+++ /dev/null
-/**
- * ============LICENSE_START====================================================
- * org.onap.aaf
- * ===========================================================================
- * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
- * ===========================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END====================================================
- *
- */
-
-package org.onap.aaf.auth;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.PrintStream;
-import java.lang.reflect.Constructor;
-import java.net.InetAddress;
-import java.net.URL;
-import java.net.UnknownHostException;
-import java.nio.ByteBuffer;
-import java.text.SimpleDateFormat;
-import java.util.GregorianCalendar;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-import java.util.TimeZone;
-
-import org.onap.aaf.auth.common.Define;
-import org.onap.aaf.auth.dao.CassAccess;
-import org.onap.aaf.auth.dao.cass.RoleDAO;
-import org.onap.aaf.auth.dao.cass.UserRoleDAO;
-import org.onap.aaf.auth.dao.hl.Question;
-import org.onap.aaf.auth.env.AuthzEnv;
-import org.onap.aaf.auth.env.AuthzTrans;
-import org.onap.aaf.auth.layer.Result;
-import org.onap.aaf.auth.org.Organization;
-import org.onap.aaf.auth.org.Organization.Identity;
-import org.onap.aaf.auth.org.OrganizationException;
-import org.onap.aaf.auth.org.OrganizationFactory;
-import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.Access.Level;
-import org.onap.aaf.cadi.config.Config;
-import org.onap.aaf.misc.env.APIException;
-import org.onap.aaf.misc.env.Env;
-import org.onap.aaf.misc.env.StaticSlot;
-import org.onap.aaf.misc.env.TimeTaken;
-
-import com.datastax.driver.core.Cluster;
-import com.datastax.driver.core.ResultSet;
-import com.datastax.driver.core.Row;
-import com.datastax.driver.core.Session;
-import com.datastax.driver.core.Statement;
-
-public abstract class Batch {
-
- private static String rootNs;
-
- private static StaticSlot ssargs;
-
- protected static final String STARS = "*****";
-
- protected final Cluster cluster;
- protected static AuthzEnv env;
- protected static Session session;
- protected static Set<String> specialNames;
- protected static boolean dryRun;
- protected static String batchEnv;
-
- public static final String CASS_ENV = "CASS_ENV";
- public static final String LOG_DIR = "LOG_DIR";
- protected static final String PUNT="punt";
- protected static final String MAX_EMAILS="MAX_EMAILS";
- protected static final String VERSION="VERSION";
- public static final String GUI_URL="GUI_URL";
-
- protected final Organization org;
-
-
-
- protected Batch(AuthzEnv env) throws APIException, IOException, OrganizationException {
- // Be able to change Environments
- // load extra properties, i.e.
- // PERF.cassandra.clusters=....
- batchEnv = env.getProperty(CASS_ENV);
- if (batchEnv != null) {
- batchEnv = batchEnv.trim();
- env.info().log("Redirecting to ",batchEnv,"environment");
- String str;
- for (String key : new String[]{
- CassAccess.CASSANDRA_CLUSTERS,
- CassAccess.CASSANDRA_CLUSTERS_PORT,
- CassAccess.CASSANDRA_CLUSTERS_USER_NAME,
- CassAccess.CASSANDRA_CLUSTERS_PASSWORD,
- VERSION,GUI_URL,PUNT,MAX_EMAILS,
- LOG_DIR,
- "SPECIAL_NAMES"
- }) {
- if ((str = env.getProperty(batchEnv+'.'+key))!=null) {
- env.setProperty(key, str);
- }
- }
- }
-
- // Setup for Dry Run
- cluster = CassAccess.cluster(env,batchEnv);
- env.info().log("cluster name - ",cluster.getClusterName());
- String dryRunStr = env.getProperty( "DRY_RUN" );
- if ( dryRunStr == null || "false".equals(dryRunStr.trim()) ) {
- dryRun = false;
- } else {
- dryRun = true;
- env.info().log("dryRun set to TRUE");
- }
-
- org = OrganizationFactory.init(env);
- org.setTestMode(dryRun);
-
- // Special names to allow behaviors beyond normal rules
- specialNames = new HashSet<>();
- String names = env.getProperty( "SPECIAL_NAMES" );
- if ( names != null )
- {
- env.info().log("Loading SPECIAL_NAMES");
- for (String s :names.split(",") )
- {
- env.info().log("\tspecial: " + s );
- specialNames.add( s.trim() );
- }
- }
- }
-
- protected abstract void run(AuthzTrans trans);
- protected abstract void _close(AuthzTrans trans);
-
- public String[] args() {
- return env.get(ssargs);
- }
-
- public boolean isDryRun()
- {
- return dryRun;
- }
-
- public boolean isSpecial(String user) {
- if (specialNames != null && specialNames.contains(user)) {
- env.info().log("specialName: " + user);
-
- return (true);
- } else {
- return (false);
- }
- }
-
-
- protected PrintStream fallout(PrintStream inFallout, String logType)
- throws IOException {
- PrintStream fallout = inFallout;
- if (fallout == null) {
- File dir = new File("logs");
- if (!dir.exists()) {
- dir.mkdirs();
- }
-
- File f = null;
- long uniq = System.currentTimeMillis();
-
- f = new File(dir, getClass().getSimpleName() + "_" + logType + "_"
- + uniq + ".log");
-
- fallout = new PrintStream(new FileOutputStream(f, true));
- }
- return fallout;
- }
-
- public Organization getOrgFromID(AuthzTrans trans, String user) {
- Organization organization;
- try {
- organization = OrganizationFactory.obtain(trans.env(),user.toLowerCase());
- } catch (OrganizationException e1) {
- trans.error().log(e1);
- organization=null;
- }
-
- if (organization == null) {
- PrintStream fallout = null;
-
- try {
- fallout = fallout(fallout, "Fallout");
- fallout.print("INVALID_ID,");
- fallout.println(user);
- } catch (Exception e) {
- env.error().log("Could not write to Fallout File", e);
- }
- return (null);
- }
-
- return (organization);
- }
-
- public static Row executeDeleteQuery(Statement stmt) {
- Row row = null;
- if (!dryRun) {
- row = session.execute(stmt).one();
- }
-
- return (row);
-
- }
-
- public static int acquireRunLock(String className) {
- Boolean testEnv = true;
- String envStr = env.getProperty("AFT_ENVIRONMENT");
-
- if (envStr != null) {
- if ("AFTPRD".equals(envStr)) {
- testEnv = false;
- }
- } else {
- env.fatal()
- .log("AFT_ENVIRONMENT property is required and was not found. Exiting.");
- System.exit(1);
- }
-
- if (testEnv) {
- env.info().log("TESTMODE: skipping RunLock");
- return (1);
- }
-
- String hostname = null;
- try {
- hostname = InetAddress.getLocalHost().getHostName();
- } catch (UnknownHostException e) {
- e.printStackTrace();
- env.warn().log("Unable to get hostname");
- return (0);
- }
-
- ResultSet existing = session.execute(String.format(
- "select * from authz.run_lock where class = '%s'", className));
-
- for (Row row : existing) {
- long curr = System.currentTimeMillis();
- ByteBuffer lastRun = row.getBytesUnsafe(2); // Can I get this field
- // by name?
-
- long interval = (1 * 60 * 1000); // @@ Create a value in props file
- // for this
- long prev = lastRun.getLong();
-
- if ((curr - prev) <= interval) {
- env.warn().log(
- String.format("Too soon! Last run was %d minutes ago.",
- ((curr - prev) / 1000) / 60));
- env.warn().log(
- String.format("Min time between runs is %d minutes ",
- (interval / 1000) / 60));
- env.warn().log(
- String.format("Last ran on machine: %s at %s",
- row.getString("host"), row.getDate("start")));
- return (0);
- } else {
- env.info().log("Delete old lock");
- deleteLock(className);
- }
- }
-
- GregorianCalendar current = new GregorianCalendar();
-
- // We want our time in UTC, hence "+0000"
- SimpleDateFormat fmt = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss+0000");
- fmt.setTimeZone(TimeZone.getTimeZone("UTC"));
-
- String cql = String
- .format("INSERT INTO authz.run_lock (class,host,start) VALUES ('%s','%s','%s') IF NOT EXISTS",
- className, hostname, fmt.format(current.getTime()));
-
- env.info().log(cql);
-
- Row row = session.execute(cql).one();
- if (!row.getBool("[applied]")) {
- env.warn().log("Lightweight Transaction failed to write lock.");
- env.warn().log(
- String.format("host with lock: %s, running at %s",
- row.getString("host"), row.getDate("start")));
- return (0);
- }
- return (1);
- }
-
- private static void deleteLock( String className) {
- Row row = session.execute( String.format( "DELETE FROM authz.run_lock WHERE class = '%s' IF EXISTS", className ) ).one();
- if (! row.getBool("[applied]")) {
- env.info().log( "delete failed" );
- }
- }
-
- private static void transferVMProps(AuthzEnv env, String ... props) {
- String value;
- for (String key : props) {
- if ((value = System.getProperty(key))!=null) {
- env.setProperty(key, value);
- }
- }
- }
-
- // IMPORTANT! VALIDATE Organization isUser method
- protected void checkOrganizationAcccess(AuthzTrans trans, Question q) throws APIException, OrganizationException {
- Set<String> testUsers = new HashSet<>();
- Result<List<RoleDAO.Data>> rrd = q.roleDAO.readNS(trans, rootNs);
- if (rrd.isOK()) {
- for (RoleDAO.Data r : rrd.value) {
- Result<List<UserRoleDAO.Data>> rur = q.userRoleDAO.readByRole(trans, r.fullName());
- if (!rur.isOK()) {
- continue;
- }
- for (UserRoleDAO.Data udd : rur.value) {
- testUsers.add(udd.user);
- }
- }
- if (testUsers.size() < 2) {
- throw new APIException("Not enough Users in Roles for " + rootNs + " to Validate");
- }
-
- Identity iden;
- for (String user : testUsers) {
- if ((iden = org.getIdentity(trans, user)) == null) {
- throw new APIException("Failed Organization Entity Validation Check: " + user);
- } else {
- trans.info().log("Organization Validation Check: " + iden.id());
- }
- }
- }
- }
-
- protected static String logDir() {
- String ld = env.getProperty(LOG_DIR);
- if (ld==null) {
- if (batchEnv==null) { // Deployed Batch doesn't use different ENVs, and a common logdir
- ld = "logs/";
- } else {
- ld = "logs/"+batchEnv;
- }
- }
- return ld;
- }
- protected int count(String str, char c) {
- if (str==null || str.isEmpty()) {
- return 0;
- } else {
- int count=1;
- for (int i=str.indexOf(c);i>=0;i=str.indexOf(c,i+1)) {
- ++count;
- }
- return count;
- }
- }
-
- public final void close(AuthzTrans trans) {
- _close(trans);
- cluster.close();
- }
-
- public static void main(String[] args) {
- PropAccess access = new PropAccess(args);
- InputStream is = null;
- String filename;
- String propLoc;
- try {
- Define.set(access);
- rootNs =Define.ROOT_NS();
- if(access.getProperty(Config.CADI_PROP_FILES)==null) {
- File f = new File("authBatch.props");
- try {
- if (f.exists()) {
- filename = f.getAbsolutePath();
- is = new FileInputStream(f);
- propLoc = f.getPath();
- } else {
- URL rsrc = ClassLoader.getSystemResource("authBatch.props");
- filename = rsrc.toString();
- is = rsrc.openStream();
- propLoc = rsrc.getPath();
- }
- access.load(is);
- } finally {
- if (is == null) {
- System.err.println("authBatch.props must exist in current dir, or in Classpath");
- System.exit(1);
- }
- is.close();
- }
- if (filename != null) {
- access.log(Level.INFO,"Instantiated properties from", filename);
- }
-
- // Log where Config found
- access.log(Level.INFO,"Configuring from", propLoc);
-
- }
- env = new AuthzEnv(access);
-
- transferVMProps(env, CASS_ENV, "DRY_RUN", "NS", "Organization");
-
- // Flow all Env Logs to Log4j, with ENV
-
-// LogFileNamer lfn;
-// lfn = new LogFileNamer(logDir(),"").noPID();
-// lfn.setAppender("authz-batch");
-// lfn.setAppender("aspr|ASPR");
-// lfn.setAppender("sync");
-// lfn.setAppender("jobchange");
-// lfn.setAppender("validateuser");
-// aspr = Logger.getLogger("aspr");
-// Log4JLogTarget.setLog4JEnv("authz-batch", env);
-// propLoc = null;
-
- Batch batch = null;
- // setup ATTUser and Organization Slots before starting this:
- // TODO redo this
- // env.slot(ATT.ATT_USERSLOT);
- //
- // OrganizationFactory.setDefaultOrg(env, ATT.class.getName());
- AuthzTrans trans = env.newTrans();
-
- TimeTaken tt = trans.start("Total Run", Env.SUB);
- try {
- int len = args.length;
- if (len > 0) {
- String toolName = args[0];
- len -= 1;
- if (len < 0)
- len = 0;
- String nargs[] = new String[len];
- if (len > 0) {
- System.arraycopy(args, 1, nargs, 0, len);
- }
-
- env.put(ssargs = env.staticSlot("ARGS"), nargs);
-
- /*
- * Add New Batch Programs (inherit from Batch) here
- */
-
- // Might be a Report, Update or Temp Batch
- Class<?> cls;
- String classifier = "";
- try {
- cls = ClassLoader.getSystemClassLoader().loadClass("org.onap.aaf.auth.update." + toolName);
- classifier = "Update:";
- } catch (ClassNotFoundException e) {
- try {
- cls = ClassLoader.getSystemClassLoader().loadClass("org.onap.aaf.auth.reports." + toolName);
- classifier = "Report:";
- } catch (ClassNotFoundException e2) {
- try {
- cls = ClassLoader.getSystemClassLoader()
- .loadClass("org.onap.aaf.auth.temp." + toolName);
- classifier = "Temp Utility:";
- } catch (ClassNotFoundException e3) {
- cls = null;
- }
- }
- }
- if (cls != null) {
- Constructor<?> cnst = cls.getConstructor(new Class[] { AuthzTrans.class });
- batch = (Batch) cnst.newInstance(trans);
- env.info().log("Begin", classifier, toolName);
- }
-
-
- if (batch == null) {
- trans.error().log("No Batch named", toolName, "found");
- }
- /*
- * End New Batch Programs (inherit from Batch) here
- */
-
- }
- if (batch != null) {
- batch.run(trans);
- }
- } finally {
- tt.done();
- if (batch != null) {
- batch.close(trans);
- }
- StringBuilder sb = new StringBuilder("Task Times\n");
- trans.auditTrail(4, sb, AuthzTrans.SUB, AuthzTrans.REMOTE);
- trans.info().log(sb);
- }
- } catch (Exception e) {
- e.printStackTrace(System.err);
- // Exceptions thrown by DB aren't stopping the whole process.
- System.exit(1);
- }
- }
-
-}
-
Code Review / aaf / authz.git / blobdiff