2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth.dao.cass;
24 import java.io.ByteArrayOutputStream;
25 import java.io.DataInputStream;
26 import java.io.DataOutputStream;
27 import java.io.IOException;
28 import java.nio.ByteBuffer;
29 import java.util.HashSet;
30 import java.util.List;
33 import org.onap.aaf.auth.dao.Bytification;
34 import org.onap.aaf.auth.dao.Cached;
35 import org.onap.aaf.auth.dao.CassAccess;
36 import org.onap.aaf.auth.dao.CassDAOImpl;
37 import org.onap.aaf.auth.dao.Loader;
38 import org.onap.aaf.auth.dao.Streamer;
39 import org.onap.aaf.auth.dao.hl.Question;
40 import org.onap.aaf.auth.env.AuthzTrans;
41 import org.onap.aaf.auth.layer.Result;
42 import org.onap.aaf.misc.env.APIException;
43 import org.onap.aaf.misc.env.util.Split;
45 import com.datastax.driver.core.Cluster;
46 import com.datastax.driver.core.Row;
47 import com.datastax.driver.core.exceptions.DriverException;
49 public class RoleDAO extends CassDAOImpl<AuthzTrans,RoleDAO.Data> {
51 public static final String TABLE = "role";
52 public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F
54 private final HistoryDAO historyDAO;
55 private final CacheInfoDAO infoDAO;
57 private PSInfo psChildren, psNS, psName;
59 public RoleDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException {
60 super(trans, RoleDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));
62 historyDAO = new HistoryDAO(trans, this);
63 infoDAO = new CacheInfoDAO(trans,this);
67 public RoleDAO(AuthzTrans trans, HistoryDAO hDAO, CacheInfoDAO ciDAO) {
68 super(trans, RoleDAO.class.getSimpleName(),hDAO,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));
75 //////////////////////////////////////////
76 // Data Definition, matches Cassandra DM
77 //////////////////////////////////////////
78 private static final int KEYLIMIT = 2;
80 * Data class that matches the Cassandra Table "role"
83 public static class Data extends CacheableData implements Bytification {
86 public Set<String> perms;
87 public String description;
89 ////////////////////////////////////////
91 public Set<String> perms(boolean mutable) {
93 perms = new HashSet<>();
94 } else if (mutable && !(perms instanceof HashSet)) {
95 perms = new HashSet<>(perms);
100 public static Data create(NsDAO.Data ns, String name) {
101 NsSplit nss = new NsSplit(ns,name);
102 RoleDAO.Data rv = new Data();
108 public String fullName() {
109 StringBuilder sb = new StringBuilder();
114 sb.append(ns.indexOf('@')<0?'.':':');
117 return sb.toString();
120 public String encode() {
121 return ns + '|' + name;
125 * Decode Perm String, including breaking into appropriate Namespace
132 public static Result<Data> decode(AuthzTrans trans, Question q, String r) {
133 Data data = new Data();
134 if(r.indexOf('@')>=0) {
135 int colon = r.indexOf(':');
137 return Result.err(Result.ERR_BadData, "%s is not a valid Role",r);
139 data.ns=r.substring(0, colon);
140 data.name=r.substring(++colon);
143 String[] ss = Split.splitTrim('|', r,2);
144 if (ss[1]==null) { // older 1 part encoding must be evaluated for NS
145 Result<NsSplit> nss = q.deriveNsSplit(trans, ss[0]);
147 return Result.err(nss);
149 data.ns=nss.value.ns;
150 data.name=nss.value.name;
151 } else { // new 4 part encoding
156 return Result.ok(data);
160 * Decode from UserRole Data
164 public static RoleDAO.Data decode(UserRoleDAO.Data urdd) {
165 RoleDAO.Data rd = new RoleDAO.Data();
167 rd.name = urdd.rname;
173 * Decode Perm String, including breaking into appropriate Namespace
180 public static Result<String[]> decodeToArray(AuthzTrans trans, Question q, String p) {
181 String[] ss = Split.splitTrim('|', p,2);
182 if (ss[1]==null) { // older 1 part encoding must be evaluated for NS
183 Result<NsSplit> nss = q.deriveNsSplit(trans, ss[0]);
185 return Result.err(nss);
187 ss[0] = nss.value.ns;
188 ss[1] = nss.value.name;
190 return Result.ok(ss);
194 public int[] invalidate(Cached<?,?> cache) {
203 public ByteBuffer bytify() throws IOException {
204 ByteArrayOutputStream baos = new ByteArrayOutputStream();
205 RoleLoader.deflt.marshal(this,new DataOutputStream(baos));
206 return ByteBuffer.wrap(baos.toByteArray());
210 public void reconstitute(ByteBuffer bb) throws IOException {
211 RoleLoader.deflt.unmarshal(this, toDIS(bb));
215 public String toString() {
216 return ns + '.' + name;
220 private static class RoleLoader extends Loader<Data> implements Streamer<Data> {
221 public static final int MAGIC=923577343;
222 public static final int VERSION=1;
223 public static final int BUFF_SIZE=96;
225 public static final RoleLoader deflt = new RoleLoader(KEYLIMIT);
227 public RoleLoader(int keylimit) {
232 public Data load(Data data, Row row) {
233 // Int more efficient
234 data.ns = row.getString(0);
235 data.name = row.getString(1);
236 data.perms = row.getSet(2,String.class);
237 data.description = row.getString(3);
242 protected void key(Data data, int _idx, Object[] obj) {
245 obj[++idx]=data.name;
249 protected void body(Data data, int _idx, Object[] obj) {
252 obj[++idx]=data.description;
256 public void marshal(Data data, DataOutputStream os) throws IOException {
257 writeHeader(os,MAGIC,VERSION);
258 writeString(os, data.ns);
259 writeString(os, data.name);
260 writeStringSet(os,data.perms);
261 writeString(os, data.description);
265 public void unmarshal(Data data, DataInputStream is) throws IOException {
266 /*int version = */readHeader(is,MAGIC,VERSION);
267 // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields
268 byte[] buff = new byte[BUFF_SIZE];
269 data.ns = readString(is, buff);
270 data.name = readString(is,buff);
271 data.perms = readStringSet(is,buff);
272 data.description = readString(is,buff);
276 private void init(AuthzTrans trans) {
277 String[] helpers = setCRUD(trans, TABLE, Data.class, RoleLoader.deflt);
279 psNS = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +
280 " WHERE ns = ?", new RoleLoader(1),readConsistency);
282 psName = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +
283 " WHERE name = ?", new RoleLoader(1),readConsistency);
285 psChildren = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +
286 " WHERE ns=? AND name > ? AND name < ?",
289 protected void key(Data data, int _idx, Object[] obj) {
292 obj[++idx]=data.name + DOT;
293 obj[++idx]=data.name + DOT_PLUS_ONE;
299 public Result<List<Data>> readNS(AuthzTrans trans, String ns) {
300 return psNS.read(trans, R_TEXT + " NS " + ns, new Object[]{ns});
303 public Result<List<Data>> readName(AuthzTrans trans, String name) {
304 return psName.read(trans, R_TEXT + name, new Object[]{name});
307 public Result<List<Data>> readChildren(AuthzTrans trans, String ns, String role) {
308 if (role.length()==0 || "*".equals(role)) {
309 return psChildren.read(trans, R_TEXT, new Object[]{ns, FIRST_CHAR, LAST_CHAR});
311 return psChildren.read(trans, R_TEXT, new Object[]{ns, role+DOT, role+DOT_PLUS_ONE});
316 * Add a single Permission to the Role's Permission Collection
325 public Result<Void> addPerm(AuthzTrans trans, RoleDAO.Data role, PermDAO.Data perm) {
326 // Note: Prepared Statements for Collection updates aren't supported
327 String pencode = perm.encode();
329 getSession(trans).execute(UPDATE_SP + TABLE + " SET perms = perms + {'" +
330 pencode + "'} WHERE " +
331 "ns = '" + role.ns + "' AND name = '" + role.name + "';");
332 } catch (DriverException | APIException | IOException e) {
333 reportPerhapsReset(trans,e);
334 return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);
337 wasModified(trans, CRUD.update, role, "Added permission " + pencode + " to role " + role.fullName());
342 * Remove a single Permission from the Role's Permission Collection
350 public Result<Void> delPerm(AuthzTrans trans, RoleDAO.Data role, PermDAO.Data perm) {
351 // Note: Prepared Statements for Collection updates aren't supported
353 String pencode = perm.encode();
357 getSession(trans).execute(UPDATE_SP + TABLE + " SET perms = perms - {'" +
358 pencode + "'} WHERE " +
359 "ns = '" + role.ns + "' AND name = '" + role.name + "';");
360 } catch (DriverException | APIException | IOException e) {
361 reportPerhapsReset(trans,e);
362 return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);
365 //TODO how can we tell when it doesn't?
366 wasModified(trans, CRUD.update, role, "Removed permission " + pencode + " from role " + role.fullName() );
371 * Add description to role
379 public Result<Void> addDescription(AuthzTrans trans, String ns, String name, String description) {
381 getSession(trans).execute(UPDATE_SP + TABLE + " SET description = '"
382 + description + "' WHERE ns = '" + ns + "' AND name = '" + name + "';");
383 } catch (DriverException | APIException | IOException e) {
384 reportPerhapsReset(trans,e);
385 return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);
388 Data data = new Data();
391 wasModified(trans, CRUD.update, data, "Added description " + description + " to role " + data.fullName(), null );
397 * Log Modification statements to History
398 * @param modified which CRUD action was done
399 * @param data entity data that needs a log entry
400 * @param overrideMessage if this is specified, we use it rather than crafting a history message based on data
403 protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) {
404 boolean memo = override.length>0 && override[0]!=null;
405 boolean subject = override.length>1 && override[1]!=null;
407 HistoryDAO.Data hd = HistoryDAO.newInitedData();
408 hd.user = trans.user();
409 hd.action = modified.name();
411 hd.subject = subject ? override[1] : data.fullName();
412 hd.memo = memo ? override[0] : (data.fullName() + " was " + modified.name() + 'd' );
413 if (modified==CRUD.delete) {
415 hd.reconstruct = data.bytify();
416 } catch (IOException e) {
417 trans.error().log(e,"Could not serialize RoleDAO.Data");
421 if (historyDAO.create(trans, hd).status!=Status.OK) {
422 trans.error().log("Cannot log to History");
424 if (infoDAO.touch(trans, TABLE,data.invalidate(cache)).notOK()) {
425 trans.error().log("Cannot touch CacheInfo for Role");