- private void aafTopicSetup(Topic topic, ApiError err) {
-
- String nsr = dmaapSvc.getDmaap().getTopicNsRoot();
- if (nsr == null) {
- err.setCode(500);
- err.setMessage("Unable to establish AAF namespace root: (check /dmaap object)");
- err.setFields("topicNsRoot");
- return;
- }
-
- // establish AAF Connection using TopicMgr identity
- AafService aaf = new AafService(ServiceType.AAF_TopicMgr);
-
- AafRole pubRole = null;
- AafRole subRole = null;
-
- // creating Topic Roles was not an original feature.
- // For backwards compatibility, only do this if the feature is enabled.
- // Also, if the namespace of the topic is a foreign namespace, (i.e. not the same as our root ns)
- // then we likely don't have permission to create sub-ns and Roles so don't try.
- if (createTopicRoles && topic.getFqtn().startsWith(nsr)) {
- // create AAF namespace for this topic
- AafNamespace ns = new AafNamespace(topic.getFqtn(), aaf.getIdentity());
- {
- int rc = aaf.addNamespace(ns);
- if (rc != 201 && rc != 409) {
- err.setCode(500);
- err.setMessage("Unexpected response from AAF:" + rc);
- err.setFields("namespace:" + topic.getFqtn() + " identity=" + aaf.getIdentity());
- return;
- }
- }
-
- // create AAF Roles for MR clients of this topic
- String rn = "publisher";
- pubRole = new AafRole(topic.getFqtn(), rn);
- int rc = aaf.addRole(pubRole);
- if (rc != 201 && rc != 409) {
- err.setCode(500);
- err.setMessage("Unexpected response from AAF:" + rc);
- err.setFields("topic:" + topic.getFqtn() + " role=" + rn);
- return;
- }
- topic.setPublisherRole(pubRole.getFullyQualifiedRole());
-
- rn = "subscriber";
- subRole = new AafRole(topic.getFqtn(), rn);
- rc = aaf.addRole(subRole);
- if (rc != 201 && rc != 409) {
- err.setCode(500);
- err.setMessage("Unexpected response from AAF:" + rc);
- err.setFields("topic:" + topic.getFqtn() + " role=" + rn);
- return;
- }
- topic.setSubscriberRole(subRole.getFullyQualifiedRole());
- }
-
- // create AAF perms checked by MR
- String instance = ":topic." + topic.getFqtn();
- String[] actions = {"pub", "sub", "view"};
- String t = dmaapSvc.getTopicPerm();
- for (String action : actions) {
- DmaapPerm perm = new DmaapPerm(t, instance, action);
- int rc = aaf.addPerm(perm);
- if (rc != 201 && rc != 409) {
- err.setCode(500);
- err.setMessage("Unexpected response from AAF:" + rc);
- err.setFields("t=" + t + " instance=" + instance + " action=" + action);
- return;
- }
- if (createTopicRoles) {
- // Grant perms to our default Roles
- if (action.equals("pub") || action.equals("view")) {
- DmaapGrant g = new DmaapGrant(perm, pubRole.getFullyQualifiedRole());
- rc = aaf.addGrant(g);
- if (rc != 201 && rc != 409) {
- err.setCode(rc);
- err.setMessage("Grant of " + perm.toString() + " failed for " + pubRole.getFullyQualifiedRole());
- logger.warn(err.getMessage());
- return;
- }
- }
- if (action.equals("sub") || action.equals("view")) {
- DmaapGrant g = new DmaapGrant(perm, subRole.getFullyQualifiedRole());
- rc = aaf.addGrant(g);
- if (rc != 201 && rc != 409) {
- err.setCode(rc);
- err.setMessage("Grant of " + perm.toString() + " failed for " + subRole.getFullyQualifiedRole());
- logger.warn(err.getMessage());
- return;
- }
- }
- }
-
- }
- }
-