diff options
Diffstat (limited to 'src/main/java/org')
4 files changed, 277 insertions, 94 deletions
diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/AafUserRole.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafUserRole.java index 7b4f882..859ae13 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/aaf/AafUserRole.java +++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafUserRole.java @@ -22,6 +22,8 @@ package org.onap.dmaap.dbcapi.aaf; import org.apache.log4j.Logger; +import java.util.Objects; + public class AafUserRole extends AafObject { static final Logger logger = Logger.getLogger(AafUserRole.class); @@ -62,8 +64,20 @@ public class AafUserRole extends AafObject { return postJSON; } - - - - + + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + AafUserRole that = (AafUserRole) o; + return Objects.equals(identity, that.identity) && + Objects.equals(role, that.role); + } + + @Override + public int hashCode() { + + return Objects.hash(identity, role); + } } diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapGrant.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapGrant.java index 90668be..bcee2a3 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapGrant.java +++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapGrant.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -22,46 +22,61 @@ package org.onap.dmaap.dbcapi.aaf; import org.apache.log4j.Logger; +import java.util.Objects; + public class DmaapGrant extends AafObject { - static final Logger logger = Logger.getLogger(DmaapGrant.class); - - private DmaapPerm perm; - private String role; - - public DmaapGrant(){ - - } - - public DmaapGrant( DmaapPerm p, String r ) { - this.perm = p; - this.role = r; - } - - public DmaapPerm getPerm() { - return perm; - } - - public void setPerm(DmaapPerm perm) { - this.perm = perm; - } - - public String getRole() { - return role; - } - - public void setRole(String role) { - this.role = role; - } - - public String toJSON() { - - String postJSON = String.format(" { \"perm\": %s, \"role\": \"%s\"}", - this.perm.toJSON(), - this.getRole() ); - logger.info( "returning JSON: " + postJSON); - - return postJSON; - } - - + static final Logger logger = Logger.getLogger(DmaapGrant.class); + + private DmaapPerm perm; + private String role; + + public DmaapGrant() { + + } + + public DmaapGrant(DmaapPerm p, String r) { + this.perm = p; + this.role = r; + } + + public DmaapPerm getPerm() { + return perm; + } + + public void setPerm(DmaapPerm perm) { + this.perm = perm; + } + + public String getRole() { + return role; + } + + public void setRole(String role) { + this.role = role; + } + + public String toJSON() { + + String postJSON = String.format(" { \"perm\": %s, \"role\": \"%s\"}", + this.perm.toJSON(), + this.getRole()); + logger.info("returning JSON: " + postJSON); + + return postJSON; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + DmaapGrant that = (DmaapGrant) o; + return Objects.equals(perm, that.perm) && + Objects.equals(role, that.role); + } + + @Override + public int hashCode() { + + return Objects.hash(perm, role); + } } diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapPerm.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapPerm.java index 1893a71..1f57068 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapPerm.java +++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/DmaapPerm.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -22,50 +22,71 @@ package org.onap.dmaap.dbcapi.aaf; import org.apache.log4j.Logger; +import java.util.Objects; -public class DmaapPerm extends AafObject { - static final Logger logger = Logger.getLogger(DmaapPerm.class); - - private String permission; - private String ptype; - private String action; - - public DmaapPerm(String permission, String ptype, String action) { - super(); - this.permission = permission; - this.ptype = ptype; - this.action = action; - } - public String getPermission() { - return permission; - } - public void setPermission(String permission) { - this.permission = permission; - } - public String getPtype() { - return ptype; - } - public void setPtype(String ptype) { - this.ptype = ptype; - } - public String getAction() { - return action; - } - public void setAction(String action) { - this.action = action; - } - public String toJSON() { - - String postJSON = String.format(" { \"type\": \"%s\", \"instance\": \"%s\", \"action\": \"%s\"}", - this.getPermission(), - this.getPtype(), - this.getAction() ); - logger.info( "returning JSON: " + postJSON); - - return postJSON; - } - - - - + +public class DmaapPerm extends AafObject { + static final Logger logger = Logger.getLogger(DmaapPerm.class); + + private String permission; + private String ptype; + private String action; + + public DmaapPerm(String permission, String ptype, String action) { + super(); + this.permission = permission; + this.ptype = ptype; + this.action = action; + } + + public String getPermission() { + return permission; + } + + public void setPermission(String permission) { + this.permission = permission; + } + + public String getPtype() { + return ptype; + } + + public void setPtype(String ptype) { + this.ptype = ptype; + } + + public String getAction() { + return action; + } + + public void setAction(String action) { + this.action = action; + } + + public String toJSON() { + + String postJSON = String.format(" { \"type\": \"%s\", \"instance\": \"%s\", \"action\": \"%s\"}", + this.getPermission(), + this.getPtype(), + this.getAction()); + logger.info("returning JSON: " + postJSON); + + return postJSON; + } + + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + DmaapPerm dmaapPerm = (DmaapPerm) o; + return Objects.equals(permission, dmaapPerm.permission) && + Objects.equals(ptype, dmaapPerm.ptype) && + Objects.equals(action, dmaapPerm.action); + } + + @Override + public int hashCode() { + return Objects.hash(permission, ptype, action); + } } diff --git a/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java b/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java new file mode 100644 index 0000000..857b695 --- /dev/null +++ b/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java @@ -0,0 +1,133 @@ +/*- + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.dmaap.dbcapi.service; + +import org.onap.dmaap.dbcapi.aaf.AafService; +import org.onap.dmaap.dbcapi.aaf.AafUserRole; +import org.onap.dmaap.dbcapi.aaf.DmaapGrant; +import org.onap.dmaap.dbcapi.aaf.DmaapPerm; +import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; +import org.onap.dmaap.dbcapi.model.ApiError; +import org.onap.dmaap.dbcapi.model.DmaapObject.DmaapObject_Status; +import org.onap.dmaap.dbcapi.model.MR_Client; + +public class AafPermissionService extends BaseLoggingClass { + + private final AafService aafService; + private final DmaapService dmaapService; + + public AafPermissionService() { + this(new AafService(AafService.ServiceType.AAF_TopicMgr), new DmaapService()); + } + + AafPermissionService(AafService aafService, DmaapService dmaapService) { + this.aafService = aafService; + this.dmaapService = dmaapService; + } + + void assignIdentityToRole(MR_Client client, String role, ApiError err) { + okStatus(err); + AafUserRole ur = new AafUserRole(client.getClientIdentity(), role); + client.setStatus(DmaapObject_Status.VALID); + int rc = aafService.addUserRole(ur); + if (rc != 201 && rc != 409) { + client.setStatus(DmaapObject_Status.INVALID); + assignClientToRoleError(err, rc, client.getClientIdentity(), role); + } + } + + void grantClientRolePerms(MR_Client client, ApiError err) { + + okStatus(err); + String instance = ":topic." + client.getFqtn(); + client.setStatus(DmaapObject_Status.VALID); + + for (String action : client.getAction()) { + if (client.getClientRole() != null) { + int rc = grantPermForClientRole(client.getClientRole(), instance, action); + if (rc != 201 && rc != 409) { + client.setStatus(DmaapObject_Status.INVALID); + grantPermsError(err, rc, dmaapService.getTopicPerm(), instance, action, client.getClientRole()); + } + + } else { + logger.warn("No Grant of " + permissionFullName(dmaapService.getTopicPerm(), instance, action) + " because role is null "); + } + } + } + + void revokeClientPerms(MR_Client client, ApiError err) { + okStatus(err); + String instance = ":topic." + client.getFqtn(); + client.setStatus(DmaapObject_Status.VALID); + + for (String action : client.getAction()) { + + int rc = revokePermForClientRole(client.getClientRole(), instance, action); + + if (rc != 200 && rc != 404) { + client.setStatus(DmaapObject_Status.INVALID); + revokePermsError(err, rc, dmaapService.getTopicPerm(), instance, action, client.getClientRole()); + } + } + + } + + private int grantPermForClientRole(String clientRole, String instance, String action) { + DmaapPerm perm = new DmaapPerm(dmaapService.getTopicPerm(), instance, action); + DmaapGrant g = new DmaapGrant(perm, clientRole); + return aafService.addGrant(g); + } + + private int revokePermForClientRole(String clientRole, String instance, String action) { + DmaapPerm perm = new DmaapPerm(dmaapService.getTopicPerm(), instance, action); + DmaapGrant g = new DmaapGrant(perm, clientRole); + return aafService.delGrant(g); + } + + private void assignClientToRoleError(ApiError err, int code, String clientIdentity, String role) { + err.setCode(code); + err.setMessage("Failed to add user " + clientIdentity + " to " + role); + logger.warn(err.getMessage()); + } + + private void grantPermsError(ApiError err, int code, String permission, String instance, String action, String role) { + err.setCode(code); + err.setMessage("Grant of " + permissionFullName(permission, instance, action) + " failed for " + role); + logger.warn(err.getMessage()); + } + + private void revokePermsError(ApiError err, int code, String permission, String instance, String action, String role) { + err.setCode(code); + err.setMessage("Revoke of " + permissionFullName(permission, instance, action) + " failed for " + role); + logger.warn(err.getMessage()); + } + + private String permissionFullName(String permission, String instance, String action) { + return permission + "|" + instance + "|" + action; + } + + private void okStatus(ApiError err) { + err.setCode(200); + err.setMessage("OK"); + } + +} |