Able to disable feature for creating Topic Roles

Patchset 2: increment version Change-Id: Ib7b4af0164643940bba608d743b42b350af44363 Signed-off-by: dglFromAtt <dgl@research.att.com> Issue-ID: DMAAP-1027 Signed-off-by: dglFromAtt <dgl@research.att.com>
author: dglFromAtt <dgl@research.att.com> 2019-02-06 20:21:04 -0500
committer: dglFromAtt <dgl@research.att.com> 2019-02-06 20:33:28 -0500
commit: 695695493b86a2fe925b6db0c381288ef6b3c0c1 (patch)
tree: 593c639f89f52c71cd7bddbf3211a0a2eabcbc4f /src
parent: 022f4cde96a57fdc6f002e09ae5d9b314e4150e3 (diff)
1 files changed, 67 insertions, 55 deletions
diff --git a/src/main/java/org/onap/dmaap/dbcapi/service/TopicService.java b/src/main/java/org/onap/dmaap/dbcapi/service/TopicService.java
index 8ade70f..eeffa5b 100644
--- a/src/main/java/org/onap/dmaap/dbcapi/service/TopicService.java
+++ b/src/main/java/org/onap/dmaap/dbcapi/service/TopicService.java
@@ -69,16 +69,19 @@ public class TopicService extends BaseLoggingClass {
 	private MirrorMakerService	bridge = new MirrorMakerService();
 	
 	private static String centralCname;
+	private static boolean createTopicRoles;
 
 
 	public TopicService(){
 		DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig();
 		defaultGlobalMrHost = p.getProperty("MR.globalHost", "global.host.not.set");
 		centralCname = p.getProperty("MR.CentralCname");
+		createTopicRoles = "true".equalsIgnoreCase(p.getProperty("aaf.CreateTopicRoles", "true"));
 
 		
 		logger.info( "TopicService properties: CentralCname=" + centralCname + 
-				"   defaultGlobarlMrHost=" + defaultGlobalMrHost  );
+				"   defaultGlobarlMrHost=" + defaultGlobalMrHost +
+				" createTopicRoles=" + createTopicRoles );
 	}
 	
 	public Map<String, Topic> getTopics() {			
@@ -118,9 +121,9 @@ public class TopicService extends BaseLoggingClass {
 	}
 	
 	private void aafTopicSetup(Topic topic, ApiError err ) {
-
-		String t = dmaapSvc.getTopicPerm();
-		if ( t == null ) {
+		
+		String nsr = dmaapSvc.getDmaap().getTopicNsRoot();
+		if ( nsr == null ) {
 			err.setCode(500);
 			err.setMessage("Unable to establish AAF namespace root: (check /dmaap object)"  );
 			err.setFields("topicNsRoot");
@@ -130,76 +133,85 @@ public class TopicService extends BaseLoggingClass {
 		// establish AAF Connection using TopicMgr identity
 		AafService aaf = new AafService(ServiceType.AAF_TopicMgr);
 		
-
+		AafRole pubRole = null;
+		AafRole subRole = null;
 		
-		// create AAF namespace for this topic
-		AafNamespace ns = new AafNamespace( topic.getFqtn(), aaf.getIdentity());
-		{
-			int rc = aaf.addNamespace( ns );
+		// creating Topic Roles was not an original feature.
+		// For backwards compatibility, only do this if the feature is enabled.
+		// Also, if the namespace of the topic is a foreign namespace, (i.e. not the same as our root ns)
+		// then we likely don't have permission to create sub-ns and Roles so don't try.
+		if ( createTopicRoles && topic.getFqtn().startsWith(nsr)) {
+			// create AAF namespace for this topic
+			AafNamespace ns = new AafNamespace( topic.getFqtn(), aaf.getIdentity());
+			{
+				int rc = aaf.addNamespace( ns );
+				if ( rc != 201 && rc != 409 ) {
+					err.setCode(500);
+					err.setMessage("Unexpected response from AAF:" + rc );
+					err.setFields("namespace:" + topic.getFqtn() + " identity="+ aaf.getIdentity());
+					return;
+				}
+			}
+			
+			// create AAF Roles for MR clients of this topic
+			String rn = "publisher";
+			pubRole = new AafRole( topic.getFqtn(), rn );
+			int rc = aaf.addRole( pubRole );
 			if ( rc != 201 && rc != 409 ) {
 				err.setCode(500);
 				err.setMessage("Unexpected response from AAF:" + rc );
-				err.setFields("namespace:" + topic.getFqtn() + " identity="+ aaf.getIdentity());
+				err.setFields("topic:" + topic.getFqtn() + " role="+ rn);
 				return;
 			}
+			topic.setPublisherRole( pubRole.getFullyQualifiedRole() );
+			
+			rn = "subscriber";
+			subRole = new AafRole( topic.getFqtn(), rn );
+			rc = aaf.addRole( subRole );
+			if ( rc != 201 && rc != 409 ) {
+				err.setCode(500);
+				err.setMessage("Unexpected response from AAF:" + rc );
+				err.setFields("topic:" + topic.getFqtn() + " role="+ rn);
+				return;
+			}
+			topic.setSubscriberRole( subRole.getFullyQualifiedRole() );
 		}
-		
-		// create AAF Roles for MR clients of this topic
-		String rn = "publisher";
-		AafRole pubRole = new AafRole( topic.getFqtn(), rn );
-		int rc = aaf.addRole( pubRole );
-		if ( rc != 201 && rc != 409 ) {
-			err.setCode(500);
-			err.setMessage("Unexpected response from AAF:" + rc );
-			err.setFields("topic:" + topic.getFqtn() + " role="+ rn);
-			return;
-		}
-		topic.setPublisherRole( pubRole.getFullyQualifiedRole() );
-		
-		rn = "subscriber";
-		AafRole subRole = new AafRole( topic.getFqtn(), rn );
-		rc = aaf.addRole( subRole );
-		if ( rc != 201 && rc != 409 ) {
-			err.setCode(500);
-			err.setMessage("Unexpected response from AAF:" + rc );
-			err.setFields("topic:" + topic.getFqtn() + " role="+ rn);
-			return;
-		}
-		topic.setSubscriberRole( subRole.getFullyQualifiedRole() );
 	
-		
 		// create AAF perms checked by MR
 		String instance = ":topic." + topic.getFqtn();
 		String[] actions = { "pub", "sub", "view" };
+		String t = dmaapSvc.getTopicPerm();
 		for ( String action : actions ){
 			DmaapPerm perm = new DmaapPerm( t, instance, action );
-			rc = aaf.addPerm( perm );
+			int rc = aaf.addPerm( perm );
 			if ( rc != 201 && rc != 409 ) {
 				err.setCode(500);
 				err.setMessage("Unexpected response from AAF:" + rc );
 				err.setFields("t="+t + " instance="+ instance + " action="+ action);
 				return;
 			}
-			// Grant perms to our default Roles
-			if ( action.equals( "pub") || action.equals( "view") ) {
-				DmaapGrant g = new DmaapGrant( perm, pubRole.getFullyQualifiedRole() );
-				rc = aaf.addGrant( g );
-				if ( rc != 201 && rc != 409 ) {
-					err.setCode(rc);
-					err.setMessage( "Grant of " + perm.toString() + " failed for " + pubRole.getFullyQualifiedRole() );
-					logger.warn( err.getMessage());
-					return;
-				} 
-			}
-			if ( action.equals( "sub") || action.equals( "view") ) {
-				DmaapGrant g = new DmaapGrant( perm, subRole.getFullyQualifiedRole() );
-				rc = aaf.addGrant( g );
-				if ( rc != 201 && rc != 409 ) {
-					err.setCode(rc);
-					err.setMessage( "Grant of " + perm.toString() + " failed for " + subRole.getFullyQualifiedRole() );
-					logger.warn( err.getMessage());
-					return;
-				} 
+			if ( createTopicRoles )	{
+				// Grant perms to our default Roles
+				if ( action.equals( "pub") || action.equals( "view") ) {
+					DmaapGrant g = new DmaapGrant( perm, pubRole.getFullyQualifiedRole() );
+					rc = aaf.addGrant( g );
+					if ( rc != 201 && rc != 409 ) {
+						err.setCode(rc);
+						err.setMessage( "Grant of " + perm.toString() + " failed for " + pubRole.getFullyQualifiedRole() );
+						logger.warn( err.getMessage());
+						return;
+					} 
+				}
+				if ( action.equals( "sub") || action.equals( "view") ) {
+					DmaapGrant g = new DmaapGrant( perm, subRole.getFullyQualifiedRole() );
+					rc = aaf.addGrant( g );
+					if ( rc != 201 && rc != 409 ) {
+						err.setCode(rc);
+						err.setMessage( "Grant of " + perm.toString() + " failed for " + subRole.getFullyQualifiedRole() );
+						logger.warn( err.getMessage());
+						return;
+					} 
+				}
 			}
 
 		}
author	dglFromAtt <dgl@research.att.com>	2019-02-06 20:21:04 -0500
committer	dglFromAtt <dgl@research.att.com>	2019-02-06 20:33:28 -0500
commit	695695493b86a2fe925b6db0c381288ef6b3c0c1 (patch)
tree	593c639f89f52c71cd7bddbf3211a0a2eabcbc4f /src
parent	022f4cde96a57fdc6f002e09ae5d9b314e4150e3 (diff)