From 3ca2e6964bf2aab93394cf542b6354ca735703c0 Mon Sep 17 00:00:00 2001 From: Instrumental Date: Fri, 20 Dec 2019 11:01:29 -0600 Subject: Minor changes for Organization needs Issue-ID: AAF-1058 Change-Id: I446f630b197657f9d20222a69101437af3ae33e6 Signed-off-by: Instrumental --- .../org/onap/aaf/auth/batch/reports/Analyze.java | 22 ++++++++++++++++++++++ .../onap/aaf/auth/batch/reports/ApprovedRpt.java | 9 +-------- .../java/org/onap/aaf/auth/org/Organization.java | 3 ++- .../src/main/java/org/onap/aaf/org/DefaultOrg.java | 4 ++++ 4 files changed, 29 insertions(+), 9 deletions(-) (limited to 'auth') diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java index 5cab5297..227717b7 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java @@ -57,6 +57,7 @@ import org.onap.aaf.auth.batch.helpers.X509; import org.onap.aaf.auth.dao.cass.CredDAO; import org.onap.aaf.auth.dao.cass.UserRoleDAO; import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.org.Organization.Expiration; import org.onap.aaf.auth.org.Organization.Identity; import org.onap.aaf.auth.org.OrganizationException; import org.onap.aaf.cadi.configure.Factory; @@ -392,12 +393,33 @@ public class Analyze extends Batch { } return; } + if(org.isRevoked(trans, ur.user())) { + GregorianCalendar gc = new GregorianCalendar(); + gc.setTime(ur.expires()); + GregorianCalendar gracePeriodEnds = org.expiration(gc, Expiration.RevokedGracePeriodEnds, ur.user()); + if(now.after(gracePeriodEnds.getTime())) { + ur.row(deleteCW, UserRole.UR,"Revoked ID, no grace period left"); + } else { + ur.row(notCompliantCW, UserRole.UR, "Revoked ID: WARNING! GracePeriod Ends " + gracePeriodEnds.toString()); + } + return; + } ur.row(deleteCW, UserRole.UR,"Not in Organization"); return; } else if(Role.byName.get(ur.role())==null) { ur.row(deleteCW, UserRole.UR,String.format("Role %s does not exist", ur.role())); return; + // Make sure owners can still be owners. + } else if(ur.role().endsWith(".owner")) { + String err = identity.mayOwn(); + if(err!=null) { + ur.row(deleteCW, UserRole.UR,String.format("%s may not be an owner: %s",ur.user(),err)); + return; + } } + + + // Just let expired UserRoles sit until deleted if(futureRange.inRange(ur.expires())&&(!mur.containsKey(ur.user() + '|' + ur.role()))) { // Cannot just delete owners, unless there is at least one left. Process later diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java index 408a17bc..f346f7dd 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java @@ -26,11 +26,9 @@ import java.io.File; import java.io.IOException; import java.util.Date; import java.util.GregorianCalendar; -import java.util.Iterator; import java.util.List; -import java.util.Map; -import java.util.TreeMap; import java.util.UUID; + import org.onap.aaf.auth.batch.Batch; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.org.OrganizationException; @@ -42,11 +40,6 @@ import org.onap.aaf.misc.env.TimeTaken; import org.onap.aaf.misc.env.util.Chrono; import org.onap.aaf.misc.env.util.Split; -import com.datastax.driver.core.ResultSet; -import com.datastax.driver.core.Row; -import com.datastax.driver.core.SimpleStatement; -import com.datastax.driver.core.Statement; - public class ApprovedRpt extends Batch { diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java index 73093099..95f37859 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java @@ -214,7 +214,8 @@ public interface Organization { Future, UserInRole, UserDelegate, - ExtendPassword + ExtendPassword, + RevokedGracePeriodEnds } public enum Policy { diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java index 70b3324a..2440e02e 100644 --- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java +++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java @@ -515,6 +515,10 @@ public class DefaultOrg implements Organization { now.add(GregorianCalendar.MONTH, 6); rv = now; break; + case RevokedGracePeriodEnds: + now.add(GregorianCalendar.DATE, 3); + rv = now; + break; default: // Unless other wise set, 6 months is default now.add(GregorianCalendar.MONTH, 6); -- cgit 1.2.3-korg