X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-batch%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fupdate%2FNotifyCredExpiring.java;h=ab386c5667cf0a7b016d727004a31c07dc0973fb;hb=4b5a7d721d994a49057e9bfb403c7bff1b376660;hp=fe8f16d9da06cc261ac4680554317e5d6fcddbd0;hpb=824dc7b5fc0e1ccdf7f460479aff344727f0f01e;p=aaf%2Fauthz.git diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/update/NotifyCredExpiring.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/update/NotifyCredExpiring.java index fe8f16d9..ab386c56 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/update/NotifyCredExpiring.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/update/NotifyCredExpiring.java @@ -61,261 +61,261 @@ import java.util.TreeMap; public class NotifyCredExpiring extends Batch { - private static final String UNKNOWN_ID = "unknown@deprecated.id"; - private static final String AAF_INSTANTIATED_MECHID = "AAF INSTANTIATED MECHID"; - private static final String EXPIRATION_DATE = "EXPIRATION DATE"; - private static final String QUICK_LINK = "QUICK LINK TO UPDATE PAGE"; - private static final String DASH_1 = "-----------------------"; - private static final String DASH_2 = "---------------"; - private static final String DASH_3 = "----------------------------------------------------"; - private static final String LINE = "\n----------------------------------------------------------------"; - private Email email; - private int maxEmails; - private final PrintStream ps; - private final AuthzTrans noAvg; - private String supportEmailAddr; + private static final String UNKNOWN_ID = "unknown@deprecated.id"; + private static final String AAF_INSTANTIATED_MECHID = "AAF INSTANTIATED MECHID"; + private static final String EXPIRATION_DATE = "EXPIRATION DATE"; + private static final String QUICK_LINK = "QUICK LINK TO UPDATE PAGE"; + private static final String DASH_1 = "-----------------------"; + private static final String DASH_2 = "---------------"; + private static final String DASH_3 = "----------------------------------------------------"; + private static final String LINE = "\n----------------------------------------------------------------"; + private Email email; + private int maxEmails; + private final PrintStream ps; + private final AuthzTrans noAvg; + private String supportEmailAddr; - public NotifyCredExpiring(AuthzTrans trans) throws APIException, IOException, OrganizationException { - super(trans.env()); - TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE); - try { - session = cluster.connect(); - } finally { - tt.done(); - } - - noAvg = env.newTransNoAvg(); - noAvg.setUser(new BatchPrincipal("batch:NotifyCredExpiring")); - - if((supportEmailAddr = env.getProperty("mailFromUserId"))==null) { - throw new APIException("mailFromUserId property must be set"); - } - if(isDryRun()) { - email = new EmailPrint(); - maxEmails=3; - maxEmails = Integer.parseInt(trans.getProperty("MAX_EMAILS","3")); - } else { - email = new Email(); - maxEmails = Integer.parseInt(trans.getProperty("MAX_EMAILS","3")); - } - - email.subject("AAF Password Expiration Notification (ENV: %s)",batchEnv); - email.preamble("AAF (MOTS 22830) is the AT&T Authorization System used by many AT&T Tools and Applications.\n\n" + - " The following Credentials are expiring on the dates shown. Failure to act before the expiration date " - + "will cause your App's Authentications to fail.\n"); - email.signature("Sincerely,\nAAF Team (Our MOTS# 22830)\n" - + "https://wiki.web.att.com/display/aaf/Contact+Us\n" - + "(Use 'Other Misc Requests (TOPS)')"); + public NotifyCredExpiring(AuthzTrans trans) throws APIException, IOException, OrganizationException { + super(trans.env()); + TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE); + try { + session = cluster.connect(); + } finally { + tt.done(); + } + + noAvg = env.newTransNoAvg(); + noAvg.setUser(new BatchPrincipal("batch:NotifyCredExpiring")); + + if((supportEmailAddr = env.getProperty("mailFromUserId"))==null) { + throw new APIException("mailFromUserId property must be set"); + } + if(isDryRun()) { + email = new EmailPrint(); + maxEmails=3; + maxEmails = Integer.parseInt(trans.getProperty("MAX_EMAILS","3")); + } else { + email = new Email(); + maxEmails = Integer.parseInt(trans.getProperty("MAX_EMAILS","3")); + } + + email.subject("AAF Password Expiration Notification (ENV: %s)",batchEnv); + email.preamble("AAF (MOTS 22830) is the AT&T Authorization System used by many AT&T Tools and Applications.\n\n" + + " The following Credentials are expiring on the dates shown. Failure to act before the expiration date " + + "will cause your App's Authentications to fail.\n"); + email.signature("Sincerely,\nAAF Team (Our MOTS# 22830)\n" + + "https://wiki.web.att.com/display/aaf/Contact+Us\n" + + "(Use 'Other Misc Requests (TOPS)')"); - Cred.load(trans, session,CredDAO.BASIC_AUTH, CredDAO.BASIC_AUTH_SHA256); - Notification.load(trans, session, Notification.v2_0_18); - UserRole.load(trans, session, UserRole.v2_0_11); - - ps = new PrintStream(new FileOutputStream(logDir() + "/email"+Chrono.dateOnlyStamp()+".log",true)); - ps.printf("### Approval Notify %s for %s%s\n",Chrono.dateTime(),batchEnv,dryRun?", DryRun":""); - } - - @Override - protected void run(AuthzTrans trans) { - - EmailWarnings ewp = org.emailWarningPolicy(); - long now = System.currentTimeMillis(); - Date early = new Date(now+(ewp.credExpirationWarning()*2)); // 2 months back - Date must = new Date(now+ewp.credExpirationWarning()); // 1 months back - Date critical = new Date(now+ewp.emailUrgentWarning()); // 1 week - Date within2Weeks = new Date(now+604800000 * 2); - Date withinLastWeek = new Date(now-604800000); - Date tooLate = new Date(now); - - // Temp structures - Map lastCred = new HashMap<>(); - Map> ownerCreds = new TreeMap<>(); - Date last; - + Cred.load(trans, session,CredDAO.BASIC_AUTH, CredDAO.BASIC_AUTH_SHA256); + Notification.load(trans, session, Notification.v2_0_18); + UserRole.load(trans, session, UserRole.v2_0_11); + + ps = new PrintStream(new FileOutputStream(logDir() + "/email"+Chrono.dateOnlyStamp()+".log",true)); + ps.printf("### Approval Notify %s for %s%s\n",Chrono.dateTime(),batchEnv,dryRun?", DryRun":""); + } + + @Override + protected void run(AuthzTrans trans) { + + EmailWarnings ewp = org.emailWarningPolicy(); + long now = System.currentTimeMillis(); + Date early = new Date(now+(ewp.credExpirationWarning()*2)); // 2 months back + Date must = new Date(now+ewp.credExpirationWarning()); // 1 months back + Date critical = new Date(now+ewp.emailUrgentWarning()); // 1 week + Date within2Weeks = new Date(now+604800000 * 2); + Date withinLastWeek = new Date(now-604800000); + Date tooLate = new Date(now); + + // Temp structures + Map lastCred = new HashMap<>(); + Map> ownerCreds = new TreeMap<>(); + Date last; + - List noOwner = new ArrayList<>(); - ownerCreds.put(UNKNOWN_ID,noOwner); + List noOwner = new ArrayList<>(); + ownerCreds.put(UNKNOWN_ID,noOwner); - // Get a list of ONLY the ones needing email by Owner - for(Entry> es : Cred.byNS.entrySet()) { - lastCred.clear(); - for(Cred c : es.getValue()) { - last = c.last(CredDAO.BASIC_AUTH,CredDAO.BASIC_AUTH_SHA256); - if(last!=null && last.after(tooLate) && last.before(early)) { - List ownerURList = UserRole.getByRole().get(es.getKey()+".owner"); - if(ownerURList!=null) { - for(UserRole ur:ownerURList) { - String owner = ur.user(); - List llc = ownerCreds.get(owner); - if(llc==null) { - ownerCreds.put(owner, (llc=new ArrayList<>())); - } - llc.add(new LastCred(c,last)); - } - } else { - noOwner.add(new LastCred(c,last)); - } - } - } - } - - boolean bCritical,bNormal,bEarly; - int emailCount=0; - Message msg = new Message(); - Notification ownNotf; - StringBuilder logMessage = new StringBuilder(); - for(Entry> es : ownerCreds.entrySet()) { - String owner = es.getKey(); - boolean header = true; - try { - Organization org = OrganizationFactory.obtain(env, owner); - Identity user = org.getIdentity(noAvg, owner); - if(!UNKNOWN_ID.equals(owner) && user==null) { - ps.printf("Invalid Identity: %s\n", owner); - } else { - logMessage.setLength(0); - if(maxEmails>emailCount) { - bCritical=bNormal=bEarly = false; - email.clear(); - msg.clear(); - email.addTo(user==null?supportEmailAddr:user.email()); + // Get a list of ONLY the ones needing email by Owner + for(Entry> es : Cred.byNS.entrySet()) { + lastCred.clear(); + for(Cred c : es.getValue()) { + last = c.last(CredDAO.BASIC_AUTH,CredDAO.BASIC_AUTH_SHA256); + if(last!=null && last.after(tooLate) && last.before(early)) { + List ownerURList = UserRole.getByRole().get(es.getKey()+".owner"); + if(ownerURList!=null) { + for(UserRole ur:ownerURList) { + String owner = ur.user(); + List llc = ownerCreds.get(owner); + if(llc==null) { + ownerCreds.put(owner, (llc=new ArrayList<>())); + } + llc.add(new LastCred(c,last)); + } + } else { + noOwner.add(new LastCred(c,last)); + } + } + } + } + + boolean bCritical,bNormal,bEarly; + int emailCount=0; + Message msg = new Message(); + Notification ownNotf; + StringBuilder logMessage = new StringBuilder(); + for(Entry> es : ownerCreds.entrySet()) { + String owner = es.getKey(); + boolean header = true; + try { + Organization org = OrganizationFactory.obtain(env, owner); + Identity user = org.getIdentity(noAvg, owner); + if(!UNKNOWN_ID.equals(owner) && user==null) { + ps.printf("Invalid Identity: %s\n", owner); + } else { + logMessage.setLength(0); + if(maxEmails>emailCount) { + bCritical=bNormal=bEarly = false; + email.clear(); + msg.clear(); + email.addTo(user==null?supportEmailAddr:user.email()); - ownNotf = Notification.get(es.getKey(),TYPE.CN); - if(ownNotf==null) { - ownNotf = Notification.create(user==null?UNKNOWN_ID:user.fullID(), TYPE.CN); - } - last = ownNotf.last; - // Get Max ID size for formatting purposes - int length = AAF_INSTANTIATED_MECHID.length(); - for(LastCred lc : es.getValue()) { - length = Math.max(length, lc.cred.id.length()); - } - String id_exp_fmt = "\t%-"+length+"s %15s %s"; + ownNotf = Notification.get(es.getKey(),TYPE.CN); + if(ownNotf==null) { + ownNotf = Notification.create(user==null?UNKNOWN_ID:user.fullID(), TYPE.CN); + } + last = ownNotf.last; + // Get Max ID size for formatting purposes + int length = AAF_INSTANTIATED_MECHID.length(); + for(LastCred lc : es.getValue()) { + length = Math.max(length, lc.cred.id.length()); + } + String id_exp_fmt = "\t%-"+length+"s %15s %s"; - Collections.sort(es.getValue(),LastCred.COMPARE); - for(LastCred lc : es.getValue()) { - if(lc.last.after(must) && lc.last.before(early) && - (ownNotf.last==null || ownNotf.last.before(withinLastWeek))) { - if(!bEarly && header) { - msg.line("\tThe following are friendly 2 month reminders, just in case you need to schedule your updates early. " - + "You will be reminded next month\n"); - msg.line(id_exp_fmt, AAF_INSTANTIATED_MECHID,EXPIRATION_DATE, QUICK_LINK); - msg.line(id_exp_fmt, DASH_1, DASH_2, DASH_3); - header = false; - } - bEarly = true; - } else if(lc.last.after(critical) && lc.last.before(must) && - (ownNotf.last==null || ownNotf.last.before(withinLastWeek))) { - if(!bNormal) { - boolean last2wks = lc.last.before(within2Weeks); - if(last2wks) { - try { - Identity supvsr = user.responsibleTo(); - email.addCC(supvsr.email()); - } catch(OrganizationException e) { - trans.error().log(e, "Supervisor cannot be looked up"); - } - } - if(header) { - msg.line("\tIt is now important for you to update Passwords all all configurations using them for the following.\n" + - (last2wks?"\tNote: Your Supervisor is CCd\n":"\tNote: Your Supervisor will be notified if this is not being done before the last 2 weeks\n")); - msg.line(id_exp_fmt, AAF_INSTANTIATED_MECHID,EXPIRATION_DATE, QUICK_LINK); - msg.line(id_exp_fmt, DASH_1, DASH_2, DASH_3); - } - header = false; - } - bNormal=true; - } else if(lc.last.after(tooLate) && lc.last.before(critical)) { // Email Every Day, with Supervisor - if(!bCritical && header) { - msg.line("\t!!! WARNING: These Credentials will expire in LESS THAN ONE WEEK !!!!\n" + - "\tYour supervisor is added to this Email\n"); - msg.line(id_exp_fmt, AAF_INSTANTIATED_MECHID,EXPIRATION_DATE, QUICK_LINK); - msg.line(id_exp_fmt, DASH_1, DASH_2, DASH_3); - header = false; - } - bCritical = true; - try { - if(user!=null) { - Identity supvsr = user.responsibleTo(); - if(supvsr!=null) { - email.addCC(supvsr.email()); - supvsr = supvsr.responsibleTo(); - if(supvsr!=null) { - email.addCC(supvsr.email()); - } - } - } - } catch(OrganizationException e) { - trans.error().log(e, "Supervisor cannot be looked up"); - } - } - if(bEarly || bNormal || bCritical) { - if(logMessage.length()==0) { - logMessage.append("NotifyCredExpiring"); - } - logMessage.append("\n\t"); - logMessage.append(lc.cred.id); - logMessage.append('\t'); - logMessage.append(Chrono.dateOnlyStamp(lc.last)); - msg.line(id_exp_fmt, lc.cred.id, Chrono.dateOnlyStamp(lc.last)+" ",env.getProperty(GUI_URL)+"/creddetail?ns="+Question.domain2ns(lc.cred.id)); - } - } - - if(bEarly || bNormal || bCritical) { - msg.line(LINE); - msg.line("Why are you receiving this Notification?\n"); - msg.line("You are the listed owner of one or more AAF Namespaces. ASPR requires that those responsible for " - + "applications and their access review them regularly for accuracy. The AAF WIKI page for AT&T is https://wiki.web.att.com/display/aaf. " - + "You might like https://wiki.web.att.com/display/aaf/AAF+in+a+Nutshell. More detailed info regarding questions of being a Namespace Owner is available at https://wiki.web.att.com/pages/viewpage.action?pageId=594741363\n"); - msg.line("You may view the Namespaces you listed as Owner for in this AAF Env by viewing the following webpage:\n"); - msg.line(" %s/ns\n\n",env.getProperty(GUI_URL)); - email.msg(msg); - Result rv = email.exec(trans, org,""); - if(rv.isOK()) { - ++emailCount; - if(!isDryRun()) { - ownNotf.update(noAvg, session, false); - // SET LastNotification - } - email.log(ps,logMessage.toString()); - } else { - trans.error().log(rv.errorString()); - } - } - } - } - } catch (OrganizationException e) { - trans.info().log(e); - } - } - trans.info().printf("%d emails sent for %s", emailCount,batchEnv); - } - - private static class LastCred { - public Cred cred; - public Date last; - - public LastCred(Cred cred, Date last) { - this.cred = cred; - this.last = last; - } - - // Reverse Sort (Oldest on top) - public static Comparator COMPARE = new Comparator() { - @Override - public int compare(LastCred o1, LastCred o2) { - return o2.last.compareTo(o1.last); - } - }; - - public String toString() { - return Chrono.dateTime(last) + cred.toString(); - } - } - - @Override - protected void _close(AuthzTrans trans) { - session.close(); - ps.close(); - } + Collections.sort(es.getValue(),LastCred.COMPARE); + for(LastCred lc : es.getValue()) { + if(lc.last.after(must) && lc.last.before(early) && + (ownNotf.last==null || ownNotf.last.before(withinLastWeek))) { + if(!bEarly && header) { + msg.line("\tThe following are friendly 2 month reminders, just in case you need to schedule your updates early. " + + "You will be reminded next month\n"); + msg.line(id_exp_fmt, AAF_INSTANTIATED_MECHID,EXPIRATION_DATE, QUICK_LINK); + msg.line(id_exp_fmt, DASH_1, DASH_2, DASH_3); + header = false; + } + bEarly = true; + } else if(lc.last.after(critical) && lc.last.before(must) && + (ownNotf.last==null || ownNotf.last.before(withinLastWeek))) { + if(!bNormal) { + boolean last2wks = lc.last.before(within2Weeks); + if(last2wks) { + try { + Identity supvsr = user.responsibleTo(); + email.addCC(supvsr.email()); + } catch(OrganizationException e) { + trans.error().log(e, "Supervisor cannot be looked up"); + } + } + if(header) { + msg.line("\tIt is now important for you to update Passwords all all configurations using them for the following.\n" + + (last2wks?"\tNote: Your Supervisor is CCd\n":"\tNote: Your Supervisor will be notified if this is not being done before the last 2 weeks\n")); + msg.line(id_exp_fmt, AAF_INSTANTIATED_MECHID,EXPIRATION_DATE, QUICK_LINK); + msg.line(id_exp_fmt, DASH_1, DASH_2, DASH_3); + } + header = false; + } + bNormal=true; + } else if(lc.last.after(tooLate) && lc.last.before(critical)) { // Email Every Day, with Supervisor + if(!bCritical && header) { + msg.line("\t!!! WARNING: These Credentials will expire in LESS THAN ONE WEEK !!!!\n" + + "\tYour supervisor is added to this Email\n"); + msg.line(id_exp_fmt, AAF_INSTANTIATED_MECHID,EXPIRATION_DATE, QUICK_LINK); + msg.line(id_exp_fmt, DASH_1, DASH_2, DASH_3); + header = false; + } + bCritical = true; + try { + if(user!=null) { + Identity supvsr = user.responsibleTo(); + if(supvsr!=null) { + email.addCC(supvsr.email()); + supvsr = supvsr.responsibleTo(); + if(supvsr!=null) { + email.addCC(supvsr.email()); + } + } + } + } catch(OrganizationException e) { + trans.error().log(e, "Supervisor cannot be looked up"); + } + } + if(bEarly || bNormal || bCritical) { + if(logMessage.length()==0) { + logMessage.append("NotifyCredExpiring"); + } + logMessage.append("\n\t"); + logMessage.append(lc.cred.id); + logMessage.append('\t'); + logMessage.append(Chrono.dateOnlyStamp(lc.last)); + msg.line(id_exp_fmt, lc.cred.id, Chrono.dateOnlyStamp(lc.last)+" ",env.getProperty(GUI_URL)+"/creddetail?ns="+Question.domain2ns(lc.cred.id)); + } + } + + if(bEarly || bNormal || bCritical) { + msg.line(LINE); + msg.line("Why are you receiving this Notification?\n"); + msg.line("You are the listed owner of one or more AAF Namespaces. ASPR requires that those responsible for " + + "applications and their access review them regularly for accuracy. The AAF WIKI page for AT&T is https://wiki.web.att.com/display/aaf. " + + "You might like https://wiki.web.att.com/display/aaf/AAF+in+a+Nutshell. More detailed info regarding questions of being a Namespace Owner is available at https://wiki.web.att.com/pages/viewpage.action?pageId=594741363\n"); + msg.line("You may view the Namespaces you listed as Owner for in this AAF Env by viewing the following webpage:\n"); + msg.line(" %s/ns\n\n",env.getProperty(GUI_URL)); + email.msg(msg); + Result rv = email.exec(trans, org,""); + if(rv.isOK()) { + ++emailCount; + if(!isDryRun()) { + ownNotf.update(noAvg, session, false); + // SET LastNotification + } + email.log(ps,logMessage.toString()); + } else { + trans.error().log(rv.errorString()); + } + } + } + } + } catch (OrganizationException e) { + trans.info().log(e); + } + } + trans.info().printf("%d emails sent for %s", emailCount,batchEnv); + } + + private static class LastCred { + public Cred cred; + public Date last; + + public LastCred(Cred cred, Date last) { + this.cred = cred; + this.last = last; + } + + // Reverse Sort (Oldest on top) + public static Comparator COMPARE = new Comparator() { + @Override + public int compare(LastCred o1, LastCred o2) { + return o2.last.compareTo(o1.last); + } + }; + + public String toString() { + return Chrono.dateTime(last) + cred.toString(); + } + } + + @Override + protected void _close(AuthzTrans trans) { + session.close(); + ps.close(); + } }