/** * ============LICENSE_START==================================================== * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END==================================================== * */ package org.onap.aaf.auth.cmd.perm; import org.onap.aaf.auth.cmd.AAFcli; import org.onap.aaf.auth.cmd.Cmd; import org.onap.aaf.auth.cmd.Param; import org.onap.aaf.auth.rserv.HttpMethods; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.client.Future; import org.onap.aaf.cadi.client.Rcli; import org.onap.aaf.cadi.client.Retryable; import org.onap.aaf.misc.env.APIException; import aaf.v2_0.PermRequest; import aaf.v2_0.RoleRequest; /** * * @author Jonathan * */ public class Create extends Cmd { public Create(Perm parent) { super(parent,"create", new Param("type",true), new Param("instance",true), new Param("action", true), new Param("role[,role]* (to Grant to)", false) ); } @Override public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException { return same(new Retryable() { @Override public Integer code(Rcli client) throws CadiException, APIException { int idx = index; final PermRequest pr = new PermRequest(); pr.setType(args[idx++]); pr.setInstance(args[idx++]); pr.setAction(args[idx++]); String roleCommas = (args.length>idx)?args[idx++]:null; String[] roles = roleCommas==null?null:roleCommas.split("\\s*,\\s*"); boolean force = aafcli.forceString()!=null; int rv; if (roles!=null && force) { // Make sure Roles are Created RoleRequest rr = new RoleRequest(); for (String role : roles) { rr.setName(role);; Future fr = client.create( "/authz/role", getDF(RoleRequest.class), rr ); fr.get(AAFcli.timeout()); switch(fr.code()){ case 201: pw().println("Created Role [" + role + ']'); break; case 409: break; default: pw().println("Role [" + role + "] does not exist, and cannot be created."); return 206 /*HttpStatus.PARTIAL_CONTENT_206*/; } } } // Set Start/End commands setStartEnd(pr); setQueryParamsOn(client); Future fp = client.create( "/authz/perm", getDF(PermRequest.class), pr ); if (fp.get(AAFcli.timeout())) { rv = fp.code(); pw().println("Created Permission"); if (roles!=null) { if (aafcli.forceString()!=null) { // Make sure Roles are Created RoleRequest rr = new RoleRequest(); for (String role : roles) { rr.setName(role);; Future fr = client.create( "/authz/role", getDF(RoleRequest.class), rr ); fr.get(AAFcli.timeout()); switch(fr.code()){ case 201: case 409:break; default: } } } try { if (201!=(rv=((Perm)parent)._exec(0, new String[] {"grant",pr.getType(),pr.getInstance(),pr.getAction(),roleCommas}))) { rv = 206 /*HttpStatus.PARTIAL_CONTENT_206*/; } } catch (LocatorException e) { throw new CadiException(e); } } } else { rv = fp.code(); if (rv==409 && force) { rv = 201; } else if (rv==202) { pw().println("Permission Creation Accepted, but requires Approvals before actualizing"); if (roles!=null) pw().println("You need to grant the roles after approval."); } else { error(fp); } } return rv; } }); } @Override public void detailedHelp(int _indent, StringBuilder sb) { int indent = _indent; detailLine(sb,indent,"Create a Permission with:"); detailLine(sb,indent+=2,"type - A Namespace qualified identifier identifying the kind of"); detailLine(sb,indent+11,"resource to be protected"); detailLine(sb,indent,"instance - A name that distinguishes a particular instance of resource"); detailLine(sb,indent,"action - What kind of action is allowed"); detailLine(sb,indent,"role(s) - Perms granted to these Comma separated Role(s)"); detailLine(sb,indent+11,"Nonexistent role(s) will be created, if in same namespace"); sb.append('\n'); detailLine(sb,indent+2,"Note: Instance and Action can be a an '*' (enter \\\\* on Unix Shell)"); api(sb,indent,HttpMethods.POST,"authz/perm",PermRequest.class,true); } }