2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * Modifications Copyright (C) 2019 IBM.
7 * ===========================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END====================================================
23 package org.onap.aaf.auth.cmd.perm;
25 import org.onap.aaf.auth.cmd.AAFcli;
26 import org.onap.aaf.auth.cmd.Cmd;
27 import org.onap.aaf.auth.cmd.Param;
28 import org.onap.aaf.auth.rserv.HttpMethods;
29 import org.onap.aaf.cadi.CadiException;
30 import org.onap.aaf.cadi.LocatorException;
31 import org.onap.aaf.cadi.client.Future;
32 import org.onap.aaf.cadi.client.Rcli;
33 import org.onap.aaf.cadi.client.Retryable;
34 import org.onap.aaf.misc.env.APIException;
36 import aaf.v2_0.PermRequest;
37 import aaf.v2_0.RoleRequest;
44 public class Create extends Cmd {
45 public Create(Perm parent) {
46 super(parent,"create",
47 new Param("type",true),
48 new Param("instance",true),
49 new Param("action", true),
50 new Param("role[,role]* (to Grant to)", false)
55 public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {
56 return same(new Retryable<Integer>() {
58 public Integer code(Rcli<?> client) throws CadiException, APIException {
60 final PermRequest pr = new PermRequest();
61 pr.setType(args[idx++]);
62 pr.setInstance(args[idx++]);
63 pr.setAction(args[idx++]);
64 String roleCommas = (args.length>idx)?args[idx++]:null;
65 String[] roles = roleCommas==null?null:roleCommas.split("\\s*,\\s*");
66 boolean force = aafcli.forceString()!=null;
69 if (roles!=null && force) { // Make sure Roles are Created
70 RoleRequest rr = new RoleRequest();
71 for (String role : roles) {
73 Future<RoleRequest> fr = client.create(
75 getDF(RoleRequest.class),
78 fr.get(AAFcli.timeout());
81 pw().println("Created Role [" + role + ']');
86 pw().println("Role [" + role + "] does not exist, and cannot be created.");
87 return 206 /*HttpStatus.PARTIAL_CONTENT_206*/;
92 // Set Start/End commands
94 setQueryParamsOn(client);
95 Future<PermRequest> fp = client.create(
97 getDF(PermRequest.class),
100 if (fp.get(AAFcli.timeout())) {
102 pw().println("Created Permission");
104 if (aafcli.forceString()!=null) { // Make sure Roles are Created
105 RoleRequest rr = new RoleRequest();
106 for (String role : roles) {
108 Future<RoleRequest> fr = client.create(
110 getDF(RoleRequest.class),
113 fr.get(AAFcli.timeout());
124 if (201!=(rv=((Perm)parent)._exec(0,
125 new String[] {"grant",pr.getType(),pr.getInstance(),pr.getAction(),roleCommas}))) {
126 rv = 206 /*HttpStatus.PARTIAL_CONTENT_206*/;
128 } catch (LocatorException e) {
129 throw new CadiException(e);
134 if (rv==409 && force) {
136 } else if (rv==202) {
137 pw().println("Permission Creation Accepted, but requires Approvals before actualizing");
139 pw().println("You need to grant the roles after approval.");
150 public void detailedHelp(int _indent, StringBuilder sb) {
151 int indent = _indent;
152 detailLine(sb,indent,"Create a Permission with:");
154 detailLine(sb,indent,"type - A Namespace qualified identifier identifying the kind of");
155 detailLine(sb,indent+11,"resource to be protected");
156 detailLine(sb,indent,"instance - A name that distinguishes a particular instance of resource");
157 detailLine(sb,indent,"action - What kind of action is allowed");
158 detailLine(sb,indent,"role(s) - Perms granted to these Comma separated Role(s)");
159 detailLine(sb,indent+11,"Nonexistent role(s) will be created, if in same namespace");
161 detailLine(sb,indent+2,"Note: Instance and Action can be a an '*' (enter \\\\* on Unix Shell)");
162 api(sb,indent,HttpMethods.POST,"authz/perm",PermRequest.class,true);