X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdbcapi%2Fservice%2FAafTopicSetupService.java;fp=src%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdbcapi%2Fservice%2FAafTopicSetupService.java;h=031f594296510faba5064b7e15313384ef4ebbcd;hb=5a9cbe16fa36ba35dc9ba104a287977e975a455b;hp=0000000000000000000000000000000000000000;hpb=bf91de122a24dbfc9a0158556e290df21472240b;p=dmaap%2Fdbcapi.git

diff --git a/src/main/java/org/onap/dmaap/dbcapi/service/AafTopicSetupService.java b/src/main/java/org/onap/dmaap/dbcapi/service/AafTopicSetupService.java
new file mode 100644
index 0000000..031f594
--- /dev/null
+++ b/src/main/java/org/onap/dmaap/dbcapi/service/AafTopicSetupService.java
@@ -0,0 +1,164 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dmaap
+ * ================================================================================
+ * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dmaap.dbcapi.service;
+
+import org.onap.dmaap.dbcapi.aaf.AafNamespace;
+import org.onap.dmaap.dbcapi.aaf.AafRole;
+import org.onap.dmaap.dbcapi.aaf.AafService;
+import org.onap.dmaap.dbcapi.aaf.DmaapGrant;
+import org.onap.dmaap.dbcapi.aaf.DmaapPerm;
+import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
+import org.onap.dmaap.dbcapi.model.ApiError;
+import org.onap.dmaap.dbcapi.model.Topic;
+
+import static java.lang.String.format;
+
+class AafTopicSetupService extends BaseLoggingClass {
+
+    private final AafService aafService;
+    private final DmaapService dmaapService;
+    private final boolean createTopicRoles;
+
+    AafTopicSetupService(AafService aafService, DmaapService dmaapService, boolean createTopicRoles) {
+        this.aafService = aafService;
+        this.dmaapService = dmaapService;
+        this.createTopicRoles = createTopicRoles;
+    }
+
+    ApiError aafTopicSetup(Topic topic) {
+
+        try {
+            String instance = ":topic." + topic.getFqtn();
+            String topicPerm = dmaapService.getTopicPerm();
+            DmaapPerm pubPerm = createPermission(topicPerm, instance, "pub");
+            DmaapPerm subPerm = createPermission(topicPerm, instance, "sub");
+            DmaapPerm viewPerm = createPermission(topicPerm, instance, "view");
+
+            // creating Topic Roles was not an original feature.
+            // For backwards compatibility, only do this if the feature is enabled.
+            // Also, if the namespace of the topic is a foreign namespace, (i.e. not the same as our root ns)
+            // then we likely don't have permission to create sub-ns and Roles so don't try.
+            if (createTopicRoles && topic.getFqtn().startsWith(getTopicsNsRoot())) {
+                createNamespace(topic);
+
+                AafRole pubRole = createRole(topic, "publisher");
+                topic.setPublisherRole(pubRole.getFullyQualifiedRole());
+
+                AafRole subRole = createRole(topic, "subscriber");
+                topic.setSubscriberRole(subRole.getFullyQualifiedRole());
+
+                grantPermToRole(pubRole, pubPerm);
+                grantPermToRole(pubRole, viewPerm);
+
+                grantPermToRole(subRole, subPerm);
+                grantPermToRole(subRole, viewPerm);
+            }
+
+        } catch (TopicSetupException ex) {
+            return new ApiError(ex.getCode(), ex.getMessage(), ex.getFields());
+        }
+        return okStatus();
+    }
+
+    private String getTopicsNsRoot() throws TopicSetupException {
+        String nsr = dmaapService.getDmaap().getTopicNsRoot();
+        if (nsr == null) {
+            throw new TopicSetupException(500,
+                    "Unable to establish AAF namespace root: (check /dmaap object)", "topicNsRoot");
+        }
+        return nsr;
+    }
+
+    private DmaapPerm createPermission(String permission, String instance, String action) throws TopicSetupException {
+        DmaapPerm perm = new DmaapPerm(permission, instance, action);
+        int rc = aafService.addPerm(perm);
+        if (rc != 201 && rc != 409) {
+            throw new TopicSetupException(500,
+                    format("Unexpected response from AAF: %d permission=%s instance=%s action=%s",
+                            rc, perm, instance, action));
+        }
+        return perm;
+    }
+
+    private void grantPermToRole(AafRole aafRole, DmaapPerm perm) throws TopicSetupException {
+        DmaapGrant g = new DmaapGrant(perm, aafRole.getFullyQualifiedRole());
+        int rc = aafService.addGrant(g);
+        if (rc != 201 && rc != 409) {
+            String message = format("Grant of %s failed for %s", perm.toString(), aafRole.getFullyQualifiedRole());
+            logger.warn(message);
+            throw new TopicSetupException(rc, message);
+        }
+    }
+
+    private void createNamespace(Topic topic) throws TopicSetupException {
+        AafNamespace ns = new AafNamespace(topic.getFqtn(), aafService.getIdentity());
+        int rc = aafService.addNamespace(ns);
+        if (rc != 201 && rc != 409) {
+            throw new TopicSetupException(500,
+                    format("Unexpected response from AAF: %d namespace=%s identity=%s",
+                            rc, topic.getFqtn(), aafService.getIdentity()));
+        }
+    }
+
+    private AafRole createRole(Topic topic, String roleName) throws TopicSetupException {
+        int rc;
+        AafRole role = new AafRole(topic.getFqtn(), roleName);
+        rc = aafService.addRole(role);
+        if (rc != 201 && rc != 409) {
+            throw new TopicSetupException(500,
+                    format("Unexpected response from AAF: %d topic=%s role=%s",
+                            rc, topic.getFqtn(), roleName));
+        }
+        return role;
+    }
+
+    private ApiError okStatus() {
+        return new ApiError(200, "OK");
+    }
+
+    private class TopicSetupException extends Exception {
+        private final int code;
+        private final String message;
+        private final String fields;
+
+        TopicSetupException(int code, String message) {
+            this(code, message, "");
+        }
+
+        TopicSetupException(int code, String message, String fields) {
+            this.code = code;
+            this.message = message;
+            this.fields = fields;
+        }
+
+        public int getCode() {
+            return code;
+        }
+
+        @Override
+        public String getMessage() {
+            return message;
+        }
+
+        public String getFields() {
+            return fields;
+        }
+    }
+}