X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=dmaap-bc%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdbcapi%2Fauthentication%2FApiPerms.java;fp=dmaap-bc%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdbcapi%2Fauthentication%2FApiPerms.java;h=b082102a6114d3490ccfb7b429be1b8c43a113e1;hb=71d3d0925874247de5e657821638b1c08360f571;hp=0000000000000000000000000000000000000000;hpb=20221353bdb213a1f143a132d819d4e0810e3794;p=dmaap%2Fbuscontroller.git diff --git a/dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java b/dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java new file mode 100644 index 0000000..b082102 --- /dev/null +++ b/dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java @@ -0,0 +1,180 @@ +/*- + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * + * Modifications Copyright (C) 2018 IBM. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.dmaap.dbcapi.authentication; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; + +import org.onap.dmaap.dbcapi.aaf.AafService; +import org.onap.dmaap.dbcapi.aaf.AafServiceFactory; +import org.onap.dmaap.dbcapi.aaf.DmaapGrant; +import org.onap.dmaap.dbcapi.aaf.DmaapPerm; +import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType; +import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; +import org.onap.dmaap.dbcapi.logging.DmaapbcLogMessageEnum; +import org.onap.dmaap.dbcapi.model.Dmaap; +import org.onap.dmaap.dbcapi.service.DmaapService; +import org.onap.dmaap.dbcapi.util.DmaapConfig; + +public class ApiPerms extends BaseLoggingClass { + static String topic = "topics"; + static String mrClusters = "mr_clusters"; + static String mrClients = "mr_clients"; + static String feed = "feeds"; + static String drSubs = "dr_subs"; + static String drPubs = "dr_pubs"; + static String drNodes = "dr_nodes"; + static String dcaeLocations = "dcaeLocations"; + static String inventory = "Inventory"; + static String portalUser = "PortalUser"; + static String orchestrator = "Orchestrator"; + static String delete = "DELETE"; + static String dmaap = "dmaap"; + static String controller = "Controller"; + + private static class PermissionMap { + static final EELFLogger logger = EELFManager.getInstance().getLogger( PermissionMap.class ); + static final EELFLogger errorLogger = EELFManager.getInstance().getErrorLogger(); + String uri; + String action; + String[] roles; + + private PermissionMap( String u, String a, String[] r ) { + this.setUri(u); + this.setAction(a); + this.setRoles(r); + } + + public String getUri() { + return uri; + } + public void setUri(String uri) { + this.uri = uri; + } + public String getAction() { + return action; + } + public void setAction(String action) { + this.action = action; + } + + public String[] getRoles() { + return roles; + } + public void setRoles(String[] roles) { + this.roles = roles; + } + + public static void initMap( PermissionMap[] pmap, String instance ) { + + DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig(); + String api = p.getProperty("ApiNamespace", "apiNamespace.not.set"); + + AafService aaf = new AafServiceFactory().initAafService(ServiceType.AAF_Admin); + + for ( int i = 0; i < pmap.length ; i++ ) { + String uri = new String( api + "." + pmap[i].getUri()); + DmaapPerm perm = new DmaapPerm( uri, instance, pmap[i].getAction() ); + int rc = aaf.addPerm( perm ); + if ( rc != 201 && rc != 409 ) { + errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE, Integer.toString(rc), "add perm", perm.toString() ); + + } + for( String r: pmap[i].getRoles()) { + String fr = new String( api + "." + r ); + logger.debug( "i:" + i + " granting perm " + perm.toString()+ " to role=" + fr ); + DmaapGrant grant = new DmaapGrant( perm, fr ); + rc = aaf.addGrant( grant ); + if ( rc != 201 && rc != 409 ) { + errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE, Integer.toString(rc), "grant perm", perm.toString() ); + } + } + + } + } + } + + static PermissionMap[] bootMap = { + new PermissionMap( dmaap, "GET", new String[] { controller }), + new PermissionMap( dmaap, "POST", new String[] { controller }), + new PermissionMap( dmaap, "PUT", new String[] { controller }), + new PermissionMap( dmaap, delete, new String[] { controller }) + + }; + + static PermissionMap[] envMap = { + new PermissionMap( dmaap, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }), + new PermissionMap( dmaap, "POST", new String[] { controller } ), + new PermissionMap( dmaap, "PUT", new String[] { controller }), + new PermissionMap( dmaap, delete, new String[] { controller }), + new PermissionMap( "bridge", "GET", new String[] { "Metrics" }), + //new PermissionMap( "bridge", "POST", new String[] { "Metrics" } ), + //new PermissionMap( "bridge", "PUT", new String[] { "Metrics" }), + //new PermissionMap( "bridge", delete, new String[] { "Metrics" }), + new PermissionMap( dcaeLocations, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }), + new PermissionMap( dcaeLocations, "POST", new String[] { controller } ), + new PermissionMap( dcaeLocations, "PUT", new String[] { controller }), + new PermissionMap( dcaeLocations, delete, new String[] { controller }), + new PermissionMap( drNodes, "GET", new String[] { controller, orchestrator, inventory, portalUser }), + new PermissionMap( drNodes, "POST", new String[] { controller } ), + new PermissionMap( drNodes, "PUT", new String[] { controller }), + new PermissionMap( drNodes, delete, new String[] { controller }), + new PermissionMap( drPubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }), + new PermissionMap( drPubs, "POST", new String[] { controller, orchestrator,portalUser } ), + new PermissionMap( drPubs, "PUT", new String[] { controller, orchestrator,portalUser }), + new PermissionMap( drPubs, delete, new String[] { controller, orchestrator,portalUser }), + new PermissionMap( drSubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }), + new PermissionMap( drSubs, "POST", new String[] { controller, orchestrator,portalUser } ), + new PermissionMap( drSubs, "PUT", new String[] { controller, orchestrator,portalUser }), + new PermissionMap( drSubs, delete, new String[] { controller, orchestrator,portalUser }), + new PermissionMap( feed, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }), + new PermissionMap( feed, "POST", new String[] { controller, orchestrator,portalUser } ), + new PermissionMap( feed, "PUT", new String[] { controller, orchestrator, portalUser }), + new PermissionMap( feed, delete, new String[] { controller, portalUser }), + new PermissionMap( mrClients, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }), + new PermissionMap( mrClients, "POST", new String[] { controller,orchestrator, portalUser } ), + new PermissionMap( mrClients, "PUT", new String[] { controller, orchestrator,portalUser }), + new PermissionMap( mrClients, delete, new String[] { controller,orchestrator, portalUser }), + new PermissionMap( mrClusters, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }), + new PermissionMap( mrClusters, "POST", new String[] { controller } ), + new PermissionMap( mrClusters, "PUT", new String[] { controller }), + new PermissionMap( mrClusters, delete, new String[] { controller }), + new PermissionMap( topic, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }), + new PermissionMap( topic, "POST", new String[] { controller, orchestrator } ), + new PermissionMap( topic, "PUT", new String[] { controller, orchestrator }), + new PermissionMap( topic, delete, new String[] { controller, orchestrator }) + }; + + public void setBootMap() { + String instance = "boot"; + PermissionMap.initMap( bootMap, instance ); + } + + public void setEnvMap() { + Dmaap dmaapVar = new DmaapService().getDmaap(); + String dmaapName = dmaapVar.getDmaapName(); + PermissionMap.initMap( envMap, dmaapName ); + } + + +}