2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
7 * Modifications Copyright (C) 2018 IBM.
8 * ================================================================================
9 * Licensed under the Apache License, Version 2.0 (the "License");
10 * you may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 * ============LICENSE_END=========================================================
23 package org.onap.dmaap.dbcapi.authentication;
25 import com.att.eelf.configuration.EELFLogger;
26 import com.att.eelf.configuration.EELFManager;
28 import org.onap.dmaap.dbcapi.aaf.AafService;
29 import org.onap.dmaap.dbcapi.aaf.DmaapGrant;
30 import org.onap.dmaap.dbcapi.aaf.DmaapPerm;
31 import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType;
32 import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
33 import org.onap.dmaap.dbcapi.logging.DmaapbcLogMessageEnum;
34 import org.onap.dmaap.dbcapi.model.Dmaap;
35 import org.onap.dmaap.dbcapi.service.DmaapService;
36 import org.onap.dmaap.dbcapi.util.DmaapConfig;
38 public class ApiPerms extends BaseLoggingClass {
39 static String topic = "topics";
40 static String mrClusters = "mr_clusters";
41 static String mrClients = "mr_clients";
42 static String feed = "feeds";
43 static String drSubs = "dr_subs";
44 static String drPubs = "dr_pubs";
45 static String drNodes = "dr_nodes";
46 static String dcaeLocations = "dcaeLocations";
47 static String inventory = "Inventory";
48 static String portalUser = "PortalUser";
49 static String orchestrator = "Orchestrator";
50 static String delete = "DELETE";
51 static String dmaap = "dmaap";
52 static String controller = "Controller";
54 private static class PermissionMap {
55 static final EELFLogger logger = EELFManager.getInstance().getLogger( PermissionMap.class );
56 static final EELFLogger errorLogger = EELFManager.getInstance().getErrorLogger();
61 private PermissionMap( String u, String a, String[] r ) {
67 public String getUri() {
70 public void setUri(String uri) {
73 public String getAction() {
76 public void setAction(String action) {
80 public String[] getRoles() {
83 public void setRoles(String[] roles) {
87 public static void initMap( PermissionMap[] pmap, String instance ) {
89 DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig();
90 String api = p.getProperty("ApiNamespace", "apiNamespace.not.set");
92 // this is needed because PE AAF may be a different instance than AAF used by MR
93 String peEnv = p.getProperty("PeAafEnvironment", "notSet");
94 String url = p.getProperty( new String( "PeAafUrl." + peEnv ), "URL.not.set" );
95 logger.info( "PeAafEnvironment=" + peEnv + " using URL " + url);
96 AafService aaf = new AafService(ServiceType.AAF_Admin, url );
98 for ( int i = 0; i < pmap.length ; i++ ) {
99 String uri = new String( api + "." + pmap[i].getUri());
100 DmaapPerm perm = new DmaapPerm( uri, instance, pmap[i].getAction() );
101 int rc = aaf.addPerm( perm );
102 if ( rc != 201 && rc != 409 ) {
103 errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE, Integer.toString(rc), "add perm", perm.toString() );
106 for( String r: pmap[i].getRoles()) {
107 String fr = new String( api + "." + r );
108 logger.debug( "i:" + i + " granting perm " + perm.toString()+ " to role=" + fr );
109 DmaapGrant grant = new DmaapGrant( perm, fr );
110 rc = aaf.addGrant( grant );
111 if ( rc != 201 && rc != 409 ) {
112 errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE, Integer.toString(rc), "grant perm", perm.toString() );
120 static PermissionMap[] bootMap = {
121 new PermissionMap( dmaap, "GET", new String[] { controller }),
122 new PermissionMap( dmaap, "POST", new String[] { controller }),
123 new PermissionMap( dmaap, "PUT", new String[] { controller }),
124 new PermissionMap( dmaap, delete, new String[] { controller })
128 static PermissionMap[] envMap = {
129 new PermissionMap( dmaap, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
130 new PermissionMap( dmaap, "POST", new String[] { controller } ),
131 new PermissionMap( dmaap, "PUT", new String[] { controller }),
132 new PermissionMap( dmaap, delete, new String[] { controller }),
133 new PermissionMap( "bridge", "GET", new String[] { "Metrics" }),
134 //new PermissionMap( "bridge", "POST", new String[] { "Metrics" } ),
135 //new PermissionMap( "bridge", "PUT", new String[] { "Metrics" }),
136 //new PermissionMap( "bridge", delete, new String[] { "Metrics" }),
137 new PermissionMap( dcaeLocations, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
138 new PermissionMap( dcaeLocations, "POST", new String[] { controller } ),
139 new PermissionMap( dcaeLocations, "PUT", new String[] { controller }),
140 new PermissionMap( dcaeLocations, delete, new String[] { controller }),
141 new PermissionMap( drNodes, "GET", new String[] { controller, orchestrator, inventory, portalUser }),
142 new PermissionMap( drNodes, "POST", new String[] { controller } ),
143 new PermissionMap( drNodes, "PUT", new String[] { controller }),
144 new PermissionMap( drNodes, delete, new String[] { controller }),
145 new PermissionMap( drPubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
146 new PermissionMap( drPubs, "POST", new String[] { controller, orchestrator,portalUser } ),
147 new PermissionMap( drPubs, "PUT", new String[] { controller, orchestrator,portalUser }),
148 new PermissionMap( drPubs, delete, new String[] { controller, orchestrator,portalUser }),
149 new PermissionMap( drSubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
150 new PermissionMap( drSubs, "POST", new String[] { controller, orchestrator,portalUser } ),
151 new PermissionMap( drSubs, "PUT", new String[] { controller, orchestrator,portalUser }),
152 new PermissionMap( drSubs, delete, new String[] { controller, orchestrator,portalUser }),
153 new PermissionMap( feed, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
154 new PermissionMap( feed, "POST", new String[] { controller, orchestrator,portalUser } ),
155 new PermissionMap( feed, "PUT", new String[] { controller, orchestrator, portalUser }),
156 new PermissionMap( feed, delete, new String[] { controller, portalUser }),
157 new PermissionMap( mrClients, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
158 new PermissionMap( mrClients, "POST", new String[] { controller,orchestrator, portalUser } ),
159 new PermissionMap( mrClients, "PUT", new String[] { controller, orchestrator,portalUser }),
160 new PermissionMap( mrClients, delete, new String[] { controller,orchestrator, portalUser }),
161 new PermissionMap( mrClusters, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
162 new PermissionMap( mrClusters, "POST", new String[] { controller } ),
163 new PermissionMap( mrClusters, "PUT", new String[] { controller }),
164 new PermissionMap( mrClusters, delete, new String[] { controller }),
165 new PermissionMap( topic, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
166 new PermissionMap( topic, "POST", new String[] { controller, orchestrator } ),
167 new PermissionMap( topic, "PUT", new String[] { controller, orchestrator }),
168 new PermissionMap( topic, delete, new String[] { controller, orchestrator })
171 public void setBootMap() {
172 String instance = "boot";
173 PermissionMap.initMap( bootMap, instance );
176 public void setEnvMap() {
177 Dmaap dmaapVar = new DmaapService().getDmaap();
178 String dmaapName = dmaapVar.getDmaapName();
179 PermissionMap.initMap( envMap, dmaapName );