1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * Copyright © 2017 Amdocs
\r
7 * * ===========================================================================
\r
8 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
9 * * you may not use this file except in compliance with the License.
\r
10 * * You may obtain a copy of the License at
\r
12 * * http://www.apache.org/licenses/LICENSE-2.0
\r
14 * * Unless required by applicable law or agreed to in writing, software
\r
15 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
16 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
17 * * See the License for the specific language governing permissions and
\r
18 * * limitations under the License.
\r
19 * * ============LICENSE_END====================================================
\r
21 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
23 ******************************************************************************/
\r
24 package com.att.cmd.user;
\r
26 import com.att.cadi.CadiException;
\r
27 import com.att.cadi.LocatorException;
\r
28 import com.att.cadi.client.Future;
\r
29 import com.att.cadi.client.Rcli;
\r
30 import com.att.cadi.client.Retryable;
\r
31 import com.att.cmd.AAFcli;
\r
32 import com.att.cmd.Cmd;
\r
33 import com.att.cmd.Param;
\r
34 import com.att.cssa.rserv.HttpMethods;
\r
35 import com.att.inno.env.APIException;
\r
37 import aaf.v2_0.CredRequest;
\r
39 public class Cred extends Cmd {
\r
40 private static final String CRED_PATH = "/authn/cred";
\r
41 private static final String[] options = {"add","del","reset","extend"/*,"clean"*/};
\r
42 // private Clean clean;
\r
43 public Cred(User parent) {
\r
44 super(parent,"cred",
\r
45 new Param(optionsToString(options),true),
\r
46 new Param("id",true),
\r
47 new Param("password (! D|E)",false),
\r
48 new Param("entry# (if multi)",false)
\r
50 // clean = new Clean(this);
\r
54 public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
\r
56 String key = args[idx++];
\r
57 final int option = whichOption(options,key);
\r
59 final CredRequest cr = new CredRequest();
\r
60 cr.setId(args[idx++]);
\r
61 if(option!=1 && option!=3) {
\r
62 if(idx>=args.length) throw new CadiException("Password Required");
\r
63 cr.setPassword(args[idx++]);
\r
66 cr.setEntry(args[idx++]);
\r
68 // Set Start/End commands
\r
70 // final int cleanIDX = _idx+1;
\r
71 Integer ret = same(new Retryable<Integer>() {
\r
73 public Integer code(Rcli<?> client) throws CadiException, APIException {
\r
74 Future<CredRequest> fp=null;
\r
80 getDF(CredRequest.class),
\r
83 verb = "Added Credential [";
\r
86 // if(aafcli.addForce())cr.setForce("TRUE");
\r
87 setQueryParamsOn(client);
\r
88 fp = client.delete(CRED_PATH,
\r
89 getDF(CredRequest.class),
\r
92 verb = "Deleted Credential [";
\r
97 getDF(CredRequest.class),
\r
100 verb = "Reset Credential [";
\r
103 fp = client.update(
\r
105 getDF(CredRequest.class),
\r
108 verb = "Extended Credential [";
\r
111 // return clean.exec(cleanIDX, args);
\r
113 if(fp.get(AAFcli.timeout())) {
\r
115 pw().print(cr.getId());
\r
117 } else if(fp.code()==202) {
\r
118 pw().println("Credential Action Accepted, but requires Approvals before actualizing");
\r
119 } else if(fp.code()==406 && option==1) {
\r
120 pw().println("You cannot delete this Credential");
\r
127 if(ret==null)ret = -1;
\r
132 public void detailedHelp(int _indent, StringBuilder sb) {
\r
133 int indent = _indent;
\r
134 detailLine(sb,indent,"Add, Delete or Reset Credential");
\r
136 detailLine(sb,indent,"id - the ID to create/delete/reset within AAF");
\r
137 detailLine(sb,indent,"password - Company Policy compliant Password (not required for Delete)");
\r
138 detailLine(sb,indent,"entry - selected option when deleting/resetting a cred with multiple entries");
\r
140 detailLine(sb,indent,"The Domain can be related to any Namespace you have access to *");
\r
141 detailLine(sb,indent,"The Domain is in reverse order of Namespace, i.e. ");
\r
142 detailLine(sb,indent+2,"NS of com.att.myapp can create user of XY1234@myapp.att.com");
\r
144 detailLine(sb,indent,"NOTE: AAF does support multiple creds with the same ID. Check with your org if you");
\r
145 detailLine(sb,indent+2,"have this implemented. (For example, this is implemented for MechIDs at AT&T)");
\r
147 detailLine(sb,indent,"Delegates can be listed by the User or by the Delegate");
\r
149 api(sb,indent,HttpMethods.POST,"authn/cred",CredRequest.class,true);
\r
150 api(sb,indent,HttpMethods.DELETE,"authn/cred",CredRequest.class,false);
\r
151 api(sb,indent,HttpMethods.PUT,"authn/cred",CredRequest.class,false);
\r
Code Review / aaf / authz.git / blob