2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.dmaap.dbcapi.aaf.authentication;
23 import com.att.eelf.configuration.EELFLogger;
24 import com.att.eelf.configuration.EELFManager;
26 import org.onap.dmaap.dbcapi.aaf.AafService;
27 import org.onap.dmaap.dbcapi.aaf.DmaapGrant;
28 import org.onap.dmaap.dbcapi.aaf.DmaapPerm;
29 import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType;
30 import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
31 import org.onap.dmaap.dbcapi.logging.DmaapbcLogMessageEnum;
32 import org.onap.dmaap.dbcapi.model.Dmaap;
33 import org.onap.dmaap.dbcapi.service.DmaapService;
34 import org.onap.dmaap.dbcapi.util.DmaapConfig;
36 public class ApiPerms extends BaseLoggingClass {
38 private static class PermissionMap {
39 static final EELFLogger logger = EELFManager.getInstance().getLogger( PermissionMap.class );
40 static final EELFLogger errorLogger = EELFManager.getInstance().getErrorLogger();
45 public String getUri() {
48 public void setUri(String uri) {
51 public String getAction() {
54 public void setAction(String action) {
58 public String[] getRoles() {
61 public void setRoles(String[] roles) {
65 private PermissionMap( String u, String a, String[] r ) {
71 static public void initMap( PermissionMap[] pmap, String instance ) {
73 DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig();
74 String api = p.getProperty("ApiNamespace", "apiNamespace.not.set");
76 // this is needed because PE AAF may be a different instance than AAF used by MR
77 String peEnv = p.getProperty("PeAafEnvironment", "notSet");
78 String url = p.getProperty( new String( "PeAafUrl." + peEnv ), "URL.not.set" );
79 logger.info( "PeAafEnvironment=" + peEnv + " using URL " + url);
80 AafService aaf = new AafService(ServiceType.AAF_Admin, url );
82 for ( int i = 0; i < pmap.length ; i++ ) {
83 String uri = new String( api + "." + pmap[i].getUri());
84 DmaapPerm perm = new DmaapPerm( uri, instance, pmap[i].getAction() );
85 int rc = aaf.addPerm( perm );
86 if ( rc != 201 && rc != 409 ) {
87 errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE, Integer.toString(rc), "add perm", perm.toString() );
90 for( String r: pmap[i].getRoles()) {
91 String fr = new String( api + "." + r );
92 logger.debug( "i:" + i + " granting perm " + perm.toString()+ " to role=" + fr );
93 DmaapGrant grant = new DmaapGrant( perm, fr );
94 rc = aaf.addGrant( grant );
95 if ( rc != 201 && rc != 409 ) {
96 errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE, Integer.toString(rc), "grant perm", perm.toString() );
104 static PermissionMap[] bootMap = {
105 new PermissionMap( "dmaap", "GET", new String[] { "Controller" }),
106 new PermissionMap( "dmaap", "POST", new String[] { "Controller" }),
107 new PermissionMap( "dmaap", "PUT", new String[] { "Controller" }),
108 new PermissionMap( "dmaap", "DELETE", new String[] { "Controller" })
112 static PermissionMap[] envMap = {
113 new PermissionMap( "dmaap", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
114 new PermissionMap( "dmaap", "POST", new String[] { "Controller" } ),
115 new PermissionMap( "dmaap", "PUT", new String[] { "Controller" }),
116 new PermissionMap( "dmaap", "DELETE", new String[] { "Controller" }),
117 new PermissionMap( "bridge", "GET", new String[] { "Metrics" }),
118 //new PermissionMap( "bridge", "POST", new String[] { "Metrics" } ),
119 //new PermissionMap( "bridge", "PUT", new String[] { "Metrics" }),
120 //new PermissionMap( "bridge", "DELETE", new String[] { "Metrics" }),
121 new PermissionMap( "dcaeLocations", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
122 new PermissionMap( "dcaeLocations", "POST", new String[] { "Controller" } ),
123 new PermissionMap( "dcaeLocations", "PUT", new String[] { "Controller" }),
124 new PermissionMap( "dcaeLocations", "DELETE", new String[] { "Controller" }),
125 new PermissionMap( "dr_nodes", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "PortalUser" }),
126 new PermissionMap( "dr_nodes", "POST", new String[] { "Controller" } ),
127 new PermissionMap( "dr_nodes", "PUT", new String[] { "Controller" }),
128 new PermissionMap( "dr_nodes", "DELETE", new String[] { "Controller" }),
129 new PermissionMap( "dr_pubs", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
130 new PermissionMap( "dr_pubs", "POST", new String[] { "Controller", "Orchestrator","PortalUser" } ),
131 new PermissionMap( "dr_pubs", "PUT", new String[] { "Controller", "Orchestrator","PortalUser" }),
132 new PermissionMap( "dr_pubs", "DELETE", new String[] { "Controller", "Orchestrator","PortalUser" }),
133 new PermissionMap( "dr_subs", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
134 new PermissionMap( "dr_subs", "POST", new String[] { "Controller", "Orchestrator","PortalUser" } ),
135 new PermissionMap( "dr_subs", "PUT", new String[] { "Controller", "Orchestrator","PortalUser" }),
136 new PermissionMap( "dr_subs", "DELETE", new String[] { "Controller", "Orchestrator","PortalUser" }),
137 new PermissionMap( "feeds", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
138 new PermissionMap( "feeds", "POST", new String[] { "Controller", "Orchestrator","PortalUser" } ),
139 new PermissionMap( "feeds", "PUT", new String[] { "Controller", "Orchestrator", "PortalUser" }),
140 new PermissionMap( "feeds", "DELETE", new String[] { "Controller", "PortalUser" }),
141 new PermissionMap( "mr_clients", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
142 new PermissionMap( "mr_clients", "POST", new String[] { "Controller","Orchestrator", "PortalUser" } ),
143 new PermissionMap( "mr_clients", "PUT", new String[] { "Controller", "Orchestrator","PortalUser" }),
144 new PermissionMap( "mr_clients", "DELETE", new String[] { "Controller","Orchestrator", "PortalUser" }),
145 new PermissionMap( "mr_clusters", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
146 new PermissionMap( "mr_clusters", "POST", new String[] { "Controller" } ),
147 new PermissionMap( "mr_clusters", "PUT", new String[] { "Controller" }),
148 new PermissionMap( "mr_clusters", "DELETE", new String[] { "Controller" }),
149 new PermissionMap( "topics", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
150 new PermissionMap( "topics", "POST", new String[] { "Controller", "Orchestrator" } ),
151 new PermissionMap( "topics", "PUT", new String[] { "Controller", "Orchestrator" }),
152 new PermissionMap( "topics", "DELETE", new String[] { "Controller", "Orchestrator" })
155 public void setBootMap() {
156 String instance = "boot";
157 PermissionMap.initMap( bootMap, instance );
160 public void setEnvMap() {
161 Dmaap dmaap = new DmaapService().getDmaap();
162 String dmaap_name = dmaap.getDmaapName();
163 PermissionMap.initMap( envMap, dmaap_name );