diff options
Diffstat (limited to 'src/main/java/org/onap')
12 files changed, 295 insertions, 206 deletions
diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/AafEmpty.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafEmpty.java new file mode 100644 index 0000000..87e56c4 --- /dev/null +++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafEmpty.java @@ -0,0 +1,28 @@ +/*- + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.dmaap.dbcapi.aaf; + +class AafEmpty extends AafObject { + @Override + String toJSON() { + return ""; + } +} diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/AafService.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafService.java index 30efbf2..3f009f8 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/aaf/AafService.java +++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafService.java @@ -33,14 +33,15 @@ public interface AafService { int addPerm(DmaapPerm perm); + int delPerm(DmaapPerm perm, boolean force); + int addGrant(DmaapGrant grant); int addUserRole(AafUserRole ur); - int delGrant(DmaapGrant grant); - int addRole(AafRole role); - int addNamespace(AafNamespace ns); + + int delNamespace(AafNamespace ns, boolean force); } diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/AafServiceFactory.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafServiceFactory.java new file mode 100644 index 0000000..cfde19b --- /dev/null +++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafServiceFactory.java @@ -0,0 +1,86 @@ +/*- + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.dmaap.dbcapi.aaf; + +import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType; +import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; +import org.onap.dmaap.dbcapi.util.DmaapConfig; + +public class AafServiceFactory extends BaseLoggingClass { + + private final DmaapConfig dmaapConfig; + + public AafServiceFactory() { + this((DmaapConfig) DmaapConfig.getConfig()); + } + + AafServiceFactory(DmaapConfig dmaapConfig) { + this.dmaapConfig = dmaapConfig; + } + + public AafService initAafService(ServiceType serviceType) { + boolean useAaf = "true".equalsIgnoreCase(dmaapConfig.getProperty("UseAAF", "false")); + String aafUrl = dmaapConfig.getProperty("aaf.URL", "https://authentication.domain.netset.com:8100/proxy/"); + logger.info("AafService initAafService: useAaf={}, aafUrl={}", useAaf, aafUrl); + + AafCred cred = getCred(serviceType); + return new AafServiceImpl(useAaf, aafUrl, cred.getIdentity(), new AafConnection(cred.toString())); + } + + AafCred getCred(ServiceType ctype) { + String mechIdProperty; + String secretProperty; + AafDecrypt decryptor = new AafDecrypt(); + + if (ctype == ServiceType.AAF_Admin) { + mechIdProperty = "aaf.AdminUser"; + secretProperty = "aaf.AdminPassword"; + } else if (ctype == ServiceType.AAF_TopicMgr) { + mechIdProperty = "aaf.TopicMgrUser"; + secretProperty = "aaf.TopicMgrPassword"; + } else { + logger.error("Unexpected case for AAF credential type: " + ctype); + return null; + } + String identity = dmaapConfig.getProperty(mechIdProperty, "noMechId@domain.netset.com"); + String pwd = decryptor.decrypt(dmaapConfig.getProperty(secretProperty, "notSet")); + + return new AafCred(identity, pwd); + } + + class AafCred { + private final String identity; + private final String pwd; + + AafCred(String identity, String pwd) { + this.identity = identity; + this.pwd = pwd; + } + + public String getIdentity() { + return identity; + } + + public String toString() { + return identity + ":" + pwd; + } + } +} diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/AafServiceImpl.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafServiceImpl.java index 4397a88..1491818 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/aaf/AafServiceImpl.java +++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafServiceImpl.java @@ -22,166 +22,96 @@ package org.onap.dmaap.dbcapi.aaf; import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; import org.onap.dmaap.dbcapi.logging.DmaapbcLogMessageEnum; -import org.onap.dmaap.dbcapi.util.DmaapConfig; -public class AafServiceImpl extends BaseLoggingClass implements AafService { - public enum ServiceType { - AAF_Admin, - AAF_TopicMgr - } - - private AafConnection aaf; - private AafService.ServiceType ctype; - private String aafURL; - private String identity; - private boolean useAAF = false; - - - public String getIdentity() { - return identity; - } +import static java.lang.String.format; +public class AafServiceImpl extends BaseLoggingClass implements AafService { - public void setIdentity(String identity) { + private static final int CREATED = 201; + private static final int OK = 200; + private static final String FORCE = "?force=true"; + private final String aafUrl; + private final String identity; + private final boolean useAAF; + private final AafConnection aafConnection; + + AafServiceImpl(boolean useAaf, String aafUrl, String identity, AafConnection aafConnection) { + this.useAAF = useAaf; + this.aafUrl = aafUrl; this.identity = identity; + this.aafConnection = aafConnection; } - - private String getCred(boolean wPwd) { - String mechIdProperty = null; - String pwdProperty = null; - DmaapConfig p = (DmaapConfig) DmaapConfig.getConfig(); - AafDecrypt decryptor = new AafDecrypt(); - - if (ctype == AafService.ServiceType.AAF_Admin) { - mechIdProperty = "aaf.AdminUser"; - pwdProperty = "aaf.AdminPassword"; - } else if (ctype == AafService.ServiceType.AAF_TopicMgr) { - mechIdProperty = "aaf.TopicMgrUser"; - pwdProperty = "aaf.TopicMgrPassword"; - } else { - logger.error("Unexpected case for AAF credential type: " + ctype); - return null; - } - identity = p.getProperty(mechIdProperty, "noMechId@domain.netset.com"); - - String pwd = ""; - String encPwd = p.getProperty(pwdProperty, "notSet"); - - - pwd = decryptor.decrypt(encPwd); - - if (wPwd) { - return identity + ":" + pwd; - } else { - return identity; - } - - - } - - - public AafServiceImpl(AafService.ServiceType t) { - DmaapConfig p = (DmaapConfig) DmaapConfig.getConfig(); - aafURL = p.getProperty("aaf.URL", "https://authentication.domain.netset.com:8100/proxy/"); - initAafService(t); - } - - public AafServiceImpl(AafService.ServiceType t, String url) { - aafURL = url; - initAafService(t); - } - - private void initAafService(AafService.ServiceType t) { - DmaapConfig p = (DmaapConfig) DmaapConfig.getConfig(); - useAAF = "true".equalsIgnoreCase(p.getProperty("UseAAF", "false")); - logger.info("AafService initAafService: useAAF=" + useAAF); - - ctype = t; - aaf = new AafConnection(getCred(true)); + @Override + public String getIdentity() { + return identity; } + @Override public int addPerm(DmaapPerm perm) { logger.info("entry: addPerm() "); - return doPost(perm, "authz/perm", 201); + return doPost(perm, "authz/perm", CREATED); + } + + @Override + public int delPerm(DmaapPerm perm, boolean force) { + logger.info("entry: delPerm()"); + return doDelete(new AafEmpty(), format( + "authz/perm/%s/%s/%s%s", + perm.getPermission(), perm.getPtype(), perm.getAction(), force ? FORCE : ""), OK); } + @Override public int addGrant(DmaapGrant grant) { logger.info("entry: addGrant() "); - return doPost(grant, "authz/role/perm", 201); + return doPost(grant, "authz/role/perm", CREATED); } + @Override public int addUserRole(AafUserRole ur) { logger.info("entry: addUserRole() "); - return doPost(ur, "authz/userRole", 201); - } - - public int delGrant(DmaapGrant grant) { - int rc = -1; - logger.info("entry: delGrant() "); - - String pURL = aafURL + "authz/role/:" + grant.getRole() + "/perm"; - - if (useAAF) { - rc = aaf.delAaf(grant, pURL); - } else { - rc = 200; - } - switch (rc) { - case 401: - case 403: - errorLogger.error(DmaapbcLogMessageEnum.AAF_CREDENTIAL_ERROR, getCred(false)); - System.exit(1); - break; - - case 404: - logger.warn("Perm not found...ignore"); - break; - - case 200: - logger.info("expected response"); - break; - default: - logger.error("Unexpected response: " + rc); - break; - } - - return rc; + return doPost(ur, "authz/userRole", CREATED); } + @Override public int addRole(AafRole role) { logger.info("entry: addRole() "); - return doPost(role, "authz/role", 201); + return doPost(role, "authz/role", CREATED); } - + @Override public int addNamespace(AafNamespace ns) { logger.info("entry: addNamespace() "); - return doPost(ns, "authz/ns", 201); + return doPost(ns, "authz/ns", CREATED); } + @Override + public int delNamespace(AafNamespace ns, boolean force) { + logger.info("entry: delNamespace()"); + return doDelete(new AafEmpty(), format( + "authz/ns/%s%s", + ns.getName(), force ? FORCE : ""), OK); + } private int doPost(AafObject obj, String uri, int expect) { - int rc = -1; + int rc; logger.info("entry: doPost() "); - String pURL = aafURL + uri; + String pURL = aafUrl + uri; logger.info("doPost: useAAF=" + useAAF); if (useAAF) { logger.info("doPost: " + obj.toJSON()); - rc = aaf.postAaf(obj, pURL); + rc = aafConnection.postAaf(obj, pURL); } else { rc = expect; } switch (rc) { case 401: case 403: - errorLogger.error(DmaapbcLogMessageEnum.AAF_CREDENTIAL_ERROR, getCred(false)); - System.exit(1); + errorLogger.error(DmaapbcLogMessageEnum.AAF_CREDENTIAL_ERROR, identity); + break; case 409: logger.warn("Object for " + uri + " already exists. Possible conflict."); break; - - default: if (rc == expect) { logger.info("expected response: " + rc); @@ -193,4 +123,41 @@ public class AafServiceImpl extends BaseLoggingClass implements AafService { return rc; } + + private int doDelete(AafObject obj, String uri, int expect) { + int rc; + String pURL = aafUrl + uri; + if (useAAF) { + logger.info("doDelete: " + obj.toJSON()); + rc = aafConnection.delAaf(obj, pURL); + } else { + rc = expect; + } + switch (rc) { + case 401: + case 403: + errorLogger.error(DmaapbcLogMessageEnum.AAF_CREDENTIAL_ERROR, identity); + break; + case 404: + logger.warn("Object not found...ignore"); + break; + case OK: + logger.info("expected response"); + break; + default: + logger.error("Unexpected response: " + rc); + break; + } + + return rc; + } + + String getAafUrl() { + return aafUrl; + } + + boolean isUseAAF() { + return useAAF; + } + }
\ No newline at end of file diff --git a/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java b/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java index 02bab63..b082102 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java +++ b/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java @@ -26,7 +26,7 @@ import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import org.onap.dmaap.dbcapi.aaf.AafService; -import org.onap.dmaap.dbcapi.aaf.AafServiceImpl; +import org.onap.dmaap.dbcapi.aaf.AafServiceFactory; import org.onap.dmaap.dbcapi.aaf.DmaapGrant; import org.onap.dmaap.dbcapi.aaf.DmaapPerm; import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType; @@ -90,7 +90,7 @@ public class ApiPerms extends BaseLoggingClass { DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig(); String api = p.getProperty("ApiNamespace", "apiNamespace.not.set"); - AafService aaf = new AafServiceImpl(ServiceType.AAF_Admin); + AafService aaf = new AafServiceFactory().initAafService(ServiceType.AAF_Admin); for ( int i = 0; i < pmap.length ; i++ ) { String uri = new String( api + "." + pmap[i].getUri()); diff --git a/src/main/java/org/onap/dmaap/dbcapi/model/MR_Client.java b/src/main/java/org/onap/dmaap/dbcapi/model/MR_Client.java index f182fd6..0631f07 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/model/MR_Client.java +++ b/src/main/java/org/onap/dmaap/dbcapi/model/MR_Client.java @@ -64,11 +64,11 @@ public class MR_Client extends DmaapObject { this.clientRole = cR; int i = 0; - if ( this.action == null ) { + if (a != null) { this.action = new String[a.length]; - } - for( String aa : a ) { - this.action[i++] = new String( aa ); + for (String aa : a) { + this.action[i++] = new String(aa); + } } this.setStatus( DmaapObject_Status.NEW ); this.mrClientId = DatabaseClass.getNextClientId(); diff --git a/src/main/java/org/onap/dmaap/dbcapi/resources/MR_ClientResource.java b/src/main/java/org/onap/dmaap/dbcapi/resources/MR_ClientResource.java index 6df8ef6..80ee0a6 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/resources/MR_ClientResource.java +++ b/src/main/java/org/onap/dmaap/dbcapi/resources/MR_ClientResource.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -24,8 +24,14 @@ import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponses; - -import java.util.List; +import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; +import org.onap.dmaap.dbcapi.model.ApiError; +import org.onap.dmaap.dbcapi.model.MR_Client; +import org.onap.dmaap.dbcapi.model.MR_Cluster; +import org.onap.dmaap.dbcapi.model.Topic; +import org.onap.dmaap.dbcapi.service.MR_ClientService; +import org.onap.dmaap.dbcapi.service.MR_ClusterService; +import org.onap.dmaap.dbcapi.service.TopicService; import javax.ws.rs.Consumes; import javax.ws.rs.DELETE; @@ -39,15 +45,7 @@ import javax.ws.rs.core.GenericEntity; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; - -import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; -import org.onap.dmaap.dbcapi.model.ApiError; -import org.onap.dmaap.dbcapi.model.MR_Client; -import org.onap.dmaap.dbcapi.model.MR_Cluster; -import org.onap.dmaap.dbcapi.model.Topic; -import org.onap.dmaap.dbcapi.service.MR_ClientService; -import org.onap.dmaap.dbcapi.service.MR_ClusterService; -import org.onap.dmaap.dbcapi.service.TopicService; +import java.util.List; import static javax.ws.rs.core.Response.Status.NO_CONTENT; @@ -118,15 +116,7 @@ public class MR_ClientResource extends BaseLoggingClass { logger.warn(apiError.toString()); return responseBuilder.error(apiError); } - String url = cluster.getFqdn(); - if ( url == null || url.isEmpty() ) { - apiError.setCode(Status.BAD_REQUEST.getStatusCode()); - apiError.setMessage("FQDN not set for dcaeLocation " + client.getDcaeLocationName() ); - apiError.setFields("fqdn"); - logger.warn(apiError.toString()); - return responseBuilder.error(apiError); - } TopicService topics = new TopicService(); Topic t = topics.getTopic(client.getFqtn(), apiError); @@ -189,12 +179,6 @@ public class MR_ClientResource extends BaseLoggingClass { public Response deleteMr_Client(@PathParam("subId") String id){ ApiError apiError = new ApiError(); - try { - checker.required( "clientId", id); - } catch ( RequiredFieldException rfe ) { - logger.debug( rfe.getApiError().toString() ); - return responseBuilder.error(rfe.getApiError()); - } mr_clientService.removeMr_Client(id, true, apiError); if (apiError.is2xx()) { return responseBuilder.success(NO_CONTENT.getStatusCode(), null); @@ -212,15 +196,9 @@ public class MR_ClientResource extends BaseLoggingClass { @ApiResponse( code = 400, message = "Error", response = ApiError.class ) }) @Path("/{subId}") - public Response test(@PathParam("subId") String id) { + public Response getMr_Client(@PathParam("subId") String id) { ApiError apiError = new ApiError(); - try { - checker.required( "clientId", id); - } catch ( RequiredFieldException rfe ) { - logger.debug( rfe.getApiError().toString() ); - return responseBuilder.error(rfe.getApiError()); - } MR_Client nClient = mr_clientService.getMr_Client(id, apiError); if (apiError.is2xx()) { return responseBuilder.success(nClient); diff --git a/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java b/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java index 0be6c28..1997633 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java +++ b/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java @@ -21,7 +21,6 @@ package org.onap.dmaap.dbcapi.service; import org.onap.dmaap.dbcapi.aaf.AafService; -import org.onap.dmaap.dbcapi.aaf.AafServiceImpl; import org.onap.dmaap.dbcapi.aaf.AafUserRole; import org.onap.dmaap.dbcapi.aaf.DmaapGrant; import org.onap.dmaap.dbcapi.aaf.DmaapPerm; @@ -32,16 +31,12 @@ import org.onap.dmaap.dbcapi.model.MR_Client; import static java.lang.String.format; -public class AafPermissionService extends BaseLoggingClass { +class AafPermissionService extends BaseLoggingClass { private static final String INSTANCE_PREFIX = ":topic."; private final AafService aafService; private final DmaapService dmaapService; - public AafPermissionService() { - this(new AafServiceImpl(AafService.ServiceType.AAF_TopicMgr), new DmaapService()); - } - AafPermissionService(AafService aafService, DmaapService dmaapService) { this.aafService = aafService; this.dmaapService = dmaapService; @@ -61,10 +56,6 @@ public class AafPermissionService extends BaseLoggingClass { return forEachClientAction(client, this::grantPermForClientRole); } - ApiError revokeClientPerms(MR_Client client) { - return forEachClientAction(client, this::revokePermForClientRole); - } - private ApiError forEachClientAction(MR_Client client, PermissionUpdate permissionUpdate) { try { String instance = INSTANCE_PREFIX + client.getFqtn(); @@ -93,16 +84,6 @@ public class AafPermissionService extends BaseLoggingClass { } } - private void revokePermForClientRole(String clientRole, String instance, String action) throws PermissionServiceException { - DmaapPerm perm = new DmaapPerm(dmaapService.getTopicPerm(), instance, action); - DmaapGrant g = new DmaapGrant(perm, clientRole); - int code = aafService.delGrant(g); - if (code != 200 && code != 404) { - throw new PermissionServiceException(code, format("Revoke of %s|%s|%s failed for %s", - dmaapService.getTopicPerm(), instance, action, clientRole)); - } - } - private ApiError handleErrorStatus(int code, MR_Client client, String message) { ApiError apiError = new ApiError(code, message); client.setStatus(DmaapObject_Status.INVALID); diff --git a/src/main/java/org/onap/dmaap/dbcapi/service/AafTopicSetupService.java b/src/main/java/org/onap/dmaap/dbcapi/service/AafTopicSetupService.java index 7608557..16ffa08 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/service/AafTopicSetupService.java +++ b/src/main/java/org/onap/dmaap/dbcapi/service/AafTopicSetupService.java @@ -27,19 +27,21 @@ import org.onap.dmaap.dbcapi.aaf.DmaapPerm; import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; import org.onap.dmaap.dbcapi.model.ApiError; import org.onap.dmaap.dbcapi.model.Topic; +import org.onap.dmaap.dbcapi.util.DmaapConfig; import static java.lang.String.format; +import static org.apache.commons.lang3.StringUtils.isNumeric; class AafTopicSetupService extends BaseLoggingClass { private final AafService aafService; private final DmaapService dmaapService; - private final boolean createTopicRoles; + private final DmaapConfig dmaapConfig; - AafTopicSetupService(AafService aafService, DmaapService dmaapService, boolean createTopicRoles) { + AafTopicSetupService(AafService aafService, DmaapService dmaapService, DmaapConfig dmaapConfig) { this.aafService = aafService; this.dmaapService = dmaapService; - this.createTopicRoles = createTopicRoles; + this.dmaapConfig = dmaapConfig; } ApiError aafTopicSetup(Topic topic) { @@ -55,7 +57,7 @@ class AafTopicSetupService extends BaseLoggingClass { // For backwards compatibility, only do this if the feature is enabled. // Also, if the namespace of the topic is a foreign namespace, (i.e. not the same as our root ns) // then we likely don't have permission to create sub-ns and Roles so don't try. - if (createTopicRoles && topic.getFqtn().startsWith(getTopicsNsRoot())) { + if (createTopicRoles() && topic.getFqtn().startsWith(getTopicsNsRoot())) { createNamespace(topic); AafRole pubRole = createRole(topic, "publisher"); @@ -78,6 +80,25 @@ class AafTopicSetupService extends BaseLoggingClass { return okStatus(); } + ApiError aafTopicCleanup(Topic topic) { + try { + if (performCleanup()) { + String instance = ":topic." + topic.getFqtn(); + String topicPerm = dmaapService.getTopicPerm(); + removePermission(topicPerm, instance, "pub"); + removePermission(topicPerm, instance, "sub"); + removePermission(topicPerm, instance, "view"); + + if (createTopicRoles() && topic.getFqtn().startsWith(getTopicsNsRoot())) { + removeNamespace(topic); + } + } + } catch (TopicSetupException ex) { + return new ApiError(ex.getCode(), ex.getMessage(), ex.getFields()); + } + return okStatus(); + } + private String getTopicsNsRoot() throws TopicSetupException { String nsr = dmaapService.getDmaap().getTopicNsRoot(); if (nsr == null) { @@ -119,9 +140,8 @@ class AafTopicSetupService extends BaseLoggingClass { } private AafRole createRole(Topic topic, String roleName) throws TopicSetupException { - int rc; AafRole role = new AafRole(topic.getFqtn(), roleName); - rc = aafService.addRole(role); + int rc = aafService.addRole(role); if (rc != 201 && rc != 409) { throw new TopicSetupException(500, format("Unexpected response from AAF: %d topic=%s role=%s", @@ -130,11 +150,44 @@ class AafTopicSetupService extends BaseLoggingClass { return role; } + private void removePermission(String permission, String instance, String action) throws TopicSetupException { + DmaapPerm perm = new DmaapPerm(permission, instance, action); + int rc = aafService.delPerm(perm, true); + if (rc != 200 && rc != 404) { + throw new TopicSetupException(500, + format("Unexpected response from AAF: %d permission=%s instance=%s action=%s", + rc, perm, instance, action)); + } + } + + private void removeNamespace(Topic topic) throws TopicSetupException { + AafNamespace ns = new AafNamespace(topic.getFqtn(), aafService.getIdentity()); + int rc = aafService.delNamespace(ns, true); + if (rc != 200 && rc != 404) { + throw new TopicSetupException(500, + format("Unexpected response from AAF: %d namespace=%s identity=%s", + rc, topic.getFqtn(), aafService.getIdentity())); + } + } + private ApiError okStatus() { return new ApiError(200, "OK"); } + private boolean createTopicRoles() { + return "true".equalsIgnoreCase(dmaapConfig.getProperty("aaf.CreateTopicRoles", "true")); + } + + private boolean performCleanup() { + String deleteLevel = dmaapConfig.getProperty("MR.ClientDeleteLevel", "0"); + if (!isNumeric(deleteLevel)) { + return false; + } + return Integer.valueOf(deleteLevel) >= 2; + } + private class TopicSetupException extends Exception { + private final int code; private final String message; private final String fields; diff --git a/src/main/java/org/onap/dmaap/dbcapi/service/DmaapService.java b/src/main/java/org/onap/dmaap/dbcapi/service/DmaapService.java index 92455cd..c54fce8 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/service/DmaapService.java +++ b/src/main/java/org/onap/dmaap/dbcapi/service/DmaapService.java @@ -24,7 +24,7 @@ package org.onap.dmaap.dbcapi.service; import java.util.ArrayList; import org.onap.dmaap.dbcapi.aaf.AafService; -import org.onap.dmaap.dbcapi.aaf.AafServiceImpl; +import org.onap.dmaap.dbcapi.aaf.AafServiceFactory; import org.onap.dmaap.dbcapi.aaf.DmaapGrant; import org.onap.dmaap.dbcapi.aaf.DmaapPerm; import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType; @@ -86,7 +86,7 @@ public class DmaapService extends BaseLoggingClass { nd.setLastMod(); dmaapholder.update(nd); - AafService aaf = new AafServiceImpl( ServiceType.AAF_Admin); + AafService aaf = new AafServiceFactory().initAafService(ServiceType.AAF_Admin); ApiPolicy apiPolicy = new ApiPolicy(); if ( apiPolicy.isPermissionClassSet() ) { ApiPerms p = new ApiPerms(); @@ -135,7 +135,7 @@ public class DmaapService extends BaseLoggingClass { ApiPerms p = new ApiPerms(); p.setEnvMap(); } - AafService aaf = new AafServiceImpl( ServiceType.AAF_Admin); + AafService aaf = new AafServiceFactory().initAafService(ServiceType.AAF_Admin); if ( multiSite ) { anythingWrong = setTopicMgtPerms( nd, aaf ) || createMmaTopic(); } diff --git a/src/main/java/org/onap/dmaap/dbcapi/service/MR_ClientService.java b/src/main/java/org/onap/dmaap/dbcapi/service/MR_ClientService.java index 5fe6b66..bcf5408 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/service/MR_ClientService.java +++ b/src/main/java/org/onap/dmaap/dbcapi/service/MR_ClientService.java @@ -23,7 +23,7 @@ package org.onap.dmaap.dbcapi.service; import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType; -import org.onap.dmaap.dbcapi.aaf.AafServiceImpl; +import org.onap.dmaap.dbcapi.aaf.AafServiceFactory; import org.onap.dmaap.dbcapi.client.MrProvConnection; import org.onap.dmaap.dbcapi.database.DatabaseClass; import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; @@ -49,7 +49,7 @@ public class MR_ClientService extends BaseLoggingClass { private Map<String, DcaeLocation> locations = DatabaseClass.getDcaeLocations(); private DmaapService dmaap = new DmaapService(); private AafPermissionService aafPermissionService = - new AafPermissionService(new AafServiceImpl(ServiceType.AAF_TopicMgr), dmaap); + new AafPermissionService(new AafServiceFactory().initAafService(ServiceType.AAF_TopicMgr), dmaap); private String centralCname; public MR_ClientService() { @@ -85,7 +85,6 @@ public class MR_ClientService extends BaseLoggingClass { return results; } - public MR_Client getMr_Client(String key, ApiError apiError) { MR_Client c = mr_clients.get(key); if (c == null) { @@ -221,13 +220,6 @@ public class MR_ClientService extends BaseLoggingClass { } - // remove from AAF - if (deleteLevel >= 2) { - updateApiError(apiError, aafPermissionService.revokeClientPerms(client)); - if (!apiError.is2xx()) { - return; - } - } // remove from DB if (deleteLevel >= 1) { mr_clients.remove(key); diff --git a/src/main/java/org/onap/dmaap/dbcapi/service/TopicService.java b/src/main/java/org/onap/dmaap/dbcapi/service/TopicService.java index 3386b97..009b745 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/service/TopicService.java +++ b/src/main/java/org/onap/dmaap/dbcapi/service/TopicService.java @@ -23,7 +23,7 @@ package org.onap.dmaap.dbcapi.service; import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType; -import org.onap.dmaap.dbcapi.aaf.AafServiceImpl; +import org.onap.dmaap.dbcapi.aaf.AafServiceFactory; import org.onap.dmaap.dbcapi.database.DatabaseClass; import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; import org.onap.dmaap.dbcapi.logging.DmaapbcLogMessageEnum; @@ -71,10 +71,8 @@ public class TopicService extends BaseLoggingClass { this(DatabaseClass.getTopics(), new MR_ClientService(), (DmaapConfig) DmaapConfig.getConfig(), new MR_ClusterService(), new DcaeLocationService(), new MirrorMakerService(), new AafTopicSetupService( - new AafServiceImpl(ServiceType.AAF_TopicMgr), - dmaapSvc, - "true".equalsIgnoreCase(DmaapConfig.getConfig().getProperty("aaf.CreateTopicRoles", "true")))); - + new AafServiceFactory().initAafService(ServiceType.AAF_TopicMgr), + dmaapSvc, (DmaapConfig) DmaapConfig.getConfig())); } TopicService(Map<String, Topic> mr_topics, MR_ClientService clientService, DmaapConfig p, @@ -246,11 +244,16 @@ public class TopicService extends BaseLoggingClass { apiError.setFields("fqtn"); return null; } + + ApiError topicSetupError = aafTopicSetupService.aafTopicCleanup(topic); + updateApiError(apiError, topicSetupError); + if (apiError.getCode() >= 400) { + return null; + } + ArrayList<MR_Client> clients = new ArrayList<MR_Client>(clientService.getAllMrClients(pubId)); for (Iterator<MR_Client> it = clients.iterator(); it.hasNext(); ) { MR_Client c = it.next(); - - clientService.removeMr_Client(c.getMrClientId(), false, apiError); if (!apiError.is2xx()) { return null; |