1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * ===========================================================================
\r
7 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * * you may not use this file except in compliance with the License.
\r
9 * * You may obtain a copy of the License at
\r
11 * * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * * Unless required by applicable law or agreed to in writing, software
\r
14 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * * See the License for the specific language governing permissions and
\r
17 * * limitations under the License.
\r
18 * * ============LICENSE_END====================================================
\r
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
22 ******************************************************************************/
\r
23 package com.att.cmd.perm;
\r
25 import com.att.aft.dme2.internal.jetty.http.HttpStatus;
\r
26 import com.att.cadi.CadiException;
\r
27 import com.att.cadi.LocatorException;
\r
28 import com.att.cadi.client.Future;
\r
29 import com.att.cadi.client.Rcli;
\r
30 import com.att.cadi.client.Retryable;
\r
31 import com.att.cmd.AAFcli;
\r
32 import com.att.cmd.Cmd;
\r
33 import com.att.cmd.Param;
\r
34 import com.att.cssa.rserv.HttpMethods;
\r
35 import com.att.inno.env.APIException;
\r
37 import aaf.v2_0.PermRequest;
\r
38 import aaf.v2_0.RoleRequest;
\r
44 public class Create extends Cmd {
\r
45 public Create(Perm parent) {
\r
46 super(parent,"create",
\r
47 new Param("type",true),
\r
48 new Param("instance",true),
\r
49 new Param("action", true),
\r
50 new Param("role[,role]* (to Grant to)", false)
\r
55 public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {
\r
56 return same(new Retryable<Integer>() {
\r
58 public Integer code(Rcli<?> client) throws CadiException, APIException {
\r
60 final PermRequest pr = new PermRequest();
\r
61 pr.setType(args[idx++]);
\r
62 pr.setInstance(args[idx++]);
\r
63 pr.setAction(args[idx++]);
\r
64 String roleCommas = (args.length>idx)?args[idx++]:null;
\r
65 String[] roles = roleCommas==null?null:roleCommas.split("\\s*,\\s*");
\r
66 boolean force = aafcli.forceString()!=null;
\r
69 if(roles!=null && force) { // Make sure Roles are Created
\r
70 RoleRequest rr = new RoleRequest();
\r
71 for(String role : roles) {
\r
73 Future<RoleRequest> fr = client.create(
\r
75 getDF(RoleRequest.class),
\r
78 fr.get(AAFcli.timeout());
\r
81 pw().println("Created Role [" + role + ']');
\r
86 pw().println("Role [" + role + "] does not exist, and cannot be created.");
\r
87 return HttpStatus.PARTIAL_CONTENT_206;
\r
92 // Set Start/End commands
\r
94 setQueryParamsOn(client);
\r
95 Future<PermRequest> fp = client.create(
\r
97 getDF(PermRequest.class),
\r
100 if(fp.get(AAFcli.timeout())) {
\r
102 pw().println("Created Permission");
\r
104 if(aafcli.forceString()!=null) { // Make sure Roles are Created
\r
105 RoleRequest rr = new RoleRequest();
\r
106 for(String role : roles) {
\r
108 Future<RoleRequest> fr = client.create(
\r
110 getDF(RoleRequest.class),
\r
113 fr.get(AAFcli.timeout());
\r
124 if(201!=(rv=((Perm)parent)._exec(0,
\r
125 new String[] {"grant",pr.getType(),pr.getInstance(),pr.getAction(),roleCommas}))) {
\r
126 rv = HttpStatus.PARTIAL_CONTENT_206;
\r
128 } catch (LocatorException e) {
\r
129 throw new CadiException(e);
\r
134 if(rv==409 && force) {
\r
136 } else if(rv==202) {
\r
137 pw().println("Permission Creation Accepted, but requires Approvals before actualizing");
\r
139 pw().println("You need to grant the roles after approval.");
\r
150 public void detailedHelp(int _indent, StringBuilder sb) {
\r
151 int indent = _indent;
\r
152 detailLine(sb,indent,"Create a Permission with:");
\r
153 detailLine(sb,indent+=2,"type - A Namespace qualified identifier identifying the kind of");
\r
154 detailLine(sb,indent+11,"resource to be protected");
\r
155 detailLine(sb,indent,"instance - A name that distinguishes a particular instance of resource");
\r
156 detailLine(sb,indent,"action - What kind of action is allowed");
\r
157 detailLine(sb,indent,"role(s) - Perms granted to these Comma separated Role(s)");
\r
158 detailLine(sb,indent+11,"Nonexistent role(s) will be created, if in same namespace");
\r
160 detailLine(sb,indent+2,"Note: Instance and Action can be a an '*' (enter \\\\* on Unix Shell)");
\r
161 api(sb,indent,HttpMethods.POST,"authz/perm",PermRequest.class,true);
\r