[aaf/authz.git] / authz-cmd / src / main / java / com / att / cmd / perm / Create.java

/*******************************************************************************\r
 * ============LICENSE_START====================================================\r
 * * org.onap.aaf\r
 * * ===========================================================================\r
 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
 * * ===========================================================================\r
 * * Licensed under the Apache License, Version 2.0 (the "License");\r
 * * you may not use this file except in compliance with the License.\r
 * * You may obtain a copy of the License at\r
 * * \r
 *  *      http://www.apache.org/licenses/LICENSE-2.0\r
 * * \r
 *  * Unless required by applicable law or agreed to in writing, software\r
 * * distributed under the License is distributed on an "AS IS" BASIS,\r
 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 * * See the License for the specific language governing permissions and\r
 * * limitations under the License.\r
 * * ============LICENSE_END====================================================\r
 * *\r
 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
 * *\r
 ******************************************************************************/\r
package com.att.cmd.perm;\r
\r
import com.att.aft.dme2.internal.jetty.http.HttpStatus;\r
import com.att.cadi.CadiException;\r
import com.att.cadi.LocatorException;\r
import com.att.cadi.client.Future;\r
import com.att.cadi.client.Rcli;\r
import com.att.cadi.client.Retryable;\r
import com.att.cmd.AAFcli;\r
import com.att.cmd.Cmd;\r
import com.att.cmd.Param;\r
import com.att.cssa.rserv.HttpMethods;\r
import com.att.inno.env.APIException;\r
\r
import aaf.v2_0.PermRequest;\r
import aaf.v2_0.RoleRequest;\r
\r
/**\r
 * \r
 *\r
 */\r
public class Create extends Cmd {\r
        public Create(Perm parent) {\r
                super(parent,"create", \r
                                new Param("type",true), \r
                                new Param("instance",true),\r
                                new Param("action", true),\r
                                new Param("role[,role]* (to Grant to)", false)\r
                                );\r
        }\r
\r
        @Override\r
        public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
                return same(new Retryable<Integer>() {\r
                        @Override\r
                        public Integer code(Rcli<?> client) throws CadiException, APIException {\r
                                int idx = index;\r
                                final PermRequest pr = new PermRequest();  \r
                                pr.setType(args[idx++]);\r
                                pr.setInstance(args[idx++]);\r
                                pr.setAction(args[idx++]);\r
                                String roleCommas = (args.length>idx)?args[idx++]:null;\r
                                String[] roles = roleCommas==null?null:roleCommas.split("\\s*,\\s*");\r
                                boolean force = aafcli.forceString()!=null;\r
                                int rv;\r
                                \r
                                if(roles!=null && force) { // Make sure Roles are Created\r
                                        RoleRequest rr = new RoleRequest();\r
                                        for(String role : roles) {\r
                                                rr.setName(role);;\r
                                                Future<RoleRequest> fr = client.create(\r
                                                        "/authz/role",\r
                                                        getDF(RoleRequest.class),\r
                                                        rr\r
                                                        );\r
                                                fr.get(AAFcli.timeout());\r
                                                switch(fr.code()){\r
                                                        case 201:\r
                                                                pw().println("Created Role [" + role + ']');\r
                                                                break;\r
                                                        case 409:\r
                                                                break;\r
                                                        default: \r
                                                                pw().println("Role [" + role + "] does not exist, and cannot be created.");\r
                                                                return HttpStatus.PARTIAL_CONTENT_206;\r
                                                }\r
                                        }\r
                                }\r
\r
                                // Set Start/End commands\r
                                setStartEnd(pr);\r
                                setQueryParamsOn(client);\r
                                Future<PermRequest> fp = client.create(\r
                                                "/authz/perm",\r
                                                getDF(PermRequest.class),\r
                                                pr\r
                                                );\r
                                if(fp.get(AAFcli.timeout())) {\r
                                        rv = fp.code();\r
                                        pw().println("Created Permission");\r
                                        if(roles!=null) {\r
                                                if(aafcli.forceString()!=null) { // Make sure Roles are Created\r
                                                        RoleRequest rr = new RoleRequest();\r
                                                        for(String role : roles) {\r
                                                                rr.setName(role);;\r
                                                                Future<RoleRequest> fr = client.create(\r
                                                                        "/authz/role",\r
                                                                        getDF(RoleRequest.class),\r
                                                                        rr\r
                                                                        );\r
                                                                fr.get(AAFcli.timeout());\r
                                                                switch(fr.code()){\r
                                                                        case 201:\r
                                                                        case 409:break;\r
                                                                        default: \r
                                                                                \r
                                                                }\r
                                                        }\r
                                                }\r
                                                \r
                                                try {\r
                                                        if(201!=(rv=((Perm)parent)._exec(0, \r
                                                                        new String[] {"grant",pr.getType(),pr.getInstance(),pr.getAction(),roleCommas}))) {\r
                                                                rv = HttpStatus.PARTIAL_CONTENT_206;\r
                                                        }\r
                                                } catch (LocatorException e) {\r
                                                        throw new CadiException(e);\r
                                                }\r
                                        }\r
                                } else {\r
                                        rv = fp.code();\r
                                        if(rv==409 && force) {\r
                                                rv = 201;\r
                                        } else if(rv==202) {\r
                                                pw().println("Permission Creation Accepted, but requires Approvals before actualizing");\r
                                                if (roles!=null)\r
                                                        pw().println("You need to grant the roles after approval.");\r
                                        } else {\r
                                                error(fp);\r
                                        }\r
                                }\r
                                return rv;\r
                        }\r
                });\r
        }\r
        \r
        @Override\r
        public void detailedHelp(int _indent, StringBuilder sb) {\r
                int indent = _indent;\r
                detailLine(sb,indent,"Create a Permission with:");\r
                detailLine(sb,indent+=2,"type     - A Namespace qualified identifier identifying the kind of");\r
                detailLine(sb,indent+11,"resource to be protected");\r
                detailLine(sb,indent,"instance - A name that distinguishes a particular instance of resource");\r
                detailLine(sb,indent,"action   - What kind of action is allowed");\r
                detailLine(sb,indent,"role(s)  - Perms granted to these Comma separated Role(s)");\r
                detailLine(sb,indent+11,"Nonexistent role(s) will be created, if in same namespace");\r
                sb.append('\n');\r
                detailLine(sb,indent+2,"Note: Instance and Action can be a an '*' (enter \\\\* on Unix Shell)");\r
                api(sb,indent,HttpMethods.POST,"authz/perm",PermRequest.class,true);\r
        }\r
\r
}\r