X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-batch%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fbatch%2Freports%2FAnalyze.java;h=227717b74a80547009c9d8c5de8e192cbdf67e54;hb=refs%2Fchanges%2F65%2F99865%2F1;hp=78c6ae3a0d41806f21574c5f3d63c41d742f43ec;hpb=1296352d8eafee57f982a4342ad79ada4aa56d28;p=aaf%2Fauthz.git diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java index 78c6ae3a..227717b7 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java @@ -57,6 +57,7 @@ import org.onap.aaf.auth.batch.helpers.X509; import org.onap.aaf.auth.dao.cass.CredDAO; import org.onap.aaf.auth.dao.cass.UserRoleDAO; import org.onap.aaf.auth.env.AuthzTrans; +import org.onap.aaf.auth.org.Organization.Expiration; import org.onap.aaf.auth.org.Organization.Identity; import org.onap.aaf.auth.org.OrganizationException; import org.onap.aaf.cadi.configure.Factory; @@ -69,7 +70,7 @@ import org.onap.aaf.misc.env.util.Chrono; public class Analyze extends Batch { - private static final int unknown=0; + private static final int unknown=0; private static final int owner=1; private static final int supervisor=2; private static final int total=0; @@ -82,6 +83,7 @@ public class Analyze extends Batch { private static final String EXPIRED_OWNERS = "ExpiredOwners"; private static final String CSV = ".csv"; private static final String INFO = "info"; + private static final String NOT_COMPLIANT = "NotCompliant"; private int minOwners; private Map writerList; private ExpireRange expireRange; @@ -89,6 +91,7 @@ public class Analyze extends Batch { private CSV.Writer deleteCW; private CSV.Writer needApproveCW; private CSV.Writer extendCW; + private CSV.Writer notCompliantCW; private Range futureRange; private final String sdate; private LastNotified ln; @@ -146,6 +149,12 @@ public class Analyze extends Batch { extendCW.row(INFO,EXTEND,sdate,1); writerList.put(EXTEND,extendCW); + // Setup NotCompliant Writer for Apps + file = new File(logDir(),NOT_COMPLIANT + sdate + CSV); + CSV ncCSV = new CSV(env.access(),file); + notCompliantCW = ncCSV.writer(); + writerList.put(NOT_COMPLIANT, notCompliantCW); + // Load full data of the following ln = new LastNotified(session); @@ -384,12 +393,33 @@ public class Analyze extends Batch { } return; } + if(org.isRevoked(trans, ur.user())) { + GregorianCalendar gc = new GregorianCalendar(); + gc.setTime(ur.expires()); + GregorianCalendar gracePeriodEnds = org.expiration(gc, Expiration.RevokedGracePeriodEnds, ur.user()); + if(now.after(gracePeriodEnds.getTime())) { + ur.row(deleteCW, UserRole.UR,"Revoked ID, no grace period left"); + } else { + ur.row(notCompliantCW, UserRole.UR, "Revoked ID: WARNING! GracePeriod Ends " + gracePeriodEnds.toString()); + } + return; + } ur.row(deleteCW, UserRole.UR,"Not in Organization"); return; } else if(Role.byName.get(ur.role())==null) { ur.row(deleteCW, UserRole.UR,String.format("Role %s does not exist", ur.role())); return; + // Make sure owners can still be owners. + } else if(ur.role().endsWith(".owner")) { + String err = identity.mayOwn(); + if(err!=null) { + ur.row(deleteCW, UserRole.UR,String.format("%s may not be an owner: %s",ur.user(),err)); + return; + } } + + + // Just let expired UserRoles sit until deleted if(futureRange.inRange(ur.expires())&&(!mur.containsKey(ur.user() + '|' + ur.role()))) { // Cannot just delete owners, unless there is at least one left. Process later