2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth;
25 import java.io.FileInputStream;
26 import java.io.FileOutputStream;
27 import java.io.IOException;
28 import java.io.InputStream;
29 import java.io.PrintStream;
30 import java.lang.reflect.Constructor;
31 import java.net.InetAddress;
33 import java.net.UnknownHostException;
34 import java.nio.ByteBuffer;
35 import java.text.SimpleDateFormat;
36 import java.util.GregorianCalendar;
37 import java.util.HashSet;
38 import java.util.List;
40 import java.util.TimeZone;
42 import org.apache.log4j.Logger;
43 import org.onap.aaf.auth.common.Define;
44 import org.onap.aaf.auth.dao.CassAccess;
45 import org.onap.aaf.auth.dao.cass.RoleDAO;
46 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
47 import org.onap.aaf.auth.dao.hl.Question;
48 import org.onap.aaf.auth.env.AuthzEnv;
49 import org.onap.aaf.auth.env.AuthzTrans;
50 import org.onap.aaf.auth.layer.Result;
51 import org.onap.aaf.auth.org.Organization;
52 import org.onap.aaf.auth.org.Organization.Identity;
53 import org.onap.aaf.auth.org.OrganizationException;
54 import org.onap.aaf.auth.org.OrganizationFactory;
55 import org.onap.aaf.cadi.PropAccess;
56 import org.onap.aaf.misc.env.APIException;
57 import org.onap.aaf.misc.env.Env;
58 import org.onap.aaf.misc.env.StaticSlot;
59 import org.onap.aaf.misc.env.TimeTaken;
60 import org.onap.aaf.misc.env.impl.Log4JLogTarget;
61 import org.onap.aaf.misc.env.log4j.LogFileNamer;
63 import com.datastax.driver.core.Cluster;
64 import com.datastax.driver.core.ResultSet;
65 import com.datastax.driver.core.Row;
66 import com.datastax.driver.core.Session;
67 import com.datastax.driver.core.Statement;
69 public abstract class Batch {
71 private static String ROOT_NS;
73 private static StaticSlot ssargs;
75 protected static final String STARS = "*****";
77 protected final Cluster cluster;
78 protected static AuthzEnv env;
79 protected static Session session;
80 protected static Logger aspr;
81 protected static Set<String> specialNames;
82 protected static boolean dryRun;
83 protected static String batchEnv;
85 public static final String CASS_ENV = "CASS_ENV";
86 public static final String LOG_DIR = "LOG_DIR";
87 protected final static String PUNT="punt";
88 protected final static String MAX_EMAILS="MAX_EMAILS";
89 protected final static String VERSION="VERSION";
90 public final static String GUI_URL="GUI_URL";
92 protected final static String ORA_URL="ora_url";
93 protected final static String ORA_PASSWORD="ora_password";
94 protected final Organization org;
98 protected Batch(AuthzEnv env) throws APIException, IOException, OrganizationException {
99 // Be able to change Environments
100 // load extra properties, i.e.
101 // PERF.cassandra.clusters=....
102 batchEnv = env.getProperty(CASS_ENV);
103 if(batchEnv != null) {
104 batchEnv = batchEnv.trim();
105 env.info().log("Redirecting to ",batchEnv,"environment");
107 for(String key : new String[]{
108 CassAccess.CASSANDRA_CLUSTERS,
109 CassAccess.CASSANDRA_CLUSTERS_PORT,
110 CassAccess.CASSANDRA_CLUSTERS_USER_NAME,
111 CassAccess.CASSANDRA_CLUSTERS_PASSWORD,
112 VERSION,GUI_URL,PUNT,MAX_EMAILS,
116 if((str = env.getProperty(batchEnv+'.'+key))!=null) {
117 env.setProperty(key, str);
123 cluster = CassAccess.cluster(env,batchEnv);
124 env.info().log("cluster name - ",cluster.getClusterName());
125 String dryRunStr = env.getProperty( "DRY_RUN" );
126 if ( dryRunStr == null || dryRunStr.trim().equals("false") ) {
130 env.info().log("dryRun set to TRUE");
133 org = OrganizationFactory.init(env);
134 org.setTestMode(dryRun);
136 // Special names to allow behaviors beyond normal rules
137 specialNames = new HashSet<String>();
138 String names = env.getProperty( "SPECIAL_NAMES" );
141 env.info().log("Loading SPECIAL_NAMES");
142 for (String s :names.split(",") )
144 env.info().log("\tspecial: " + s );
145 specialNames.add( s.trim() );
150 protected abstract void run(AuthzTrans trans);
151 protected abstract void _close(AuthzTrans trans);
153 public String[] args() {
154 return (String[])env.get(ssargs);
157 public boolean isDryRun()
162 public boolean isSpecial(String user) {
163 if (specialNames != null && specialNames.contains(user)) {
164 env.info().log("specialName: " + user);
172 public boolean isMechID(String user) {
173 if (user.matches("m[0-9][0-9][0-9][0-9][0-9]")) {
180 protected PrintStream fallout(PrintStream _fallout, String logType)
182 PrintStream fallout = _fallout;
183 if (fallout == null) {
184 File dir = new File("logs");
190 // String os = System.getProperty("os.name").toLowerCase();
191 long uniq = System.currentTimeMillis();
193 f = new File(dir, getClass().getSimpleName() + "_" + logType + "_"
196 fallout = new PrintStream(new FileOutputStream(f, true));
201 public Organization getOrgFromID(AuthzTrans trans, String user) {
204 org = OrganizationFactory.obtain(trans.env(),user.toLowerCase());
205 } catch (OrganizationException e1) {
206 trans.error().log(e1);
211 PrintStream fallout = null;
214 fallout = fallout(fallout, "Fallout");
215 fallout.print("INVALID_ID,");
216 fallout.println(user);
217 } catch (Exception e) {
218 env.error().log("Could not write to Fallout File", e);
226 public static Row executeDeleteQuery(Statement stmt) {
229 row = session.execute(stmt).one();
236 public static int acquireRunLock(String className) {
237 Boolean testEnv = true;
238 String envStr = env.getProperty("AFT_ENVIRONMENT");
240 if (envStr != null) {
241 if (envStr.equals("AFTPRD")) {
246 .log("AFT_ENVIRONMENT property is required and was not found. Exiting.");
251 env.info().log("TESTMODE: skipping RunLock");
255 String hostname = null;
257 hostname = InetAddress.getLocalHost().getHostName();
258 } catch (UnknownHostException e) {
260 env.warn().log("Unable to get hostname");
264 ResultSet existing = session.execute(String.format(
265 "select * from authz.run_lock where class = '%s'", className));
267 for (Row row : existing) {
268 long curr = System.currentTimeMillis();
269 ByteBuffer lastRun = row.getBytesUnsafe(2); // Can I get this field
272 long interval = (1 * 60 * 1000); // @@ Create a value in props file
274 long prev = lastRun.getLong();
276 if ((curr - prev) <= interval) {
278 String.format("Too soon! Last run was %d minutes ago.",
279 ((curr - prev) / 1000) / 60));
281 String.format("Min time between runs is %d minutes ",
282 (interval / 1000) / 60));
284 String.format("Last ran on machine: %s at %s",
285 row.getString("host"), row.getDate("start")));
288 env.info().log("Delete old lock");
289 deleteLock(className);
293 GregorianCalendar current = new GregorianCalendar();
295 // We want our time in UTC, hence "+0000"
296 SimpleDateFormat fmt = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss+0000");
297 fmt.setTimeZone(TimeZone.getTimeZone("UTC"));
300 .format("INSERT INTO authz.run_lock (class,host,start) VALUES ('%s','%s','%s') IF NOT EXISTS",
301 className, hostname, fmt.format(current.getTime()));
305 Row row = session.execute(cql).one();
306 if (!row.getBool("[applied]")) {
307 env.warn().log("Lightweight Transaction failed to write lock.");
309 String.format("host with lock: %s, running at %s",
310 row.getString("host"), row.getDate("start")));
316 private static void deleteLock( String className) {
317 Row row = session.execute( String.format( "DELETE FROM authz.run_lock WHERE class = '%s' IF EXISTS", className ) ).one();
318 if (! row.getBool("[applied]")) {
319 env.info().log( "delete failed" );
323 private static void transferVMProps(AuthzEnv env, String ... props) {
325 for(String key : props) {
326 if((value = System.getProperty(key))!=null) {
327 env.setProperty(key, value);
332 // IMPORTANT! VALIDATE Organization isUser method
333 protected void checkOrganizationAcccess(AuthzTrans trans, Question q) throws APIException, OrganizationException {
334 Set<String> testUsers = new HashSet<String>();
335 Result<List<RoleDAO.Data>> rrd = q.roleDAO.readNS(trans, ROOT_NS);
337 for(RoleDAO.Data r : rrd.value) {
338 Result<List<UserRoleDAO.Data>> rur = q.userRoleDAO.readByRole(trans, r.fullName());
340 for(UserRoleDAO.Data udd : rur.value) {
341 testUsers.add(udd.user);
346 if(testUsers.size()<2) {
347 throw new APIException("Not enough Users in Roles for " + ROOT_NS + " to Validate");
351 for(String user : testUsers) {
352 if((iden=org.getIdentity(trans,user))==null) {
353 throw new APIException("Failed Organization Entity Validation Check: " + user);
355 trans.info().log("Organization Validation Check: " + iden.id());
360 protected static String logDir() {
361 String ld = env.getProperty(LOG_DIR);
363 if(batchEnv==null) { // Deployed Batch doesn't use different ENVs, and a common logdir
366 ld = "logs/"+batchEnv;
371 protected int count(String str, char c) {
372 if(str==null || str.isEmpty()) {
376 for(int i=str.indexOf(c);i>=0;i=str.indexOf(c,i+1)) {
383 public final void close(AuthzTrans trans) {
388 public static void main(String[] args) {
389 PropAccess access = new PropAccess(args);
390 InputStream is = null;
395 ROOT_NS=Define.ROOT_NS();
397 File f = new File("etc/authzBatch.props");
400 filename = f.getAbsolutePath();
401 is = new FileInputStream(f);
402 propLoc = f.getPath();
404 URL rsrc = ClassLoader.getSystemResource("authBatch.props");
405 filename = rsrc.toString();
406 is = rsrc.openStream();
407 propLoc = rsrc.getPath();
412 System.err.println("authBatch.props must exist in etc dir, or in Classpath");
418 env = new AuthzEnv(access);
420 transferVMProps(env, CASS_ENV, "DRY_RUN", "NS", "Organization");
422 // Flow all Env Logs to Log4j, with ENV
425 if ((batchEnv = env.getProperty(CASS_ENV)) == null) {
426 lfn = new LogFileNamer(logDir()).noPID();
428 lfn = new LogFileNamer(logDir()).noPID();
431 lfn.setAppender("authz-batch");
432 lfn.setAppender("aspr|ASPR");
433 lfn.setAppender("sync");
434 lfn.setAppender("jobchange");
435 lfn.setAppender("validateuser");
436 aspr = Logger.getLogger("aspr");
437 Log4JLogTarget.setLog4JEnv("authz-batch", env);
438 if (filename != null) {
439 env.init().log("Instantiated properties from", filename);
442 // Log where Config found
443 env.info().log("Configuring from", propLoc);
447 // setup ATTUser and Organization Slots before starting this:
449 // env.slot(ATT.ATT_USERSLOT);
451 // OrganizationFactory.setDefaultOrg(env, ATT.class.getName());
452 AuthzTrans trans = env.newTrans();
454 TimeTaken tt = trans.start("Total Run", Env.SUB);
456 int len = args.length;
458 String toolName = args[0];
462 String nargs[] = new String[len];
464 System.arraycopy(args, 1, nargs, 0, len);
467 env.put(ssargs = env.staticSlot("ARGS"), nargs);
470 * Add New Batch Programs (inherit from Batch) here
473 // Might be a Report, Update or Temp Batch
475 String classifier = "";
477 cls = ClassLoader.getSystemClassLoader().loadClass("org.onap.aaf.auth.update." + toolName);
478 classifier = "Update:";
479 } catch (ClassNotFoundException e) {
481 cls = ClassLoader.getSystemClassLoader().loadClass("org.onap.aaf.auth.reports." + toolName);
482 classifier = "Report:";
483 } catch (ClassNotFoundException e2) {
485 cls = ClassLoader.getSystemClassLoader()
486 .loadClass("org.onap.aaf.auth.temp." + toolName);
487 classifier = "Temp Utility:";
488 } catch (ClassNotFoundException e3) {
494 Constructor<?> cnst = cls.getConstructor(new Class[] { AuthzTrans.class });
495 batch = (Batch) cnst.newInstance(trans);
496 env.info().log("Begin", classifier, toolName);
501 trans.error().log("No Batch named", toolName, "found");
504 * End New Batch Programs (inherit from Batch) here
516 StringBuilder sb = new StringBuilder("Task Times\n");
517 trans.auditTrail(4, sb, AuthzTrans.SUB, AuthzTrans.REMOTE);
518 trans.info().log(sb);
520 } catch (Exception e) {
521 e.printStackTrace(System.err);
522 // Exceptions thrown by DB aren't stopping the whole process.
Code Review / aaf / authz.git / blob