2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth.update;
24 import java.io.FileOutputStream;
25 import java.io.IOException;
26 import java.io.PrintStream;
27 import java.util.ArrayList;
28 import java.util.Date;
29 import java.util.GregorianCalendar;
30 import java.util.List;
31 import java.util.Map.Entry;
33 import org.onap.aaf.auth.Batch;
34 import org.onap.aaf.auth.BatchPrincipal;
35 import org.onap.aaf.auth.actions.Email;
36 import org.onap.aaf.auth.actions.EmailPrint;
37 import org.onap.aaf.auth.actions.Message;
38 import org.onap.aaf.auth.dao.CassAccess;
39 import org.onap.aaf.auth.dao.cass.ApprovalDAO;
40 import org.onap.aaf.auth.dao.cass.FutureDAO;
41 import org.onap.aaf.auth.dao.cass.HistoryDAO;
42 import org.onap.aaf.auth.env.AuthzTrans;
43 import org.onap.aaf.auth.helpers.Approval;
44 import org.onap.aaf.auth.helpers.Future;
45 import org.onap.aaf.auth.org.Organization;
46 import org.onap.aaf.auth.org.OrganizationException;
47 import org.onap.aaf.auth.org.OrganizationFactory;
48 import org.onap.aaf.auth.org.Organization.Identity;
49 import org.onap.aaf.misc.env.APIException;
50 import org.onap.aaf.misc.env.util.Chrono;
52 public class NotifyApprovals extends Batch {
53 private static final String LINE = "----------------------------------------------------------------";
54 private final HistoryDAO historyDAO;
55 private final ApprovalDAO apprDAO;
56 private final FutureDAO futureDAO;
58 private int maxEmails;
59 private final PrintStream ps;
60 private final AuthzTrans noAvg;
62 public NotifyApprovals(AuthzTrans trans) throws APIException, IOException, OrganizationException {
65 noAvg = env.newTransNoAvg();
66 noAvg.setUser(new BatchPrincipal("batch:NotifyApprovals"));
68 historyDAO = new HistoryDAO(trans, cluster, CassAccess.KEYSPACE);
69 session = historyDAO.getSession(trans);
70 apprDAO = new ApprovalDAO(trans, historyDAO);
71 futureDAO = new FutureDAO(trans, historyDAO);
73 email = new EmailPrint();
77 maxEmails = Integer.parseInt(trans.getProperty("MAX_EMAILS","3"));
79 email.subject("AAF Approval Notification (ENV: %s)",batchEnv);
80 email.preamble("AAF (MOTS 22830) is the AT&T Authorization System used by many AT&T Tools and Applications." +
81 "\n Your approval is required, which you may enter on the following page:"
82 + "\n\n\t%s/approve\n\n"
83 ,env.getProperty(GUI_URL));
84 email.signature("Sincerely,\nAAF Team (Our MOTS# 22830)\n"
85 + "https://wiki.web.att.com/display/aaf/Contact+Us\n"
86 + "(Use 'Other Misc Requests (TOPS)')");
88 Approval.load(trans, session, Approval.v2_0_17);
89 Future.load(trans, session, Future.v2_0_17); // Skip the Construct Data
91 ps = new PrintStream(new FileOutputStream(logDir() + "/email"+Chrono.dateOnlyStamp()+".log",true));
92 ps.printf("### Approval Notify %s for %s%s\n",Chrono.dateTime(),batchEnv,dryRun?", DryRun":"");
96 protected void run(AuthzTrans trans) {
97 GregorianCalendar gc = new GregorianCalendar();
98 Date now = gc.getTime();
99 String today = Chrono.dateOnlyStamp(now);
100 gc.add(GregorianCalendar.MONTH, -1);
104 Message msg = new Message();
106 List<Approval> pending = new ArrayList<>();
107 boolean isOwner,isSupervisor;
108 for(Entry<String, List<Approval>> es : Approval.byApprover.entrySet()) {
109 isOwner = isSupervisor = false;
110 String approver = es.getKey();
111 if(approver.indexOf('@')<0) {
112 approver += org.getRealm();
114 Date latestNotify=null, soonestExpire=null;
115 GregorianCalendar latest=new GregorianCalendar();
116 GregorianCalendar soonest=new GregorianCalendar();
119 for(Approval app : es.getValue()) {
120 Future f = app.getTicket()==null?null:Future.data.get(app.getTicket());
121 if(f==null) { // only Ticketed Approvals are valid.. the others are records.
122 // Approvals without Tickets are no longer valid.
123 if("pending".equals(app.getStatus())) {
124 app.setStatus("lapsed");
125 app.update(noAvg,apprDAO,dryRun); // obeys dryRun
128 if((soonestExpire==null && f.expires()!=null) || (soonestExpire!=null && f.expires()!=null && soonestExpire.before(f.expires()))) {
129 soonestExpire=f.expires();
132 if("pending".equals(app.getStatus())) {
134 isOwner = "owner".equals(app.getType());
137 isSupervisor = "supervisor".equals(app.getType());
140 if((latestNotify==null && app.getLast_notified()!=null) ||(latestNotify!=null && app.getLast_notified()!=null && latestNotify.before(app.getLast_notified()))) {
141 latestNotify=app.getLast_notified();
148 if(!pending.isEmpty()) {
150 if(latestNotify==null) { // never notified... make it so
153 if(!today.equals(Chrono.dateOnlyStamp(latest))) { // already notified today
154 latest.setTime(latestNotify);
155 soonest.setTime(soonestExpire);
157 int days = soonest.get(GregorianCalendar.DAY_OF_YEAR)-latest.get(GregorianCalendar.DAY_OF_YEAR);
158 days+=((year=soonest.get(GregorianCalendar.YEAR))-latest.get(GregorianCalendar.YEAR))*365 +
159 (soonest.isLeapYear(year)?1:0);
160 if(days<7) { // If Expirations get within a Week (or expired), notify everytime.
166 if(maxEmails>emailCount++) {
168 Organization org = OrganizationFactory.obtain(env, approver);
169 Identity user = org.getIdentity(noAvg, approver);
171 ps.printf("Invalid Identity: %s\n", approver);
175 email.addTo(user.email());
177 msg.line("Why are you receiving this Notification?\n");
179 msg.line("%sYou are the supervisor of one or more employees who need access to tools which are protected by AAF. " +
180 "Your employees may ask for access to various tools and applications to do their jobs. ASPR requires "
181 + "that you are notified and approve their requests. The details of each need is provided when you click "
182 + "on webpage above.\n",isOwner?"1) ":"");
183 msg.line("Your participation in this process fulfills the ASPR requirement to re-authorize users in roles on a regular basis.\n\n");
187 msg.line("%sYou are the listed owner of one or more AAF Namespaces. ASPR requires that those responsible for "
188 + "applications and their access review them regularly for accuracy. The AAF WIKI page for AT&T is https://wiki.web.att.com/display/aaf. "
189 + "More info regarding questions of being a Namespace Owner is available at https://wiki.web.att.com/pages/viewpage.action?pageId=594741363\n",isSupervisor?"2) ":"");
190 msg.line("Additionally, Credentials attached to the Namespace must be renewed regularly. While you may delegate certain functions to " +
191 "Administrators within your Namespace, you are ultimately responsible to make sure credentials do not expire.\n");
192 msg.line("You may view the Namespaces you listed as Owner for in this AAF Env by viewing the following webpage:\n");
193 msg.line(" %s/ns\n\n",env.getProperty(GUI_URL));
196 msg.line(" If you are unfamiliar with AAF, you might like to peruse the following links:"
197 + "\n\thttps://wiki.web.att.com/display/aaf/AAF+in+a+Nutshell"
198 + "\n\thttps://wiki.web.att.com/display/aaf/The+New+Person%%27s+Guide+to+AAF");
199 msg.line("\n SPECIAL NOTE about SWM Management Groups: Understand that SWM management Groups correlate one-to-one to AAF Namespaces. "
200 + "(SWM uses AAF for the Authorization piece of Management Groups). You may be assigned the SWM Management Group by asking "
201 + "directly, or through any of the above stated automated processes. Auto-generated Namespaces typically look like 'com.att.44444.PROD' "
202 + "where '44444' is a MOTS ID, and 'PROD' is PROD|DEV|TEST, etc. For your convenience, the MOTS link is http://ebiz.sbc.com/mots.\n");
203 msg.line(" Finally, realize that there are automated processes which create Machines and Resources via SWM, Kubernetes or other "
204 + "such tooling. If you or your predecessor requested them, you were set as the owner of the AAF Namespace created during "
205 + "that process.\n");
206 msg.line(" For ALL QUESTIONS of why and how of SWM, and whether you or your reports can be removed, please contact SWM at "
207 + "https://wiki.web.att.com/display/swm/Support\n");
210 email.exec(noAvg, org,"");
212 email.log(ps,"NotifyApprovals");
213 for(Approval app : pending) {
214 app.setLastNotified(now);
215 app.update(noAvg, apprDAO, dryRun);
219 } catch (OrganizationException e) {
226 trans.info().printf("%d emails sent for %s", emailCount,batchEnv);
230 protected void _close(AuthzTrans trans) {
231 futureDAO.close(trans);
232 apprDAO.close(trans);
233 historyDAO.close(trans);
Code Review / aaf / authz.git / blob