auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package org.onap.aaf.auth.cmd.perm;
  23
  24 import org.onap.aaf.auth.cmd.AAFcli;
  25 import org.onap.aaf.auth.cmd.Cmd;
  26 import org.onap.aaf.auth.cmd.Param;
  27 import org.onap.aaf.auth.rserv.HttpMethods;
  28 import org.onap.aaf.cadi.CadiException;
  29 import org.onap.aaf.cadi.LocatorException;
  30 import org.onap.aaf.cadi.client.Future;
  31 import org.onap.aaf.cadi.client.Rcli;
  32 import org.onap.aaf.cadi.client.Retryable;
  33 import org.onap.aaf.misc.env.APIException;
  34
  35 import aaf.v2_0.Pkey;
  36 import aaf.v2_0.RolePermRequest;
  37
  38 /**
  39  *
  40  * @author Jonathan
  41  *
  42  */
  43 public class Grant extends Cmd {
  44         private final static String[] options = {"grant","ungrant","setTo"};
  45
  46         public Grant(Perm parent) {
  47                 super(parent,null,
  48                         new Param(optionsToString(options),true),
  49                         new Param("type",true),
  50                         new Param("instance",true),
  51                         new Param("action",true),
  52                         new Param("role[,role]* (!REQ S)",false)
  53                         );
  54         }
  55
  56         @Override
  57         public int _exec(final int index, final String ... args) throws CadiException, APIException, LocatorException {
  58                 return same(new Retryable<Integer>() {
  59                         @Override
  60                         public Integer code(Rcli<?> client) throws CadiException, APIException {
  61                                 int idx = index;
  62                                 String action = args[idx++];
  63                                 int option = whichOption(options, action);
  64
  65                                 RolePermRequest rpr = new RolePermRequest();
  66                                 Pkey pk = new Pkey();
  67                                 pk.setType(args[idx++]);
  68                                 pk.setInstance(args[idx++]);
  69                                 pk.setAction(args[idx++]);
  70                                 rpr.setPerm(pk);
  71                                 setStartEnd(rpr);
  72
  73                                 Future<RolePermRequest> frpr = null;
  74
  75                                 if (option != 2) {
  76                                         String[] roles = args[idx++].split(",");
  77                                         String strA,strB;
  78                                         for(String role : roles) {
  79                                                 rpr.setRole(role);
  80                                                 if(option==0) {
  81                                                         // You can request to Grant Permission to a Role
  82                                                         setQueryParamsOn(client);
  83                                                         frpr = client.create(
  84                                                                         "/authz/role/perm",
  85                                                                         getDF(RolePermRequest.class),
  86                                                                         rpr
  87                                                                         );
  88                                                         strA = "Granted Permission [";
  89                                                         strB = "] to Role [";
  90                                                 } else {
  91                                                         // You can request to UnGrant Permission to a Role
  92                                                         setQueryParamsOn(client);
  93                                                         frpr = client.delete(
  94                                                                         "/authz/role/" + role + "/perm",
  95                                                                         getDF(RolePermRequest.class),
  96                                                                         rpr
  97                                                                         );
  98                                                         strA = "UnGranted Permission [";
  99                                                         strB = "] from Role [";
 100                                                 }
 101                                                 if(frpr.get(AAFcli.timeout())) {
 102                                                         pw().println(strA + pk.getType() + '|' + pk.getInstance() + '|' + pk.getAction()
 103                                                                         + strB + role +']');
 104                                                 } else {
 105                                                         if (frpr.code()==202) {
 106                                                                 pw().print("Permission Role ");
 107                                                                 pw().print(option==0?"Granted":"Ungranted");
 108                                                                 pw().println(" Accepted, but requires Approvals before actualizing");
 109                                                         } else {
 110                                                                 error(frpr);
 111                                                                 idx=Integer.MAX_VALUE;
 112                                                         }
 113                                                 }
 114                                         }
 115                                 } else {
 116                                         String allRoles = "";
 117                                         if (idx < args.length)
 118                                                 allRoles = args[idx++];
 119
 120                                         rpr.setRole(allRoles);
 121                                         frpr = client.update(
 122                                                         "/authz/role/perm",
 123                                                         getDF(RolePermRequest.class),
 124                                                         rpr);
 125                                         if(frpr.get(AAFcli.timeout())) {
 126                                                 pw().println("Set Permission's Roles to [" + allRoles + "]");
 127                                         } else {
 128                                                 error(frpr);
 129                                         }
 130                                 }
 131                                 return frpr==null?0:frpr.code();
 132                         }
 133                 });
 134         }
 135
 136         @Override
 137         public void detailedHelp(int indent, StringBuilder sb) {
 138                 detailLine(sb,indent,"Grant a Permission to a Role or Roles  OR");
 139                 detailLine(sb,indent,"Ungrant a Permission from a Role or Roles  OR");
 140                 detailLine(sb,indent,"Set a Permission's roles to roles supplied.");
 141                 detailLine(sb,indent+4,"WARNING: Roles supplied with setTo will be the ONLY roles attached to this permission");
 142                 detailLine(sb,indent+8,"If no roles are supplied, permission's roles are reset.");
 143                 detailLine(sb,indent,"see Create for definitions of type,instance and action");
 144                 api(sb,indent,HttpMethods.POST,"authz/role/perm",RolePermRequest.class,true);
 145                 api(sb,indent,HttpMethods.DELETE,"authz/role/<role>/perm",RolePermRequest.class,false);
 146                 api(sb,indent,HttpMethods.PUT,"authz/role/perm",RolePermRequest.class,false);
 147
 148         }
 149
 150 }