authz-cmd/src/main/java/com/att/cmd/perm/Grant.java

   1 /*******************************************************************************\r
   2  * ============LICENSE_START====================================================\r
   3  * * org.onap.aaf\r
   4  * * ===========================================================================\r
   5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
   6  * * ===========================================================================\r
   7  * * Licensed under the Apache License, Version 2.0 (the "License");\r
   8  * * you may not use this file except in compliance with the License.\r
   9  * * You may obtain a copy of the License at\r
  10  * * \r
  11  *  *      http://www.apache.org/licenses/LICENSE-2.0\r
  12  * * \r
  13  *  * Unless required by applicable law or agreed to in writing, software\r
  14  * * distributed under the License is distributed on an "AS IS" BASIS,\r
  15  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  16  * * See the License for the specific language governing permissions and\r
  17  * * limitations under the License.\r
  18  * * ============LICENSE_END====================================================\r
  19  * *\r
  20  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
  21  * *\r
  22  ******************************************************************************/\r
  23 package com.att.cmd.perm;\r
  24 \r
  25 import com.att.cadi.CadiException;\r
  26 import com.att.cadi.LocatorException;\r
  27 import com.att.cadi.client.Future;\r
  28 import com.att.cadi.client.Rcli;\r
  29 import com.att.cadi.client.Retryable;\r
  30 import com.att.cmd.AAFcli;\r
  31 import com.att.cmd.Cmd;\r
  32 import com.att.cmd.Param;\r
  33 import com.att.cssa.rserv.HttpMethods;\r
  34 import com.att.inno.env.APIException;\r
  35 \r
  36 import aaf.v2_0.Pkey;\r
  37 import aaf.v2_0.RolePermRequest;\r
  38 \r
  39 /**\r
  40  * \r
  41  *\r
  42  */\r
  43 public class Grant extends Cmd {\r
  44         private final static String[] options = {"grant","ungrant","setTo"};\r
  45 \r
  46         public Grant(Perm parent) {\r
  47                 super(parent,null,\r
  48                         new Param(optionsToString(options),true),\r
  49                         new Param("type",true),\r
  50                         new Param("instance",true),\r
  51                         new Param("action",true),\r
  52                         new Param("role[,role]* (!REQ S)",false)\r
  53                         ); \r
  54         }\r
  55 \r
  56         @Override\r
  57         public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {\r
  58                 return same(new Retryable<Integer>() {\r
  59                         @Override\r
  60                         public Integer code(Rcli<?> client) throws CadiException, APIException {\r
  61                                 int idx = index;\r
  62                                 String action = args[idx++];\r
  63                                 int option = whichOption(options, action);\r
  64                 \r
  65                                 RolePermRequest rpr = new RolePermRequest();\r
  66                                 Pkey pk = new Pkey();\r
  67                                 pk.setType(args[idx++]);\r
  68                                 pk.setInstance(args[idx++]);\r
  69                                 pk.setAction(args[idx++]);\r
  70                                 rpr.setPerm(pk);\r
  71                                 setStartEnd(rpr);\r
  72                                 \r
  73                                 Future<RolePermRequest> frpr = null;\r
  74                 \r
  75                                 if (option != 2) {\r
  76                                         String[] roles = args[idx++].split(",");\r
  77                                         String strA,strB;\r
  78                                         for(String role : roles) {\r
  79                                                 rpr.setRole(role);\r
  80                                                 if(option==0) {\r
  81                                                         // You can request to Grant Permission to a Role\r
  82                                                         setQueryParamsOn(client);\r
  83                                                         frpr = client.create(\r
  84                                                                         "/authz/role/perm", \r
  85                                                                         getDF(RolePermRequest.class),\r
  86                                                                         rpr\r
  87                                                                         );\r
  88                                                         strA = "Granted Permission [";\r
  89                                                         strB = "] to Role [";\r
  90                                                 } else {\r
  91                                                         // You can request to UnGrant Permission to a Role\r
  92                                                         setQueryParamsOn(client);\r
  93                                                         frpr = client.delete(\r
  94                                                                         "/authz/role/" + role + "/perm", \r
  95                                                                         getDF(RolePermRequest.class),\r
  96                                                                         rpr\r
  97                                                                         );\r
  98                                                         strA = "UnGranted Permission [";\r
  99                                                         strB = "] from Role [";\r
 100                                                 }\r
 101                                                 if(frpr.get(AAFcli.timeout())) {\r
 102                                                         pw().println(strA + pk.getType() + '|' + pk.getInstance() + '|' + pk.getAction() \r
 103                                                                         + strB + role +']');\r
 104                                                 } else {\r
 105                                                         if (frpr.code()==202) {\r
 106                                                                 pw().print("Permission Role ");\r
 107                                                                 pw().print(option==0?"Granted":"Ungranted");\r
 108                                                                 pw().println(" Accepted, but requires Approvals before actualizing");\r
 109                                                         } else {\r
 110                                                                 error(frpr);\r
 111                                                                 idx=Integer.MAX_VALUE;\r
 112                                                         }                       \r
 113                                                 }\r
 114                                         }\r
 115                                 } else {\r
 116                                         String allRoles = "";\r
 117                                         if (idx < args.length) \r
 118                                                 allRoles = args[idx++];\r
 119                                                 \r
 120                                         rpr.setRole(allRoles);\r
 121                                         frpr = client.update(\r
 122                                                         "/authz/role/perm", \r
 123                                                         getDF(RolePermRequest.class), \r
 124                                                         rpr);\r
 125                                         if(frpr.get(AAFcli.timeout())) {\r
 126                                                 pw().println("Set Permission's Roles to [" + allRoles + "]");\r
 127                                         } else {\r
 128                                                 error(frpr);\r
 129                                         }                       \r
 130                                 } \r
 131                                 return frpr==null?0:frpr.code();\r
 132                         }\r
 133                 });\r
 134         }\r
 135 \r
 136         @Override\r
 137         public void detailedHelp(int indent, StringBuilder sb) {\r
 138                 detailLine(sb,indent,"Grant a Permission to a Role or Roles  OR");\r
 139                 detailLine(sb,indent,"Ungrant a Permission from a Role or Roles  OR");\r
 140                 detailLine(sb,indent,"Set a Permission's roles to roles supplied.");\r
 141                 detailLine(sb,indent+4,"WARNING: Roles supplied with setTo will be the ONLY roles attached to this permission");\r
 142                 detailLine(sb,indent+8,"If no roles are supplied, permission's roles are reset.");\r
 143                 detailLine(sb,indent,"see Create for definitions of type,instance and action");\r
 144                 api(sb,indent,HttpMethods.POST,"authz/role/perm",RolePermRequest.class,true);\r
 145                 api(sb,indent,HttpMethods.DELETE,"authz/role/<role>/perm",RolePermRequest.class,false);\r
 146                 api(sb,indent,HttpMethods.PUT,"authz/role/perm",RolePermRequest.class,false);\r
 147 \r
 148         }\r
 149 \r
 150 }\r