* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ *
+ * Modifications Copyright (C) 2019 IBM.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
+import java.util.UUID;
import org.onap.aaf.auth.batch.Batch;
+import org.onap.aaf.auth.batch.helpers.Approval;
import org.onap.aaf.auth.batch.helpers.Cred;
+import org.onap.aaf.auth.batch.helpers.Cred.Instance;
import org.onap.aaf.auth.batch.helpers.ExpireRange;
+import org.onap.aaf.auth.batch.helpers.ExpireRange.Range;
+import org.onap.aaf.auth.batch.helpers.Future;
import org.onap.aaf.auth.batch.helpers.UserRole;
-import org.onap.aaf.auth.batch.helpers.Visitor;
import org.onap.aaf.auth.batch.helpers.X509;
-import org.onap.aaf.auth.batch.helpers.Cred.Instance;
-import org.onap.aaf.auth.batch.helpers.ExpireRange.Range;
import org.onap.aaf.auth.dao.cass.CredDAO;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.org.OrganizationException;
private static final String EXPIRED_OWNERS = "ExpiredOwners";
private int minOwners;
private Map<String, CSV.Writer> writerList;
- private File logDir;
private ExpireRange expireRange;
private Date deleteDate;
+ private CSV.Writer deleteCW;
public Expiring(AuthzTrans trans) throws APIException, IOException, OrganizationException {
super(trans.env());
// Load Cred. We don't follow Visitor, because we have to gather up everything into Identity Anyway
Cred.load(trans, session);
- UserRole.load(trans, session, UserRole.v2_0_11, new UserRole.DataLoadVisitor());
minOwners=1;
// Create Intermediate Output
writerList = new HashMap<>();
- logDir = new File(logDir());
- logDir.mkdirs();
expireRange = new ExpireRange(trans.env().access());
String sdate = Chrono.dateOnlyStamp(expireRange.now);
for( List<Range> lr : expireRange.ranges.values()) {
for(Range r : lr ) {
if(writerList.get(r.name())==null) {
- File file = new File(logDir,r.name() + sdate +CSV);
- CSV csv = new CSV(file);
+ File file = new File(logDir(),r.name() + sdate +CSV);
+ CSV csv = new CSV(env.access(),file);
CSV.Writer cw = csv.writer(false);
cw.row(INFO,r.name(),Chrono.dateOnlyStamp(expireRange.now),r.reportingLevel());
writerList.put(r.name(),cw);
if("Delete".equals(r.name())) {
- deleteDate = r.getStart();
+ deleteDate = r.getEnd();
+ deleteCW = cw;
}
+ trans.init().log("Creating File:",file.getAbsolutePath());
}
}
}
-
+ Approval.load(trans, session, Approval.v2_0_17);
} finally {
tt0.done();
}
@Override
protected void run(AuthzTrans trans) {
+
+ ////////////////////
+ trans.info().log("Checking for Expired Futures");
+ Future.load(trans, session, Future.v2_0_17, fut -> {
+ if(fut.expires().before(expireRange.now)) {
+ Future.row(deleteCW,fut);
+ List<Approval> appls = Approval.byTicket.get(fut.id());
+ if(appls!=null) {
+ for(Approval a : appls) {
+ Approval.row(deleteCW, a);
+ }
+ }
+ }
+ });
+
try {
- File file = new File(logDir, EXPIRED_OWNERS + Chrono.dateOnlyStamp(expireRange.now) + CSV);
- final CSV ownerCSV = new CSV(file);
+ File file = new File(logDir(), EXPIRED_OWNERS + Chrono.dateOnlyStamp(expireRange.now) + CSV);
+ final CSV ownerCSV = new CSV(env.access(),file);
Map<String, Set<UserRole>> owners = new TreeMap<String, Set<UserRole>>();
trans.info().log("Process UserRoles");
- UserRole.load(trans, session, UserRole.v2_0_11, new Visitor<UserRole>() {
- @Override
- public void visit(UserRole ur) {
- // Cannot just delete owners, unless there is at least one left. Process later
- if ("owner".equals(ur.rname())) {
- Set<UserRole> urs = owners.get(ur.role());
- if (urs == null) {
- urs = new HashSet<UserRole>();
- owners.put(ur.role(), urs);
- }
- urs.add(ur);
- } else {
- writeAnalysis(trans,ur);
+
+ /**
+ Run through User Roles.
+ Owners are treated specially in next section.
+ Regular roles are checked against Date Ranges. If match Date Range, write out to appropriate file.
+ */
+ UserRole.load(trans, session, UserRole.v2_0_11, ur -> {
+ // Cannot just delete owners, unless there is at least one left. Process later
+ if ("owner".equals(ur.rname())) {
+ Set<UserRole> urs = owners.get(ur.role());
+ if (urs == null) {
+ urs = new HashSet<UserRole>();
+ owners.put(ur.role(), urs);
}
+ urs.add(ur);
+ } else {
+ writeAnalysis(trans,ur);
}
});
- // Now Process Owners, one owner Role at a time, ensuring one is left,
- // preferably
- // a good one. If so, process the others as normal. Otherwise, write
- // ExpiredOwners
- // report
+ /**
+ Now Process Owners, one owner Role at a time, ensuring one is left,
+ preferably a good one. If so, process the others as normal.
+
+ Otherwise, write to ExpiredOwners Report
+ */
if (!owners.values().isEmpty()) {
// Lazy Create file
CSV.Writer expOwner = null;
}
}
- trans.info().log("Checking for Expired Credentials");
-
+ /**
+ * Check for Expired Credentials
+ *
+ *
+ */
+ trans.info().log("Checking for Expired Credentials");
for (Cred cred : Cred.data.values()) {
List<Instance> linst = cred.instances;
if(linst!=null) {
}
}
}
-
+
+ ////////////////////
trans.info().log("Checking for Expired X509s");
- X509.load(trans, session, new Visitor<X509>() {
- @Override
- public void visit(X509 x509) {
- try {
- for(Certificate cert : Factory.toX509Certificate(x509.x509)) {
- writeAnalysis(trans, x509, (X509Certificate)cert);
- }
- } catch (CertificateException | IOException e) {
- trans.error().log(e, "Error Decrypting X509");
+ X509.load(trans, session, x509 -> {
+ try {
+ for(Certificate cert : Factory.toX509Certificate(x509.x509)) {
+ writeAnalysis(trans, x509, (X509Certificate)cert);
}
-
+ } catch (CertificateException | IOException e) {
+ trans.error().log(e, "Error Decrypting X509");
}
+
});
+
} catch (FileNotFoundException e) {
trans.info().log(e);
}
+
+ ////////////////////
+ trans.info().log("Checking for Orphaned Approvals");
+ Approval.load(trans, session, Approval.v2_0_17, appr -> {
+ UUID ticket = appr.add.ticket;
+ if(ticket==null) {
+ Approval.row(deleteCW,appr);
+ }
+ });
+
+
}