APIException, IOException {
+ q = new Question(trans, cluster, CassAccess.KEYSPACE, false);
+ f = new Function(trans,q);
+ clean = true;
+ }
+
+ public ActionDAO(AuthzTrans trans, ActionDAO<?,?> predecessor) {
+ q = predecessor.q;
+ f = new Function(trans,q);
+ clean = false;
+ }
+
+ public Session getSession(AuthzTrans trans) throws APIException, IOException {
+ return q.historyDAO.getSession(trans);
+ }
+
+ public void close(AuthzTrans trans) {
+ if(clean) {
+ q.close(trans);
+ }
+ }
+
+}
diff --git a/authz-batch/src/main/java/com/att/authz/actions/ActionPuntDAO.java b/authz-batch/src/main/java/com/att/authz/actions/ActionPuntDAO.java
new file mode 100644
index 00000000..fb94ab30
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/ActionPuntDAO.java
@@ -0,0 +1,45 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+import java.security.SecureRandom;
+import java.util.Date;
+import java.util.GregorianCalendar;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.inno.env.APIException;
+import com.datastax.driver.core.Cluster;
+
+public abstract class ActionPuntDAO<T, RV> extends ActionDAO<T, RV> {
+ private static final SecureRandom random = new SecureRandom();
+ private int months, range;
+ protected static final Date now = new Date();
+
+ public ActionPuntDAO(AuthzTrans trans, Cluster cluster, int months, int range) throws APIException, IOException {
+ super(trans, cluster);
+ this.months = months;
+ this.range = range;
+ }
+
+ public ActionPuntDAO(AuthzTrans trans, ActionDAO<?, ?> predecessor, int months, int range) {
+ super(trans, predecessor);
+ this.months = months;
+ this.range = range;
+ }
+
+
+ protected Date puntDate() {
+ GregorianCalendar temp = new GregorianCalendar();
+ temp.setTime(now);
+ if(range>0) {
+ int forward = months+Math.abs(random.nextInt()%range);
+ temp.add(GregorianCalendar.MONTH, forward);
+ temp.add(GregorianCalendar.DAY_OF_MONTH, (random.nextInt()%30)-15);
+ }
+ return temp.getTime();
+
+ }
+
+}
diff --git a/authz-batch/src/main/java/com/att/authz/actions/CredDelete.java b/authz-batch/src/main/java/com/att/authz/actions/CredDelete.java
new file mode 100644
index 00000000..7d5fd1ef
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/CredDelete.java
@@ -0,0 +1,31 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.layer.Result;
+import com.att.dao.aaf.cass.CredDAO;
+import com.att.inno.env.APIException;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.Cluster;
+
+public class CredDelete extends ActionDAO<CredDAO.Data,Void> {
+
+ public CredDelete(AuthzTrans trans, Cluster cluster) throws APIException, IOException {
+ super(trans, cluster);
+ }
+
+ public CredDelete(AuthzTrans trans, ActionDAO<?,?> adao) {
+ super(trans, adao);
+ }
+
+ @Override
+ public Result<Void> exec(AuthzTrans trans, CredDAO.Data cred) {
+ Result<Void> rv = q.credDAO.delete(trans, cred, true); // need to read for undelete
+ trans.info().log("Deleted:",cred.id,CredPrint.type(cred.type),Chrono.dateOnlyStamp(cred.expires));
+ return rv;
+ }
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/actions/CredPrint.java b/authz-batch/src/main/java/com/att/authz/actions/CredPrint.java
new file mode 100644
index 00000000..ff3f7ff2
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/CredPrint.java
@@ -0,0 +1,38 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.layer.Result;
+import com.att.dao.aaf.cass.CredDAO;
+import com.att.inno.env.util.Chrono;
+
+public class CredPrint implements Action<CredDAO.Data,Void> {
+ private String text;
+
+ public CredPrint(String text) {
+ this.text = text;
+ }
+
+ @Override
+ public Result<Void> exec(AuthzTrans trans, CredDAO.Data cred) {
+ trans.info().log(text,cred.id,type(cred.type),Chrono.dateOnlyStamp(cred.expires));
+ return Result.ok();
+ }
+
+
+ public static String type(int type) {
+ switch(type) {
+ case CredDAO.BASIC_AUTH: // 1
+ return "OLD";
+ case CredDAO.BASIC_AUTH_SHA256: // 2
+ return "U/P";
+ case CredDAO.CERT_SHA256_RSA: // 200
+ return "Cert";
+ default:
+ return "Unknown";
+ }
+ }
+
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/actions/CredPunt.java b/authz-batch/src/main/java/com/att/authz/actions/CredPunt.java
new file mode 100644
index 00000000..195dc67e
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/CredPunt.java
@@ -0,0 +1,47 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+import java.util.Date;
+import java.util.List;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.layer.Result;
+import com.att.dao.aaf.cass.CredDAO;
+import com.att.inno.env.APIException;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.Cluster;
+
+public class CredPunt extends ActionPuntDAO<CredDAO.Data,Void> {
+
+ public CredPunt(AuthzTrans trans, Cluster cluster, int months, int range) throws IOException, APIException {
+ super(trans,cluster,months,range);
+ }
+
+ public CredPunt(AuthzTrans trans, ActionDAO<?,?> adao, int months, int range) throws IOException {
+ super(trans, adao, months,range);
+ }
+
+ public Result<Void> exec(AuthzTrans trans, CredDAO.Data cdd) {
+ Result<Void> rv = null;
+ Result<List<CredDAO.Data>> read = q.credDAO.read(trans, cdd);
+ if(read.isOKhasData()) {
+ for(CredDAO.Data data : read.value) {
+ Date from = data.expires;
+ data.expires = puntDate();
+ if(data.expires.before(from)) {
+ trans.error().printf("Error: %s is before %s", Chrono.dateOnlyStamp(data.expires), Chrono.dateOnlyStamp(from));
+ } else {
+ rv = q.credDAO.update(trans, data);
+ trans.info().log("Updated Cred",cdd.id, CredPrint.type(cdd.type), "from",Chrono.dateOnlyStamp(from),"to",Chrono.dateOnlyStamp(data.expires));
+ }
+ }
+ }
+ if(rv==null) {
+ rv=Result.err(read);
+ }
+ return rv;
+ }
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/actions/Email.java b/authz-batch/src/main/java/com/att/authz/actions/Email.java
new file mode 100644
index 00000000..df491df3
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/Email.java
@@ -0,0 +1,113 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.layer.Result;
+import com.att.authz.org.Organization;
+
+public class Email implements Action<Organization,Void>{
+ protected final List<String> toList;
+ protected final List<String> ccList;
+ private final String[] defaultCC;
+ protected String subject;
+ private String preamble;
+ private Message msg;
+ private String sig;
+ protected String lineIndent=" ";
+
+
+ public Email(String ... defaultCC) {
+ toList = new ArrayList<String>();
+ this.defaultCC = defaultCC;
+ ccList = new ArrayList<String>();
+ clear();
+ }
+
+ public Email clear() {
+ toList.clear();
+ ccList.clear();
+ for(String s: defaultCC) {
+ ccList.add(s);
+ }
+ return this;
+ }
+
+
+ public void indent(String indent) {
+ lineIndent = indent;
+ }
+
+ public void preamble(String format, Object ... args) {
+ preamble = String.format(format, args);
+ }
+
+ public Email addTo(Collection<String> users) {
+ toList.addAll(users);
+ return this;
+ }
+
+ public Email addTo(String email) {
+ toList.add(email);
+ return this;
+ }
+
+
+ public Email subject(String format, Object ... args) {
+ subject = String.format(format, args);
+ return this;
+ }
+
+
+ public Email signature(String format, Object ... args) {
+ sig = String.format(format, args);
+ return this;
+ }
+
+ public void msg(Message msg) {
+ this.msg = msg;
+ }
+
+ @Override
+ public Result<Void> exec(AuthzTrans trans, Organization org) {
+ StringBuilder sb = new StringBuilder();
+ if(preamble!=null) {
+ sb.append(lineIndent);
+ sb.append(preamble);
+ sb.append("\n\n");
+ }
+
+ if(msg!=null) {
+ msg.msg(sb,lineIndent);
+ sb.append("\n");
+ }
+
+ if(sig!=null) {
+ sb.append(sig);
+ sb.append("\n");
+ }
+
+ return exec(trans,org,sb);
+ }
+
+ protected Result<Void> exec(AuthzTrans trans, Organization org, StringBuilder sb) {
+ try {
+ /* int status = */
+ org.sendEmail(trans,
+ toList,
+ ccList,
+ subject,
+ sb.toString(),
+ false);
+ } catch (Exception e) {
+ return Result.err(Result.ERR_ActionNotCompleted,e.getMessage());
+ }
+ return Result.ok();
+
+ }
+}
diff --git a/authz-batch/src/main/java/com/att/authz/actions/EmailPrint.java b/authz-batch/src/main/java/com/att/authz/actions/EmailPrint.java
new file mode 100644
index 00000000..5b356ce1
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/EmailPrint.java
@@ -0,0 +1,51 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.PrintStream;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.layer.Result;
+import com.att.authz.org.Organization;
+
+public class EmailPrint extends Email {
+
+ public EmailPrint(String... defaultCC) {
+ super(defaultCC);
+ }
+
+ /* (non-Javadoc)
+ * @see com.att.authz.actions.Email#exec(com.att.authz.org.Organization, java.lang.StringBuilder)
+ */
+ @Override
+ protected Result<Void> exec(AuthzTrans trans, Organization org, StringBuilder msg) {
+ PrintStream out = System.out;
+ boolean first = true;
+ out.print("To: ");
+ for(String s: toList) {
+ if(first) {first = false;}
+ else {out.print(',');}
+ out.print(s);
+ }
+ out.println();
+
+ first = true;
+ out.print("CC: ");
+ for(String s: ccList) {
+ if(first) {first = false;}
+ else {out.print(',');}
+ out.print(s);
+ }
+ out.println();
+
+ out.print("Subject: ");
+ out.println(subject);
+ out.println();
+
+ out.println(msg);
+ return Result.ok();
+
+ }
+
+}
diff --git a/authz-batch/src/main/java/com/att/authz/actions/FADelete.java b/authz-batch/src/main/java/com/att/authz/actions/FADelete.java
new file mode 100644
index 00000000..4ce11e54
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/FADelete.java
@@ -0,0 +1,52 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+import java.util.List;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.Future;
+import com.att.authz.layer.Result;
+import com.att.dao.aaf.cass.ApprovalDAO;
+import com.att.dao.aaf.cass.FutureDAO;
+import com.att.inno.env.APIException;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.Cluster;
+
+public class FADelete extends ActionDAO<Future,Void> {
+ public FADelete(AuthzTrans trans, Cluster cluster) throws APIException, IOException {
+ super(trans, cluster);
+ }
+
+ public FADelete(AuthzTrans trans, ActionDAO<?,?> adao) {
+ super(trans, adao);
+ }
+
+ @Override
+ public Result<Void> exec(AuthzTrans trans, Future f) {
+ FutureDAO.Data fdd = new FutureDAO.Data();
+ fdd.id=f.id;
+ Result<Void> rv = q.futureDAO.delete(trans, fdd, true); // need to read for undelete
+ if(rv.isOK()) {
+ trans.info().log("Deleted:",f.id,f.memo,"expiring on",Chrono.dateOnlyStamp(f.expires));
+ } else {
+ trans.info().log("Failed to Delete Approval");
+ }
+
+ Result<List<ApprovalDAO.Data>> ral = q.approvalDAO.readByTicket(trans, f.id);
+ if(ral.isOKhasData()) {
+ for(ApprovalDAO.Data add : ral.value) {
+ rv = q.approvalDAO.delete(trans, add, false);
+ if(rv.isOK()) {
+ trans.info().log("Deleted: Approval",add.id,"on ticket",add.ticket,"for",add.approver);
+ } else {
+ trans.info().log("Failed to Delete Approval");
+ }
+ }
+ }
+ return rv;
+ }
+
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/actions/FAPrint.java b/authz-batch/src/main/java/com/att/authz/actions/FAPrint.java
new file mode 100644
index 00000000..a687dc1b
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/FAPrint.java
@@ -0,0 +1,23 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.Future;
+import com.att.authz.layer.Result;
+import com.att.inno.env.util.Chrono;
+
+public class FAPrint implements Action<Future,Void> {
+ private String text;
+
+ public FAPrint(String text) {
+ this.text = text;
+ }
+
+ @Override
+ public Result<Void> exec(AuthzTrans trans, Future f) {
+ trans.info().log(text,f.id,f.memo,"expiring on",Chrono.dateOnlyStamp(f.expires));
+ return Result.ok();
+ }
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/actions/Key.java b/authz-batch/src/main/java/com/att/authz/actions/Key.java
new file mode 100644
index 00000000..89b7c6f8
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/Key.java
@@ -0,0 +1,8 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+public interface Key<HELPER> {
+ public String key(HELPER H);
+}
diff --git a/authz-batch/src/main/java/com/att/authz/actions/Message.java b/authz-batch/src/main/java/com/att/authz/actions/Message.java
new file mode 100644
index 00000000..2aca4eac
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/Message.java
@@ -0,0 +1,33 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class Message {
+ public final List<String> lines;
+
+ public Message() {
+ lines = new ArrayList<String>();
+ }
+
+ public void clear() {
+ lines.clear();
+ }
+
+ public void line(String format, Object ... args) {
+ lines.add(String.format(format, args));
+ }
+
+ public void msg(StringBuilder sb, String lineIndent) {
+ if(lines.size()>0) {
+ for(String line : lines) {
+ sb.append(lineIndent);
+ sb.append(line);
+ sb.append('\n');
+ }
+ }
+ }
+}
diff --git a/authz-batch/src/main/java/com/att/authz/actions/URAdd.java b/authz-batch/src/main/java/com/att/authz/actions/URAdd.java
new file mode 100644
index 00000000..3e254e9f
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/URAdd.java
@@ -0,0 +1,39 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.UserRole;
+import com.att.authz.layer.Result;
+import com.att.dao.aaf.cass.UserRoleDAO;
+import com.att.dao.aaf.cass.UserRoleDAO.Data;
+import com.att.inno.env.APIException;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.Cluster;
+
+public class URAdd extends ActionDAO<UserRole,UserRoleDAO.Data> {
+ public URAdd(AuthzTrans trans, Cluster cluster) throws APIException, IOException {
+ super(trans, cluster);
+ }
+
+ public URAdd(AuthzTrans trans, ActionDAO<?,?> adao) {
+ super(trans, adao);
+ }
+
+ @Override
+ public Result<Data> exec(AuthzTrans trans, UserRole ur) {
+ UserRoleDAO.Data urd = new UserRoleDAO.Data();
+ urd.user = ur.user;
+ urd.role = ur.role;
+ urd.ns=ur.ns;
+ urd.rname = ur.rname;
+ urd.expires = ur.expires;
+ Result<Data> rv = q.userRoleDAO.create(trans, urd);
+ trans.info().log("Added:",ur.role,ur.user,"on",Chrono.dateOnlyStamp(ur.expires));
+ return rv;
+ }
+
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/actions/URDelete.java b/authz-batch/src/main/java/com/att/authz/actions/URDelete.java
new file mode 100644
index 00000000..064b6dce
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/URDelete.java
@@ -0,0 +1,35 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.UserRole;
+import com.att.authz.layer.Result;
+import com.att.dao.aaf.cass.UserRoleDAO;
+import com.att.inno.env.APIException;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.Cluster;
+
+public class URDelete extends ActionDAO<UserRole,Void> {
+ public URDelete(AuthzTrans trans, Cluster cluster) throws APIException, IOException {
+ super(trans, cluster);
+ }
+
+ public URDelete(AuthzTrans trans, ActionDAO<?,?> adao) {
+ super(trans, adao);
+ }
+
+ @Override
+ public Result<Void> exec(AuthzTrans trans, UserRole ur) {
+ UserRoleDAO.Data urd = new UserRoleDAO.Data();
+ urd.user = ur.user;
+ urd.role = ur.role;
+ Result<Void> rv = q.userRoleDAO.delete(trans, urd, true); // need to read for undelete
+ trans.info().log("Deleted:",ur.role,ur.user,"on",Chrono.dateOnlyStamp(ur.expires));
+ return rv;
+ }
+
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/actions/URFutureApprove.java b/authz-batch/src/main/java/com/att/authz/actions/URFutureApprove.java
new file mode 100644
index 00000000..3401080c
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/URFutureApprove.java
@@ -0,0 +1,83 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.List;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.UserRole;
+import com.att.authz.layer.Result;
+import com.att.authz.org.Organization.Expiration;
+import com.att.authz.org.Organization.Identity;
+import com.att.dao.aaf.cass.FutureDAO;
+import com.att.dao.aaf.cass.NsDAO;
+import com.att.dao.aaf.hl.Function;
+import com.att.dao.aaf.hl.Question;
+import com.att.inno.env.APIException;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.Cluster;
+
+public class URFutureApprove extends ActionDAO<UserRole, List<Identity>> implements Action<UserRole,List<Identity>>, Key<UserRole> {
+ private final Date start, expires;
+
+ public URFutureApprove(AuthzTrans trans, Cluster cluster) throws APIException, IOException {
+ super(trans,cluster);
+ GregorianCalendar gc = new GregorianCalendar();
+ start = gc.getTime();
+ expires = trans.org().expiration(gc, Expiration.Future).getTime();
+ }
+
+ public URFutureApprove(AuthzTrans trans, ActionDAO<?,?> adao) {
+ super(trans, adao);
+ GregorianCalendar gc = new GregorianCalendar();
+ start = gc.getTime();
+ expires = trans.org().expiration(gc, Expiration.Future).getTime();
+ }
+
+ @Override
+ public Result<List<Identity>> exec(AuthzTrans trans, UserRole ur) {
+ Result<NsDAO.Data> rns = q.deriveNs(trans, ur.ns);
+ if(rns.isOK()) {
+
+ FutureDAO.Data data = new FutureDAO.Data();
+ data.id=null; // let Create function assign UUID
+ data.target=Function.FOP_USER_ROLE;
+
+ data.memo = key(ur);
+ data.start = start;
+ data.expires = expires;
+ try {
+ data.construct = ur.to().bytify();
+ } catch (IOException e) {
+ return Result.err(e);
+ }
+ Result<List<Identity>> rapprovers = f.createFuture(trans, data, Function.FOP_USER_ROLE, ur.user, rns.value, "U");
+ return rapprovers;
+ } else {
+ return Result.err(rns);
+ }
+ }
+
+ @Override
+ public String key(UserRole ur) {
+ String expire;
+ if(expires.before(start)) {
+ expire = "' - EXPIRED ";
+ } else {
+ expire = "' - expiring ";
+ }
+
+ if(Question.OWNER.equals(ur.rname)) {
+ return "Re-Validate Ownership for AAF Namespace '" + ur.ns + expire + Chrono.dateOnlyStamp(ur.expires);
+ } else if(Question.ADMIN.equals(ur.rname)) {
+ return "Re-Validate as Administrator for AAF Namespace '" + ur.ns + expire + Chrono.dateOnlyStamp(ur.expires);
+ } else {
+ return "Re-Approval in Role '" + ur.role + expire + Chrono.dateOnlyStamp(ur.expires);
+ }
+ }
+
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/actions/URFuturePrint.java b/authz-batch/src/main/java/com/att/authz/actions/URFuturePrint.java
new file mode 100644
index 00000000..812aa81e
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/URFuturePrint.java
@@ -0,0 +1,28 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.UserRole;
+import com.att.authz.layer.Result;
+import com.att.authz.org.Organization.Identity;
+import com.att.inno.env.util.Chrono;
+
+
+public class URFuturePrint implements Action<UserRole,List<Identity>> {
+ private String text;
+ private final static List<Identity> rv = new ArrayList<Identity>();
+
+ public URFuturePrint(String text) {
+ this.text = text;
+ }
+
+ @Override
+ public Result<List<Identity>> exec(AuthzTrans trans, UserRole ur) {
+ trans.info().log(text,ur.user,"to",ur.role,"on",Chrono.dateOnlyStamp(ur.expires));
+ return Result.ok(rv);
+ }} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/actions/URPrint.java b/authz-batch/src/main/java/com/att/authz/actions/URPrint.java
new file mode 100644
index 00000000..a643851e
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/URPrint.java
@@ -0,0 +1,24 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.UserRole;
+import com.att.authz.layer.Result;
+import com.att.inno.env.util.Chrono;
+
+public class URPrint implements Action<UserRole,Void> {
+ private String text;
+
+ public URPrint(String text) {
+ this.text = text;
+ }
+
+ @Override
+ public Result<Void> exec(AuthzTrans trans, UserRole ur) {
+ trans.info().log(text,ur.user,"to",ur.role,"expiring on",Chrono.dateOnlyStamp(ur.expires));
+ return Result.ok();
+ }
+
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/actions/URPunt.java b/authz-batch/src/main/java/com/att/authz/actions/URPunt.java
new file mode 100644
index 00000000..803fdb94
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/actions/URPunt.java
@@ -0,0 +1,46 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.actions;
+
+import java.io.IOException;
+import java.util.Date;
+import java.util.List;
+
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.UserRole;
+import com.att.authz.layer.Result;
+import com.att.dao.aaf.cass.UserRoleDAO;
+import com.att.dao.aaf.cass.UserRoleDAO.Data;
+import com.att.inno.env.APIException;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.Cluster;
+
+public class URPunt extends ActionPuntDAO<UserRole,Void> {
+ public URPunt(AuthzTrans trans, Cluster cluster, int months, int range) throws APIException, IOException {
+ super(trans,cluster, months, range);
+ }
+
+ public URPunt(AuthzTrans trans, ActionDAO<?,?> adao, int months, int range) {
+ super(trans, adao, months, range);
+ }
+
+ public Result<Void> exec(AuthzTrans trans, UserRole ur) {
+ Result<List<Data>> read = q.userRoleDAO.read(trans, ur.user, ur.role);
+ if(read.isOK()) {
+ for(UserRoleDAO.Data data : read.value) {
+ Date from = data.expires;
+ data.expires = puntDate();
+ if(data.expires.before(from)) {
+ trans.error().printf("Error: %s is before %s", Chrono.dateOnlyStamp(data.expires), Chrono.dateOnlyStamp(from));
+ } else {
+ q.userRoleDAO.update(trans, data);
+ trans.info().log("Updated User",ur.user,"and Role", ur.role, "from",Chrono.dateOnlyStamp(from),"to",Chrono.dateOnlyStamp(data.expires));
+ }
+ }
+ return Result.ok();
+ } else {
+ return Result.err(read);
+ }
+ }
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/entryConverters/AafEntryConverter.java b/authz-batch/src/main/java/com/att/authz/entryConverters/AafEntryConverter.java
new file mode 100644
index 00000000..4f05f203
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/entryConverters/AafEntryConverter.java
@@ -0,0 +1,28 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.entryConverters;
+
+import java.util.Set;
+
+public abstract class AafEntryConverter {
+
+ protected String formatSet(Set<String> set) {
+ if (set==null || set.isEmpty()) return "";
+ StringBuilder sb = new StringBuilder();
+ int curr = 0;
+ sb.append("{");
+ for (String s : set) {
+ sb.append("'");
+ sb.append(s);
+ sb.append("'");
+ if (set.size() != curr + 1) {
+ sb.append(",");
+ }
+ curr++;
+ }
+ sb.append("}");
+ return sb.toString();
+ }
+
+}
diff --git a/authz-batch/src/main/java/com/att/authz/entryConverters/CredEntryConverter.java b/authz-batch/src/main/java/com/att/authz/entryConverters/CredEntryConverter.java
new file mode 100644
index 00000000..96c88122
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/entryConverters/CredEntryConverter.java
@@ -0,0 +1,29 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.entryConverters;
+
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+
+import com.att.dao.aaf.cass.CredDAO;
+import com.datastax.driver.core.utils.Bytes;
+import com.googlecode.jcsv.writer.CSVEntryConverter;
+
+public class CredEntryConverter extends AafEntryConverter implements CSVEntryConverter<CredDAO.Data> {
+ private static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ssZ";
+
+ @Override
+ public String[] convertEntry(CredDAO.Data cd) {
+ String[] columns = new String[5];
+
+ columns[0] = cd.id;
+ columns[1] = String.valueOf(cd.type);
+ DateFormat df = new SimpleDateFormat(DATE_FORMAT);
+ columns[2] = df.format(cd.expires);
+ columns[3] = Bytes.toHexString(cd.cred);
+ columns[4] = (cd.ns==null)?"":cd.ns;
+
+ return columns;
+ }
+}
diff --git a/authz-batch/src/main/java/com/att/authz/entryConverters/NsEntryConverter.java b/authz-batch/src/main/java/com/att/authz/entryConverters/NsEntryConverter.java
new file mode 100644
index 00000000..e9cd91c4
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/entryConverters/NsEntryConverter.java
@@ -0,0 +1,27 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.entryConverters;
+
+import com.att.dao.aaf.cass.NsDAO;
+import com.googlecode.jcsv.writer.CSVEntryConverter;
+
+public class NsEntryConverter extends AafEntryConverter implements CSVEntryConverter<NsDAO.Data> {
+
+ @Override
+ public String[] convertEntry(NsDAO.Data nsd) {
+ String[] columns = new String[5];
+
+ columns[0] = nsd.name;
+ // JG changed from "scope" to "type"
+ columns[1] = String.valueOf(nsd.type);
+ //TODO Chris: need to look at this
+// columns[2] = formatSet(nsd.admin);
+// columns[3] = formatSet(nsd.responsible);
+// columns[4] = nsd.description==null?"":nsd.description;
+ columns[5] = nsd.description==null?"":nsd.description;
+
+ return columns;
+ }
+
+}
diff --git a/authz-batch/src/main/java/com/att/authz/entryConverters/PermEntryConverter.java b/authz-batch/src/main/java/com/att/authz/entryConverters/PermEntryConverter.java
new file mode 100644
index 00000000..afabdfdf
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/entryConverters/PermEntryConverter.java
@@ -0,0 +1,24 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.entryConverters;
+
+import com.att.dao.aaf.cass.PermDAO;
+import com.googlecode.jcsv.writer.CSVEntryConverter;
+
+public class PermEntryConverter extends AafEntryConverter implements CSVEntryConverter<PermDAO.Data> {
+
+ @Override
+ public String[] convertEntry(PermDAO.Data pd) {
+ String[] columns = new String[6];
+
+ columns[0] = pd.ns;
+ columns[1] = pd.type;
+ columns[2] = pd.instance;
+ columns[3] = pd.action;
+ columns[4] = formatSet(pd.roles);
+ columns[5] = pd.description==null?"":pd.description;
+
+ return columns;
+ }
+}
diff --git a/authz-batch/src/main/java/com/att/authz/entryConverters/RoleEntryConverter.java b/authz-batch/src/main/java/com/att/authz/entryConverters/RoleEntryConverter.java
new file mode 100644
index 00000000..51389bd3
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/entryConverters/RoleEntryConverter.java
@@ -0,0 +1,23 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.entryConverters;
+
+import com.att.dao.aaf.cass.RoleDAO;
+import com.googlecode.jcsv.writer.CSVEntryConverter;
+
+public class RoleEntryConverter extends AafEntryConverter implements CSVEntryConverter<RoleDAO.Data> {
+
+ @Override
+ public String[] convertEntry(RoleDAO.Data rd) {
+ String[] columns = new String[4];
+
+ columns[0] = rd.ns;
+ columns[1] = rd.name;
+ columns[2] = formatSet(rd.perms);
+ columns[3] = rd.description==null?"":rd.description;
+
+ return columns;
+ }
+
+}
diff --git a/authz-batch/src/main/java/com/att/authz/entryConverters/UserRoleEntryConverter.java b/authz-batch/src/main/java/com/att/authz/entryConverters/UserRoleEntryConverter.java
new file mode 100644
index 00000000..0b2a956e
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/entryConverters/UserRoleEntryConverter.java
@@ -0,0 +1,26 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.entryConverters;
+
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+
+import com.att.dao.aaf.cass.UserRoleDAO;
+import com.googlecode.jcsv.writer.CSVEntryConverter;
+
+public class UserRoleEntryConverter extends AafEntryConverter implements CSVEntryConverter<UserRoleDAO.Data> {
+ private static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ssZ";
+
+ @Override
+ public String[] convertEntry(UserRoleDAO.Data urd) {
+ String[] columns = new String[3];
+
+ columns[0] = urd.user;
+ columns[1] = urd.role;
+ DateFormat df = new SimpleDateFormat(DATE_FORMAT);
+ columns[2] = df.format(urd.expires);
+
+ return columns;
+ }
+}
diff --git a/authz-batch/src/main/java/com/att/authz/helpers/Approver.java b/authz-batch/src/main/java/com/att/authz/helpers/Approver.java
new file mode 100644
index 00000000..0cac97bc
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/helpers/Approver.java
@@ -0,0 +1,44 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import com.att.authz.actions.Message;
+import com.att.authz.org.Organization;
+
+public class Approver {
+ public String name;
+ public Organization org;
+ public Map<String, Integer> userRequests;
+
+ public Approver(String approver, Organization org) {
+ this.name = approver;
+ this.org = org;
+ userRequests = new HashMap<String, Integer>();
+ }
+
+ public void addRequest(String user) {
+ if (userRequests.get(user) == null) {
+ userRequests.put(user, 1);
+ } else {
+ Integer curCount = userRequests.remove(user);
+ userRequests.put(user, curCount+1);
+ }
+ }
+
+ /**
+ * @param sb
+ * @return
+ */
+ public void build(Message msg) {
+ msg.clear();
+ msg.line("You have %d total pending approvals from the following users:", userRequests.size());
+ for (Map.Entry<String, Integer> entry : userRequests.entrySet()) {
+ msg.line(" %s (%d)",entry.getKey(),entry.getValue());
+ }
+ }
+
+}
diff --git a/authz-batch/src/main/java/com/att/authz/helpers/Creator.java b/authz-batch/src/main/java/com/att/authz/helpers/Creator.java
new file mode 100644
index 00000000..1fe513e8
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/helpers/Creator.java
@@ -0,0 +1,23 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import com.datastax.driver.core.Row;
+
+public abstract class Creator<T> {
+ public abstract T create(Row row);
+ public abstract String select();
+
+ public String query(String where) {
+ StringBuilder sb = new StringBuilder(select());
+ if(where!=null) {
+ sb.append(" WHERE ");
+ sb.append(where);
+ }
+ sb.append(';');
+ return sb.toString();
+ }
+
+
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/helpers/Cred.java b/authz-batch/src/main/java/com/att/authz/helpers/Cred.java
new file mode 100644
index 00000000..39691df9
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/helpers/Cred.java
@@ -0,0 +1,142 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+import java.util.TreeMap;
+
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class Cred {
+ public static final TreeMap<String,Cred> data = new TreeMap<String,Cred>();
+
+ public final String id;
+ public final List<Instance> instances;
+
+ public Cred(String id) {
+ this.id = id;
+ instances = new ArrayList<Instance>();
+ }
+
+ public static class Instance {
+ public final int type;
+ public final Date expires;
+ public final Integer other;
+
+ public Instance(int type, Date expires, Integer other) {
+ this.type = type;
+ this.expires = expires;
+ this.other = other;
+ }
+ }
+
+ public Date last(final int type) {
+ Date last = null;
+ for(Instance i : instances) {
+ if(i.type==type && (last==null || i.expires.after(last))) {
+ last = i.expires;
+ }
+ }
+ return last;
+ }
+
+
+ public Set<Integer> types() {
+ Set<Integer> types = new HashSet<Integer>();
+ for(Instance i : instances) {
+ types.add(i.type);
+ }
+ return types;
+ }
+
+ public static void load(Trans trans, Session session ) {
+ load(trans, session,"select id, type, expires, other from authz.cred;");
+
+ }
+
+ public static void loadOneNS(Trans trans, Session session, String ns ) {
+ load(trans, session,"select id, type, expires, other from authz.cred WHERE ns='" + ns + "';");
+ }
+
+ private static void load(Trans trans, Session session, String query) {
+
+ trans.info().log( "query: " + query );
+ TimeTaken tt = trans.start("Read Creds", Env.REMOTE);
+
+ ResultSet results;
+ try {
+ Statement stmt = new SimpleStatement( query );
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+ int count = 0;
+ try {
+ Iterator<Row> iter = results.iterator();
+ Row row;
+ tt = trans.start("Load Roles", Env.SUB);
+ try {
+ while(iter.hasNext()) {
+ ++count;
+ row = iter.next();
+ String id = row.getString(0);
+ Cred cred = data.get(id);
+ if(cred==null) {
+ cred = new Cred(id);
+ data.put(id, cred);
+ }
+ cred.instances.add(new Instance(row.getInt(1), row.getDate(2), row.getInt(3)));
+ }
+ } finally {
+ tt.done();
+ }
+ } finally {
+ trans.info().log("Found",count,"creds");
+ }
+
+
+ }
+ public String toString() {
+ StringBuilder sb = new StringBuilder(id);
+ sb.append('[');
+ for(Instance i : instances) {
+ sb.append('{');
+ sb.append(i.type);
+ sb.append(",\"");
+ sb.append(i.expires);
+ sb.append("\"}");
+ }
+ sb.append(']');
+ return sb.toString();
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#hashCode()
+ */
+ @Override
+ public int hashCode() {
+ return id.hashCode();
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ @Override
+ public boolean equals(Object obj) {
+ return id.equals(obj);
+ }
+
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/helpers/Future.java b/authz-batch/src/main/java/com/att/authz/helpers/Future.java
new file mode 100644
index 00000000..13ee8222
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/helpers/Future.java
@@ -0,0 +1,99 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.TreeMap;
+import java.util.UUID;
+
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class Future {
+ public static final List<Future> data = new ArrayList<Future>();
+ public static final TreeMap<String,List<Future>> byMemo = new TreeMap<String,List<Future>>();
+
+ public final UUID id;
+ public final String memo, target;
+ public final Date start, expires;
+ public Future(UUID id, String memo, String target, Date start, Date expires) {
+ this.id = id;
+ this.memo = memo;
+ this.target = target;
+ this.start = start;
+ this.expires = expires;
+ }
+
+ public static void load(Trans trans, Session session, Creator<Future> creator) {
+ trans.info().log( "query: " + creator.select() );
+ ResultSet results;
+ TimeTaken tt = trans.start("Load Futures", Env.REMOTE);
+ try {
+ Statement stmt = new SimpleStatement(creator.select());
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+
+ int count = 0;
+ tt = trans.start("Process Futures", Env.SUB);
+ try {
+ for(Row row : results.all()) {
+ ++count;
+ Future f = creator.create(row);
+ data.add(f);
+
+ List<Future> lf = byMemo.get(f.memo);
+ if(lf == null) {
+ lf = new ArrayList<Future>();
+ byMemo.put(f.memo, lf);
+ }
+ lf.add(f);
+
+ }
+ } finally {
+ trans.info().log("Found",count,"Futures");
+ }
+ }
+
+ public static Creator<Future> v2_0_15 = new Creator<Future>() {
+ @Override
+ public Future create(Row row) {
+ return new Future(row.getUUID(0),row.getString(1),row.getString(2),
+ row.getDate(3),row.getDate(4));
+ }
+
+ @Override
+ public String select() {
+ return "select id,memo,target,start,expires from authz.future";
+ }
+ };
+
+ public static void delete(List<Future> fl) {
+ if(fl==null || fl.isEmpty()) {
+ return;
+ }
+ for(Future f : fl) {
+ data.remove(f);
+ }
+ // Faster to start over, then look for entries.
+ byMemo.clear();
+ for(Future f : data) {
+ List<Future> lf = byMemo.get(f.memo);
+ if(lf == null) {
+ lf = new ArrayList<Future>();
+ byMemo.put(f.memo, lf);
+ }
+ lf.add(f);
+ }
+ }
+}
diff --git a/authz-batch/src/main/java/com/att/authz/helpers/InputIterator.java b/authz-batch/src/main/java/com/att/authz/helpers/InputIterator.java
new file mode 100644
index 00000000..02fdc166
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/helpers/InputIterator.java
@@ -0,0 +1,51 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.PrintStream;
+import java.util.Iterator;
+
+public class InputIterator implements Iterable<String> {
+ private BufferedReader in;
+ private final PrintStream out;
+ private final String prompt, instructions;
+
+ public InputIterator(BufferedReader in, PrintStream out, String prompt, String instructions) {
+ this.in = in;
+ this.out = out;
+ this.prompt = prompt;
+ this.instructions = instructions;
+ }
+
+ @Override
+ public Iterator<String> iterator() {
+ out.println(instructions);
+ return new Iterator<String>() {
+ String input;
+ @Override
+ public boolean hasNext() {
+ out.append(prompt);
+ try {
+ input = in.readLine();
+ } catch (IOException e) {
+ input = null;
+ return false;
+ }
+ return input.length()>0;
+ }
+
+ @Override
+ public String next() {
+ return input;
+ }
+
+ @Override
+ public void remove() {
+ }
+ };
+ }
+}
+
diff --git a/authz-batch/src/main/java/com/att/authz/helpers/MiscID.java b/authz-batch/src/main/java/com/att/authz/helpers/MiscID.java
new file mode 100644
index 00000000..c60a97a1
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/helpers/MiscID.java
@@ -0,0 +1,169 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.Map;
+import java.util.TreeMap;
+
+import com.att.authz.BatchException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class MiscID {
+ public static final TreeMap<String,MiscID> data = new TreeMap<String,MiscID>();
+ /*
+ Sample Record
+ aad890|mj9030|20040902|20120207
+
+ **** Field Definitions ****
+ MISCID - AT&T Miscellaneous ID - Non-User ID (Types: Internal Mechanized ID, External Mechanized ID, Datagate ID, Customer ID, Vendor ID, Exchange Mail ID, CLEC ID, Specialized ID, Training ID)
+ SPONSOR_ATTUID - ATTUID of MiscID Sponsor (Owner)
+ CREATE_DATE - Date when MiscID was created
+ LAST_RENEWAL_DATE - Date when MiscID Sponsorship was last renewed
+ */
+ public String id,sponsor,created,renewal;
+
+ private static final String fieldString = "id,created,sponsor,renewal";
+
+ /**
+ * Load a Row of Strings (from CSV file).
+ *
+ * Be CAREFUL that the Row lists match the Fields above!!! If this changes, change
+ * 1) This Object
+ * 2) DB "suits.cql"
+ * 3) Alter existing Tables
+ * @param row
+ * @throws BatchException
+ * @throws IllegalAccessException
+ * @throws IllegalArgumentException
+ */
+ public void set(String row []) throws BatchException {
+ if(row.length<4) {throw new BatchException("Row of MiscID_XRef is too short");}
+ id = row[0];
+ sponsor = row[1];
+ created = row[2];
+ renewal = row[3];
+ }
+
+ public void set(Row row) {
+ id = row.getString(0);
+ sponsor = row.getString(1);
+ created = row.getString(2);
+ renewal = row.getString(3);
+ }
+
+
+ public static void load(Trans trans, Session session ) {
+ load(trans, session,"SELECT " + fieldString + " FROM authz.miscid;",data);
+ }
+
+ public static void load(Trans trans, Session session, Map<String,MiscID> map ) {
+ load(trans, session,"SELECT " + fieldString + " FROM authz.miscid;",map);
+ }
+
+ public static void loadOne(Trans trans, Session session, String id ) {
+ load(trans, session,"SELECT " + fieldString + " FROM authz.miscid WHERE id ='" + id + "';", data);
+ }
+
+ public static void load(Trans trans, Session session, String query, Map<String,MiscID> map) {
+ trans.info().log( "query: " + query );
+ TimeTaken tt = trans.start("Read MiscID", Env.REMOTE);
+
+ ResultSet results;
+ try {
+ Statement stmt = new SimpleStatement( query );
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+ int count = 0;
+ try {
+ tt = trans.start("Load Map", Env.SUB);
+ try {
+ for( Row row : results.all()) {
+ MiscID miscID = new MiscID();
+ miscID.set(row);
+ data.put(miscID.id,miscID);
+ ++count;
+ }
+ } finally {
+ tt.done();
+ }
+ } finally {
+ trans.info().log("Found",count,"miscID records");
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#hashCode()
+ */
+ @Override
+ public int hashCode() {
+ return id.hashCode();
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ @Override
+ public boolean equals(Object obj) {
+ if(obj!=null && obj instanceof MiscID) {
+ return id.equals(((MiscID)obj).id);
+ }
+ return false;
+ }
+
+ public StringBuilder insertStmt() throws IllegalArgumentException, IllegalAccessException {
+ StringBuilder sb = new StringBuilder("INSERT INTO authz.miscid (");
+ sb.append(fieldString);
+ sb.append(") VALUES ('");
+ sb.append(id);
+ sb.append("','");
+ sb.append(sponsor);
+ sb.append("','");
+ sb.append(created);
+ sb.append("','");
+ sb.append(renewal);
+ sb.append("')");
+ return sb;
+ }
+
+ public StringBuilder updateStmt(MiscID source) {
+ StringBuilder sb = null;
+ if(id.equals(source.id)) {
+ sb = addField(sb,"sponser",sponsor,source.sponsor);
+ sb = addField(sb,"created",created,source.created);
+ sb = addField(sb,"renewal",renewal,source.renewal);
+ }
+ if(sb!=null) {
+ sb.append(" WHERE id='");
+ sb.append(id);
+ sb.append('\'');
+ }
+ return sb;
+ }
+
+ private StringBuilder addField(StringBuilder sb, String name, String a, String b) {
+ if(!a.equals(b)) {
+ if(sb==null) {
+ sb = new StringBuilder("UPDATE authz.miscid SET ");
+ } else {
+ sb.append(',');
+ }
+ sb.append(name);
+ sb.append("='");
+ sb.append(b);
+ sb.append('\'');
+ }
+ return sb;
+ }
+
+
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/helpers/NS.java b/authz-batch/src/main/java/com/att/authz/helpers/NS.java
new file mode 100644
index 00000000..a97b2d2b
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/helpers/NS.java
@@ -0,0 +1,134 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.Iterator;
+import java.util.Map;
+import java.util.TreeMap;
+
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class NS implements Comparable<NS> {
+ public final static Map<String,NS> data = new TreeMap<String,NS>();
+
+ public final String name, description, parent;
+ public final int scope,type;
+
+ public NS(String name, String description, String parent, int type, int scope) {
+ this.name = name;
+ this.description = description;
+ this.parent = parent;
+ this.scope = scope;
+ this.type = type;
+ }
+
+ public static void load(Trans trans, Session session, Creator<NS> creator) {
+ load(trans,session,
+ "select name, description, parent, type, scope from authz.ns;"
+ ,creator);
+ }
+
+ public static void loadOne(Trans trans, Session session, Creator<NS> creator, String ns) {
+ load(trans,session,
+ ("select name, description, parent, type, scope from authz.ns WHERE name='"+ns+"';")
+ ,creator
+ );
+ }
+
+ private static void load(Trans trans, Session session, String query, Creator<NS> creator) {
+ trans.info().log( "query: " + query );
+ ResultSet results;
+ TimeTaken tt;
+
+ tt = trans.start("Read Namespaces", Env.REMOTE);
+ try {
+ Statement stmt = new SimpleStatement( query );
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+
+
+ try {
+ Iterator<Row> iter = results.iterator();
+ Row row;
+ tt = trans.start("Load Namespaces", Env.SUB);
+ try {
+ while(iter.hasNext()) {
+ row = iter.next();
+ NS ns = creator.create(row);
+ data.put(ns.name,ns);
+ }
+ } finally {
+ tt.done();
+ }
+ } finally {
+ trans.info().log("Found",data.size(),"Namespaces");
+ }
+
+ }
+
+ public String toString() {
+ return name;
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#hashCode()
+ */
+ @Override
+ public int hashCode() {
+ return name.hashCode();
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ @Override
+ public boolean equals(Object obj) {
+ return name.equals(obj);
+ }
+
+ @Override
+ public int compareTo(NS o) {
+ return name.compareTo(o.name);
+ }
+
+ public static class NSSplit {
+ public String ns;
+ public String other;
+ public NSSplit(String s, int dot) {
+ ns = s.substring(0,dot);
+ other = s.substring(dot+1);
+ }
+ }
+ public static NSSplit deriveParent(String dotted) {
+ if(dotted==null)return null;
+ for(int idx = dotted.lastIndexOf('.');idx>=0; idx=dotted.lastIndexOf('.',idx-1)) {
+ if(data.get(dotted.substring(0, idx))!=null) {
+ return new NSSplit(dotted,idx);
+ }
+ }
+ return null;
+ }
+
+ public static Creator<NS> v2_0_11 = new Creator<NS> () {
+ @Override
+ public NS create(Row row) {
+ return new NS(row.getString(0),row.getString(1), row.getString(2),row.getInt(3),row.getInt(4));
+ }
+
+ @Override
+ public String select() {
+ return "SELECT name, description, parent, type, scope FROM authz.ns ";
+ }
+ };
+
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/helpers/Notification.java b/authz-batch/src/main/java/com/att/authz/helpers/Notification.java
new file mode 100644
index 00000000..279e5881
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/helpers/Notification.java
@@ -0,0 +1,273 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.TreeMap;
+
+import com.att.authz.actions.Message;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.org.EmailWarnings;
+import com.att.authz.org.Organization;
+import com.att.authz.org.Organization.Notify;
+import com.att.authz.org.Organization.Identity;
+import com.att.authz.org.OrganizationException;
+import com.att.authz.org.OrganizationFactory;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class Notification {
+
+ public static final TreeMap<String,List<Notification>> data = new TreeMap<String,List<Notification>>();
+ public static final long now = System.currentTimeMillis();
+
+ public final String user;
+ public final Notify type;
+ public final Date last;
+ public final int checksum;
+ public Message msg;
+ private int current;
+ public Organization org;
+ public int count;
+ private long graceEnds,lastdays;
+
+ private Notification(String user, int type, Date last, int checksum) {
+ this.user = user;
+ this.type = Notify.from(type);
+ this.last = last;
+ this.checksum = checksum;
+ current = 0;
+ count = 0;
+ }
+
+ private Notification(String user, Notify type, Date last, int checksum) {
+ this.user = user;
+ this.type = type;
+ this.last = last;
+ this.checksum = checksum;
+ current = 0;
+ count = 0;
+ }
+
+ public static void load(Trans trans, Session session, Creator<Notification> creator ) {
+ trans.info().log( "query: " + creator.select() );
+ TimeTaken tt = trans.start("Load Notify", Env.REMOTE);
+
+ ResultSet results;
+ try {
+ Statement stmt = new SimpleStatement(creator.select());
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+ int count = 0;
+ tt = trans.start("Process Notify", Env.SUB);
+
+ try {
+ for(Row row : results.all()) {
+ ++count;
+ try {
+ Notification not = creator.create(row);
+ List<Notification> ln = data.get(not.user);
+ if(ln==null) {
+ ln = new ArrayList<Notification>();
+ data.put(not.user, ln);
+ }
+ ln.add(not);
+ } finally {
+ tt.done();
+ }
+ }
+ } finally {
+ tt.done();
+ trans.info().log("Found",count,"Notify Records");
+ }
+ }
+
+ public static Notification get(String user, Notify type) {
+ List<Notification> ln = data.get(user);
+ if(ln!=null) {
+ for(Notification n : ln) {
+ if(type.equals(n.type)) {
+ return n;
+ }
+ }
+ }
+ return null;
+ }
+
+ private static Notification getOrCreate(String user, Notify type) {
+ List<Notification> ln = data.get(user);
+ Notification n = null;
+ if(ln==null) {
+ ln = new ArrayList<Notification>();
+ data.put(user, ln);
+ } else {
+ for(Notification n2 : ln) {
+ if(type.equals(n2.type)) {
+ n=n2;
+ break;
+ }
+ }
+ }
+ if(n==null) {
+ n = new Notification(user, type, new Date(), 0);
+ ln.add(n);
+ }
+ return n;
+ }
+
+ public static Notification add(AuthzTrans trans, UserRole ur) {
+ Notification n = getOrCreate(ur.user,Notify.RoleExpiration);
+ if(n.org==null) {
+ try {
+ n.org = OrganizationFactory.obtain(trans.env(), ur.ns);
+ } catch (OrganizationException e) {
+ trans.error().log(ur.ns, " does not have a Namespace");
+ }
+ }
+
+ if(n.count==0) {
+ EmailWarnings ew = n.org.emailWarningPolicy();
+ n.graceEnds = ew.roleEmailInterval();
+ n.lastdays = ew.emailUrgentWarning();
+ }
+ ++n.count;
+
+ /*
+ StringBuilder sb = new StringBuilder();
+ sb.append("ID: ");
+ sb.append(ur.user);
+ User ouser;
+ try {
+ ouser = n.org.getUser(trans, ur.user);
+ if(ouser!=null) {
+ sb.append(" (");
+ sb.append(ouser.fullName());
+ sb.append(')');
+ }
+ } catch (Exception e) {
+ }
+ sb.append(" Role: ");
+ sb.append(ur.role);
+ sb.append(" Expire");
+ if(now<ur.expires.getTime()) {
+ sb.append("s: ");
+ } else {
+ sb.append("d: ");
+ }
+ sb.append(Chrono.dateOnlyStamp(ur.expires));
+ sb.append("\n If you wish to extend, type\n");
+ sb.append("\trole user extend ");
+ sb.append(ur.role);
+ sb.append(' ');
+ sb.append(ur.user);
+ sb.append("\n If you wish to delete, type\n");
+ sb.append("\trole user del ");
+ sb.append(ur.role);
+ sb.append(' ');
+ sb.append(ur.user);
+ sb.append('\n');
+ n.msg.add(sb.toString());
+ n.current=0;
+ */
+ return n;
+ }
+
+ public static Notification addApproval(AuthzTrans trans, Identity ou) {
+ Notification n = getOrCreate(ou.id(),Notify.Approval);
+ if(n.org==null) {
+ n.org = ou.org();
+ }
+ if(n.count==0) { // first time.
+ EmailWarnings ew = n.org.emailWarningPolicy();
+ n.graceEnds = ew.apprEmailInterval();
+ n.lastdays = ew.emailUrgentWarning();
+ }
+ ++n.count;
+ return n;
+ }
+
+ public static Creator<Notification> v2_0_14 = new Creator<Notification>() {
+ @Override
+ public Notification create(Row row) {
+ return new Notification(row.getString(0), row.getInt(1), row.getDate(2),row.getInt(3));
+ }
+
+ @Override
+ public String select() {
+ return "select user,type,last,checksum from authz.notify";
+ }
+ };
+
+ public void set(Message msg) {
+ this.msg = msg;
+ }
+
+ public int checksum() {
+ if(current==0) {
+ for(String l : msg.lines) {
+ for(byte b : l.getBytes()) {
+ current+=b;
+ }
+ }
+ }
+ return current;
+ }
+
+ public boolean update(AuthzTrans trans, Session session, boolean dryRun) {
+ String update = update();
+ if(update!=null) {
+ if(dryRun) {
+ trans.info().log(update);
+ } else {
+ session.execute(update);
+ }
+ return true; // Updated info, expect to notify
+ }
+ return false;
+ }
+
+ /**
+ * Returns an Update String for CQL if there is data.
+ *
+ * Returns null if nothing to update
+ * @return
+ */
+ private String update() {
+ // If this has been done before, there is no change in checkSum and the last time notified is within GracePeriod
+ if(checksum!=0 && checksum()==checksum && now < last.getTime()+graceEnds && now > last.getTime()+lastdays) {
+ return null;
+ } else {
+ return "UPDATE authz.notify SET last = '" +
+ Chrono.dateOnlyStamp(last) +
+ "', checksum=" +
+ current +
+ " WHERE user='" +
+ user +
+ "' AND type=" +
+ type.getValue() +
+ ";";
+ }
+ }
+
+// public void text(Email email) {
+// for(String s : msg) {
+// email.line(s);
+// }
+// }
+//
+ public String toString() {
+ return "\"" + user + "\",\"" + type.name() + "\",\"" + Chrono.dateOnlyStamp(last);
+ }
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/helpers/NsAttrib.java b/authz-batch/src/main/java/com/att/authz/helpers/NsAttrib.java
new file mode 100644
index 00000000..33de9d85
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/helpers/NsAttrib.java
@@ -0,0 +1,88 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.TreeMap;
+
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class NsAttrib {
+ public static final List<NsAttrib> data = new ArrayList<NsAttrib>();
+ public static final TreeMap<String,List<NsAttrib>> byKey = new TreeMap<String,List<NsAttrib>>();
+ public static final TreeMap<String,List<NsAttrib>> byNS = new TreeMap<String,List<NsAttrib>>();
+
+ public final String ns,key,value;
+
+ public NsAttrib(String ns, String key, String value) {
+ this.ns = ns;
+ this.key = key;
+ this.value = value;
+ }
+
+ public static void load(Trans trans, Session session, Creator<NsAttrib> creator ) {
+ trans.info().log( "query: " + creator.select() );
+ ResultSet results;
+ TimeTaken tt = trans.start("Load NsAttributes", Env.REMOTE);
+ try {
+ Statement stmt = new SimpleStatement(creator.select());
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+ int count = 0;
+ tt = trans.start("Process NsAttributes", Env.SUB);
+
+ try {
+ for(Row row : results.all()) {
+ ++count;
+ NsAttrib ur = creator.create(row);
+ data.add(ur);
+
+ List<NsAttrib> lna = byKey.get(ur.key);
+ if(lna==null) {
+ lna = new ArrayList<NsAttrib>();
+ byKey.put(ur.key, lna);
+ }
+ lna.add(ur);
+
+ lna = byNS.get(ur.ns);
+ if(lna==null) {
+ lna = new ArrayList<NsAttrib>();
+ byNS.put(ur.ns, lna);
+ }
+ lna.add(ur);
+ }
+ } finally {
+ tt.done();
+ trans.info().log("Found",count,"NS Attributes");
+ }
+ }
+
+ public static Creator<NsAttrib> v2_0_11 = new Creator<NsAttrib>() {
+ @Override
+ public NsAttrib create(Row row) {
+ return new NsAttrib(row.getString(0), row.getString(1), row.getString(2));
+ }
+
+ @Override
+ public String select() {
+ return "select ns,key,value from authz.ns_attrib";
+ }
+ };
+
+
+ public String toString() {
+ return "\"" + ns + "\",\"" + key + "\",\"" + value;
+ }
+
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/helpers/Perm.java b/authz-batch/src/main/java/com/att/authz/helpers/Perm.java
new file mode 100644
index 00000000..39092791
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/helpers/Perm.java
@@ -0,0 +1,124 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.Iterator;
+import java.util.Set;
+import java.util.TreeMap;
+
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class Perm implements Comparable<Perm> {
+ public static final TreeMap<Perm,Set<String>> data = new TreeMap<Perm,Set<String>>();
+ public static final TreeMap<String,Perm> keys = new TreeMap<String,Perm>();
+
+ public final String ns, type, instance, action,description;
+ private String fullType = null, fullPerm = null, encode = null;
+ public final Set<String> roles;
+
+ public String encode() {
+ if(encode == null) {
+ encode = ns + '|' + type + '|' + instance + '|' + action;
+ }
+ return encode;
+ }
+
+ public String fullType() {
+ if(fullType==null) {
+ fullType = ns + '.' + type;
+ }
+ return fullType;
+ }
+
+ public String fullPerm() {
+ if(fullPerm==null) {
+ fullPerm = ns + '.' + type + '|' + instance + '|' + action;
+ }
+ return fullPerm;
+ }
+
+ public Perm(String ns, String type, String instance, String action, String description, Set<String> roles) {
+ this.ns = ns;
+ this.type = type;
+ this.instance = instance;
+ this.action = action;
+ this.description = description;
+ // 2.0.11
+// this.full = encode();//ns+'.'+type+'|'+instance+'|'+action;
+ this.roles = roles;
+ }
+
+ public static void load(Trans trans, Session session) {
+ load(trans, session, "select ns, type, instance, action, description, roles from authz.perm;");
+ }
+
+ public static void loadOneNS(Trans trans, Session session, String ns) {
+ load(trans, session, "select ns, type, instance, action, description, roles from authz.perm WHERE ns='" + ns + "';");
+
+ }
+
+ private static void load(Trans trans, Session session, String query) {
+ //
+ trans.info().log( "query: " + query );
+ TimeTaken tt = trans.start("Read Perms", Env.REMOTE);
+ ResultSet results;
+ try {
+ Statement stmt = new SimpleStatement( query );
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+
+ try {
+ Iterator<Row> iter = results.iterator();
+ Row row;
+ tt = trans.start("Load Perms", Env.SUB);
+ try {
+ while(iter.hasNext()) {
+ row = iter.next();
+ Perm pk = new Perm(row.getString(0),row.getString(1),row.getString(2),row.getString(3), row.getString(4), row.getSet(5,String.class));
+ keys.put(pk.encode(), pk);
+ data.put(pk,pk.roles);
+ }
+ } finally {
+ tt.done();
+ }
+ } finally {
+ trans.info().log("Found",data.size(),"perms");
+ }
+ }
+
+ public String toString() {
+ return encode();
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#hashCode()
+ */
+ @Override
+ public int hashCode() {
+ return encode().hashCode();
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ @Override
+ public boolean equals(Object obj) {
+ return encode().equals(obj);
+ }
+
+ @Override
+ public int compareTo(Perm o) {
+ return encode().compareTo(o.encode());
+ }
+
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/helpers/Role.java b/authz-batch/src/main/java/com/att/authz/helpers/Role.java
new file mode 100644
index 00000000..f599d561
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/helpers/Role.java
@@ -0,0 +1,125 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+import java.util.TreeMap;
+
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class Role implements Comparable<Role> {
+ public static final TreeMap<Role,Set<String>> data = new TreeMap<Role,Set<String>>();
+ public static final TreeMap<String,Role> keys = new TreeMap<String,Role>();
+
+ public final String ns, name, description;
+ private String full, encode;
+ public final Set<String> perms;
+
+ public Role(String full) {
+ ns = name = description = "";
+ this.full = full;
+ perms = new HashSet<String>();
+ }
+
+ public Role(String ns, String name, String description,Set<String> perms) {
+ this.ns = ns;
+ this.name = name;
+ this.description = description;
+ this.full = null;
+ this.encode = null;
+ this.perms = perms;
+ }
+
+ public String encode() {
+ if(encode==null) {
+ encode = ns + '|' + name;
+ }
+ return encode;
+ }
+
+ public String fullName() {
+ if(full==null) {
+ full = ns + '.' + name;
+ }
+ return full;
+ }
+
+ public static void load(Trans trans, Session session ) {
+ load(trans,session,"select ns, name, description, perms from authz.role;");
+ }
+
+ public static void loadOneNS(Trans trans, Session session, String ns ) {
+ load(trans,session,"select ns, name, description, perms from authz.role WHERE ns='" + ns + "';");
+ }
+
+ private static void load(Trans trans, Session session, String query) {
+ trans.info().log( "query: " + query );
+ TimeTaken tt = trans.start("Read Roles", Env.REMOTE);
+
+ ResultSet results;
+ try {
+ Statement stmt = new SimpleStatement( query );
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+
+ try {
+ Iterator<Row> iter = results.iterator();
+ Row row;
+ tt = trans.start("Load Roles", Env.SUB);
+ try {
+ while(iter.hasNext()) {
+ row = iter.next();
+ Role rk =new Role(row.getString(0),row.getString(1), row.getString(2),row.getSet(3,String.class));
+ keys.put(rk.encode(), rk);
+ data.put(rk,rk.perms);
+ }
+ } finally {
+ tt.done();
+ }
+ } finally {
+ trans.info().log("Found",data.size(),"roles");
+ }
+
+
+ }
+ public String toString() {
+ return encode();
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#hashCode()
+ */
+ @Override
+ public int hashCode() {
+ return encode().hashCode();
+ }
+
+ /* (non-Javadoc)
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ @Override
+ public boolean equals(Object obj) {
+ return encode().equals(obj);
+ }
+
+ @Override
+ public int compareTo(Role o) {
+ return encode().compareTo(o.encode());
+ }
+
+ public static String fullName(String role) {
+ return role.replace('|', '.');
+ }
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/helpers/UserRole.java b/authz-batch/src/main/java/com/att/authz/helpers/UserRole.java
new file mode 100644
index 00000000..65abc0f6
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/helpers/UserRole.java
@@ -0,0 +1,133 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.helpers;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.TreeMap;
+
+import com.att.dao.aaf.cass.UserRoleDAO;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.Trans;
+import com.att.inno.env.util.Chrono;
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.Session;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+public class UserRole implements Cloneable {
+ public static final List<UserRole> data = new ArrayList<UserRole>();
+ public static final TreeMap<String,List<UserRole>> byUser = new TreeMap<String,List<UserRole>>();
+ public static final TreeMap<String,List<UserRole>> byRole = new TreeMap<String,List<UserRole>>();
+
+ public final String user, role, ns, rname;
+ public final Date expires;
+
+ public UserRole(String user, String ns, String rname, Date expires) {
+ this.user = user;
+ this.role = ns + '.' + rname;
+ this.ns = ns;
+ this.rname = rname;
+ this.expires = expires;
+ }
+
+ public UserRole(String user, String role, String ns, String rname, Date expires) {
+ this.user = user;
+ this.role = role;
+ this.ns = ns;
+ this.rname = rname;
+ this.expires = expires;
+ }
+
+ public static void load(Trans trans, Session session, Creator<UserRole> creator ) {
+ load(trans,session,creator,null);
+ }
+
+ public static void loadOneRole(Trans trans, Session session, Creator<UserRole> creator, String role) {
+ load(trans,session,creator,"role='" + role +"' ALLOW FILTERING;");
+ }
+
+ public static void loadOneUser(Trans trans, Session session, Creator<UserRole> creator, String user ) {
+ load(trans,session,creator,"role='"+ user +"';");
+ }
+
+ private static void load(Trans trans, Session session, Creator<UserRole> creator, String where) {
+ String query = creator.query(where);
+ trans.info().log( "query: " + query );
+ TimeTaken tt = trans.start("Read UserRoles", Env.REMOTE);
+
+ ResultSet results;
+ try {
+ Statement stmt = new SimpleStatement( query );
+ results = session.execute(stmt);
+ } finally {
+ tt.done();
+ }
+ int count = 0;
+ try {
+ Iterator<Row> iter = results.iterator();
+ Row row;
+ tt = trans.start("Load UserRole", Env.SUB);
+ try {
+ while(iter.hasNext()) {
+ ++count;
+ row = iter.next();
+ UserRole ur = creator.create(row);
+ data.add(ur);
+
+ List<UserRole> lur = byUser.get(ur.user);
+ if(lur==null) {
+ lur = new ArrayList<UserRole>();
+ byUser.put(ur.user, lur);
+ }
+ lur.add(ur);
+
+ lur = byRole.get(ur.role);
+ if(lur==null) {
+ lur = new ArrayList<UserRole>();
+ byRole.put(ur.role, lur);
+ }
+ lur.add(ur);
+ }
+ } finally {
+ tt.done();
+ }
+ } finally {
+ trans.info().log("Found",count,"UserRoles");
+ }
+
+
+ }
+
+ public static Creator<UserRole> v2_0_11 = new Creator<UserRole>() {
+ @Override
+ public UserRole create(Row row) {
+ return new UserRole(row.getString(0), row.getString(1), row.getString(2),row.getString(3),row.getDate(4));
+ }
+
+ @Override
+ public String select() {
+ return "select user,role,ns,rname,expires from authz.user_role";
+ }
+ };
+
+ public UserRoleDAO.Data to() {
+ UserRoleDAO.Data urd = new UserRoleDAO.Data();
+ urd.user = user;
+ urd.role = role;
+ urd.ns = ns;
+ urd.rname = rname;
+ urd.expires = expires;
+ return urd;
+ }
+
+ public String toString() {
+ return "\"" + user + "\",\"" + role + "\",\"" + ns + "\",\"" + rname + "\",\""+ Chrono.dateOnlyStamp(expires);
+ }
+
+} \ No newline at end of file
diff --git a/authz-batch/src/main/java/com/att/authz/reports/ApprNotify.java b/authz-batch/src/main/java/com/att/authz/reports/ApprNotify.java
new file mode 100644
index 00000000..38567747
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/reports/ApprNotify.java
@@ -0,0 +1,107 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.reports;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+
+import com.att.authz.Batch;
+import com.att.authz.actions.Email;
+import com.att.authz.actions.Message;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.Approver;
+import com.att.authz.helpers.Notification;
+import com.att.authz.layer.Result;
+import com.att.authz.org.Organization;
+import com.att.authz.org.Organization.Identity;
+import com.att.authz.org.OrganizationException;
+import com.att.authz.org.OrganizationFactory;
+import com.att.dao.CassAccess;
+import com.att.dao.aaf.cass.ApprovalDAO;
+import com.att.dao.aaf.cass.ApprovalDAO.Data;
+import com.att.inno.env.APIException;
+
+public class ApprNotify extends Batch {
+ private final ApprovalDAO apprDAO;
+ private Result<List<Data>> rladd;
+ private Email email;
+
+ public ApprNotify(AuthzTrans trans) throws APIException, IOException {
+ super(trans.env());
+ apprDAO = new ApprovalDAO(trans, cluster, CassAccess.KEYSPACE);
+ session = apprDAO.getSession(trans);
+ rladd = apprDAO.readByStatus(trans,"pending");
+ if(isDryRun()) {
+ email = new Email();//EmailPrint();
+ } else {
+ email = new Email();
+ }
+ email.subject("AAF Approval Notification (ENV: %s)",batchEnv);
+ email.preamble("AAF is the AT&T System for Fine-Grained Authorizations. "
+ + "You are being asked to Approve in the %s environment before AAF Actions can be taken. \n\n"
+ + " Please follow this link:\n\n\t%s/approve"
+ ,batchEnv,env.getProperty(GUI_URL));
+
+ Notification.load(trans, session, Notification.v2_0_14);
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+ if(rladd.isOK()) {
+ if(rladd.isEmpty()) {
+ trans.warn().log("No Pending Approvals to Process");
+ } else {
+ Organization org=null;
+ //Map<String,Organization> users = new HashMap<String,Organization>();
+ Map<String,Approver> users = new TreeMap<String,Approver>();
+
+ for(Data data : rladd.value) {
+ // We've already seen this approver. Simply add the new request to him.
+ try {
+ Approver approver = users.get(data.approver);
+ if(approver==null) {
+ org = OrganizationFactory.obtain(trans.env(), data.approver);
+ approver = new Approver(data.approver, org);
+ users.put(data.approver, approver);
+ }
+ approver.addRequest(data.user);
+ } catch (OrganizationException e) {
+ trans.error().log(e);
+ }
+ }
+
+ // Notify
+ Message msg = new Message();
+ for(Approver approver : users.values()) {
+ try {
+ Notification n = Notification.addApproval(trans, org.getIdentity(trans, approver.name));
+ approver.build(msg);
+ n.set(msg);
+ if(n.update(trans, session, isDryRun())) {
+ Identity user = n.org.getIdentity(trans, approver.name);
+ email.clear();
+ email.addTo(user.email());
+ email.msg(msg);
+ email.exec(trans, n.org);
+ }
+ } catch (OrganizationException e) {
+ trans.error().log(e);
+ }
+ }
+ }
+ } else {
+ trans.error().log('[',rladd.status,']',rladd.details);
+ }
+ }
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ apprDAO.close(trans);
+ }
+
+
+
+}
diff --git a/authz-batch/src/main/java/com/att/authz/reports/CheckCred.java b/authz-batch/src/main/java/com/att/authz/reports/CheckCred.java
new file mode 100644
index 00000000..f9d2cfaf
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/reports/CheckCred.java
@@ -0,0 +1,90 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.reports;
+
+import java.io.IOException;
+
+import com.att.authz.Batch;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.Cred;
+import com.att.authz.helpers.Cred.Instance;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.util.Chrono;
+
+public class CheckCred extends Batch{
+
+ public CheckCred(AuthzTrans trans) throws APIException, IOException {
+ super(trans.env());
+ TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+ try {
+ session = cluster.connect();
+ } finally {
+ tt.done();
+ }
+
+ Cred.load(trans, session);
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+ String query;
+ for(Cred cred : Cred.data.values()) {
+ for(Instance inst : cred.instances) {
+ if(inst.other==0) {
+ if(dryRun) {
+ trans.warn().log("Ensuring 'other' is numeric");
+ } else {
+ query = "UPDATE authz.cred SET other=0 WHERE "
+ + "id='" + cred.id
+ + "' AND type=" + inst.type
+ + " AND expires='" + Chrono.dateStamp(inst.expires)
+ + "';";
+ session.execute(query);
+ trans.warn().log("resetting 'other'",query);
+ }
+ }
+ }
+ }
+
+ }
+ /*
+ /// Evaluate
+ for(UserRole urKey : UserRole.data) {
+ NSSplit nss = NS.deriveParent(urKey.role);
+ if(nss==null && NS.data.size()>0 ) { // there is no Namespace for this UserRole
+ if(dryRun) {
+ trans.warn().printf("Would delete %s %s, which has no corresponding Namespace",urKey.user,urKey.role);
+ } else {
+ query = "DELETE FROM authz.user_role WHERE "
+ + "user='" + urKey.user
+ + "' AND role='" + urKey.role
+ + "';";
+ session.execute(query);
+ trans.warn().printf("Deleting %s %s, which has no corresponding Namespace",urKey.user,urKey.role);
+ }
+ } else if(urKey.ns == null || urKey.rname == null || !urKey.role.equals(urKey.ns+'.'+urKey.rname)) {
+ if(dryRun) {
+ trans.warn().log(urKey,"needs to be split and added to Record (", urKey.ns, urKey.rname,")");
+ } else {
+ query = "UPDATE authz.user_role SET ns='" + nss.ns
+ + "', rname='" + nss.other
+ + "' WHERE "
+ + "user='" + urKey.user
+ + "' AND role='" + urKey.role
+ + "';";
+ session.execute(query);
+ trans.warn().log("Setting ns and rname",query);
+ }
+ }
+ }
+ }
+ */
+ @Override
+ protected void _close(AuthzTrans trans) {
+ session.close();
+ aspr.info("End " + this.getClass().getSimpleName() + " processing" );
+ }
+}
diff --git a/authz-batch/src/main/java/com/att/authz/reports/CheckNS.java b/authz-batch/src/main/java/com/att/authz/reports/CheckNS.java
new file mode 100644
index 00000000..36bcd348
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/reports/CheckNS.java
@@ -0,0 +1,425 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.reports;
+
+import java.io.IOException;
+import java.util.List;
+
+import com.att.authz.Batch;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.NS;
+import com.att.authz.helpers.NsAttrib;
+import com.att.authz.helpers.Perm;
+import com.att.authz.helpers.Role;
+import com.att.dao.aaf.cass.NsType;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+
+public class CheckNS extends Batch{
+
+ public CheckNS(AuthzTrans trans) throws APIException, IOException {
+ super(trans.env());
+ TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+ try {
+ session = cluster.connect();
+ } finally {
+ tt.done();
+ }
+ NS.load(trans, session,NS.v2_0_11);
+ Role.load(trans, session);
+ Perm.load(trans, session);
+ NsAttrib.load(trans, session, NsAttrib.v2_0_11);
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+
+ String msg;
+ String query;
+ trans.info().log(STARS, msg = "Checking for NS type mis-match", STARS);
+ TimeTaken tt = trans.start(msg, Env.SUB);
+ try {
+ for(NS ns : NS.data.values()) {
+ if(ns.description==null) {
+ trans.warn().log("Namepace description is null. Changing to empty string.");
+ if(dryRun) {
+ trans.warn().log("Namepace description is null. Changing to empty string");
+ } else {
+ query = "UPDATE authz.ns SET description='' WHERE name='" + ns.name +"';";
+ session.execute(query);
+ }
+ }
+ int scope = count(ns.name,'.');
+ NsType nt;
+ switch(scope) {
+ case 0:
+ nt = NsType.DOT;
+ break;
+ case 1:
+ nt = NsType.ROOT;
+ break;
+ case 2:
+ nt = NsType.COMPANY;
+ break;
+ default:
+ nt = NsType.APP;
+ break;
+ }
+ if(ns.type!=nt.type || ns.scope !=scope) {
+ if(dryRun) {
+ trans.warn().log("Namepace",ns.name,"has no type. Should change to ",nt.name());
+ } else {
+ query = "UPDATE authz.ns SET type=" + nt.type + ", scope=" + scope + " WHERE name='" + ns.name +"';";
+ trans.warn().log("Namepace",ns.name,"changing to",nt.name()+":",query);
+ session.execute(query);
+ }
+ }
+ }
+ } finally {
+ tt.done();
+ }
+
+
+ trans.info().log(STARS, msg = "Checking for NS admin/owner mis-match", STARS);
+ tt = trans.start(msg, Env.SUB);
+ try {
+ /// Evaluate
+ for(NS nk : NS.data.values()) {
+ //String name;
+ String roleAdmin = nk.name+"|admin";
+ String roleAdminPrev = nk.name+".admin";
+ String roleOwner = nk.name+"|owner";
+ String roleOwnerPrev = nk.name+".owner";
+ String permAll = nk.name+"|access|*|*";
+ String permAllPrev = nk.name+".access|*|*";
+ String permRead = nk.name+"|access|*|read";
+ String permReadPrev = nk.name+".access|*|read";
+ // Admins
+
+ Role rk = Role.keys.get(roleAdmin); // accomodate new role key
+ // Role Admin should exist
+ if(rk==null) {
+ if(dryRun) {
+ trans.warn().log(nk.name + " is missing role: " + roleAdmin);
+ } else {
+ query = "INSERT INTO authz.role(ns, name, description, perms) VALUES ('"
+ + nk.name
+ + "','admin','Automatic Administration',"
+ + "{'" + nk.name + "|access|*|*'});";
+ session.execute(query);
+ env.info().log(query);
+
+
+ if(Role.keys.get(roleAdminPrev)!=null) {
+ query = "UPDATE authz.role set perms = perms + "
+ + "{'" + roleAdminPrev + "'} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='admin'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ }
+ }
+ } else {
+ // Role Admin should be linked to Perm All
+ if(!rk.perms.contains(permAll)) {
+ if(dryRun) {
+ trans.warn().log(roleAdmin,"is not linked to",permAll);
+ } else {
+ query = "UPDATE authz.role set perms = perms + "
+ + "{'" + nk.name + "|access|*|*'} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='admin'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+
+ if(rk.perms.contains(permAllPrev)) {
+ query = "UPDATE authz.role set perms = perms - "
+ + "{'" + nk.name + ".access|*|*'} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='admin'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ }
+ }
+ }
+ // Role Admin should not be linked to Perm Read
+ if(rk.perms.contains(permRead)) {
+ if(dryRun) {
+ trans.warn().log(roleAdmin,"should not be linked to",permRead);
+ } else {
+ query = "UPDATE authz.role set perms = perms - "
+ + "{'" + nk.name + "|access|*|read'} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='admin'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ }
+ }
+ }
+
+ Perm pk = Perm.keys.get(permAll);
+ if(pk==null) {
+ trans.warn().log(nk.name + " is missing perm: " + permAll);
+ if(!dryRun) {
+ query = "INSERT INTO authz.perm(ns, type,instance,action,description, roles) VALUES ('"
+ + nk.name
+ + "','access','*','*','Namespace Write',"
+ + "{'" + nk.name + "|admin'});";
+ session.execute(query);
+ env.info().log(query);
+
+ }
+ } else {
+ // PermALL should be linked to Role Admin
+ if(!pk.roles.contains(roleAdmin)) {
+ trans.warn().log(permAll,"is not linked to",roleAdmin);
+ if(!dryRun) {
+ query = "UPDATE authz.perm set roles = roles + "
+ + "{'" + nk.name + "|admin'} WHERE "
+ + "ns='"+ pk.ns + "' AND "
+ + "type='access' AND instance='*' and action='*'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+
+ if(pk.roles.contains(roleAdminPrev)) {
+ query = "UPDATE authz.perm set roles = roles - "
+ + "{'" + nk.name + ".admin'} WHERE "
+ + "ns='"+ pk.ns + "' AND "
+ + "type='access' AND instance='*' and action='*'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+
+ }
+ }
+ }
+
+ // PermALL should be not linked to Role Owner
+ if(pk.roles.contains(roleOwner)) {
+ trans.warn().log(permAll,"should not be linked to",roleOwner);
+ if(!dryRun) {
+ query = "UPDATE authz.perm set roles = roles - "
+ + "{'" + nk.name + "|owner'} WHERE "
+ + "ns='"+ pk.ns + "' AND "
+ + "type='access' AND instance='*' and action='*'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ }
+ }
+
+ }
+
+
+
+ // Owner
+ rk = Role.keys.get(roleOwner);
+ if(rk==null) {
+ trans.warn().log(nk.name + " is missing role: " + roleOwner);
+ if(!dryRun) {
+ query = "INSERT INTO authz.role(ns, name, description, perms) VALUES('"
+ + nk.name
+ + "','owner','Automatic Owners',"
+ + "{'" + nk.name + "|access|*|read'});";
+ session.execute(query);
+ env.info().log(query);
+
+ }
+ } else {
+ // Role Owner should be linked to permRead
+ if(!rk.perms.contains(permRead)) {
+ trans.warn().log(roleOwner,"is not linked to",permRead);
+ if(!dryRun) {
+ query = "UPDATE authz.role set perms = perms + "
+ + "{'" + nk.name + "|access|*|read'} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='owner'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+
+ if(rk.perms.contains(permReadPrev)) {
+ query = "UPDATE authz.role set perms = perms - "
+ + "{'" + nk.name + ".access|*|read'} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='owner'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+
+ }
+ }
+ }
+ // Role Owner should not be linked to PermAll
+ if(rk.perms.contains(permAll)) {
+ trans.warn().log(roleAdmin,"should not be linked to",permAll);
+ if(!dryRun) {
+ query = "UPDATE authz.role set perms = perms - "
+ + "{'" + nk.name + "|access|*|*'} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='admin'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ }
+ }
+
+ }
+
+ pk = Perm.keys.get(permRead);
+ if(pk==null) {
+ trans.warn().log(nk.name + " is missing perm: " + permRead);
+ if(!dryRun) {
+ query = "INSERT INTO authz.perm(ns, type,instance,action,description, roles) VALUES ('"
+ + nk.name
+ + "','access','*','read','Namespace Read',"
+ + "{'" + nk.name + "|owner'});";
+ session.execute(query);
+ env.info().log(query);
+ }
+ } else {
+ // PermRead should be linked to roleOwner
+ if(!pk.roles.contains(roleOwner)) {
+ trans.warn().log(permRead, "is not linked to", roleOwner);
+ if(!dryRun) {
+ query = "UPDATE authz.perm set roles = roles + "
+ + "{'" + nk.name + "|owner'} WHERE "
+ + "ns='"+ pk.ns + "' AND "
+ + "type='access' AND instance='*' and action='read'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+
+ if(pk.roles.contains(roleOwnerPrev)) {
+ query = "UPDATE authz.perm set roles = roles - "
+ + "{'" + nk.name + ".owner'} WHERE "
+ + "ns='"+ pk.ns + "' AND "
+ + "type='access' AND instance='*' and action='read'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+
+ }
+ }
+ }
+ // PermRead should be not linked to RoleAdmin
+ if(pk.roles.contains(roleAdmin)) {
+ if(dryRun) {
+ trans.warn().log(permRead,"should not be linked to",roleAdmin);
+ } else {
+ query = "UPDATE authz.perm set roles = roles - "
+ + "{'" + nk.name + "|admin'} WHERE "
+ + "ns='"+ pk.ns + "' AND "
+ + "type='access' AND instance='*' and action='read'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ }
+ }
+ }
+
+
+ int dot = nk.name.lastIndexOf('.');
+ String parent;
+ if(dot<0) {
+ parent = ".";
+ } else {
+ parent = nk.name.substring(0, dot);
+ }
+
+ if(!parent.equals(nk.parent)) {
+ if(dryRun) {
+ trans.warn().log(nk.name + " is missing namespace data");
+ } else {
+ query = "UPDATE authz.ns SET parent='"+parent+"'" +
+ " WHERE name='" + nk.name + "';";
+ session.execute(query);
+ env.info().log(query);
+ }
+ }
+
+ // During Migration:
+ List<NsAttrib> swm = NsAttrib.byNS.get(nk.name);
+ boolean hasSwmV1 = false;
+ if(swm!=null) {for(NsAttrib na : swm) {
+ if("swm".equals(na.key) && "v1".equals(na.value)) {
+ hasSwmV1=true;
+ break;
+ }
+ }}
+ String roleMem = nk.name+"|member";
+ Role rm = Role.keys.get(roleMem); // Accommodate new role key
+ if(rm==null && hasSwmV1) {
+ query = "INSERT INTO authz.role(ns, name, description, perms) VALUES ('"
+ + nk.name
+ + "','member','Member',"
+ + "{'" + nk.name + "|access|*|read'});";
+ session.execute(query);
+ query = "UPDATE authz.role set perms = perms + "
+ + "{'" + nk.name + "|access|*|read'} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='member'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ }
+ if(rm!=null) {
+ if(!rm.perms.contains(permRead)) {
+ if(isDryRun()) {
+ env.info().log(nk.name+"|member needs " + nk.name + "|access|*|read");
+ } else {
+ query = "UPDATE authz.perm set roles = roles + "
+ + "{'" + nk.name + "|member'} WHERE "
+ + "ns='"+ pk.ns + "' AND "
+ + "type='access' AND instance='*' and action='read'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ query = "UPDATE authz.role set perms = perms + "
+ + "{'" + nk.name + "|access|*|read'"
+ + (hasSwmV1?",'"+nk.name+"|swm.star|*|*'":"")
+ + "} "
+ + "WHERE ns='"+ nk.name + "' AND "
+ + "name='member'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ if(hasSwmV1) {
+ query = "UPDATE authz.perm set roles = roles + "
+ + "{'" + nk.name + "|member'} WHERE "
+ + "ns='"+ pk.ns + "' AND "
+ + "type='swm.star' AND instance='*' and action='*'"
+ + ";";
+ session.execute(query);
+ env.info().log(query);
+ }
+ }
+ }
+ }
+
+
+
+ // Best Guess Owner
+
+// owner = Role.keys.get(ns.)
+ }
+ } finally {
+ tt.done();
+ }
+
+ }
+
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ session.close();
+ aspr.info("End " + this.getClass().getSimpleName() + " processing" );
+ }
+}
diff --git a/authz-batch/src/main/java/com/att/authz/reports/CheckRolePerm.java b/authz-batch/src/main/java/com/att/authz/reports/CheckRolePerm.java
new file mode 100644
index 00000000..ef3d933c
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/reports/CheckRolePerm.java
@@ -0,0 +1,164 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.reports;
+
+import java.io.IOException;
+import java.util.Set;
+
+import com.att.authz.Batch;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.NS;
+import com.att.authz.helpers.Perm;
+import com.att.authz.helpers.Role;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+import com.att.inno.env.util.Split;
+
+public class CheckRolePerm extends Batch{
+
+ public CheckRolePerm(AuthzTrans trans) throws APIException, IOException {
+ super(trans.env());
+ TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+ try {
+ session = cluster.connect();
+ } finally {
+ tt.done();
+ }
+ NS.load(trans,session,NS.v2_0_11);
+ Role.load(trans, session);
+ Perm.load(trans, session);
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+ // Run for Roles
+ trans.info().log("Checking for Role/Perm mis-match");
+
+ String query;
+ /// Evaluate from Role side
+ for(Role roleKey : Role.data.keySet()) {
+ for(String perm : Role.data.get(roleKey)) {
+ Perm pk = Perm.keys.get(perm);
+ if(pk==null) {
+ NS ns=null;
+ String msg = perm + " in role " + roleKey.fullName() + " does not exist";
+ String newPerm;
+ String[] s = Split.split('|', perm);
+ if(s.length==3) {
+ int i;
+ String find = s[0];
+ for(i=find.lastIndexOf('.');ns==null && i>=0;i=find.lastIndexOf('.', i-1)) {
+ ns = NS.data.get(find.substring(0,i));
+ }
+ if(ns==null) {
+ newPerm = perm;
+ } else {
+ newPerm = ns.name + '|' + s[0].substring(i+1) + '|' + s[1] + '|' + s[2];
+ }
+ } else {
+ newPerm = perm;
+ }
+ if(dryRun) {
+ if(ns==null) {
+ trans.warn().log(msg, "- would remove role from perm;");
+ } else {
+ trans.warn().log(msg, "- would update role in perm;");
+ }
+ } else {
+ if(ns!=null) {
+ query = "UPDATE authz.role SET perms = perms + {'" +
+ newPerm + "'}"
+ + (roleKey.description==null?", description='clean'":"")
+ + " WHERE "
+ + "ns='" + roleKey.ns
+ + "' AND name='" + roleKey.name + "';";
+ trans.warn().log("Fixing role in perm",query);
+ session.execute(query);
+ }
+
+ query = "UPDATE authz.role SET perms = perms - {'"
+ + perm.replace("'", "''") + "'}"
+ + (roleKey.description==null?", description='clean'":"")
+ + " WHERE "
+ + "ns='" + roleKey.ns
+ + "' AND name='" + roleKey.name + "';";
+ session.execute(query);
+ trans.warn().log(msg, "- removing role from perm");
+// env.info().log( "query: " + query );
+ }
+ } else {
+ Set<String> p_roles = Perm.data.get(pk);
+ if(p_roles!=null && !p_roles.contains(roleKey.encode())) {
+ String msg = perm + " does not have role: " + roleKey;
+ if(dryRun) {
+ trans.warn().log(msg,"- should add this role to this perm;");
+ } else {
+ query = "update authz.perm set roles = roles + {'"
+ + roleKey.encode() + "'}"
+ + (pk.description==null?", description=''":"")
+ + " WHERE "
+ + "ns='" + pk.ns
+ + "' AND type='" + pk.type
+ + "' AND instance='" + pk.instance
+ + "' AND action='" + pk.action
+ + "';";
+ session.execute(query);
+ trans.warn().log(msg,"- adding perm to role");
+ }
+
+ }
+ }
+ }
+ }
+
+ for(Perm permKey : Perm.data.keySet()) {
+ for(String role : Perm.data.get(permKey)) {
+ Role rk = Role.keys.get(role);
+ if(rk==null) {
+ String s = role + " in perm " + permKey.encode() + " does not exist";
+ if(dryRun) {
+ trans.warn().log(s,"- would remove perm from role;");
+ } else {
+ query = "update authz.perm set roles = roles - {'"
+ + role.replace("'","''") + "'}"
+ + (permKey.description==null?", description='clean'":"")
+ + " WHERE "
+ + "ns='" + permKey.ns
+ + "' AND type='" + permKey.type
+ + "' AND instance='" + permKey.instance
+ + "' AND action='" + permKey.action + "';";
+ session.execute(query);
+ trans.warn().log(s,"- removing role from perm");
+ }
+ } else {
+ Set<String> r_perms = Role.data.get(rk);
+ if(r_perms!=null && !r_perms.contains(permKey.encode())) {
+ String s ="Role '" + role + "' does not have perm: '" + permKey + '\'';
+ if(dryRun) {
+ trans.warn().log(s,"- should add this perm to this role;");
+ } else {
+ query = "update authz.role set perms = perms + {'"
+ + permKey.encode() + "'}"
+ + (rk.description==null?", description=''":"")
+ + " WHERE "
+ + "ns='" + rk.ns
+ + "' AND name='" + rk.name + "';";
+ session.execute(query);
+ trans.warn().log(s,"- adding role to perm");
+ }
+ }
+ }
+ }
+ }
+
+ }
+
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ session.close();
+ aspr.info("End " + this.getClass().getSimpleName() + " processing" );
+ }
+}
diff --git a/authz-batch/src/main/java/com/att/authz/reports/CheckUR.java b/authz-batch/src/main/java/com/att/authz/reports/CheckUR.java
new file mode 100644
index 00000000..99a2ae5d
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/reports/CheckUR.java
@@ -0,0 +1,74 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.reports;
+
+import java.io.IOException;
+
+import com.att.authz.Batch;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.NS;
+import com.att.authz.helpers.NS.NSSplit;
+import com.att.authz.helpers.UserRole;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+
+public class CheckUR extends Batch{
+
+ public CheckUR(AuthzTrans trans) throws APIException, IOException {
+ super(trans.env());
+ TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+ try {
+ session = cluster.connect();
+ } finally {
+ tt.done();
+ }
+ NS.load(trans, session,NS.v2_0_11);
+ UserRole.load(trans, session,UserRole.v2_0_11);
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+ trans.info().log("Get All Namespaces");
+
+
+ String query;
+
+ /// Evaluate
+ for(UserRole urKey : UserRole.data) {
+ NSSplit nss = NS.deriveParent(urKey.role);
+ if(nss==null && NS.data.size()>0 ) { // there is no Namespace for this UserRole
+ if(dryRun) {
+ trans.warn().printf("Would delete %s %s, which has no corresponding Namespace",urKey.user,urKey.role);
+ } else {
+ query = "DELETE FROM authz.user_role WHERE "
+ + "user='" + urKey.user
+ + "' AND role='" + urKey.role
+ + "';";
+ session.execute(query);
+ trans.warn().printf("Deleting %s %s, which has no corresponding Namespace",urKey.user,urKey.role);
+ }
+ } else if(urKey.ns == null || urKey.rname == null || !urKey.role.equals(urKey.ns+'.'+urKey.rname)) {
+ if(dryRun) {
+ trans.warn().log(urKey,"needs to be split and added to Record (", urKey.ns, urKey.rname,")");
+ } else {
+ query = "UPDATE authz.user_role SET ns='" + nss.ns
+ + "', rname='" + nss.other
+ + "' WHERE "
+ + "user='" + urKey.user
+ + "' AND role='" + urKey.role
+ + "';";
+ session.execute(query);
+ trans.warn().log("Setting ns and rname",query);
+ }
+ }
+ }
+ }
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ session.close();
+ aspr.info("End " + this.getClass().getSimpleName() + " processing" );
+ }
+}
diff --git a/authz-batch/src/main/java/com/att/authz/reports/Expiring.java b/authz-batch/src/main/java/com/att/authz/reports/Expiring.java
new file mode 100644
index 00000000..eb420433
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/reports/Expiring.java
@@ -0,0 +1,235 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.reports;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.List;
+
+import com.att.authz.Batch;
+import com.att.authz.actions.Action;
+import com.att.authz.actions.ActionDAO;
+import com.att.authz.actions.CredDelete;
+import com.att.authz.actions.CredPrint;
+import com.att.authz.actions.FADelete;
+import com.att.authz.actions.FAPrint;
+import com.att.authz.actions.Key;
+import com.att.authz.actions.URDelete;
+import com.att.authz.actions.URFutureApprove;
+import com.att.authz.actions.URFuturePrint;
+import com.att.authz.actions.URPrint;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.Cred;
+import com.att.authz.helpers.Cred.Instance;
+import com.att.authz.helpers.Future;
+import com.att.authz.helpers.Notification;
+import com.att.authz.helpers.UserRole;
+import com.att.authz.layer.Result;
+import com.att.authz.org.Organization.Identity;
+import com.att.dao.aaf.cass.CredDAO;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+
+public class Expiring extends Batch {
+
+ private final Action<UserRole,Void> urDelete,urPrint;
+ private final Action<UserRole,List<Identity>> urFutureApprove;
+ private final Action<CredDAO.Data,Void> crDelete,crPrint;
+ private final Action<Future,Void> faDelete;
+// private final Email email;
+ private final Key<UserRole> memoKey;
+
+ public Expiring(AuthzTrans trans) throws APIException, IOException {
+ super(trans.env());
+ trans.info().log("Starting Connection Process");
+ TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
+ try {
+ urPrint = new URPrint("Expired:");
+ crPrint = new CredPrint("Expired:");
+
+ URFutureApprove ufr = new URFutureApprove(trans,cluster);
+ memoKey = ufr;
+
+ if(isDryRun()) {
+ urDelete = new URPrint("Would Delete:");
+ // While Testing
+// urFutureApprove = ufr;
+ urFutureApprove = new URFuturePrint("Would setup Future/Approvals");
+ crDelete = new CredPrint("Would Delete:");
+ faDelete = new FAPrint("Would Delete:");
+// email = new EmailPrint();
+
+ TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+ try {
+ session = cluster.connect();
+ } finally {
+ tt.done();
+ }
+
+ } else {
+ TimeTaken tt = trans.start("Connect to Cluster with DAOs", Env.REMOTE);
+ try {
+ ActionDAO<UserRole,Void> adao;
+ urDelete = adao = new URDelete(trans, cluster);
+ urFutureApprove = new URFutureApprove(trans,adao);
+ faDelete = new FADelete(trans, adao);
+
+ crDelete = new CredDelete(trans, adao);
+// email = new Email();
+ TimeTaken tt2 = trans.start("Connect to Cluster", Env.REMOTE);
+ try {
+ session = adao.getSession(trans);
+ } finally {
+ tt2.done();
+ }
+ } finally {
+ tt.done();
+ }
+ }
+
+ UserRole.load(trans, session, UserRole.v2_0_11);
+ Cred.load(trans, session);
+ Notification.load(trans, session, Notification.v2_0_14);
+ Future.load(trans,session,Future.v2_0_15);
+ } finally {
+ tt0.done();
+ }
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+ // Setup Date boundaries
+ Date now = new Date();
+ GregorianCalendar gc = new GregorianCalendar();
+ gc.setTime(now);
+ gc.add(GregorianCalendar.MONTH, 1);
+ Date future = gc.getTime();
+ gc.setTime(now);
+ gc.add(GregorianCalendar.MONTH, -1);
+ Date tooLate = gc.getTime();
+ int count = 0, deleted=0;
+
+// List<Notification> ln = new ArrayList<Notification>();
+ TimeTaken tt;
+
+ // Run for Expired Futures
+ trans.info().log("Checking for Expired Futures");
+ tt = trans.start("Delete old Futures", Env.REMOTE);
+ try {
+ List<Future> delf = new ArrayList<Future>();
+ for(Future f : Future.data) {
+ AuthzTrans localTrans = env.newTransNoAvg();
+ if(f.expires.before(now)) {
+ faDelete.exec(localTrans, f);
+ delf.add(f);
+ }
+ }
+ Future.delete(delf);
+ } finally {
+ tt.done();
+ }
+
+ // Run for Roles
+ trans.info().log("Checking for Expired Roles");
+ try {
+ for(UserRole ur : UserRole.data) {
+ AuthzTrans localTrans = env.newTransNoAvg();
+ if(ur.expires.before(tooLate)) {
+ if("owner".equals(ur.rname)) { // don't delete Owners, even if Expired
+ urPrint.exec(localTrans,ur);
+ } else {
+ urDelete.exec(localTrans,ur);
+ ++deleted;
+ trans.logAuditTrail(trans.info());
+ }
+ ++count;
+ } else if(ur.expires.before(future)) {
+ List<Future> fbm = Future.byMemo.get(memoKey.key(ur));
+ if(fbm==null || fbm.isEmpty()) {
+ Result<List<Identity>> rapprovers = urFutureApprove.exec(localTrans, ur);
+ if(rapprovers.isOK()) {
+ for(Identity ou : rapprovers.value) {
+// Notification n = Notification.addApproval(localTrans,ou);
+// if(n.org==null) {
+// n.org = getOrgFromID(localTrans, ur.user);
+// }
+// ln.add(n);
+ urPrint.exec(localTrans,ur);
+ if(isDryRun()) {
+ trans.logAuditTrail(trans.info());
+ }
+ }
+ }
+ }
+ ++count;
+ }
+ }
+ } finally {
+ env.info().log("Found",count,"roles expiring before",future);
+ env.info().log("deleting",deleted,"roles expiring before",tooLate);
+ }
+
+// // Email Approval Notification
+// email.subject("AAF Role Expiration Warning (ENV: %s)", batchEnv);
+// email.indent("");
+// for(Notification n: ln) {
+// if(n.org==null) {
+// trans.error().log("No Organization for Notification");
+// } else if(n.update(trans, session, isDryRun())) {
+// email.clear();
+// email.addTo(n.user);
+// email.line(n.text(new StringBuilder()).toString());
+// email.exec(trans,n.org);
+// }
+// }
+ // Run for Creds
+ trans.info().log("Checking for Expired Credentials");
+ System.out.flush();
+ count = 0;
+ try {
+ CredDAO.Data crd = new CredDAO.Data();
+ Date last = null;
+ for( Cred creds : Cred.data.values()) {
+ AuthzTrans localTrans = env.newTransNoAvg();
+ crd.id = creds.id;
+ for(int type : creds.types()) {
+ crd.type = type;
+ for( Instance inst : creds.instances) {
+ if(inst.expires.before(tooLate)) {
+ crd.expires = inst.expires;
+ crDelete.exec(localTrans, crd);
+ } else if(last==null || inst.expires.after(last)) {
+ last = inst.expires;
+ }
+ }
+ if(last!=null) {
+ if(last.before(future)) {
+ crd.expires = last;
+ crPrint.exec(localTrans, crd);
+ ++count;
+ }
+ }
+ }
+ }
+ } finally {
+ env.info().log("Found",count,"current creds expiring before",future);
+ }
+
+ }
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ aspr.info("End " + this.getClass().getSimpleName() + " processing" );
+ for(Action<?,?> action : new Action<?,?>[] {urDelete,crDelete}) {
+ if(action instanceof ActionDAO) {
+ ((ActionDAO<?,?>)action).close(trans);
+ }
+ }
+ session.close();
+ }
+
+}
diff --git a/authz-batch/src/main/java/com/att/authz/reports/NSDump.java b/authz-batch/src/main/java/com/att/authz/reports/NSDump.java
new file mode 100644
index 00000000..bfed2a3f
--- /dev/null
+++ b/authz-batch/src/main/java/com/att/authz/reports/NSDump.java
@@ -0,0 +1,136 @@
+/*******************************************************************************
+ * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
+ *******************************************************************************/
+package com.att.authz.reports;
+
+import java.io.IOException;
+import java.io.PrintStream;
+import java.util.Date;
+import java.util.List;
+
+import com.att.authz.Batch;
+import com.att.authz.env.AuthzTrans;
+import com.att.authz.helpers.Cred;
+import com.att.authz.helpers.NS;
+import com.att.authz.helpers.Perm;
+import com.att.authz.helpers.Role;
+import com.att.authz.helpers.UserRole;
+import com.att.inno.env.APIException;
+import com.att.inno.env.Env;
+import com.att.inno.env.TimeTaken;
+
+public class NSDump extends Batch{
+ private PrintStream out = System.out;
+ private final String ns, admin, owner;
+
+ public NSDump(AuthzTrans trans) throws APIException, IOException {
+ super(trans.env());
+ if(args().length>0) {
+ ns = args()[0];
+ } else {
+ throw new APIException("NSDump requires \"NS\" parameter");
+ }
+ admin = ns + "|admin";
+ owner = ns + "|owner";
+
+ TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+ try {
+ session = cluster.connect();
+ } finally {
+ tt.done();
+ }
+
+ NS.loadOne(trans, session,NS.v2_0_11,ns);
+ Role.loadOneNS(trans, session, ns);
+ if(Role.data.keySet().size()>5) {
+ UserRole.load(trans, session,UserRole.v2_0_11);
+ } else {
+ for(Role r : Role.data.keySet()) {
+ UserRole.loadOneRole(trans, session, UserRole.v2_0_11, r.fullName());
+ }
+ }
+ Perm.loadOneNS(trans,session,ns);
+ Cred.loadOneNS(trans, session, ns);
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+ Date now = new Date();
+ for(NS ns : NS.data.values()) {
+ out.format("# Data for Namespace [%s] - %s\n",ns.name,ns.description);
+ out.format("ns create %s",ns);
+ boolean first = true;
+ List<UserRole> owners = UserRole.byRole.get(owner);
+ if(owners!=null)for(UserRole ur : owners) {
+ if(first) {
+ out.append(' ');
+ first = false;
+ } else {
+ out.append(',');
+ }
+ out.append(ur.user);
+ }
+ first = true;
+ List<UserRole> admins = UserRole.byRole.get(admin);
+ if(admins!=null)for(UserRole ur : admins) {
+ if(first) {
+ out.append(' ');
+ first = false;
+ } else {
+ out.append(',');
+ }
+ out.append(ur.user);
+ }
+ out.println();
+
+ // Load Creds
+ Date last;
+ for(Cred c : Cred.data.values()) {
+ for(int i : c.types()) {
+ last = c.last(i);
+ if(last!=null && now.before(last)) {
+ switch(i) {
+ case 1:
+ out.format(" user cred add %s %s\n", c.id,"new2you!");
+ break;
+ case 200:
+ out.format(" # CERT needs registering for %s\n", c.id);
+ break;
+ default:
+ out.format(" # Unknown Type for %s\n", c.id);
+ }
+ }
+ }
+ }
+
+ // Load Roles
+ for(Role r : Role.data.keySet()) {
+ if(!"admin".equals(r.name) && !"owner".equals(r.name)) {
+ out.format(" role create %s\n",r.fullName());
+ List<UserRole> lur = UserRole.byRole.get(r.fullName());
+ if(lur!=null)for(UserRole ur : lur) {
+ if(ur.expires.after(now)) {
+ out.format(" request role user add %s %s\n", ur.role,ur.user);
+ }
+ }
+ }
+ }
+
+ // Load Perms
+ for(Perm r : Perm.data.keySet()) {
+ out.format(" perm create %s.%s %s %s\n",r.ns,r.type,r.instance,r.action);
+ for(String role : r.roles) {
+ out.format(" request perm grant %s.%s %s %s %s\n", r.ns,r.type,r.instance,r.action,Role.fullName(role));
+ }
+ }
+
+ }
+ }
+
+ @Override
+ protected void _close(AuthzTrans trans) {
+ session.close();
+ aspr.info("End " + this.getClass().getSimpleName() + " processing" );
+ }
+
+}