aboutsummaryrefslogtreecommitdiffstats
path: root/dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java
diff options
context:
space:
mode:
Diffstat (limited to 'dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java')
-rw-r--r--dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java180
1 files changed, 180 insertions, 0 deletions
diff --git a/dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java b/dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java
new file mode 100644
index 0000000..b082102
--- /dev/null
+++ b/dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java
@@ -0,0 +1,180 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dmaap
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ *
+ * Modifications Copyright (C) 2018 IBM.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dmaap.dbcapi.authentication;
+
+import com.att.eelf.configuration.EELFLogger;
+import com.att.eelf.configuration.EELFManager;
+
+import org.onap.dmaap.dbcapi.aaf.AafService;
+import org.onap.dmaap.dbcapi.aaf.AafServiceFactory;
+import org.onap.dmaap.dbcapi.aaf.DmaapGrant;
+import org.onap.dmaap.dbcapi.aaf.DmaapPerm;
+import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType;
+import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
+import org.onap.dmaap.dbcapi.logging.DmaapbcLogMessageEnum;
+import org.onap.dmaap.dbcapi.model.Dmaap;
+import org.onap.dmaap.dbcapi.service.DmaapService;
+import org.onap.dmaap.dbcapi.util.DmaapConfig;
+
+public class ApiPerms extends BaseLoggingClass {
+ static String topic = "topics";
+ static String mrClusters = "mr_clusters";
+ static String mrClients = "mr_clients";
+ static String feed = "feeds";
+ static String drSubs = "dr_subs";
+ static String drPubs = "dr_pubs";
+ static String drNodes = "dr_nodes";
+ static String dcaeLocations = "dcaeLocations";
+ static String inventory = "Inventory";
+ static String portalUser = "PortalUser";
+ static String orchestrator = "Orchestrator";
+ static String delete = "DELETE";
+ static String dmaap = "dmaap";
+ static String controller = "Controller";
+
+ private static class PermissionMap {
+ static final EELFLogger logger = EELFManager.getInstance().getLogger( PermissionMap.class );
+ static final EELFLogger errorLogger = EELFManager.getInstance().getErrorLogger();
+ String uri;
+ String action;
+ String[] roles;
+
+ private PermissionMap( String u, String a, String[] r ) {
+ this.setUri(u);
+ this.setAction(a);
+ this.setRoles(r);
+ }
+
+ public String getUri() {
+ return uri;
+ }
+ public void setUri(String uri) {
+ this.uri = uri;
+ }
+ public String getAction() {
+ return action;
+ }
+ public void setAction(String action) {
+ this.action = action;
+ }
+
+ public String[] getRoles() {
+ return roles;
+ }
+ public void setRoles(String[] roles) {
+ this.roles = roles;
+ }
+
+ public static void initMap( PermissionMap[] pmap, String instance ) {
+
+ DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig();
+ String api = p.getProperty("ApiNamespace", "apiNamespace.not.set");
+
+ AafService aaf = new AafServiceFactory().initAafService(ServiceType.AAF_Admin);
+
+ for ( int i = 0; i < pmap.length ; i++ ) {
+ String uri = new String( api + "." + pmap[i].getUri());
+ DmaapPerm perm = new DmaapPerm( uri, instance, pmap[i].getAction() );
+ int rc = aaf.addPerm( perm );
+ if ( rc != 201 && rc != 409 ) {
+ errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE, Integer.toString(rc), "add perm", perm.toString() );
+
+ }
+ for( String r: pmap[i].getRoles()) {
+ String fr = new String( api + "." + r );
+ logger.debug( "i:" + i + " granting perm " + perm.toString()+ " to role=" + fr );
+ DmaapGrant grant = new DmaapGrant( perm, fr );
+ rc = aaf.addGrant( grant );
+ if ( rc != 201 && rc != 409 ) {
+ errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE, Integer.toString(rc), "grant perm", perm.toString() );
+ }
+ }
+
+ }
+ }
+ }
+
+ static PermissionMap[] bootMap = {
+ new PermissionMap( dmaap, "GET", new String[] { controller }),
+ new PermissionMap( dmaap, "POST", new String[] { controller }),
+ new PermissionMap( dmaap, "PUT", new String[] { controller }),
+ new PermissionMap( dmaap, delete, new String[] { controller })
+
+ };
+
+ static PermissionMap[] envMap = {
+ new PermissionMap( dmaap, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
+ new PermissionMap( dmaap, "POST", new String[] { controller } ),
+ new PermissionMap( dmaap, "PUT", new String[] { controller }),
+ new PermissionMap( dmaap, delete, new String[] { controller }),
+ new PermissionMap( "bridge", "GET", new String[] { "Metrics" }),
+ //new PermissionMap( "bridge", "POST", new String[] { "Metrics" } ),
+ //new PermissionMap( "bridge", "PUT", new String[] { "Metrics" }),
+ //new PermissionMap( "bridge", delete, new String[] { "Metrics" }),
+ new PermissionMap( dcaeLocations, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
+ new PermissionMap( dcaeLocations, "POST", new String[] { controller } ),
+ new PermissionMap( dcaeLocations, "PUT", new String[] { controller }),
+ new PermissionMap( dcaeLocations, delete, new String[] { controller }),
+ new PermissionMap( drNodes, "GET", new String[] { controller, orchestrator, inventory, portalUser }),
+ new PermissionMap( drNodes, "POST", new String[] { controller } ),
+ new PermissionMap( drNodes, "PUT", new String[] { controller }),
+ new PermissionMap( drNodes, delete, new String[] { controller }),
+ new PermissionMap( drPubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
+ new PermissionMap( drPubs, "POST", new String[] { controller, orchestrator,portalUser } ),
+ new PermissionMap( drPubs, "PUT", new String[] { controller, orchestrator,portalUser }),
+ new PermissionMap( drPubs, delete, new String[] { controller, orchestrator,portalUser }),
+ new PermissionMap( drSubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
+ new PermissionMap( drSubs, "POST", new String[] { controller, orchestrator,portalUser } ),
+ new PermissionMap( drSubs, "PUT", new String[] { controller, orchestrator,portalUser }),
+ new PermissionMap( drSubs, delete, new String[] { controller, orchestrator,portalUser }),
+ new PermissionMap( feed, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
+ new PermissionMap( feed, "POST", new String[] { controller, orchestrator,portalUser } ),
+ new PermissionMap( feed, "PUT", new String[] { controller, orchestrator, portalUser }),
+ new PermissionMap( feed, delete, new String[] { controller, portalUser }),
+ new PermissionMap( mrClients, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
+ new PermissionMap( mrClients, "POST", new String[] { controller,orchestrator, portalUser } ),
+ new PermissionMap( mrClients, "PUT", new String[] { controller, orchestrator,portalUser }),
+ new PermissionMap( mrClients, delete, new String[] { controller,orchestrator, portalUser }),
+ new PermissionMap( mrClusters, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
+ new PermissionMap( mrClusters, "POST", new String[] { controller } ),
+ new PermissionMap( mrClusters, "PUT", new String[] { controller }),
+ new PermissionMap( mrClusters, delete, new String[] { controller }),
+ new PermissionMap( topic, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
+ new PermissionMap( topic, "POST", new String[] { controller, orchestrator } ),
+ new PermissionMap( topic, "PUT", new String[] { controller, orchestrator }),
+ new PermissionMap( topic, delete, new String[] { controller, orchestrator })
+ };
+
+ public void setBootMap() {
+ String instance = "boot";
+ PermissionMap.initMap( bootMap, instance );
+ }
+
+ public void setEnvMap() {
+ Dmaap dmaapVar = new DmaapService().getDmaap();
+ String dmaapName = dmaapVar.getDmaapName();
+ PermissionMap.initMap( envMap, dmaapName );
+ }
+
+
+}