2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.dmaap.dbcapi.authentication;
23 import com.att.eelf.configuration.EELFLogger;
24 import com.att.eelf.configuration.EELFManager;
26 import org.onap.dmaap.dbcapi.aaf.AafService;
27 import org.onap.dmaap.dbcapi.aaf.DmaapGrant;
28 import org.onap.dmaap.dbcapi.aaf.DmaapPerm;
29 import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType;
30 import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
31 import org.onap.dmaap.dbcapi.logging.DmaapbcLogMessageEnum;
32 import org.onap.dmaap.dbcapi.model.Dmaap;
33 import org.onap.dmaap.dbcapi.service.DmaapService;
34 import org.onap.dmaap.dbcapi.util.DmaapConfig;
36 public class ApiPerms extends BaseLoggingClass {
37 static String topic = "topics";
38 static String mrClusters = "mr_clusters";
39 static String mrClients = "mr_clients";
40 static String feed = "feeds";
41 static String drSubs = "dr_subs";
42 static String drPubs = "dr_pubs";
43 static String drNodes = "dr_nodes";
44 static String dcaeLocations = "dcaeLocations";
45 static String inventory = "Inventory";
46 static String portalUser = "PortalUser";
47 static String orchestrator = "Orchestrator";
48 static String delete = "DELETE";
49 static String dmaap = "dmaap";
50 static String controller = "Controller";
52 private static class PermissionMap {
53 static final EELFLogger logger = EELFManager.getInstance().getLogger( PermissionMap.class );
54 static final EELFLogger errorLogger = EELFManager.getInstance().getErrorLogger();
59 private PermissionMap( String u, String a, String[] r ) {
65 public String getUri() {
68 public void setUri(String uri) {
71 public String getAction() {
74 public void setAction(String action) {
78 public String[] getRoles() {
81 public void setRoles(String[] roles) {
85 public static void initMap( PermissionMap[] pmap, String instance ) {
87 DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig();
88 String api = p.getProperty("ApiNamespace", "apiNamespace.not.set");
90 // this is needed because PE AAF may be a different instance than AAF used by MR
91 String peEnv = p.getProperty("PeAafEnvironment", "notSet");
92 String url = p.getProperty( new String( "PeAafUrl." + peEnv ), "URL.not.set" );
93 logger.info( "PeAafEnvironment=" + peEnv + " using URL " + url);
94 AafService aaf = new AafService(ServiceType.AAF_Admin, url );
96 for ( int i = 0; i < pmap.length ; i++ ) {
97 String uri = new String( api + "." + pmap[i].getUri());
98 DmaapPerm perm = new DmaapPerm( uri, instance, pmap[i].getAction() );
99 int rc = aaf.addPerm( perm );
100 if ( rc != 201 && rc != 409 ) {
101 errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE, Integer.toString(rc), "add perm", perm.toString() );
104 for( String r: pmap[i].getRoles()) {
105 String fr = new String( api + "." + r );
106 logger.debug( "i:" + i + " granting perm " + perm.toString()+ " to role=" + fr );
107 DmaapGrant grant = new DmaapGrant( perm, fr );
108 rc = aaf.addGrant( grant );
109 if ( rc != 201 && rc != 409 ) {
110 errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE, Integer.toString(rc), "grant perm", perm.toString() );
118 static PermissionMap[] bootMap = {
119 new PermissionMap( dmaap, "GET", new String[] { controller }),
120 new PermissionMap( dmaap, "POST", new String[] { controller }),
121 new PermissionMap( dmaap, "PUT", new String[] { controller }),
122 new PermissionMap( dmaap, delete, new String[] { controller })
126 static PermissionMap[] envMap = {
127 new PermissionMap( dmaap, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
128 new PermissionMap( dmaap, "POST", new String[] { controller } ),
129 new PermissionMap( dmaap, "PUT", new String[] { controller }),
130 new PermissionMap( dmaap, delete, new String[] { controller }),
131 new PermissionMap( "bridge", "GET", new String[] { "Metrics" }),
132 //new PermissionMap( "bridge", "POST", new String[] { "Metrics" } ),
133 //new PermissionMap( "bridge", "PUT", new String[] { "Metrics" }),
134 //new PermissionMap( "bridge", delete, new String[] { "Metrics" }),
135 new PermissionMap( dcaeLocations, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
136 new PermissionMap( dcaeLocations, "POST", new String[] { controller } ),
137 new PermissionMap( dcaeLocations, "PUT", new String[] { controller }),
138 new PermissionMap( dcaeLocations, delete, new String[] { controller }),
139 new PermissionMap( drNodes, "GET", new String[] { controller, orchestrator, inventory, portalUser }),
140 new PermissionMap( drNodes, "POST", new String[] { controller } ),
141 new PermissionMap( drNodes, "PUT", new String[] { controller }),
142 new PermissionMap( drNodes, delete, new String[] { controller }),
143 new PermissionMap( drPubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
144 new PermissionMap( drPubs, "POST", new String[] { controller, orchestrator,portalUser } ),
145 new PermissionMap( drPubs, "PUT", new String[] { controller, orchestrator,portalUser }),
146 new PermissionMap( drPubs, delete, new String[] { controller, orchestrator,portalUser }),
147 new PermissionMap( drSubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
148 new PermissionMap( drSubs, "POST", new String[] { controller, orchestrator,portalUser } ),
149 new PermissionMap( drSubs, "PUT", new String[] { controller, orchestrator,portalUser }),
150 new PermissionMap( drSubs, delete, new String[] { controller, orchestrator,portalUser }),
151 new PermissionMap( feed, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
152 new PermissionMap( feed, "POST", new String[] { controller, orchestrator,portalUser } ),
153 new PermissionMap( feed, "PUT", new String[] { controller, orchestrator, portalUser }),
154 new PermissionMap( feed, delete, new String[] { controller, portalUser }),
155 new PermissionMap( mrClients, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
156 new PermissionMap( mrClients, "POST", new String[] { controller,orchestrator, portalUser } ),
157 new PermissionMap( mrClients, "PUT", new String[] { controller, orchestrator,portalUser }),
158 new PermissionMap( mrClients, delete, new String[] { controller,orchestrator, portalUser }),
159 new PermissionMap( mrClusters, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
160 new PermissionMap( mrClusters, "POST", new String[] { controller } ),
161 new PermissionMap( mrClusters, "PUT", new String[] { controller }),
162 new PermissionMap( mrClusters, delete, new String[] { controller }),
163 new PermissionMap( topic, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
164 new PermissionMap( topic, "POST", new String[] { controller, orchestrator } ),
165 new PermissionMap( topic, "PUT", new String[] { controller, orchestrator }),
166 new PermissionMap( topic, delete, new String[] { controller, orchestrator })
169 public void setBootMap() {
170 String instance = "boot";
171 PermissionMap.initMap( bootMap, instance );
174 public void setEnvMap() {
175 Dmaap dmaap = new DmaapService().getDmaap();
176 String dmaapName = dmaap.getDmaapName();
177 PermissionMap.initMap( envMap, dmaapName );