1 /*******************************************************************************
2 * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
3 *******************************************************************************/
4 package com.att.authz.reports;
6 import java.io.IOException;
7 import java.util.ArrayList;
9 import java.util.GregorianCalendar;
10 import java.util.List;
12 import com.att.authz.Batch;
13 import com.att.authz.actions.Action;
14 import com.att.authz.actions.ActionDAO;
15 import com.att.authz.actions.CredDelete;
16 import com.att.authz.actions.CredPrint;
17 import com.att.authz.actions.FADelete;
18 import com.att.authz.actions.FAPrint;
19 import com.att.authz.actions.Key;
20 import com.att.authz.actions.URDelete;
21 import com.att.authz.actions.URFutureApprove;
22 import com.att.authz.actions.URFuturePrint;
23 import com.att.authz.actions.URPrint;
24 import com.att.authz.env.AuthzTrans;
25 import com.att.authz.helpers.Cred;
26 import com.att.authz.helpers.Cred.Instance;
27 import com.att.authz.helpers.Future;
28 import com.att.authz.helpers.Notification;
29 import com.att.authz.helpers.UserRole;
30 import com.att.authz.layer.Result;
31 import com.att.authz.org.Organization.Identity;
32 import com.att.dao.aaf.cass.CredDAO;
33 import org.onap.aaf.inno.env.APIException;
34 import org.onap.aaf.inno.env.Env;
35 import org.onap.aaf.inno.env.TimeTaken;
37 public class Expiring extends Batch {
39 private final Action<UserRole,Void> urDelete,urPrint;
40 private final Action<UserRole,List<Identity>> urFutureApprove;
41 private final Action<CredDAO.Data,Void> crDelete,crPrint;
42 private final Action<Future,Void> faDelete;
43 // private final Email email;
44 private final Key<UserRole> memoKey;
46 public Expiring(AuthzTrans trans) throws APIException, IOException {
48 trans.info().log("Starting Connection Process");
49 TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
51 urPrint = new URPrint("Expired:");
52 crPrint = new CredPrint("Expired:");
54 URFutureApprove ufr = new URFutureApprove(trans,cluster);
58 urDelete = new URPrint("Would Delete:");
60 // urFutureApprove = ufr;
61 urFutureApprove = new URFuturePrint("Would setup Future/Approvals");
62 crDelete = new CredPrint("Would Delete:");
63 faDelete = new FAPrint("Would Delete:");
64 // email = new EmailPrint();
66 TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
68 session = cluster.connect();
74 TimeTaken tt = trans.start("Connect to Cluster with DAOs", Env.REMOTE);
76 ActionDAO<UserRole,Void> adao;
77 urDelete = adao = new URDelete(trans, cluster);
78 urFutureApprove = new URFutureApprove(trans,adao);
79 faDelete = new FADelete(trans, adao);
81 crDelete = new CredDelete(trans, adao);
82 // email = new Email();
83 TimeTaken tt2 = trans.start("Connect to Cluster", Env.REMOTE);
85 session = adao.getSession(trans);
94 UserRole.load(trans, session, UserRole.v2_0_11);
95 Cred.load(trans, session);
96 Notification.load(trans, session, Notification.v2_0_14);
97 Future.load(trans,session,Future.v2_0_15);
104 protected void run(AuthzTrans trans) {
105 // Setup Date boundaries
106 Date now = new Date();
107 GregorianCalendar gc = new GregorianCalendar();
109 gc.add(GregorianCalendar.MONTH, 1);
110 Date future = gc.getTime();
112 gc.add(GregorianCalendar.MONTH, -1);
113 Date tooLate = gc.getTime();
114 int count = 0, deleted=0;
116 // List<Notification> ln = new ArrayList<Notification>();
119 // Run for Expired Futures
120 trans.info().log("Checking for Expired Futures");
121 tt = trans.start("Delete old Futures", Env.REMOTE);
123 List<Future> delf = new ArrayList<Future>();
124 for(Future f : Future.data) {
125 AuthzTrans localTrans = env.newTransNoAvg();
126 if(f.expires.before(now)) {
127 faDelete.exec(localTrans, f);
137 trans.info().log("Checking for Expired Roles");
139 for(UserRole ur : UserRole.data) {
140 AuthzTrans localTrans = env.newTransNoAvg();
141 if(ur.expires.before(tooLate)) {
142 if("owner".equals(ur.rname)) { // don't delete Owners, even if Expired
143 urPrint.exec(localTrans,ur);
145 urDelete.exec(localTrans,ur);
147 trans.logAuditTrail(trans.info());
150 } else if(ur.expires.before(future)) {
151 List<Future> fbm = Future.byMemo.get(memoKey.key(ur));
152 if(fbm==null || fbm.isEmpty()) {
153 Result<List<Identity>> rapprovers = urFutureApprove.exec(localTrans, ur);
154 if(rapprovers.isOK()) {
155 for(Identity ou : rapprovers.value) {
156 // Notification n = Notification.addApproval(localTrans,ou);
158 // n.org = getOrgFromID(localTrans, ur.user);
161 urPrint.exec(localTrans,ur);
163 trans.logAuditTrail(trans.info());
172 env.info().log("Found",count,"roles expiring before",future);
173 env.info().log("deleting",deleted,"roles expiring before",tooLate);
176 // // Email Approval Notification
177 // email.subject("AAF Role Expiration Warning (ENV: %s)", batchEnv);
179 // for(Notification n: ln) {
181 // trans.error().log("No Organization for Notification");
182 // } else if(n.update(trans, session, isDryRun())) {
184 // email.addTo(n.user);
185 // email.line(n.text(new StringBuilder()).toString());
186 // email.exec(trans,n.org);
190 trans.info().log("Checking for Expired Credentials");
194 CredDAO.Data crd = new CredDAO.Data();
196 for( Cred creds : Cred.data.values()) {
197 AuthzTrans localTrans = env.newTransNoAvg();
199 for(int type : creds.types()) {
201 for( Instance inst : creds.instances) {
202 if(inst.expires.before(tooLate)) {
203 crd.expires = inst.expires;
204 crDelete.exec(localTrans, crd);
205 } else if(last==null || inst.expires.after(last)) {
210 if(last.before(future)) {
212 crPrint.exec(localTrans, crd);
219 env.info().log("Found",count,"current creds expiring before",future);
225 protected void _close(AuthzTrans trans) {
226 aspr.info("End " + this.getClass().getSimpleName() + " processing" );
227 for(Action<?,?> action : new Action<?,?>[] {urDelete,crDelete}) {
228 if(action instanceof ActionDAO) {
229 ((ActionDAO<?,?>)action).close(trans);