X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-batch%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fbatch%2Freports%2FExpiring.java;h=979bcd50541390386ffce616426e7875c6c722a6;hb=4b6435c97dc1e05ee6a1e06190e3c431f9d1a8fe;hp=1a7db0558e4d72699324b715dad828683aa841d7;hpb=dc4923a67f424149e35a77108f5b2ac3418fbaf3;p=aaf%2Fauthz.git diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java index 1a7db055..979bcd50 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java @@ -3,6 +3,8 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -34,15 +36,17 @@ import java.util.List; import java.util.Map; import java.util.Set; import java.util.TreeMap; +import java.util.UUID; import org.onap.aaf.auth.batch.Batch; +import org.onap.aaf.auth.batch.helpers.Approval; import org.onap.aaf.auth.batch.helpers.Cred; +import org.onap.aaf.auth.batch.helpers.Cred.Instance; import org.onap.aaf.auth.batch.helpers.ExpireRange; +import org.onap.aaf.auth.batch.helpers.ExpireRange.Range; +import org.onap.aaf.auth.batch.helpers.Future; import org.onap.aaf.auth.batch.helpers.UserRole; -import org.onap.aaf.auth.batch.helpers.Visitor; import org.onap.aaf.auth.batch.helpers.X509; -import org.onap.aaf.auth.batch.helpers.Cred.Instance; -import org.onap.aaf.auth.batch.helpers.ExpireRange.Range; import org.onap.aaf.auth.dao.cass.CredDAO; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.org.OrganizationException; @@ -61,9 +65,9 @@ public class Expiring extends Batch { private static final String EXPIRED_OWNERS = "ExpiredOwners"; private int minOwners; private Map writerList; - private File logDir; private ExpireRange expireRange; private Date deleteDate; + private CSV.Writer deleteCW; public Expiring(AuthzTrans trans) throws APIException, IOException, OrganizationException { super(trans.env()); @@ -80,32 +84,31 @@ public class Expiring extends Batch { // Load Cred. We don't follow Visitor, because we have to gather up everything into Identity Anyway Cred.load(trans, session); - UserRole.load(trans, session, UserRole.v2_0_11, new UserRole.DataLoadVisitor()); minOwners=1; // Create Intermediate Output writerList = new HashMap<>(); - logDir = new File(logDir()); - logDir.mkdirs(); expireRange = new ExpireRange(trans.env().access()); String sdate = Chrono.dateOnlyStamp(expireRange.now); for( List lr : expireRange.ranges.values()) { for(Range r : lr ) { if(writerList.get(r.name())==null) { - File file = new File(logDir,r.name() + sdate +CSV); - CSV csv = new CSV(file); + File file = new File(logDir(),r.name() + sdate +CSV); + CSV csv = new CSV(env.access(),file); CSV.Writer cw = csv.writer(false); cw.row(INFO,r.name(),Chrono.dateOnlyStamp(expireRange.now),r.reportingLevel()); writerList.put(r.name(),cw); if("Delete".equals(r.name())) { - deleteDate = r.getStart(); + deleteDate = r.getEnd(); + deleteCW = cw; } + trans.init().log("Creating File:",file.getAbsolutePath()); } } } - + Approval.load(trans, session, Approval.v2_0_17); } finally { tt0.done(); } @@ -113,34 +116,53 @@ public class Expiring extends Batch { @Override protected void run(AuthzTrans trans) { + + //////////////////// + trans.info().log("Checking for Expired Futures"); + Future.load(trans, session, Future.v2_0_17, fut -> { + if(fut.expires().before(expireRange.now)) { + Future.row(deleteCW,fut); + List appls = Approval.byTicket.get(fut.id()); + if(appls!=null) { + for(Approval a : appls) { + Approval.row(deleteCW, a); + } + } + } + }); + try { - File file = new File(logDir, EXPIRED_OWNERS + Chrono.dateOnlyStamp(expireRange.now) + CSV); - final CSV ownerCSV = new CSV(file); + File file = new File(logDir(), EXPIRED_OWNERS + Chrono.dateOnlyStamp(expireRange.now) + CSV); + final CSV ownerCSV = new CSV(env.access(),file); Map> owners = new TreeMap>(); trans.info().log("Process UserRoles"); - UserRole.load(trans, session, UserRole.v2_0_11, new Visitor() { - @Override - public void visit(UserRole ur) { - // Cannot just delete owners, unless there is at least one left. Process later - if ("owner".equals(ur.rname())) { - Set urs = owners.get(ur.role()); - if (urs == null) { - urs = new HashSet(); - owners.put(ur.role(), urs); - } - urs.add(ur); - } else { - writeAnalysis(trans,ur); + + /** + Run through User Roles. + Owners are treated specially in next section. + Regular roles are checked against Date Ranges. If match Date Range, write out to appropriate file. + */ + UserRole.load(trans, session, UserRole.v2_0_11, ur -> { + // Cannot just delete owners, unless there is at least one left. Process later + if ("owner".equals(ur.rname())) { + Set urs = owners.get(ur.role()); + if (urs == null) { + urs = new HashSet(); + owners.put(ur.role(), urs); } + urs.add(ur); + } else { + writeAnalysis(trans,ur); } }); - // Now Process Owners, one owner Role at a time, ensuring one is left, - // preferably - // a good one. If so, process the others as normal. Otherwise, write - // ExpiredOwners - // report + /** + Now Process Owners, one owner Role at a time, ensuring one is left, + preferably a good one. If so, process the others as normal. + + Otherwise, write to ExpiredOwners Report + */ if (!owners.values().isEmpty()) { // Lazy Create file CSV.Writer expOwner = null; @@ -172,8 +194,12 @@ public class Expiring extends Batch { } } - trans.info().log("Checking for Expired Credentials"); - + /** + * Check for Expired Credentials + * + * + */ + trans.info().log("Checking for Expired Credentials"); for (Cred cred : Cred.data.values()) { List linst = cred.instances; if(linst!=null) { @@ -195,24 +221,34 @@ public class Expiring extends Batch { } } } - + + //////////////////// trans.info().log("Checking for Expired X509s"); - X509.load(trans, session, new Visitor() { - @Override - public void visit(X509 x509) { - try { - for(Certificate cert : Factory.toX509Certificate(x509.x509)) { - writeAnalysis(trans, x509, (X509Certificate)cert); - } - } catch (CertificateException | IOException e) { - trans.error().log(e, "Error Decrypting X509"); + X509.load(trans, session, x509 -> { + try { + for(Certificate cert : Factory.toX509Certificate(x509.x509)) { + writeAnalysis(trans, x509, (X509Certificate)cert); } - + } catch (CertificateException | IOException e) { + trans.error().log(e, "Error Decrypting X509"); } + }); + } catch (FileNotFoundException e) { trans.info().log(e); } + + //////////////////// + trans.info().log("Checking for Orphaned Approvals"); + Approval.load(trans, session, Approval.v2_0_17, appr -> { + UUID ticket = appr.add.ticket; + if(ticket==null) { + Approval.row(deleteCW,appr); + } + }); + + }