2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth;
25 import java.io.FileInputStream;
26 import java.io.FileOutputStream;
27 import java.io.IOException;
28 import java.io.InputStream;
29 import java.io.PrintStream;
30 import java.lang.reflect.Constructor;
31 import java.net.InetAddress;
33 import java.net.UnknownHostException;
34 import java.nio.ByteBuffer;
35 import java.text.SimpleDateFormat;
36 import java.util.GregorianCalendar;
37 import java.util.HashSet;
38 import java.util.List;
40 import java.util.TimeZone;
42 import org.apache.log4j.Logger;
43 import org.onap.aaf.auth.common.Define;
44 import org.onap.aaf.auth.dao.CassAccess;
45 import org.onap.aaf.auth.dao.cass.RoleDAO;
46 import org.onap.aaf.auth.dao.cass.UserRoleDAO;
47 import org.onap.aaf.auth.dao.hl.Question;
48 import org.onap.aaf.auth.env.AuthzEnv;
49 import org.onap.aaf.auth.env.AuthzTrans;
50 import org.onap.aaf.auth.layer.Result;
51 import org.onap.aaf.auth.org.Organization;
52 import org.onap.aaf.auth.org.Organization.Identity;
53 import org.onap.aaf.auth.org.OrganizationException;
54 import org.onap.aaf.auth.org.OrganizationFactory;
55 import org.onap.aaf.cadi.PropAccess;
56 import org.onap.aaf.misc.env.APIException;
57 import org.onap.aaf.misc.env.Env;
58 import org.onap.aaf.misc.env.StaticSlot;
59 import org.onap.aaf.misc.env.TimeTaken;
60 import org.onap.aaf.misc.env.impl.Log4JLogTarget;
61 import org.onap.aaf.misc.env.log4j.LogFileNamer;
63 import com.datastax.driver.core.Cluster;
64 import com.datastax.driver.core.ResultSet;
65 import com.datastax.driver.core.Row;
66 import com.datastax.driver.core.Session;
67 import com.datastax.driver.core.Statement;
69 public abstract class Batch {
71 private static String rootNs;
73 private static StaticSlot ssargs;
75 protected static final String STARS = "*****";
77 protected final Cluster cluster;
78 protected static AuthzEnv env;
79 protected static Session session;
80 protected static Logger aspr;
81 protected static Set<String> specialNames;
82 protected static boolean dryRun;
83 protected static String batchEnv;
85 public static final String CASS_ENV = "CASS_ENV";
86 public static final String LOG_DIR = "LOG_DIR";
87 protected static final String PUNT="punt";
88 protected static final String MAX_EMAILS="MAX_EMAILS";
89 protected static final String VERSION="VERSION";
90 public static final String GUI_URL="GUI_URL";
92 protected final Organization org;
96 protected Batch(AuthzEnv env) throws APIException, IOException, OrganizationException {
97 // Be able to change Environments
98 // load extra properties, i.e.
99 // PERF.cassandra.clusters=....
100 batchEnv = env.getProperty(CASS_ENV);
101 if(batchEnv != null) {
102 batchEnv = batchEnv.trim();
103 env.info().log("Redirecting to ",batchEnv,"environment");
105 for(String key : new String[]{
106 CassAccess.CASSANDRA_CLUSTERS,
107 CassAccess.CASSANDRA_CLUSTERS_PORT,
108 CassAccess.CASSANDRA_CLUSTERS_USER_NAME,
109 CassAccess.CASSANDRA_CLUSTERS_PASSWORD,
110 VERSION,GUI_URL,PUNT,MAX_EMAILS,
114 if((str = env.getProperty(batchEnv+'.'+key))!=null) {
115 env.setProperty(key, str);
121 cluster = CassAccess.cluster(env,batchEnv);
122 env.info().log("cluster name - ",cluster.getClusterName());
123 String dryRunStr = env.getProperty( "DRY_RUN" );
124 if ( dryRunStr == null || "false".equals(dryRunStr.trim()) ) {
128 env.info().log("dryRun set to TRUE");
131 org = OrganizationFactory.init(env);
132 org.setTestMode(dryRun);
134 // Special names to allow behaviors beyond normal rules
135 specialNames = new HashSet<>();
136 String names = env.getProperty( "SPECIAL_NAMES" );
139 env.info().log("Loading SPECIAL_NAMES");
140 for (String s :names.split(",") )
142 env.info().log("\tspecial: " + s );
143 specialNames.add( s.trim() );
148 protected abstract void run(AuthzTrans trans);
149 protected abstract void _close(AuthzTrans trans);
151 public String[] args() {
152 return env.get(ssargs);
155 public boolean isDryRun()
160 public boolean isSpecial(String user) {
161 if (specialNames != null && specialNames.contains(user)) {
162 env.info().log("specialName: " + user);
170 public boolean isMechID(String user) {
171 if (user.matches("m[0-9][0-9][0-9][0-9][0-9]")) {
178 protected PrintStream fallout(PrintStream inFallout, String logType)
180 PrintStream fallout = inFallout;
181 if (fallout == null) {
182 File dir = new File("logs");
188 long uniq = System.currentTimeMillis();
190 f = new File(dir, getClass().getSimpleName() + "_" + logType + "_"
193 fallout = new PrintStream(new FileOutputStream(f, true));
198 public Organization getOrgFromID(AuthzTrans trans, String user) {
199 Organization organization;
201 organization = OrganizationFactory.obtain(trans.env(),user.toLowerCase());
202 } catch (OrganizationException e1) {
203 trans.error().log(e1);
207 if (organization == null) {
208 PrintStream fallout = null;
211 fallout = fallout(fallout, "Fallout");
212 fallout.print("INVALID_ID,");
213 fallout.println(user);
214 } catch (Exception e) {
215 env.error().log("Could not write to Fallout File", e);
220 return (organization);
223 public static Row executeDeleteQuery(Statement stmt) {
226 row = session.execute(stmt).one();
233 public static int acquireRunLock(String className) {
234 Boolean testEnv = true;
235 String envStr = env.getProperty("AFT_ENVIRONMENT");
237 if (envStr != null) {
238 if ("AFTPRD".equals(envStr)) {
243 .log("AFT_ENVIRONMENT property is required and was not found. Exiting.");
248 env.info().log("TESTMODE: skipping RunLock");
252 String hostname = null;
254 hostname = InetAddress.getLocalHost().getHostName();
255 } catch (UnknownHostException e) {
257 env.warn().log("Unable to get hostname");
261 ResultSet existing = session.execute(String.format(
262 "select * from authz.run_lock where class = '%s'", className));
264 for (Row row : existing) {
265 long curr = System.currentTimeMillis();
266 ByteBuffer lastRun = row.getBytesUnsafe(2); // Can I get this field
269 long interval = (1 * 60 * 1000); // @@ Create a value in props file
271 long prev = lastRun.getLong();
273 if ((curr - prev) <= interval) {
275 String.format("Too soon! Last run was %d minutes ago.",
276 ((curr - prev) / 1000) / 60));
278 String.format("Min time between runs is %d minutes ",
279 (interval / 1000) / 60));
281 String.format("Last ran on machine: %s at %s",
282 row.getString("host"), row.getDate("start")));
285 env.info().log("Delete old lock");
286 deleteLock(className);
290 GregorianCalendar current = new GregorianCalendar();
292 // We want our time in UTC, hence "+0000"
293 SimpleDateFormat fmt = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss+0000");
294 fmt.setTimeZone(TimeZone.getTimeZone("UTC"));
297 .format("INSERT INTO authz.run_lock (class,host,start) VALUES ('%s','%s','%s') IF NOT EXISTS",
298 className, hostname, fmt.format(current.getTime()));
302 Row row = session.execute(cql).one();
303 if (!row.getBool("[applied]")) {
304 env.warn().log("Lightweight Transaction failed to write lock.");
306 String.format("host with lock: %s, running at %s",
307 row.getString("host"), row.getDate("start")));
313 private static void deleteLock( String className) {
314 Row row = session.execute( String.format( "DELETE FROM authz.run_lock WHERE class = '%s' IF EXISTS", className ) ).one();
315 if (! row.getBool("[applied]")) {
316 env.info().log( "delete failed" );
320 private static void transferVMProps(AuthzEnv env, String ... props) {
322 for(String key : props) {
323 if((value = System.getProperty(key))!=null) {
324 env.setProperty(key, value);
329 // IMPORTANT! VALIDATE Organization isUser method
330 protected void checkOrganizationAcccess(AuthzTrans trans, Question q) throws APIException, OrganizationException {
331 Set<String> testUsers = new HashSet<>();
332 Result<List<RoleDAO.Data>> rrd = q.roleDAO.readNS(trans, rootNs);
334 for (RoleDAO.Data r : rrd.value) {
335 Result<List<UserRoleDAO.Data>> rur = q.userRoleDAO.readByRole(trans, r.fullName());
339 for (UserRoleDAO.Data udd : rur.value) {
340 testUsers.add(udd.user);
343 if (testUsers.size() < 2) {
344 throw new APIException("Not enough Users in Roles for " + rootNs + " to Validate");
348 for (String user : testUsers) {
349 if ((iden = org.getIdentity(trans, user)) == null) {
350 throw new APIException("Failed Organization Entity Validation Check: " + user);
352 trans.info().log("Organization Validation Check: " + iden.id());
358 protected static String logDir() {
359 String ld = env.getProperty(LOG_DIR);
361 if(batchEnv==null) { // Deployed Batch doesn't use different ENVs, and a common logdir
364 ld = "logs/"+batchEnv;
369 protected int count(String str, char c) {
370 if(str==null || str.isEmpty()) {
374 for(int i=str.indexOf(c);i>=0;i=str.indexOf(c,i+1)) {
381 public final void close(AuthzTrans trans) {
386 public static void main(String[] args) {
387 PropAccess access = new PropAccess(args);
388 InputStream is = null;
393 rootNs =Define.ROOT_NS();
395 File f = new File("etc/authzBatch.props");
398 filename = f.getAbsolutePath();
399 is = new FileInputStream(f);
400 propLoc = f.getPath();
402 URL rsrc = ClassLoader.getSystemResource("authBatch.props");
403 filename = rsrc.toString();
404 is = rsrc.openStream();
405 propLoc = rsrc.getPath();
410 System.err.println("authBatch.props must exist in etc dir, or in Classpath");
416 env = new AuthzEnv(access);
418 transferVMProps(env, CASS_ENV, "DRY_RUN", "NS", "Organization");
420 // Flow all Env Logs to Log4j, with ENV
423 lfn = new LogFileNamer(logDir(),"").noPID();
424 lfn.setAppender("authz-batch");
425 lfn.setAppender("aspr|ASPR");
426 lfn.setAppender("sync");
427 lfn.setAppender("jobchange");
428 lfn.setAppender("validateuser");
429 aspr = Logger.getLogger("aspr");
430 Log4JLogTarget.setLog4JEnv("authz-batch", env);
431 if (filename != null) {
432 env.init().log("Instantiated properties from", filename);
435 // Log where Config found
436 env.info().log("Configuring from", propLoc);
440 // setup ATTUser and Organization Slots before starting this:
442 // env.slot(ATT.ATT_USERSLOT);
444 // OrganizationFactory.setDefaultOrg(env, ATT.class.getName());
445 AuthzTrans trans = env.newTrans();
447 TimeTaken tt = trans.start("Total Run", Env.SUB);
449 int len = args.length;
451 String toolName = args[0];
455 String nargs[] = new String[len];
457 System.arraycopy(args, 1, nargs, 0, len);
460 env.put(ssargs = env.staticSlot("ARGS"), nargs);
463 * Add New Batch Programs (inherit from Batch) here
466 // Might be a Report, Update or Temp Batch
468 String classifier = "";
470 cls = ClassLoader.getSystemClassLoader().loadClass("org.onap.aaf.auth.update." + toolName);
471 classifier = "Update:";
472 } catch (ClassNotFoundException e) {
474 cls = ClassLoader.getSystemClassLoader().loadClass("org.onap.aaf.auth.reports." + toolName);
475 classifier = "Report:";
476 } catch (ClassNotFoundException e2) {
478 cls = ClassLoader.getSystemClassLoader()
479 .loadClass("org.onap.aaf.auth.temp." + toolName);
480 classifier = "Temp Utility:";
481 } catch (ClassNotFoundException e3) {
487 Constructor<?> cnst = cls.getConstructor(new Class[] { AuthzTrans.class });
488 batch = (Batch) cnst.newInstance(trans);
489 env.info().log("Begin", classifier, toolName);
494 trans.error().log("No Batch named", toolName, "found");
497 * End New Batch Programs (inherit from Batch) here
509 StringBuilder sb = new StringBuilder("Task Times\n");
510 trans.auditTrail(4, sb, AuthzTrans.SUB, AuthzTrans.REMOTE);
511 trans.info().log(sb);
513 } catch (Exception e) {
514 e.printStackTrace(System.err);
515 // Exceptions thrown by DB aren't stopping the whole process.
Code Review / aaf / authz.git / blob