AafPermissionService implementation

based on methods from MR_ClientService Change-Id: If90327b4ab0d4de1b58e5f15564d35cd2d43ec39 Issue-ID: DMAAP-1211 Signed-off-by: piotr.karas <piotr.karas@nokia.com>
author: pkaras <piotr.karas@nokia.com> 2019-05-30 11:11:54 +0200
committer: pkaras <piotr.karas@nokia.com> 2019-05-31 15:20:53 +0200
commit: 45ccf584c8574e9f96dd6fa3b8016accf24fc541 (patch)
tree: 6748b6e811dc5c29e66f4585c04a734dd9832858 /src/main/java/org
parent: d3994fb85f92d429b626013a0bd9f2ff69418c95 (diff)
4 files changed, 277 insertions, 94 deletions
diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/AafUserRole.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafUserRole.java
index 7b4f882..859ae13 100644
--- a/src/main/java/org/onap/dmaap/dbcapi/aaf/AafUserRole.java
+++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafUserRole.java
@@ -22,6 +22,8 @@ package org.onap.dmaap.dbcapi.aaf;
 
 import org.apache.log4j.Logger;
 
+import java.util.Objects;
+
 
 public class AafUserRole extends AafObject  {
 	static final Logger logger = Logger.getLogger(AafUserRole.class);
@@ -62,8 +64,20 @@ public class AafUserRole extends AafObject  {
 			
 		return postJSON;
 	}
-	
-	
-	
-	
+
+
+	@Override
+	public boolean equals(Object o) {
+		if (this == o) return true;
+		if (o == null || getClass() != o.getClass()) return false;
+		AafUserRole that = (AafUserRole) o;
+		return Objects.equals(identity, that.identity) &&
+				Objects.equals(role, that.role);
+	}
+
+	@Override
+	public int hashCode() {
+
+		return Objects.hash(identity, role);
+	}
 }
diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapGrant.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapGrant.java
index 90668be..bcee2a3 100644
--- a/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapGrant.java
+++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapGrant.java
@@ -7,9 +7,9 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -22,46 +22,61 @@ package org.onap.dmaap.dbcapi.aaf;
 
 import org.apache.log4j.Logger;
 
+import java.util.Objects;
+
 public class DmaapGrant extends AafObject {
-	static final Logger logger = Logger.getLogger(DmaapGrant.class);
-	
-	private DmaapPerm 	perm;
-	private	String	role;
-
-	public DmaapGrant(){
-		
-	}
-	
-	public DmaapGrant( DmaapPerm p, String r ) {
-		this.perm = p;
-		this.role = r;
-	}
-
-	public DmaapPerm getPerm() {
-		return perm;
-	}
-
-	public void setPerm(DmaapPerm perm) {
-		this.perm = perm;
-	}
-
-	public String getRole() {
-		return role;
-	}
-
-	public void setRole(String role) {
-		this.role = role;
-	}
-
-	public String toJSON() {
-
-		String postJSON = String.format(" { \"perm\":  %s, \"role\": \"%s\"}", 
-				this.perm.toJSON(), 
-				this.getRole() );
-		logger.info( "returning JSON: " + postJSON);
-			
-		return postJSON;
-	}
-	
-	
+    static final Logger logger = Logger.getLogger(DmaapGrant.class);
+
+    private DmaapPerm perm;
+    private String role;
+
+    public DmaapGrant() {
+
+    }
+
+    public DmaapGrant(DmaapPerm p, String r) {
+        this.perm = p;
+        this.role = r;
+    }
+
+    public DmaapPerm getPerm() {
+        return perm;
+    }
+
+    public void setPerm(DmaapPerm perm) {
+        this.perm = perm;
+    }
+
+    public String getRole() {
+        return role;
+    }
+
+    public void setRole(String role) {
+        this.role = role;
+    }
+
+    public String toJSON() {
+
+        String postJSON = String.format(" { \"perm\":  %s, \"role\": \"%s\"}",
+                this.perm.toJSON(),
+                this.getRole());
+        logger.info("returning JSON: " + postJSON);
+
+        return postJSON;
+    }
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        DmaapGrant that = (DmaapGrant) o;
+        return Objects.equals(perm, that.perm) &&
+                Objects.equals(role, that.role);
+    }
+
+    @Override
+    public int hashCode() {
+
+        return Objects.hash(perm, role);
+    }
 }
diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapPerm.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapPerm.java
index 1893a71..1f57068 100644
--- a/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapPerm.java
+++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapPerm.java
@@ -7,9 +7,9 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -22,50 +22,71 @@ package org.onap.dmaap.dbcapi.aaf;
 
 import org.apache.log4j.Logger;
 
+import java.util.Objects;
 
-public class DmaapPerm extends AafObject  {
-	static final Logger logger = Logger.getLogger(DmaapPerm.class);
-	
-	private String 	permission;
-	private	String	ptype;
-	private	String	action;
-	
-	public DmaapPerm(String permission, String ptype, String action) {
-		super();
-		this.permission = permission;
-		this.ptype = ptype;
-		this.action = action;
-	}
-	public String getPermission() {
-		return permission;
-	}
-	public void setPermission(String permission) {
-		this.permission = permission;
-	}
-	public String getPtype() {
-		return ptype;
-	}
-	public void setPtype(String ptype) {
-		this.ptype = ptype;
-	}
-	public String getAction() {
-		return action;
-	}
-	public void setAction(String action) {
-		this.action = action;
-	}
-	public String toJSON() {
-
-		String postJSON = String.format(" { \"type\": \"%s\", \"instance\": \"%s\", \"action\": \"%s\"}", 
-				this.getPermission(), 
-				this.getPtype(),
-				this.getAction() );
-		logger.info( "returning JSON: " + postJSON);
-			
-		return postJSON;
-	}
-	
-	
-	
-	
+
+public class DmaapPerm extends AafObject {
+    static final Logger logger = Logger.getLogger(DmaapPerm.class);
+
+    private String permission;
+    private String ptype;
+    private String action;
+
+    public DmaapPerm(String permission, String ptype, String action) {
+        super();
+        this.permission = permission;
+        this.ptype = ptype;
+        this.action = action;
+    }
+
+    public String getPermission() {
+        return permission;
+    }
+
+    public void setPermission(String permission) {
+        this.permission = permission;
+    }
+
+    public String getPtype() {
+        return ptype;
+    }
+
+    public void setPtype(String ptype) {
+        this.ptype = ptype;
+    }
+
+    public String getAction() {
+        return action;
+    }
+
+    public void setAction(String action) {
+        this.action = action;
+    }
+
+    public String toJSON() {
+
+        String postJSON = String.format(" { \"type\": \"%s\", \"instance\": \"%s\", \"action\": \"%s\"}",
+                this.getPermission(),
+                this.getPtype(),
+                this.getAction());
+        logger.info("returning JSON: " + postJSON);
+
+        return postJSON;
+    }
+
+
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        DmaapPerm dmaapPerm = (DmaapPerm) o;
+        return Objects.equals(permission, dmaapPerm.permission) &&
+                Objects.equals(ptype, dmaapPerm.ptype) &&
+                Objects.equals(action, dmaapPerm.action);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(permission, ptype, action);
+    }
 }
diff --git a/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java b/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java
new file mode 100644
index 0000000..857b695
--- /dev/null
+++ b/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java
@@ -0,0 +1,133 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dmaap
+ * ================================================================================
+ * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dmaap.dbcapi.service;
+
+import org.onap.dmaap.dbcapi.aaf.AafService;
+import org.onap.dmaap.dbcapi.aaf.AafUserRole;
+import org.onap.dmaap.dbcapi.aaf.DmaapGrant;
+import org.onap.dmaap.dbcapi.aaf.DmaapPerm;
+import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
+import org.onap.dmaap.dbcapi.model.ApiError;
+import org.onap.dmaap.dbcapi.model.DmaapObject.DmaapObject_Status;
+import org.onap.dmaap.dbcapi.model.MR_Client;
+
+public class AafPermissionService extends BaseLoggingClass {
+
+    private final AafService aafService;
+    private final DmaapService dmaapService;
+
+    public AafPermissionService() {
+        this(new AafService(AafService.ServiceType.AAF_TopicMgr), new DmaapService());
+    }
+
+    AafPermissionService(AafService aafService, DmaapService dmaapService) {
+        this.aafService = aafService;
+        this.dmaapService = dmaapService;
+    }
+
+    void assignIdentityToRole(MR_Client client, String role, ApiError err) {
+        okStatus(err);
+        AafUserRole ur = new AafUserRole(client.getClientIdentity(), role);
+        client.setStatus(DmaapObject_Status.VALID);
+        int rc = aafService.addUserRole(ur);
+        if (rc != 201 && rc != 409) {
+            client.setStatus(DmaapObject_Status.INVALID);
+            assignClientToRoleError(err, rc, client.getClientIdentity(), role);
+        }
+    }
+
+    void grantClientRolePerms(MR_Client client, ApiError err) {
+
+        okStatus(err);
+        String instance = ":topic." + client.getFqtn();
+        client.setStatus(DmaapObject_Status.VALID);
+
+        for (String action : client.getAction()) {
+            if (client.getClientRole() != null) {
+                int rc = grantPermForClientRole(client.getClientRole(), instance, action);
+                if (rc != 201 && rc != 409) {
+                    client.setStatus(DmaapObject_Status.INVALID);
+                    grantPermsError(err, rc, dmaapService.getTopicPerm(), instance, action, client.getClientRole());
+                }
+
+            } else {
+                logger.warn("No Grant of " + permissionFullName(dmaapService.getTopicPerm(), instance, action) + " because role is null ");
+            }
+        }
+    }
+
+    void revokeClientPerms(MR_Client client, ApiError err) {
+        okStatus(err);
+        String instance = ":topic." + client.getFqtn();
+        client.setStatus(DmaapObject_Status.VALID);
+
+        for (String action : client.getAction()) {
+
+            int rc = revokePermForClientRole(client.getClientRole(), instance, action);
+
+            if (rc != 200 && rc != 404) {
+                client.setStatus(DmaapObject_Status.INVALID);
+                revokePermsError(err, rc, dmaapService.getTopicPerm(), instance, action, client.getClientRole());
+            }
+        }
+
+    }
+
+    private int grantPermForClientRole(String clientRole, String instance, String action) {
+        DmaapPerm perm = new DmaapPerm(dmaapService.getTopicPerm(), instance, action);
+        DmaapGrant g = new DmaapGrant(perm, clientRole);
+        return aafService.addGrant(g);
+    }
+
+    private int revokePermForClientRole(String clientRole, String instance, String action) {
+        DmaapPerm perm = new DmaapPerm(dmaapService.getTopicPerm(), instance, action);
+        DmaapGrant g = new DmaapGrant(perm, clientRole);
+        return aafService.delGrant(g);
+    }
+
+    private void assignClientToRoleError(ApiError err, int code, String clientIdentity, String role) {
+        err.setCode(code);
+        err.setMessage("Failed to add user " + clientIdentity + "  to " + role);
+        logger.warn(err.getMessage());
+    }
+
+    private void grantPermsError(ApiError err, int code, String permission, String instance, String action, String role) {
+        err.setCode(code);
+        err.setMessage("Grant of " + permissionFullName(permission, instance, action) + " failed for " + role);
+        logger.warn(err.getMessage());
+    }
+
+    private void revokePermsError(ApiError err, int code, String permission, String instance, String action, String role) {
+        err.setCode(code);
+        err.setMessage("Revoke of " + permissionFullName(permission, instance, action) + " failed for " + role);
+        logger.warn(err.getMessage());
+    }
+
+    private String permissionFullName(String permission, String instance, String action) {
+        return permission + "|" + instance + "|" + action;
+    }
+
+    private void okStatus(ApiError err) {
+        err.setCode(200);
+        err.setMessage("OK");
+    }
+
+}
author	pkaras <piotr.karas@nokia.com>	2019-05-30 11:11:54 +0200
committer	pkaras <piotr.karas@nokia.com>	2019-05-31 15:20:53 +0200
commit	45ccf584c8574e9f96dd6fa3b8016accf24fc541 (patch)
tree	6748b6e811dc5c29e66f4585c04a734dd9832858 /src/main/java/org
parent	d3994fb85f92d429b626013a0bd9f2ff69418c95 (diff)