+++ /dev/null
-/*-
- * ============LICENSE_START=======================================================
- * org.onap.dmaap
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.dmaap.dbcapi.aaf.authentication;
-
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
-
-import org.onap.dmaap.dbcapi.aaf.AafService;
-import org.onap.dmaap.dbcapi.aaf.DmaapGrant;
-import org.onap.dmaap.dbcapi.aaf.DmaapPerm;
-import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType;
-import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
-import org.onap.dmaap.dbcapi.logging.DmaapbcLogMessageEnum;
-import org.onap.dmaap.dbcapi.model.Dmaap;
-import org.onap.dmaap.dbcapi.service.DmaapService;
-import org.onap.dmaap.dbcapi.util.DmaapConfig;
-
-public class ApiPerms extends BaseLoggingClass {
-
- private static class PermissionMap {
- static final EELFLogger logger = EELFManager.getInstance().getLogger( PermissionMap.class );
- static final EELFLogger errorLogger = EELFManager.getInstance().getErrorLogger();
- String uri;
- String action;
- String[] roles;
-
- public String getUri() {
- return uri;
- }
- public void setUri(String uri) {
- this.uri = uri;
- }
- public String getAction() {
- return action;
- }
- public void setAction(String action) {
- this.action = action;
- }
-
- public String[] getRoles() {
- return roles;
- }
- public void setRoles(String[] roles) {
- this.roles = roles;
- }
-
- private PermissionMap( String u, String a, String[] r ) {
- this.setUri(u);
- this.setAction(a);
- this.setRoles(r);
- }
-
- static public void initMap( PermissionMap[] pmap, String instance ) {
-
- DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig();
- String api = p.getProperty("ApiNamespace", "apiNamespace.not.set");
-
- // this is needed because PE AAF may be a different instance than AAF used by MR
- String peEnv = p.getProperty("PeAafEnvironment", "notSet");
- String url = p.getProperty( new String( "PeAafUrl." + peEnv ), "URL.not.set" );
- logger.info( "PeAafEnvironment=" + peEnv + " using URL " + url);
- AafService aaf = new AafService(ServiceType.AAF_Admin, url );
-
- for ( int i = 0; i < pmap.length ; i++ ) {
- String uri = new String( api + "." + pmap[i].getUri());
- DmaapPerm perm = new DmaapPerm( uri, instance, pmap[i].getAction() );
- int rc = aaf.addPerm( perm );
- if ( rc != 201 && rc != 409 ) {
- errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE, Integer.toString(rc), "add perm", perm.toString() );
-
- }
- for( String r: pmap[i].getRoles()) {
- String fr = new String( api + "." + r );
- logger.debug( "i:" + i + " granting perm " + perm.toString()+ " to role=" + fr );
- DmaapGrant grant = new DmaapGrant( perm, fr );
- rc = aaf.addGrant( grant );
- if ( rc != 201 && rc != 409 ) {
- errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE, Integer.toString(rc), "grant perm", perm.toString() );
- }
- }
-
- }
- }
- }
-
- static PermissionMap[] bootMap = {
- new PermissionMap( "dmaap", "GET", new String[] { "Controller" }),
- new PermissionMap( "dmaap", "POST", new String[] { "Controller" }),
- new PermissionMap( "dmaap", "PUT", new String[] { "Controller" }),
- new PermissionMap( "dmaap", "DELETE", new String[] { "Controller" })
-
- };
-
- static PermissionMap[] envMap = {
- new PermissionMap( "dmaap", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
- new PermissionMap( "dmaap", "POST", new String[] { "Controller" } ),
- new PermissionMap( "dmaap", "PUT", new String[] { "Controller" }),
- new PermissionMap( "dmaap", "DELETE", new String[] { "Controller" }),
- new PermissionMap( "bridge", "GET", new String[] { "Metrics" }),
- //new PermissionMap( "bridge", "POST", new String[] { "Metrics" } ),
- //new PermissionMap( "bridge", "PUT", new String[] { "Metrics" }),
- //new PermissionMap( "bridge", "DELETE", new String[] { "Metrics" }),
- new PermissionMap( "dcaeLocations", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
- new PermissionMap( "dcaeLocations", "POST", new String[] { "Controller" } ),
- new PermissionMap( "dcaeLocations", "PUT", new String[] { "Controller" }),
- new PermissionMap( "dcaeLocations", "DELETE", new String[] { "Controller" }),
- new PermissionMap( "dr_nodes", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "PortalUser" }),
- new PermissionMap( "dr_nodes", "POST", new String[] { "Controller" } ),
- new PermissionMap( "dr_nodes", "PUT", new String[] { "Controller" }),
- new PermissionMap( "dr_nodes", "DELETE", new String[] { "Controller" }),
- new PermissionMap( "dr_pubs", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
- new PermissionMap( "dr_pubs", "POST", new String[] { "Controller", "Orchestrator","PortalUser" } ),
- new PermissionMap( "dr_pubs", "PUT", new String[] { "Controller", "Orchestrator","PortalUser" }),
- new PermissionMap( "dr_pubs", "DELETE", new String[] { "Controller", "Orchestrator","PortalUser" }),
- new PermissionMap( "dr_subs", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
- new PermissionMap( "dr_subs", "POST", new String[] { "Controller", "Orchestrator","PortalUser" } ),
- new PermissionMap( "dr_subs", "PUT", new String[] { "Controller", "Orchestrator","PortalUser" }),
- new PermissionMap( "dr_subs", "DELETE", new String[] { "Controller", "Orchestrator","PortalUser" }),
- new PermissionMap( "feeds", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
- new PermissionMap( "feeds", "POST", new String[] { "Controller", "Orchestrator","PortalUser" } ),
- new PermissionMap( "feeds", "PUT", new String[] { "Controller", "Orchestrator", "PortalUser" }),
- new PermissionMap( "feeds", "DELETE", new String[] { "Controller", "PortalUser" }),
- new PermissionMap( "mr_clients", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
- new PermissionMap( "mr_clients", "POST", new String[] { "Controller","Orchestrator", "PortalUser" } ),
- new PermissionMap( "mr_clients", "PUT", new String[] { "Controller", "Orchestrator","PortalUser" }),
- new PermissionMap( "mr_clients", "DELETE", new String[] { "Controller","Orchestrator", "PortalUser" }),
- new PermissionMap( "mr_clusters", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
- new PermissionMap( "mr_clusters", "POST", new String[] { "Controller" } ),
- new PermissionMap( "mr_clusters", "PUT", new String[] { "Controller" }),
- new PermissionMap( "mr_clusters", "DELETE", new String[] { "Controller" }),
- new PermissionMap( "topics", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
- new PermissionMap( "topics", "POST", new String[] { "Controller", "Orchestrator" } ),
- new PermissionMap( "topics", "PUT", new String[] { "Controller", "Orchestrator" }),
- new PermissionMap( "topics", "DELETE", new String[] { "Controller", "Orchestrator" })
- };
-
- public void setBootMap() {
- String instance = "boot";
- PermissionMap.initMap( bootMap, instance );
- }
-
- public void setEnvMap() {
- Dmaap dmaap = new DmaapService().getDmaap();
- String dmaap_name = dmaap.getDmaapName();
- PermissionMap.initMap( envMap, dmaap_name );
- }
-
-
-}
Code Review / dmaap / dbcapi.git / blobdiff