X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdbcapi%2Fauthentication%2FApiPerms.java;h=b082102a6114d3490ccfb7b429be1b8c43a113e1;hb=c52d9c91d54f7e8b0500cebba00255b3e6b08c13;hp=674993295f050a5f2f22ec8b5b3a5af07dd08c18;hpb=0bff051a842b164b680bc938f4a56db435dd5841;p=dmaap%2Fdbcapi.git diff --git a/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java b/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java index 6749932..b082102 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java +++ b/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java @@ -3,6 +3,8 @@ * org.onap.dmaap * ================================================================================ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * + * Modifications Copyright (C) 2018 IBM. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,6 +26,7 @@ import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import org.onap.dmaap.dbcapi.aaf.AafService; +import org.onap.dmaap.dbcapi.aaf.AafServiceFactory; import org.onap.dmaap.dbcapi.aaf.DmaapGrant; import org.onap.dmaap.dbcapi.aaf.DmaapPerm; import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType; @@ -34,6 +37,20 @@ import org.onap.dmaap.dbcapi.service.DmaapService; import org.onap.dmaap.dbcapi.util.DmaapConfig; public class ApiPerms extends BaseLoggingClass { + static String topic = "topics"; + static String mrClusters = "mr_clusters"; + static String mrClients = "mr_clients"; + static String feed = "feeds"; + static String drSubs = "dr_subs"; + static String drPubs = "dr_pubs"; + static String drNodes = "dr_nodes"; + static String dcaeLocations = "dcaeLocations"; + static String inventory = "Inventory"; + static String portalUser = "PortalUser"; + static String orchestrator = "Orchestrator"; + static String delete = "DELETE"; + static String dmaap = "dmaap"; + static String controller = "Controller"; private static class PermissionMap { static final EELFLogger logger = EELFManager.getInstance().getLogger( PermissionMap.class ); @@ -42,6 +59,12 @@ public class ApiPerms extends BaseLoggingClass { String action; String[] roles; + private PermissionMap( String u, String a, String[] r ) { + this.setUri(u); + this.setAction(a); + this.setRoles(r); + } + public String getUri() { return uri; } @@ -62,22 +85,12 @@ public class ApiPerms extends BaseLoggingClass { this.roles = roles; } - private PermissionMap( String u, String a, String[] r ) { - this.setUri(u); - this.setAction(a); - this.setRoles(r); - } - - static public void initMap( PermissionMap[] pmap, String instance ) { + public static void initMap( PermissionMap[] pmap, String instance ) { DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig(); String api = p.getProperty("ApiNamespace", "apiNamespace.not.set"); - - // this is needed because PE AAF may be a different instance than AAF used by MR - String peEnv = p.getProperty("PeAafEnvironment", "notSet"); - String url = p.getProperty( new String( "PeAafUrl." + peEnv ), "URL.not.set" ); - logger.info( "PeAafEnvironment=" + peEnv + " using URL " + url); - AafService aaf = new AafService(ServiceType.AAF_Admin, url ); + + AafService aaf = new AafServiceFactory().initAafService(ServiceType.AAF_Admin); for ( int i = 0; i < pmap.length ; i++ ) { String uri = new String( api + "." + pmap[i].getUri()); @@ -102,54 +115,54 @@ public class ApiPerms extends BaseLoggingClass { } static PermissionMap[] bootMap = { - new PermissionMap( "dmaap", "GET", new String[] { "Controller" }), - new PermissionMap( "dmaap", "POST", new String[] { "Controller" }), - new PermissionMap( "dmaap", "PUT", new String[] { "Controller" }), - new PermissionMap( "dmaap", "DELETE", new String[] { "Controller" }) + new PermissionMap( dmaap, "GET", new String[] { controller }), + new PermissionMap( dmaap, "POST", new String[] { controller }), + new PermissionMap( dmaap, "PUT", new String[] { controller }), + new PermissionMap( dmaap, delete, new String[] { controller }) }; static PermissionMap[] envMap = { - new PermissionMap( "dmaap", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }), - new PermissionMap( "dmaap", "POST", new String[] { "Controller" } ), - new PermissionMap( "dmaap", "PUT", new String[] { "Controller" }), - new PermissionMap( "dmaap", "DELETE", new String[] { "Controller" }), + new PermissionMap( dmaap, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }), + new PermissionMap( dmaap, "POST", new String[] { controller } ), + new PermissionMap( dmaap, "PUT", new String[] { controller }), + new PermissionMap( dmaap, delete, new String[] { controller }), new PermissionMap( "bridge", "GET", new String[] { "Metrics" }), //new PermissionMap( "bridge", "POST", new String[] { "Metrics" } ), //new PermissionMap( "bridge", "PUT", new String[] { "Metrics" }), - //new PermissionMap( "bridge", "DELETE", new String[] { "Metrics" }), - new PermissionMap( "dcaeLocations", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }), - new PermissionMap( "dcaeLocations", "POST", new String[] { "Controller" } ), - new PermissionMap( "dcaeLocations", "PUT", new String[] { "Controller" }), - new PermissionMap( "dcaeLocations", "DELETE", new String[] { "Controller" }), - new PermissionMap( "dr_nodes", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "PortalUser" }), - new PermissionMap( "dr_nodes", "POST", new String[] { "Controller" } ), - new PermissionMap( "dr_nodes", "PUT", new String[] { "Controller" }), - new PermissionMap( "dr_nodes", "DELETE", new String[] { "Controller" }), - new PermissionMap( "dr_pubs", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }), - new PermissionMap( "dr_pubs", "POST", new String[] { "Controller", "Orchestrator","PortalUser" } ), - new PermissionMap( "dr_pubs", "PUT", new String[] { "Controller", "Orchestrator","PortalUser" }), - new PermissionMap( "dr_pubs", "DELETE", new String[] { "Controller", "Orchestrator","PortalUser" }), - new PermissionMap( "dr_subs", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }), - new PermissionMap( "dr_subs", "POST", new String[] { "Controller", "Orchestrator","PortalUser" } ), - new PermissionMap( "dr_subs", "PUT", new String[] { "Controller", "Orchestrator","PortalUser" }), - new PermissionMap( "dr_subs", "DELETE", new String[] { "Controller", "Orchestrator","PortalUser" }), - new PermissionMap( "feeds", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }), - new PermissionMap( "feeds", "POST", new String[] { "Controller", "Orchestrator","PortalUser" } ), - new PermissionMap( "feeds", "PUT", new String[] { "Controller", "Orchestrator", "PortalUser" }), - new PermissionMap( "feeds", "DELETE", new String[] { "Controller", "PortalUser" }), - new PermissionMap( "mr_clients", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }), - new PermissionMap( "mr_clients", "POST", new String[] { "Controller","Orchestrator", "PortalUser" } ), - new PermissionMap( "mr_clients", "PUT", new String[] { "Controller", "Orchestrator","PortalUser" }), - new PermissionMap( "mr_clients", "DELETE", new String[] { "Controller","Orchestrator", "PortalUser" }), - new PermissionMap( "mr_clusters", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }), - new PermissionMap( "mr_clusters", "POST", new String[] { "Controller" } ), - new PermissionMap( "mr_clusters", "PUT", new String[] { "Controller" }), - new PermissionMap( "mr_clusters", "DELETE", new String[] { "Controller" }), - new PermissionMap( "topics", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }), - new PermissionMap( "topics", "POST", new String[] { "Controller", "Orchestrator" } ), - new PermissionMap( "topics", "PUT", new String[] { "Controller", "Orchestrator" }), - new PermissionMap( "topics", "DELETE", new String[] { "Controller", "Orchestrator" }) + //new PermissionMap( "bridge", delete, new String[] { "Metrics" }), + new PermissionMap( dcaeLocations, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }), + new PermissionMap( dcaeLocations, "POST", new String[] { controller } ), + new PermissionMap( dcaeLocations, "PUT", new String[] { controller }), + new PermissionMap( dcaeLocations, delete, new String[] { controller }), + new PermissionMap( drNodes, "GET", new String[] { controller, orchestrator, inventory, portalUser }), + new PermissionMap( drNodes, "POST", new String[] { controller } ), + new PermissionMap( drNodes, "PUT", new String[] { controller }), + new PermissionMap( drNodes, delete, new String[] { controller }), + new PermissionMap( drPubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }), + new PermissionMap( drPubs, "POST", new String[] { controller, orchestrator,portalUser } ), + new PermissionMap( drPubs, "PUT", new String[] { controller, orchestrator,portalUser }), + new PermissionMap( drPubs, delete, new String[] { controller, orchestrator,portalUser }), + new PermissionMap( drSubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }), + new PermissionMap( drSubs, "POST", new String[] { controller, orchestrator,portalUser } ), + new PermissionMap( drSubs, "PUT", new String[] { controller, orchestrator,portalUser }), + new PermissionMap( drSubs, delete, new String[] { controller, orchestrator,portalUser }), + new PermissionMap( feed, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }), + new PermissionMap( feed, "POST", new String[] { controller, orchestrator,portalUser } ), + new PermissionMap( feed, "PUT", new String[] { controller, orchestrator, portalUser }), + new PermissionMap( feed, delete, new String[] { controller, portalUser }), + new PermissionMap( mrClients, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }), + new PermissionMap( mrClients, "POST", new String[] { controller,orchestrator, portalUser } ), + new PermissionMap( mrClients, "PUT", new String[] { controller, orchestrator,portalUser }), + new PermissionMap( mrClients, delete, new String[] { controller,orchestrator, portalUser }), + new PermissionMap( mrClusters, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }), + new PermissionMap( mrClusters, "POST", new String[] { controller } ), + new PermissionMap( mrClusters, "PUT", new String[] { controller }), + new PermissionMap( mrClusters, delete, new String[] { controller }), + new PermissionMap( topic, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }), + new PermissionMap( topic, "POST", new String[] { controller, orchestrator } ), + new PermissionMap( topic, "PUT", new String[] { controller, orchestrator }), + new PermissionMap( topic, delete, new String[] { controller, orchestrator }) }; public void setBootMap() { @@ -158,9 +171,9 @@ public class ApiPerms extends BaseLoggingClass { } public void setEnvMap() { - Dmaap dmaap = new DmaapService().getDmaap(); - String dmaap_name = dmaap.getDmaapName(); - PermissionMap.initMap( envMap, dmaap_name ); + Dmaap dmaapVar = new DmaapService().getDmaap(); + String dmaapName = dmaapVar.getDmaapName(); + PermissionMap.initMap( envMap, dmaapName ); }