From 43854a9e3310ff7a92257d16c4fc0a8321eaec68 Mon Sep 17 00:00:00 2001 From: sg481n Date: Thu, 3 Aug 2017 17:27:34 -0400 Subject:  [AAF-21] Initial code import MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I63d7d499bbd46f500b5f5a4db966166f613f327a Signed-off-by: sg481n --- .../src/main/java/com/att/cmd/perm/Create.java | 165 +++++++++++++++++++++ 1 file changed, 165 insertions(+) create mode 100644 authz-cmd/src/main/java/com/att/cmd/perm/Create.java (limited to 'authz-cmd/src/main/java/com/att/cmd/perm/Create.java') diff --git a/authz-cmd/src/main/java/com/att/cmd/perm/Create.java b/authz-cmd/src/main/java/com/att/cmd/perm/Create.java new file mode 100644 index 00000000..a6bd6802 --- /dev/null +++ b/authz-cmd/src/main/java/com/att/cmd/perm/Create.java @@ -0,0 +1,165 @@ +/******************************************************************************* + * ============LICENSE_START==================================================== + * * org.onap.aai + * * =========================================================================== + * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * * Copyright © 2017 Amdocs + * * =========================================================================== + * * Licensed under the Apache License, Version 2.0 (the "License"); + * * you may not use this file except in compliance with the License. + * * You may obtain a copy of the License at + * * + * * http://www.apache.org/licenses/LICENSE-2.0 + * * + * * Unless required by applicable law or agreed to in writing, software + * * distributed under the License is distributed on an "AS IS" BASIS, + * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * * See the License for the specific language governing permissions and + * * limitations under the License. + * * ============LICENSE_END==================================================== + * * + * * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * * + ******************************************************************************/ +package com.att.cmd.perm; + +import com.att.aft.dme2.internal.jetty.http.HttpStatus; +import com.att.cadi.CadiException; +import com.att.cadi.LocatorException; +import com.att.cadi.client.Future; +import com.att.cadi.client.Rcli; +import com.att.cadi.client.Retryable; +import com.att.cmd.AAFcli; +import com.att.cmd.Cmd; +import com.att.cmd.Param; +import com.att.cssa.rserv.HttpMethods; +import com.att.inno.env.APIException; + +import aaf.v2_0.PermRequest; +import aaf.v2_0.RoleRequest; + +/** + * + * + */ +public class Create extends Cmd { + public Create(Perm parent) { + super(parent,"create", + new Param("type",true), + new Param("instance",true), + new Param("action", true), + new Param("role[,role]* (to Grant to)", false) + ); + } + + @Override + public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException { + return same(new Retryable() { + @Override + public Integer code(Rcli client) throws CadiException, APIException { + int idx = index; + final PermRequest pr = new PermRequest(); + pr.setType(args[idx++]); + pr.setInstance(args[idx++]); + pr.setAction(args[idx++]); + String roleCommas = (args.length>idx)?args[idx++]:null; + String[] roles = roleCommas==null?null:roleCommas.split("\\s*,\\s*"); + boolean force = aafcli.forceString()!=null; + int rv; + + if(roles!=null && force) { // Make sure Roles are Created + RoleRequest rr = new RoleRequest(); + for(String role : roles) { + rr.setName(role);; + Future fr = client.create( + "/authz/role", + getDF(RoleRequest.class), + rr + ); + fr.get(AAFcli.timeout()); + switch(fr.code()){ + case 201: + pw().println("Created Role [" + role + ']'); + break; + case 409: + break; + default: + pw().println("Role [" + role + "] does not exist, and cannot be created."); + return HttpStatus.PARTIAL_CONTENT_206; + } + } + } + + // Set Start/End commands + setStartEnd(pr); + setQueryParamsOn(client); + Future fp = client.create( + "/authz/perm", + getDF(PermRequest.class), + pr + ); + if(fp.get(AAFcli.timeout())) { + rv = fp.code(); + pw().println("Created Permission"); + if(roles!=null) { + if(aafcli.forceString()!=null) { // Make sure Roles are Created + RoleRequest rr = new RoleRequest(); + for(String role : roles) { + rr.setName(role);; + Future fr = client.create( + "/authz/role", + getDF(RoleRequest.class), + rr + ); + fr.get(AAFcli.timeout()); + switch(fr.code()){ + case 201: + case 409:break; + default: + + } + } + } + + try { + if(201!=(rv=((Perm)parent)._exec(0, + new String[] {"grant",pr.getType(),pr.getInstance(),pr.getAction(),roleCommas}))) { + rv = HttpStatus.PARTIAL_CONTENT_206; + } + } catch (LocatorException e) { + throw new CadiException(e); + } + } + } else { + rv = fp.code(); + if(rv==409 && force) { + rv = 201; + } else if(rv==202) { + pw().println("Permission Creation Accepted, but requires Approvals before actualizing"); + if (roles!=null) + pw().println("You need to grant the roles after approval."); + } else { + error(fp); + } + } + return rv; + } + }); + } + + @Override + public void detailedHelp(int _indent, StringBuilder sb) { + int indent = _indent; + detailLine(sb,indent,"Create a Permission with:"); + detailLine(sb,indent+=2,"type - A Namespace qualified identifier identifying the kind of"); + detailLine(sb,indent+11,"resource to be protected"); + detailLine(sb,indent,"instance - A name that distinguishes a particular instance of resource"); + detailLine(sb,indent,"action - What kind of action is allowed"); + detailLine(sb,indent,"role(s) - Perms granted to these Comma separated Role(s)"); + detailLine(sb,indent+11,"Nonexistent role(s) will be created, if in same namespace"); + sb.append('\n'); + detailLine(sb,indent+2,"Note: Instance and Action can be a an '*' (enter \\\\* on Unix Shell)"); + api(sb,indent,HttpMethods.POST,"authz/perm",PermRequest.class,true); + } + +} -- cgit 1.2.3-korg