X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-batch%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fbatch%2Freports%2FExpiring.java;h=979bcd50541390386ffce616426e7875c6c722a6;hb=59ffb7d529245c3bd0233dbf6cb0ae9fe9ccb856;hp=7ed26ce546d7ca7e67d9df1ac848d75be6cb626e;hpb=a5bcce655e339151445fbce2c129687e3bc8610a;p=aaf%2Fauthz.git diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java index 7ed26ce5..979bcd50 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java @@ -36,15 +36,17 @@ import java.util.List; import java.util.Map; import java.util.Set; import java.util.TreeMap; +import java.util.UUID; import org.onap.aaf.auth.batch.Batch; +import org.onap.aaf.auth.batch.helpers.Approval; import org.onap.aaf.auth.batch.helpers.Cred; +import org.onap.aaf.auth.batch.helpers.Cred.Instance; import org.onap.aaf.auth.batch.helpers.ExpireRange; +import org.onap.aaf.auth.batch.helpers.ExpireRange.Range; +import org.onap.aaf.auth.batch.helpers.Future; import org.onap.aaf.auth.batch.helpers.UserRole; -import org.onap.aaf.auth.batch.helpers.Visitor; import org.onap.aaf.auth.batch.helpers.X509; -import org.onap.aaf.auth.batch.helpers.Cred.Instance; -import org.onap.aaf.auth.batch.helpers.ExpireRange.Range; import org.onap.aaf.auth.dao.cass.CredDAO; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.org.OrganizationException; @@ -63,9 +65,9 @@ public class Expiring extends Batch { private static final String EXPIRED_OWNERS = "ExpiredOwners"; private int minOwners; private Map writerList; - private File logDir; private ExpireRange expireRange; private Date deleteDate; + private CSV.Writer deleteCW; public Expiring(AuthzTrans trans) throws APIException, IOException, OrganizationException { super(trans.env()); @@ -87,27 +89,26 @@ public class Expiring extends Batch { // Create Intermediate Output writerList = new HashMap<>(); - logDir = new File(logDir()); - logDir.mkdirs(); expireRange = new ExpireRange(trans.env().access()); String sdate = Chrono.dateOnlyStamp(expireRange.now); for( List lr : expireRange.ranges.values()) { for(Range r : lr ) { if(writerList.get(r.name())==null) { - File file = new File(logDir,r.name() + sdate +CSV); - CSV csv = new CSV(file); + File file = new File(logDir(),r.name() + sdate +CSV); + CSV csv = new CSV(env.access(),file); CSV.Writer cw = csv.writer(false); cw.row(INFO,r.name(),Chrono.dateOnlyStamp(expireRange.now),r.reportingLevel()); writerList.put(r.name(),cw); if("Delete".equals(r.name())) { deleteDate = r.getEnd(); + deleteCW = cw; } trans.init().log("Creating File:",file.getAbsolutePath()); } } } - + Approval.load(trans, session, Approval.v2_0_17); } finally { tt0.done(); } @@ -115,12 +116,33 @@ public class Expiring extends Batch { @Override protected void run(AuthzTrans trans) { + + //////////////////// + trans.info().log("Checking for Expired Futures"); + Future.load(trans, session, Future.v2_0_17, fut -> { + if(fut.expires().before(expireRange.now)) { + Future.row(deleteCW,fut); + List appls = Approval.byTicket.get(fut.id()); + if(appls!=null) { + for(Approval a : appls) { + Approval.row(deleteCW, a); + } + } + } + }); + try { - File file = new File(logDir, EXPIRED_OWNERS + Chrono.dateOnlyStamp(expireRange.now) + CSV); - final CSV ownerCSV = new CSV(file); + File file = new File(logDir(), EXPIRED_OWNERS + Chrono.dateOnlyStamp(expireRange.now) + CSV); + final CSV ownerCSV = new CSV(env.access(),file); Map> owners = new TreeMap>(); trans.info().log("Process UserRoles"); + + /** + Run through User Roles. + Owners are treated specially in next section. + Regular roles are checked against Date Ranges. If match Date Range, write out to appropriate file. + */ UserRole.load(trans, session, UserRole.v2_0_11, ur -> { // Cannot just delete owners, unless there is at least one left. Process later if ("owner".equals(ur.rname())) { @@ -135,11 +157,12 @@ public class Expiring extends Batch { } }); - // Now Process Owners, one owner Role at a time, ensuring one is left, - // preferably - // a good one. If so, process the others as normal. Otherwise, write - // ExpiredOwners - // report + /** + Now Process Owners, one owner Role at a time, ensuring one is left, + preferably a good one. If so, process the others as normal. + + Otherwise, write to ExpiredOwners Report + */ if (!owners.values().isEmpty()) { // Lazy Create file CSV.Writer expOwner = null; @@ -171,8 +194,12 @@ public class Expiring extends Batch { } } - trans.info().log("Checking for Expired Credentials"); - + /** + * Check for Expired Credentials + * + * + */ + trans.info().log("Checking for Expired Credentials"); for (Cred cred : Cred.data.values()) { List linst = cred.instances; if(linst!=null) { @@ -194,24 +221,34 @@ public class Expiring extends Batch { } } } - + + //////////////////// trans.info().log("Checking for Expired X509s"); - X509.load(trans, session, new Visitor() { - @Override - public void visit(X509 x509) { - try { - for(Certificate cert : Factory.toX509Certificate(x509.x509)) { - writeAnalysis(trans, x509, (X509Certificate)cert); - } - } catch (CertificateException | IOException e) { - trans.error().log(e, "Error Decrypting X509"); + X509.load(trans, session, x509 -> { + try { + for(Certificate cert : Factory.toX509Certificate(x509.x509)) { + writeAnalysis(trans, x509, (X509Certificate)cert); } - + } catch (CertificateException | IOException e) { + trans.error().log(e, "Error Decrypting X509"); } + }); + } catch (FileNotFoundException e) { trans.info().log(e); } + + //////////////////// + trans.info().log("Checking for Orphaned Approvals"); + Approval.load(trans, session, Approval.v2_0_17, appr -> { + UUID ticket = appr.add.ticket; + if(ticket==null) { + Approval.row(deleteCW,appr); + } + }); + + }