Code Review / aaf / authz.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Batch work and client
[aaf/authz.git] / auth / auth-batch / src / main / java / org / onap / aaf / auth / batch / reports / Expiring.java
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java
deleted file mode 100644 (file)
index 979bcd5..0000000
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java
+++ /dev/null
@@ -1,337 +0,0 @@
-/**
- * ============LICENSE_START====================================================
- * org.onap.aaf
- * ===========================================================================
- * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
- *
- * Modifications Copyright (C) 2019 IBM.
- * ===========================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- *      http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END====================================================
- *
- */
-
-package org.onap.aaf.auth.batch.reports;
-
-import java.io.File;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.TreeMap;
-import java.util.UUID;
-
-import org.onap.aaf.auth.batch.Batch;
-import org.onap.aaf.auth.batch.helpers.Approval;
-import org.onap.aaf.auth.batch.helpers.Cred;
-import org.onap.aaf.auth.batch.helpers.Cred.Instance;
-import org.onap.aaf.auth.batch.helpers.ExpireRange;
-import org.onap.aaf.auth.batch.helpers.ExpireRange.Range;
-import org.onap.aaf.auth.batch.helpers.Future;
-import org.onap.aaf.auth.batch.helpers.UserRole;
-import org.onap.aaf.auth.batch.helpers.X509;
-import org.onap.aaf.auth.dao.cass.CredDAO;
-import org.onap.aaf.auth.env.AuthzTrans;
-import org.onap.aaf.auth.org.OrganizationException;
-import org.onap.aaf.cadi.configure.Factory;
-import org.onap.aaf.cadi.util.CSV;
-import org.onap.aaf.misc.env.APIException;
-import org.onap.aaf.misc.env.Env;
-import org.onap.aaf.misc.env.TimeTaken;
-import org.onap.aaf.misc.env.util.Chrono;
-
-
-public class Expiring extends Batch {
-    
-       private static final String CSV = ".csv";
-       private static final String INFO = "info";
-       private static final String EXPIRED_OWNERS = "ExpiredOwners";
-       private int minOwners;
-       private Map<String, CSV.Writer> writerList;
-       private ExpireRange expireRange;
-       private Date deleteDate;
-       private CSV.Writer deleteCW;
-       
-       public Expiring(AuthzTrans trans) throws APIException, IOException, OrganizationException {
-        super(trans.env());
-        trans.info().log("Starting Connection Process");
-        
-        TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
-        try {
-            TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
-            try {
-                session = cluster.connect();
-            } finally {
-                tt.done();
-            }
-            
-            // Load Cred.  We don't follow Visitor, because we have to gather up everything into Identity Anyway
-            Cred.load(trans, session);
-
-            minOwners=1;
-
-            // Create Intermediate Output 
-            writerList = new HashMap<>();
-            
-            expireRange = new ExpireRange(trans.env().access());
-            String sdate = Chrono.dateOnlyStamp(expireRange.now);
-            for( List<Range> lr : expireRange.ranges.values()) {
-               for(Range r : lr ) {
-                       if(writerList.get(r.name())==null) {
-                       File file = new File(logDir(),r.name() + sdate +CSV);
-                       CSV csv = new CSV(env.access(),file);
-                       CSV.Writer cw = csv.writer(false);
-                       cw.row(INFO,r.name(),Chrono.dateOnlyStamp(expireRange.now),r.reportingLevel());
-                       writerList.put(r.name(),cw);
-                       if("Delete".equals(r.name())) {
-                               deleteDate = r.getEnd();
-                               deleteCW = cw;
-                       }
-                       trans.init().log("Creating File:",file.getAbsolutePath());
-                       }
-               }
-            }
-            Approval.load(trans, session, Approval.v2_0_17);
-        } finally {
-            tt0.done();
-        }
-    }
-
-    @Override
-    protected void run(AuthzTrans trans) {
-       
-               ////////////////////
-               trans.info().log("Checking for Expired Futures");
-               Future.load(trans, session, Future.v2_0_17, fut -> {
-                       if(fut.expires().before(expireRange.now)) {
-                               Future.row(deleteCW,fut);
-                               List<Approval> appls = Approval.byTicket.get(fut.id());
-                               if(appls!=null) {
-                                       for(Approval a : appls) {
-                                               Approval.row(deleteCW, a);
-                                       }
-                               }
-                       }
-               });
-               
-               try {
-                       File file = new File(logDir(), EXPIRED_OWNERS + Chrono.dateOnlyStamp(expireRange.now) + CSV);
-                       final CSV ownerCSV = new CSV(env.access(),file);
-
-                       Map<String, Set<UserRole>> owners = new TreeMap<String, Set<UserRole>>();
-                       trans.info().log("Process UserRoles");
-                       
-                       /**
-                          Run through User Roles.  
-                          Owners are treated specially in next section.
-                          Regular roles are checked against Date Ranges.  If match Date Range, write out to appropriate file.
-                       */
-                       UserRole.load(trans, session, UserRole.v2_0_11, ur -> {
-                               // Cannot just delete owners, unless there is at least one left. Process later
-                               if ("owner".equals(ur.rname())) {
-                                       Set<UserRole> urs = owners.get(ur.role());
-                                       if (urs == null) {
-                                               urs = new HashSet<UserRole>();
-                                               owners.put(ur.role(), urs);
-                                       }
-                                       urs.add(ur);
-                               } else {
-                                       writeAnalysis(trans,ur);
-                               }
-                       });
-
-                       /**
-                         Now Process Owners, one owner Role at a time, ensuring one is left,
-                         preferably a good one. If so, process the others as normal. 
-                         
-                         Otherwise, write to ExpiredOwners Report
-                       */
-                       if (!owners.values().isEmpty()) {
-                               // Lazy Create file
-                               CSV.Writer expOwner = null;
-                               try {
-                                       for (Set<UserRole> sur : owners.values()) {
-                                               int goodOwners = 0;
-                                               for (UserRole ur : sur) {
-                                                       if (ur.expires().after(expireRange.now)) {
-                                                               ++goodOwners;
-                                                       }
-                                               }
-
-                                               for (UserRole ur : sur) {
-                                                       if (goodOwners >= minOwners) {
-                                                               writeAnalysis(trans, ur);
-                                                       } else {
-                                                               if (expOwner == null) {
-                                                                       expOwner = ownerCSV.writer();
-                                                                       expOwner.row(INFO,EXPIRED_OWNERS,Chrono.dateOnlyStamp(expireRange.now),2);
-                                                               }
-                                                               expOwner.row("owner",ur.role(), ur.user(), Chrono.dateOnlyStamp(ur.expires()));
-                                                       }
-                                               }
-                                       }
-                               } finally {
-                                       if(expOwner!=null) {
-                                               expOwner.close();
-                                       }
-                               }
-                       }
-                       
-                       /**
-                        * Check for Expired Credentials
-                        * 
-                        * 
-                        */
-                       trans.info().log("Checking for Expired Credentials");                   
-                       for (Cred cred : Cred.data.values()) {
-                       List<Instance> linst = cred.instances;
-                       if(linst!=null) {
-                               Instance lastBath = null;
-                               for(Instance inst : linst) {
-                                       // Special Behavior: only eval the LAST Instance
-                                       if (inst.type == CredDAO.BASIC_AUTH || inst.type == CredDAO.BASIC_AUTH_SHA256) {
-                                               if(deleteDate!=null && inst.expires.before(deleteDate)) {
-                                                       writeAnalysis(trans, cred, inst); // will go to Delete
-                                               } else if(lastBath==null || lastBath.expires.before(inst.expires)) {
-                                                       lastBath = inst;
-                                               }
-                                       } else {
-                                               writeAnalysis(trans, cred, inst);
-                                       }
-                               }
-                               if(lastBath!=null) {
-                                       writeAnalysis(trans, cred, lastBath);
-                               }
-                       }
-                       }
-
-                       ////////////////////
-                       trans.info().log("Checking for Expired X509s");
-                       X509.load(trans, session, x509 -> {
-                               try {
-                                       for(Certificate cert : Factory.toX509Certificate(x509.x509)) {
-                                               writeAnalysis(trans, x509, (X509Certificate)cert);
-                                       }
-                               } catch (CertificateException | IOException e) {
-                                       trans.error().log(e, "Error Decrypting X509");
-                               }
-
-                       });
-
-               } catch (FileNotFoundException e) {
-                       trans.info().log(e);
-               }
-               
-               ////////////////////
-               trans.info().log("Checking for Orphaned Approvals");
-               Approval.load(trans, session, Approval.v2_0_17, appr -> {
-                       UUID ticket = appr.add.ticket;
-                       if(ticket==null) {
-                               Approval.row(deleteCW,appr);
-                       }
-               });
-               
-
-       }
-    
-       private void writeAnalysis(AuthzTrans trans, UserRole ur) {
-               Range r = expireRange.getRange("ur", ur.expires());
-               if(r!=null) {
-                       CSV.Writer cw = writerList.get(r.name());
-                       if(cw!=null) {
-                               ur.row(cw);
-                       }
-               }
-       }
-    
-    private void writeAnalysis(AuthzTrans trans, Cred cred, Instance inst) {
-       if(cred!=null && inst!=null) {
-                       Range r = expireRange.getRange("cred", inst.expires);
-                       if(r!=null) {
-                               CSV.Writer cw = writerList.get(r.name());
-                               if(cw!=null) {
-                                       cred.row(cw,inst);
-                               }
-                       }
-       }
-       }
-
-    private void writeAnalysis(AuthzTrans trans, X509 x509, X509Certificate x509Cert) throws IOException {
-               Range r = expireRange.getRange("x509", x509Cert.getNotAfter());
-               if(r!=null) {
-                       CSV.Writer cw = writerList.get(r.name());
-                       if(cw!=null) {
-                               x509.row(cw,x509Cert);
-                       }
-               }
-       }
-
-    /*
-    private String[] contacts(final AuthzTrans trans, final String ns, final int levels) {
-       List<UserRole> owners = UserRole.getByRole().get(ns+".owner");
-       List<UserRole> current = new ArrayList<>();
-       for(UserRole ur : owners) {
-               if(expireRange.now.before(ur.expires())) {
-                       current.add(ur);
-               }
-       }
-       if(current.isEmpty()) {
-               trans.warn().log(ns,"has no current owners");
-               current = owners;
-       }
-       
-       List<String> email = new ArrayList<>();
-       for(UserRole ur : current) {
-               Identity id;
-               int i=0;
-               boolean go = true;
-               try {
-                       id = org.getIdentity(trans, ur.user());
-                       do {
-                               if(id!=null) {
-                                               email.add(id.email());
-                                               if(i<levels) {
-                                                       id = id.responsibleTo();
-                                               } else {
-                                                       go = false;
-                                               }
-                               } else {
-                                       go = false;
-                               }
-                       } while(go);
-                       } catch (OrganizationException e) {
-                               trans.error().log(e);
-                       }
-       }
-       
-       return email.toArray(new String[email.size()]);
-    }
-*/
-    
-       @Override
-    protected void _close(AuthzTrans trans) {
-        session.close();
-       for(CSV.Writer cw : writerList.values()) {
-               cw.close();
-       }
-    }
-
-}
ARCHIVED- 2022-02-15 at the request of the project