X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-cmd%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fcmd%2Fperm%2FCreate.java;h=c444722b32a34d68909538f251385deb358e4a41;hb=43ee275875f09ec439a2d0aa182c79773c63f018;hp=cc67456871ab698edfbe08ac15534b66088ad6c6;hpb=71037c39a37d3549dcfe31926832a657744fbe05;p=aaf%2Fauthz.git diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Create.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Create.java index cc674568..c444722b 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Create.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Create.java @@ -3,13 +3,14 @@ * org.onap.aaf * =========================================================================== * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2019 IBM. * =========================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -36,128 +37,129 @@ import aaf.v2_0.PermRequest; import aaf.v2_0.RoleRequest; /** - * + * * @author Jonathan * */ public class Create extends Cmd { - public Create(Perm parent) { - super(parent,"create", - new Param("type",true), - new Param("instance",true), - new Param("action", true), - new Param("role[,role]* (to Grant to)", false) - ); - } + public Create(Perm parent) { + super(parent,"create", + new Param("type",true), + new Param("instance",true), + new Param("action", true), + new Param("role[,role]* (to Grant to)", false) + ); + } + + @Override + public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException { + return same(new Retryable() { + @Override + public Integer code(Rcli client) throws CadiException, APIException { + int idx = index; + final PermRequest pr = new PermRequest(); + pr.setType(args[idx++]); + pr.setInstance(args[idx++]); + pr.setAction(args[idx++]); + String roleCommas = (args.length>idx)?args[idx++]:null; + String[] roles = roleCommas==null?null:roleCommas.split("\\s*,\\s*"); + boolean force = aafcli.forceString()!=null; + int rv; + + if (roles!=null && force) { // Make sure Roles are Created + RoleRequest rr = new RoleRequest(); + for (String role : roles) { + rr.setName(role);; + Future fr = client.create( + "/authz/role", + getDF(RoleRequest.class), + rr + ); + fr.get(AAFcli.timeout()); + switch(fr.code()){ + case 201: + pw().println("Created Role [" + role + ']'); + break; + case 409: + break; + default: + pw().println("Role [" + role + "] does not exist, and cannot be created."); + return 206 /*HttpStatus.PARTIAL_CONTENT_206*/; + } + } + } + + // Set Start/End commands + setStartEnd(pr); + setQueryParamsOn(client); + Future fp = client.create( + "/authz/perm", + getDF(PermRequest.class), + pr + ); + if (fp.get(AAFcli.timeout())) { + rv = fp.code(); + pw().println("Created Permission"); + if (roles!=null) { + if (aafcli.forceString()!=null) { // Make sure Roles are Created + RoleRequest rr = new RoleRequest(); + for (String role : roles) { + rr.setName(role);; + Future fr = client.create( + "/authz/role", + getDF(RoleRequest.class), + rr + ); + fr.get(AAFcli.timeout()); + switch(fr.code()){ + case 201: + case 409:break; + default: + + } + } + } - @Override - public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException { - return same(new Retryable() { - @Override - public Integer code(Rcli client) throws CadiException, APIException { - int idx = index; - final PermRequest pr = new PermRequest(); - pr.setType(args[idx++]); - pr.setInstance(args[idx++]); - pr.setAction(args[idx++]); - String roleCommas = (args.length>idx)?args[idx++]:null; - String[] roles = roleCommas==null?null:roleCommas.split("\\s*,\\s*"); - boolean force = aafcli.forceString()!=null; - int rv; - - if(roles!=null && force) { // Make sure Roles are Created - RoleRequest rr = new RoleRequest(); - for(String role : roles) { - rr.setName(role);; - Future fr = client.create( - "/authz/role", - getDF(RoleRequest.class), - rr - ); - fr.get(AAFcli.timeout()); - switch(fr.code()){ - case 201: - pw().println("Created Role [" + role + ']'); - break; - case 409: - break; - default: - pw().println("Role [" + role + "] does not exist, and cannot be created."); - return 206 /*HttpStatus.PARTIAL_CONTENT_206*/; - } - } - } + try { + if (201!=(rv=((Perm)parent)._exec(0, + new String[] {"grant",pr.getType(),pr.getInstance(),pr.getAction(),roleCommas}))) { + rv = 206 /*HttpStatus.PARTIAL_CONTENT_206*/; + } + } catch (LocatorException e) { + throw new CadiException(e); + } + } + } else { + rv = fp.code(); + if (rv==409 && force) { + rv = 201; + } else if (rv==202) { + pw().println("Permission Creation Accepted, but requires Approvals before actualizing"); + if (roles!=null) + pw().println("You need to grant the roles after approval."); + } else { + error(fp); + } + } + return rv; + } + }); + } - // Set Start/End commands - setStartEnd(pr); - setQueryParamsOn(client); - Future fp = client.create( - "/authz/perm", - getDF(PermRequest.class), - pr - ); - if(fp.get(AAFcli.timeout())) { - rv = fp.code(); - pw().println("Created Permission"); - if(roles!=null) { - if(aafcli.forceString()!=null) { // Make sure Roles are Created - RoleRequest rr = new RoleRequest(); - for(String role : roles) { - rr.setName(role);; - Future fr = client.create( - "/authz/role", - getDF(RoleRequest.class), - rr - ); - fr.get(AAFcli.timeout()); - switch(fr.code()){ - case 201: - case 409:break; - default: - - } - } - } - - try { - if(201!=(rv=((Perm)parent)._exec(0, - new String[] {"grant",pr.getType(),pr.getInstance(),pr.getAction(),roleCommas}))) { - rv = 206 /*HttpStatus.PARTIAL_CONTENT_206*/; - } - } catch (LocatorException e) { - throw new CadiException(e); - } - } - } else { - rv = fp.code(); - if(rv==409 && force) { - rv = 201; - } else if(rv==202) { - pw().println("Permission Creation Accepted, but requires Approvals before actualizing"); - if (roles!=null) - pw().println("You need to grant the roles after approval."); - } else { - error(fp); - } - } - return rv; - } - }); - } - - @Override - public void detailedHelp(int _indent, StringBuilder sb) { - int indent = _indent; - detailLine(sb,indent,"Create a Permission with:"); - detailLine(sb,indent+=2,"type - A Namespace qualified identifier identifying the kind of"); - detailLine(sb,indent+11,"resource to be protected"); - detailLine(sb,indent,"instance - A name that distinguishes a particular instance of resource"); - detailLine(sb,indent,"action - What kind of action is allowed"); - detailLine(sb,indent,"role(s) - Perms granted to these Comma separated Role(s)"); - detailLine(sb,indent+11,"Nonexistent role(s) will be created, if in same namespace"); - sb.append('\n'); - detailLine(sb,indent+2,"Note: Instance and Action can be a an '*' (enter \\\\* on Unix Shell)"); - api(sb,indent,HttpMethods.POST,"authz/perm",PermRequest.class,true); - } + @Override + public void detailedHelp(int _indent, StringBuilder sb) { + int indent = _indent; + detailLine(sb,indent,"Create a Permission with:"); + indent=indent+2; + detailLine(sb,indent,"type - A Namespace qualified identifier identifying the kind of"); + detailLine(sb,indent+11,"resource to be protected"); + detailLine(sb,indent,"instance - A name that distinguishes a particular instance of resource"); + detailLine(sb,indent,"action - What kind of action is allowed"); + detailLine(sb,indent,"role(s) - Perms granted to these Comma separated Role(s)"); + detailLine(sb,indent+11,"Nonexistent role(s) will be created, if in same namespace"); + sb.append('\n'); + detailLine(sb,indent+2,"Note: Instance and Action can be a an '*' (enter \\\\* on Unix Shell)"); + api(sb,indent,HttpMethods.POST,"authz/perm",PermRequest.class,true); + } }