2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
7 * Modifications Copyright (C) 2018 IBM.
8 * ================================================================================
9 * Licensed under the Apache License, Version 2.0 (the "License");
10 * you may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 * ============LICENSE_END=========================================================
23 package org.onap.dmaap.dbcapi.authentication;
25 import com.att.eelf.configuration.EELFLogger;
26 import com.att.eelf.configuration.EELFManager;
28 import org.onap.dmaap.dbcapi.aaf.AafService;
29 import org.onap.dmaap.dbcapi.aaf.AafServiceFactory;
30 import org.onap.dmaap.dbcapi.aaf.DmaapGrant;
31 import org.onap.dmaap.dbcapi.aaf.DmaapPerm;
32 import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType;
33 import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
34 import org.onap.dmaap.dbcapi.logging.DmaapbcLogMessageEnum;
35 import org.onap.dmaap.dbcapi.model.Dmaap;
36 import org.onap.dmaap.dbcapi.service.DmaapService;
37 import org.onap.dmaap.dbcapi.util.DmaapConfig;
39 public class ApiPerms extends BaseLoggingClass {
40 static String topic = "topics";
41 static String mrClusters = "mr_clusters";
42 static String mrClients = "mr_clients";
43 static String feed = "feeds";
44 static String drSubs = "dr_subs";
45 static String drPubs = "dr_pubs";
46 static String drNodes = "dr_nodes";
47 static String dcaeLocations = "dcaeLocations";
48 static String inventory = "Inventory";
49 static String portalUser = "PortalUser";
50 static String orchestrator = "Orchestrator";
51 static String delete = "DELETE";
52 static String dmaap = "dmaap";
53 static String controller = "Controller";
55 private static class PermissionMap {
56 static final EELFLogger logger = EELFManager.getInstance().getLogger( PermissionMap.class );
57 static final EELFLogger errorLogger = EELFManager.getInstance().getErrorLogger();
62 private PermissionMap( String u, String a, String[] r ) {
68 public String getUri() {
71 public void setUri(String uri) {
74 public String getAction() {
77 public void setAction(String action) {
81 public String[] getRoles() {
84 public void setRoles(String[] roles) {
88 public static void initMap( PermissionMap[] pmap, String instance ) {
90 DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig();
91 String api = p.getProperty("ApiNamespace", "apiNamespace.not.set");
93 AafService aaf = new AafServiceFactory().initAafService(ServiceType.AAF_Admin);
95 for ( int i = 0; i < pmap.length ; i++ ) {
96 String uri = new String( api + "." + pmap[i].getUri());
97 DmaapPerm perm = new DmaapPerm( uri, instance, pmap[i].getAction() );
98 int rc = aaf.addPerm( perm );
99 if ( rc != 201 && rc != 409 ) {
100 errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE, Integer.toString(rc), "add perm", perm.toString() );
103 for( String r: pmap[i].getRoles()) {
104 String fr = new String( api + "." + r );
105 logger.debug( "i:" + i + " granting perm " + perm.toString()+ " to role=" + fr );
106 DmaapGrant grant = new DmaapGrant( perm, fr );
107 rc = aaf.addGrant( grant );
108 if ( rc != 201 && rc != 409 ) {
109 errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE, Integer.toString(rc), "grant perm", perm.toString() );
117 static PermissionMap[] bootMap = {
118 new PermissionMap( dmaap, "GET", new String[] { controller }),
119 new PermissionMap( dmaap, "POST", new String[] { controller }),
120 new PermissionMap( dmaap, "PUT", new String[] { controller }),
121 new PermissionMap( dmaap, delete, new String[] { controller })
125 static PermissionMap[] envMap = {
126 new PermissionMap( dmaap, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
127 new PermissionMap( dmaap, "POST", new String[] { controller } ),
128 new PermissionMap( dmaap, "PUT", new String[] { controller }),
129 new PermissionMap( dmaap, delete, new String[] { controller }),
130 new PermissionMap( "bridge", "GET", new String[] { "Metrics" }),
131 //new PermissionMap( "bridge", "POST", new String[] { "Metrics" } ),
132 //new PermissionMap( "bridge", "PUT", new String[] { "Metrics" }),
133 //new PermissionMap( "bridge", delete, new String[] { "Metrics" }),
134 new PermissionMap( dcaeLocations, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
135 new PermissionMap( dcaeLocations, "POST", new String[] { controller } ),
136 new PermissionMap( dcaeLocations, "PUT", new String[] { controller }),
137 new PermissionMap( dcaeLocations, delete, new String[] { controller }),
138 new PermissionMap( drNodes, "GET", new String[] { controller, orchestrator, inventory, portalUser }),
139 new PermissionMap( drNodes, "POST", new String[] { controller } ),
140 new PermissionMap( drNodes, "PUT", new String[] { controller }),
141 new PermissionMap( drNodes, delete, new String[] { controller }),
142 new PermissionMap( drPubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
143 new PermissionMap( drPubs, "POST", new String[] { controller, orchestrator,portalUser } ),
144 new PermissionMap( drPubs, "PUT", new String[] { controller, orchestrator,portalUser }),
145 new PermissionMap( drPubs, delete, new String[] { controller, orchestrator,portalUser }),
146 new PermissionMap( drSubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
147 new PermissionMap( drSubs, "POST", new String[] { controller, orchestrator,portalUser } ),
148 new PermissionMap( drSubs, "PUT", new String[] { controller, orchestrator,portalUser }),
149 new PermissionMap( drSubs, delete, new String[] { controller, orchestrator,portalUser }),
150 new PermissionMap( feed, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
151 new PermissionMap( feed, "POST", new String[] { controller, orchestrator,portalUser } ),
152 new PermissionMap( feed, "PUT", new String[] { controller, orchestrator, portalUser }),
153 new PermissionMap( feed, delete, new String[] { controller, portalUser }),
154 new PermissionMap( mrClients, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
155 new PermissionMap( mrClients, "POST", new String[] { controller,orchestrator, portalUser } ),
156 new PermissionMap( mrClients, "PUT", new String[] { controller, orchestrator,portalUser }),
157 new PermissionMap( mrClients, delete, new String[] { controller,orchestrator, portalUser }),
158 new PermissionMap( mrClusters, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
159 new PermissionMap( mrClusters, "POST", new String[] { controller } ),
160 new PermissionMap( mrClusters, "PUT", new String[] { controller }),
161 new PermissionMap( mrClusters, delete, new String[] { controller }),
162 new PermissionMap( topic, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
163 new PermissionMap( topic, "POST", new String[] { controller, orchestrator } ),
164 new PermissionMap( topic, "PUT", new String[] { controller, orchestrator }),
165 new PermissionMap( topic, delete, new String[] { controller, orchestrator })
168 public void setBootMap() {
169 String instance = "boot";
170 PermissionMap.initMap( bootMap, instance );
173 public void setEnvMap() {
174 Dmaap dmaapVar = new DmaapService().getDmaap();
175 String dmaapName = dmaapVar.getDmaapName();
176 PermissionMap.initMap( envMap, dmaapName );