1 /*******************************************************************************
2 * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
3 *******************************************************************************/
4 package com.att.authz.reports;
6 import java.io.IOException;
9 import com.att.authz.Batch;
10 import com.att.authz.env.AuthzTrans;
11 import com.att.authz.helpers.NS;
12 import com.att.authz.helpers.Perm;
13 import com.att.authz.helpers.Role;
14 import org.onap.aaf.inno.env.APIException;
15 import org.onap.aaf.inno.env.Env;
16 import org.onap.aaf.inno.env.TimeTaken;
17 import org.onap.aaf.inno.env.util.Split;
19 public class CheckRolePerm extends Batch{
21 public CheckRolePerm(AuthzTrans trans) throws APIException, IOException {
23 TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
25 session = cluster.connect();
29 NS.load(trans,session,NS.v2_0_11);
30 Role.load(trans, session);
31 Perm.load(trans, session);
35 protected void run(AuthzTrans trans) {
37 trans.info().log("Checking for Role/Perm mis-match");
40 /// Evaluate from Role side
41 for(Role roleKey : Role.data.keySet()) {
42 for(String perm : Role.data.get(roleKey)) {
43 Perm pk = Perm.keys.get(perm);
46 String msg = perm + " in role " + roleKey.fullName() + " does not exist";
48 String[] s = Split.split('|', perm);
52 for(i=find.lastIndexOf('.');ns==null && i>=0;i=find.lastIndexOf('.', i-1)) {
53 ns = NS.data.get(find.substring(0,i));
58 newPerm = ns.name + '|' + s[0].substring(i+1) + '|' + s[1] + '|' + s[2];
65 trans.warn().log(msg, "- would remove role from perm;");
67 trans.warn().log(msg, "- would update role in perm;");
71 query = "UPDATE authz.role SET perms = perms + {'" +
73 + (roleKey.description==null?", description='clean'":"")
76 + "' AND name='" + roleKey.name + "';";
77 trans.warn().log("Fixing role in perm",query);
78 session.execute(query);
81 query = "UPDATE authz.role SET perms = perms - {'"
82 + perm.replace("'", "''") + "'}"
83 + (roleKey.description==null?", description='clean'":"")
86 + "' AND name='" + roleKey.name + "';";
87 session.execute(query);
88 trans.warn().log(msg, "- removing role from perm");
89 // env.info().log( "query: " + query );
92 Set<String> p_roles = Perm.data.get(pk);
93 if(p_roles!=null && !p_roles.contains(roleKey.encode())) {
94 String msg = perm + " does not have role: " + roleKey;
96 trans.warn().log(msg,"- should add this role to this perm;");
98 query = "update authz.perm set roles = roles + {'"
99 + roleKey.encode() + "'}"
100 + (pk.description==null?", description=''":"")
103 + "' AND type='" + pk.type
104 + "' AND instance='" + pk.instance
105 + "' AND action='" + pk.action
107 session.execute(query);
108 trans.warn().log(msg,"- adding perm to role");
116 for(Perm permKey : Perm.data.keySet()) {
117 for(String role : Perm.data.get(permKey)) {
118 Role rk = Role.keys.get(role);
120 String s = role + " in perm " + permKey.encode() + " does not exist";
122 trans.warn().log(s,"- would remove perm from role;");
124 query = "update authz.perm set roles = roles - {'"
125 + role.replace("'","''") + "'}"
126 + (permKey.description==null?", description='clean'":"")
128 + "ns='" + permKey.ns
129 + "' AND type='" + permKey.type
130 + "' AND instance='" + permKey.instance
131 + "' AND action='" + permKey.action + "';";
132 session.execute(query);
133 trans.warn().log(s,"- removing role from perm");
136 Set<String> r_perms = Role.data.get(rk);
137 if(r_perms!=null && !r_perms.contains(permKey.encode())) {
138 String s ="Role '" + role + "' does not have perm: '" + permKey + '\'';
140 trans.warn().log(s,"- should add this perm to this role;");
142 query = "update authz.role set perms = perms + {'"
143 + permKey.encode() + "'}"
144 + (rk.description==null?", description=''":"")
147 + "' AND name='" + rk.name + "';";
148 session.execute(query);
149 trans.warn().log(s,"- adding role to perm");
160 protected void _close(AuthzTrans trans) {
162 aspr.info("End " + this.getClass().getSimpleName() + " processing" );