1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * ===========================================================================
\r
7 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * * you may not use this file except in compliance with the License.
\r
9 * * You may obtain a copy of the License at
\r
11 * * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * * Unless required by applicable law or agreed to in writing, software
\r
14 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * * See the License for the specific language governing permissions and
\r
17 * * limitations under the License.
\r
18 * * ============LICENSE_END====================================================
\r
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
22 ******************************************************************************/
\r
23 package org.onap.aaf.dao.aaf.cass;
\r
25 import java.io.ByteArrayOutputStream;
\r
26 import java.io.DataInputStream;
\r
27 import java.io.DataOutputStream;
\r
28 import java.io.IOException;
\r
29 import java.nio.ByteBuffer;
\r
30 import java.util.HashSet;
\r
31 import java.util.List;
\r
32 import java.util.Set;
\r
34 import org.onap.aaf.authz.env.AuthzTrans;
\r
35 import org.onap.aaf.authz.layer.Result;
\r
36 import org.onap.aaf.dao.Bytification;
\r
37 import org.onap.aaf.dao.Cached;
\r
38 import org.onap.aaf.dao.CassAccess;
\r
39 import org.onap.aaf.dao.CassDAOImpl;
\r
40 import org.onap.aaf.dao.DAOException;
\r
41 import org.onap.aaf.dao.Loader;
\r
42 import org.onap.aaf.dao.Streamer;
\r
43 import org.onap.aaf.dao.aaf.hl.Question;
\r
45 import org.onap.aaf.inno.env.APIException;
\r
46 import org.onap.aaf.inno.env.util.Split;
\r
47 import com.datastax.driver.core.Cluster;
\r
48 import com.datastax.driver.core.Row;
\r
49 import com.datastax.driver.core.exceptions.DriverException;
\r
51 public class PermDAO extends CassDAOImpl<AuthzTrans,PermDAO.Data> {
\r
53 public static final String TABLE = "perm";
\r
55 public static final int CACHE_SEG = 0x40; // yields segment 0x0-0x3F
\r
56 private static final String STAR = "*";
\r
58 private final HistoryDAO historyDAO;
\r
59 private final CacheInfoDAO infoDAO;
\r
61 private PSInfo psNS, psChildren, psByType;
\r
63 public PermDAO(AuthzTrans trans, Cluster cluster, String keyspace) throws APIException, IOException {
\r
64 super(trans, PermDAO.class.getSimpleName(),cluster,keyspace,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));
\r
66 historyDAO = new HistoryDAO(trans, this);
\r
67 infoDAO = new CacheInfoDAO(trans,this);
\r
70 public PermDAO(AuthzTrans trans, HistoryDAO hDAO, CacheInfoDAO ciDAO) {
\r
71 super(trans, PermDAO.class.getSimpleName(),hDAO,Data.class,TABLE, readConsistency(trans,TABLE), writeConsistency(trans,TABLE));
\r
78 private static final int KEYLIMIT = 4;
\r
79 public static class Data extends CacheableData implements Bytification {
\r
82 public String instance;
\r
83 public String action;
\r
84 public Set<String> roles;
\r
85 public String description;
\r
89 public Data(NsSplit nss, String instance, String action) {
\r
92 this.instance = instance;
\r
93 this.action = action;
\r
96 public String fullType() {
\r
97 return ns + '.' + type;
\r
100 public String fullPerm() {
\r
101 return ns + '.' + type + '|' + instance + '|' + action;
\r
104 public String encode() {
\r
105 return ns + '|' + type + '|' + instance + '|' + action;
\r
109 * Decode Perm String, including breaking into appropriate Namespace
\r
116 public static Result<Data> decode(AuthzTrans trans, Question q, String p) {
\r
117 String[] ss = Split.splitTrim('|', p,4);
\r
119 return Result.err(Status.ERR_BadData,"Perm Encodings must be separated by '|'");
\r
121 Data data = new Data();
\r
122 if(ss[3]==null) { // older 3 part encoding must be evaluated for NS
\r
123 Result<NsSplit> nss = q.deriveNsSplit(trans, ss[0]);
\r
125 return Result.err(nss);
\r
127 data.ns=nss.value.ns;
\r
128 data.type=nss.value.name;
\r
129 data.instance=ss[1];
\r
131 } else { // new 4 part encoding
\r
134 data.instance=ss[2];
\r
137 return Result.ok(data);
\r
141 * Decode Perm String, including breaking into appropriate Namespace
\r
148 public static Result<String[]> decodeToArray(AuthzTrans trans, Question q, String p) {
\r
149 String[] ss = Split.splitTrim('|', p,4);
\r
151 return Result.err(Status.ERR_BadData,"Perm Encodings must be separated by '|'");
\r
154 if(ss[3]==null) { // older 3 part encoding must be evaluated for NS
\r
157 Result<NsSplit> nss = q.deriveNsSplit(trans, ss[0]);
\r
159 return Result.err(nss);
\r
161 ss[1] = nss.value.name;
\r
162 ss[0] = nss.value.ns;
\r
164 return Result.ok(ss);
\r
167 public static Data create(NsDAO.Data ns, String name) {
\r
168 NsSplit nss = new NsSplit(ns,name);
\r
169 Data rv = new Data();
\r
171 String[] s = nss.name.split("\\|");
\r
185 rv.instance = STAR;
\r
191 public static Data create(AuthzTrans trans, Question q, String name) {
\r
192 String[] s = name.split("\\|");
\r
193 Result<NsSplit> rdns = q.deriveNsSplit(trans, s[0]);
\r
194 Data rv = new PermDAO.Data();
\r
195 if(rdns.isOKhasData()) {
\r
209 rv.instance = STAR;
\r
216 ////////////////////////////////////////
\r
218 public Set<String> roles(boolean mutable) {
\r
219 if (roles == null) {
\r
220 roles = new HashSet<String>();
\r
221 } else if (mutable && !(roles instanceof HashSet)) {
\r
222 roles = new HashSet<String>(roles);
\r
228 public int[] invalidate(Cached<?,?> cache) {
\r
231 seg(cache,ns,type),
\r
232 seg(cache,ns,type,STAR),
\r
233 seg(cache,ns,type,instance,action)
\r
238 public ByteBuffer bytify() throws IOException {
\r
239 ByteArrayOutputStream baos = new ByteArrayOutputStream();
\r
240 PermLoader.deflt.marshal(this, new DataOutputStream(baos));
\r
241 return ByteBuffer.wrap(baos.toByteArray());
\r
245 public void reconstitute(ByteBuffer bb) throws IOException {
\r
246 PermLoader.deflt.unmarshal(this, toDIS(bb));
\r
250 public String toString() {
\r
255 private static class PermLoader extends Loader<Data> implements Streamer<Data> {
\r
256 public static final int MAGIC=283939453;
\r
257 public static final int VERSION=1;
\r
258 public static final int BUFF_SIZE=96;
\r
260 public static final PermLoader deflt = new PermLoader(KEYLIMIT);
\r
262 public PermLoader(int keylimit) {
\r
267 public Data load(Data data, Row row) {
\r
268 // Int more efficient Match "fields" string
\r
269 data.ns = row.getString(0);
\r
270 data.type = row.getString(1);
\r
271 data.instance = row.getString(2);
\r
272 data.action = row.getString(3);
\r
273 data.roles = row.getSet(4,String.class);
\r
274 data.description = row.getString(5);
\r
279 protected void key(Data data, int _idx, Object[] obj) {
\r
282 obj[++idx]=data.type;
\r
283 obj[++idx]=data.instance;
\r
284 obj[++idx]=data.action;
\r
288 protected void body(Data data, int _idx, Object[] obj) {
\r
290 obj[idx]=data.roles;
\r
291 obj[++idx]=data.description;
\r
295 public void marshal(Data data, DataOutputStream os) throws IOException {
\r
296 writeHeader(os,MAGIC,VERSION);
\r
297 writeString(os, data.ns);
\r
298 writeString(os, data.type);
\r
299 writeString(os, data.instance);
\r
300 writeString(os, data.action);
\r
301 writeStringSet(os, data.roles);
\r
302 writeString(os, data.description);
\r
306 public void unmarshal(Data data, DataInputStream is) throws IOException {
\r
307 /*int version = */readHeader(is,MAGIC,VERSION);
\r
308 // If Version Changes between Production runs, you'll need to do a switch Statement, and adequately read in fields
\r
309 byte[] buff = new byte[BUFF_SIZE];
\r
310 data.ns = readString(is, buff);
\r
311 data.type = readString(is,buff);
\r
312 data.instance = readString(is,buff);
\r
313 data.action = readString(is,buff);
\r
314 data.roles = readStringSet(is,buff);
\r
315 data.description = readString(is,buff);
\r
319 private void init(AuthzTrans trans) {
\r
320 // the 3 is the number of key fields
\r
321 String[] helpers = setCRUD(trans, TABLE, Data.class, PermLoader.deflt);
\r
323 // Other SELECT style statements... match with a local Method
\r
324 psByType = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +
\r
325 " WHERE ns = ? AND type = ?", new PermLoader(2) {
\r
327 protected void key(Data data, int idx, Object[] obj) {
\r
328 obj[idx]=data.type;
\r
330 },readConsistency);
\r
332 psNS = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +
\r
333 " WHERE ns = ?", new PermLoader(1),readConsistency);
\r
335 psChildren = new PSInfo(trans, SELECT_SP + helpers[FIELD_COMMAS] + " FROM " + TABLE +
\r
336 " WHERE ns=? AND type > ? AND type < ?",
\r
337 new PermLoader(3) {
\r
339 protected void key(Data data, int _idx, Object[] obj) {
\r
341 obj[idx] = data.ns;
\r
342 obj[++idx]=data.type + DOT;
\r
343 obj[++idx]=data.type + DOT_PLUS_ONE;
\r
345 },readConsistency);
\r
351 * Add a single Permission to the Role's Permission Collection
\r
354 * @param roleFullName
\r
360 public Result<Void> addRole(AuthzTrans trans, PermDAO.Data perm, String roleFullName) {
\r
361 // Note: Prepared Statements for Collection updates aren't supported
\r
364 getSession(trans).execute(UPDATE_SP + TABLE + " SET roles = roles + {'" + roleFullName + "'} " +
\r
366 "ns = '" + perm.ns + "' AND " +
\r
367 "type = '" + perm.type + "' AND " +
\r
368 "instance = '" + perm.instance + "' AND " +
\r
369 "action = '" + perm.action + "';"
\r
371 } catch (DriverException | APIException | IOException e) {
\r
372 reportPerhapsReset(trans,e);
\r
373 return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);
\r
376 wasModified(trans, CRUD.update, perm, "Added role " + roleFullName + " to perm " +
\r
377 perm.ns + '.' + perm.type + '|' + perm.instance + '|' + perm.action);
\r
378 return Result.ok();
\r
382 * Remove a single Permission from the Role's Permission Collection
\r
384 * @param roleFullName
\r
390 public Result<Void> delRole(AuthzTrans trans, PermDAO.Data perm, String roleFullName) {
\r
391 // Note: Prepared Statements for Collection updates aren't supported
\r
394 getSession(trans).execute(UPDATE_SP + TABLE + " SET roles = roles - {'" + roleFullName + "'} " +
\r
396 "ns = '" + perm.ns + "' AND " +
\r
397 "type = '" + perm.type + "' AND " +
\r
398 "instance = '" + perm.instance + "' AND " +
\r
399 "action = '" + perm.action + "';"
\r
401 } catch (DriverException | APIException | IOException e) {
\r
402 reportPerhapsReset(trans,e);
\r
403 return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);
\r
406 //TODO how can we tell when it doesn't?
\r
407 wasModified(trans, CRUD.update, perm, "Removed role " + roleFullName + " from perm " +
\r
408 perm.ns + '.' + perm.type + '|' + perm.instance + '|' + perm.action);
\r
409 return Result.ok();
\r
415 * Additional method:
\r
416 * Select all Permissions by Name
\r
420 * @throws DAOException
\r
422 public Result<List<Data>> readByType(AuthzTrans trans, String ns, String type) {
\r
423 return psByType.read(trans, R_TEXT, new Object[]{ns, type});
\r
426 public Result<List<Data>> readChildren(AuthzTrans trans, String ns, String type) {
\r
427 return psChildren.read(trans, R_TEXT, new Object[]{ns, type+DOT, type + DOT_PLUS_ONE});
\r
430 public Result<List<Data>> readNS(AuthzTrans trans, String ns) {
\r
431 return psNS.read(trans, R_TEXT, new Object[]{ns});
\r
435 * Add description to this permission
\r
442 * @param description
\r
445 public Result<Void> addDescription(AuthzTrans trans, String ns, String type,
\r
446 String instance, String action, String description) {
\r
448 getSession(trans).execute(UPDATE_SP + TABLE + " SET description = '"
\r
449 + description + "' WHERE ns = '" + ns + "' AND type = '" + type + "'"
\r
450 + "AND instance = '" + instance + "' AND action = '" + action + "';");
\r
451 } catch (DriverException | APIException | IOException e) {
\r
452 reportPerhapsReset(trans,e);
\r
453 return Result.err(Result.ERR_Backend, CassAccess.ERR_ACCESS_MSG);
\r
456 Data data = new Data();
\r
459 data.instance=instance;
\r
460 data.action=action;
\r
461 wasModified(trans, CRUD.update, data, "Added description " + description + " to permission "
\r
462 + data.encode(), null );
\r
463 return Result.ok();
\r
467 * Log Modification statements to History
\r
470 protected void wasModified(AuthzTrans trans, CRUD modified, Data data, String ... override) {
\r
471 boolean memo = override.length>0 && override[0]!=null;
\r
472 boolean subject = override.length>1 && override[1]!=null;
\r
474 // Need to update history
\r
475 HistoryDAO.Data hd = HistoryDAO.newInitedData();
\r
476 hd.user = trans.user();
\r
477 hd.action = modified.name();
\r
479 hd.subject = subject ? override[1] : data.fullType();
\r
481 hd.memo = String.format("%s", override[0]);
\r
483 hd.memo = String.format("%sd %s|%s|%s", modified.name(),data.fullType(),data.instance,data.action);
\r
486 if(modified==CRUD.delete) {
\r
488 hd.reconstruct = data.bytify();
\r
489 } catch (IOException e) {
\r
490 trans.error().log(e,"Could not serialize PermDAO.Data");
\r
494 if(historyDAO.create(trans, hd).status!=Status.OK) {
\r
495 trans.error().log("Cannot log to History");
\r
497 if(infoDAO.touch(trans, TABLE,data.invalidate(cache)).notOK()) {
\r
498 trans.error().log("Cannot touch CacheInfo");
\r
Code Review / aaf / authz.git / blob