Code Review / aaf / authz.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Merge "Adjust Agent for none K8s"
[aaf/authz.git] / auth / auth-batch / src / main / java / org / onap / aaf / auth / batch / approvalsets / URApprovalSet.java
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java
index e1c75bf..91006c4 100644 (file)
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/approvalsets/URApprovalSet.java
@@ -21,9 +21,11 @@
 package org.onap.aaf.auth.batch.approvalsets;
 
 import java.io.IOException;
+import java.util.Date;
 import java.util.GregorianCalendar;
 import java.util.List;
 
+import org.onap.aaf.auth.batch.helpers.Approval;
 import org.onap.aaf.auth.dao.cass.ApprovalDAO;
 import org.onap.aaf.auth.dao.cass.NsDAO;
 import org.onap.aaf.auth.dao.cass.RoleDAO;
@@ -39,23 +41,32 @@ import org.onap.aaf.cadi.CadiException;
 import org.onap.aaf.misc.env.util.Chrono;
 
 public class URApprovalSet extends ApprovalSet {
-       public static final String EXTEND_STRING = "Extend access of User [%s] to Role [%s] - Expires %s";
-       
+       private static final String FMT_SUFFIX = "%s] - Expires %s";
+       private static final String EXTEND_ACCESS_FMT = Approval.RE_APPROVAL_IN_ROLE + "%s] to Role [" + FMT_SUFFIX;
+       private static final String REVALIDATE_AS_ADMIN_FMT = Approval.RE_VALIDATE_ADMIN + FMT_SUFFIX;
+       private static final String REVALIDATE_AS_OWNER_FMT = Approval.RE_VALIDATE_OWNER + FMT_SUFFIX;
+
        public URApprovalSet(final AuthzTrans trans, final GregorianCalendar start, final DataView dv, final Loader<UserRoleDAO.Data> lurdd) throws IOException, CadiException {
                super(start, "user_role", dv);
                Organization org = trans.org();
                UserRoleDAO.Data urdd = lurdd.load();
                setConstruct(urdd.bytify());
-               setMemo(String.format(EXTEND_STRING,urdd.user,urdd.role,Chrono.dateOnlyStamp(urdd.expires)));
-               setExpires(org.expiration(null, Organization.Expiration.UserInRole));
+               setMemo(getMemo(urdd));
+               GregorianCalendar expires = org.expiration(null, Organization.Expiration.UserInRole);
+               if(urdd.expires.before(expires.getTime())) {
+                       expires.setTime(urdd.expires);
+               }
+               setExpires(expires);
+               setTargetKey(urdd.user+'|'+urdd.role);
+               setTargetDate(urdd.expires);
                
                Result<RoleDAO.Data> r = dv.roleByName(trans, urdd.role);
                if(r.notOKorIsEmpty()) {
-                       throw new CadiException(String.format("Role '%s' does not exist: %s", urdd.role, r.details));
+                       throw new CadiException(r.errorString());
                }
                Result<NsDAO.Data> n = dv.ns(trans, urdd.ns);
                if(n.notOKorIsEmpty()) {
-                       throw new CadiException(String.format("Namespace '%s' does not exist: %s", urdd.ns,r.details));
+                       throw new CadiException(n.errorString());
                }
                UserRoleDAO.Data found = null;
                Result<List<Data>> lur = dv.ursByRole(trans, urdd.role);
@@ -68,7 +79,7 @@ public class URApprovalSet extends ApprovalSet {
                        }
                }
                if(found==null) {
-                       throw new CadiException(String.format("User '%s' in Role '%s' does not exist: %s", urdd.user,urdd.role,r.details));
+                       throw new CadiException(String.format("User '%s' in Role '%s' does not exist", urdd.user,urdd.role));
                }
                
                // Primarily, Owners are responsible, unless it's owned by self
@@ -93,12 +104,7 @@ public class URApprovalSet extends ApprovalSet {
                                if(apprs!=null) {
                                        for(Identity i : apprs) {
                                                ApprovalDAO.Data add = newApproval(urdd);
-                                               Identity reportsTo = i.responsibleTo();
-                                               if(reportsTo!=null) {
-                                                       add.approver = reportsTo.fullID();
-                                               } else {
-                                                       throw new CadiException("No Supervisor for '" + urdd.user + '\'');
-                                               }
+                                               add.approver = i.fullID();
                                                add.type = org.getApproverType();
                                                ladd.add(add);
                                        }
@@ -108,18 +114,38 @@ public class URApprovalSet extends ApprovalSet {
                        }
                }
        }
+       
+       private void setTargetDate(Date expires) {
+               fdd.target_date = expires;
+       }
 
-       private ApprovalDAO.Data newApproval(Data urdd) throws CadiException {
+       private void setTargetKey(String key) {
+               fdd.target_key = key;
+       }
+
+       private ApprovalDAO.Data newApproval(UserRoleDAO.Data urdd) {
                ApprovalDAO.Data add = new ApprovalDAO.Data();
                add.id = Chrono.dateToUUID(System.currentTimeMillis());
                add.ticket = fdd.id;
                add.user = urdd.user;
                add.operation = FUTURE_OP.A.name();
                add.status = ApprovalDAO.PENDING;
-               add.memo = String.format("Re-Validate as Owner for AAF Namespace '%s' - expiring %s', ",
-                                  urdd.ns,
-                                  Chrono.dateOnlyStamp(urdd.expires));
+               add.memo = getMemo(urdd);
                return add;
        }
 
+       private String getMemo(Data urdd) {
+               switch(urdd.rname) {
+               case "owner":
+                       return String.format(REVALIDATE_AS_OWNER_FMT,urdd.ns,Chrono.dateOnlyStamp(urdd.expires));
+               case "admin":
+                       return String.format(REVALIDATE_AS_ADMIN_FMT,urdd.ns,Chrono.dateOnlyStamp(urdd.expires));
+               default:
+                       return String.format(EXTEND_ACCESS_FMT,
+                                          urdd.user,
+                                          urdd.role,
+                                          Chrono.dateOnlyStamp(urdd.expires));
+               }
+       }
+
 }
ARCHIVED- 2022-02-15 at the request of the project