* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
* ===========================================================================
+ * Modifications Copyright (C) 2019 IBM.
+ * ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
import java.util.ArrayList;
import java.util.Date;
-import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
+import java.util.Set;
+import java.util.SortedMap;
import java.util.TreeMap;
import java.util.UUID;
import com.datastax.driver.core.Statement;
public class Approval implements CacheChange.Data {
- public static final String RE_APPROVAL_IN_ROLE = "Re-Approval in Role '";
- public static final String RE_VALIDATE_ADMIN = "Re-Validate as Administrator for AAF Namespace '";
- public static final String RE_VALIDATE_OWNER = "Re-Validate Ownership for AAF Namespace '";
-
- public static TreeMap<String,List<Approval>> byApprover = new TreeMap<>();
- public static TreeMap<String,List<Approval>> byUser = new TreeMap<>();
- public static TreeMap<UUID,List<Approval>> byTicket = new TreeMap<>();
- public static List<Approval> list = new LinkedList<>();
- private final static CacheChange<Approval> cache = new CacheChange<>();
-
+ public static final String ADD_USER_TO_ROLE = "Add User [";
+ public static final String RE_APPROVAL_IN_ROLE = "Extend access of User [";
+ public static final String RE_VALIDATE_ADMIN = "Revalidate as Admin of AAF Namespace [";
+ public static final String RE_VALIDATE_OWNER = "Revalidate as Owner of AAF Namespace [";
+
+ public static final SortedMap<String,List<Approval>> byApprover = new TreeMap<>();
+ public static final SortedMap<String,List<Approval>> byUser = new TreeMap<>();
+ public static final SortedMap<UUID,List<Approval>> byTicket = new TreeMap<>();
+ public static final List<Approval> list = new LinkedList<>();
+ private static final CacheChange<Approval> cache = new CacheChange<>();
+
public final ApprovalDAO.Data add;
private String role;
-
- public Approval(UUID id, UUID ticket, String approver,// Date last_notified,
+
+ public static final Creator<Approval> v2_0_17 = new Creator<Approval>() {
+ @Override
+ public Approval create(Row row) {
+ return new Approval(row.getUUID(0), row.getUUID(1), row.getString(2),
+ row.getString(3),row.getString(4),row.getString(5),row.getString(6),row.getString(7),
+ row.getLong(8)/1000);
+ }
+
+ @Override
+ public String select() {
+ return "select id,ticket,approver,user,memo,operation,status,type,WRITETIME(status) from authz.approval";
+ }
+ };
+
+ public static final Visitor<Approval> FullLoad = new Visitor<Approval>() {
+ @Override
+ public void visit(Approval app) {
+ List<Approval> ln;
+ list.add(app);
+
+ String person = app.getApprover();
+ if (person!=null) {
+ ln = byApprover.get(person);
+ if (ln==null) {
+ ln = new ArrayList<>();
+ byApprover.put(app.getApprover(), ln);
+ }
+ ln.add(app);
+ }
+
+ person = app.getUser();
+ if (person!=null) {
+ ln = byUser.get(person);
+ if (ln==null) {
+ ln = new ArrayList<>();
+ byUser.put(app.getUser(), ln);
+ }
+ ln.add(app);
+ }
+ UUID ticket = app.getTicket();
+ if (ticket!=null) {
+ ln = byTicket.get(ticket);
+ if (ln==null) {
+ ln = new ArrayList<>();
+ byTicket.put(app.getTicket(), ln);
+ }
+ ln.add(app);
+ }
+ }
+ };
+
+ public Approval(UUID id, UUID ticket, String approver,// Date last_notified,
String user, String memo, String operation, String status, String type, long updated) {
add = new ApprovalDAO.Data();
add.id = id;
add.ticket = ticket;
add.approver = approver;
-// add.last_notified = last_notified;
add.user = user;
add.memo = memo;
add.operation = operation;
add.updated = new Date(updated);
role = roleFromMemo(memo);
}
-
+
public static String roleFromMemo(String memo) {
if (memo==null) {
return null;
}
- int first = memo.indexOf('\'');
+ int first = memo.indexOf('[');
if (first>=0) {
- int second = memo.indexOf('\'', ++first);
+ int second = memo.indexOf(']', ++first);
if (second>=0) {
String role = memo.substring(first, second);
- if (memo.startsWith(RE_VALIDATE_ADMIN)) {
- return role + ".admin";
- } else if (memo.startsWith(RE_VALIDATE_OWNER)) {
- return role + ".owner";
- } else if (memo.startsWith(RE_APPROVAL_IN_ROLE)) {
- return role;
+ return getRoleString(role, memo, second);
+ }
+ }
+ return null;
+ }
+
+ public static String getRoleString(String role, String memo, int second) {
+ if (memo.startsWith(RE_VALIDATE_ADMIN)) {
+ return role + ".admin";
+ } else if (memo.startsWith(RE_VALIDATE_OWNER)) {
+ return role + ".owner";
+ } else {
+ int secondString = memo.indexOf('[',second);
+ if(secondString>=0) {
+ second = memo.indexOf(']', ++secondString);
+ if(second>=0 && (memo.startsWith(RE_APPROVAL_IN_ROLE) ||
+ memo.startsWith(ADD_USER_TO_ROLE))) {
+ return memo.substring(secondString, second);
}
}
}
return null;
}
- public static void load(Trans trans, Session session, Creator<Approval> creator, Visitor<Approval> visitor) {
- trans.info().log( "query: " + creator.select() );
- TimeTaken tt = trans.start("Read Approval", Env.REMOTE);
-
- ResultSet results;
+ public static int load(Trans trans, Session session, Creator<Approval> creator, Visitor<Approval> visitor) {
+ int count = 0;
try {
- Statement stmt = new SimpleStatement( creator.select() );
- results = session.execute(stmt);
+ count += call(trans,session,creator.query(null), creator, visitor);
} finally {
- tt.done();
+ trans.info().log("Found",count,"Approval Records");
}
+ return count;
+ }
+ public static int load(Trans trans, Session session, Creator<Approval> creator ) {
int count = 0;
try {
- Iterator<Row> iter = results.iterator();
- Row row;
- tt = trans.start("Load X509s", Env.SUB);
- try {
- while (iter.hasNext()) {
- ++count;
- row = iter.next();
- visitor.visit(creator.create(row));
- }
- } finally {
- tt.done();
- }
+ count += call(trans,session,creator.query(null), creator, FullLoad);
} finally {
- trans.info().log("Found",count,"X509 Certificates");
+ trans.info().log("Found",count,"Approval Records");
+ }
+ return count;
+ }
+
+ public static int loadUsers(Trans trans, Session session, Set<String> users, Visitor<Approval> visitor) {
+ int total = 0;
+ for(String user : users) {
+ total += call(trans,session,String.format("%s WHERE user='%s';",v2_0_17.select(), user),v2_0_17,visitor);
}
+ return total;
}
-
- public static void row(CSV.RowSetter crs, Approval app) {
- crs.row("approval",app.add.id,app.add.ticket,app.add.user,app.role,app.add.memo);
- }
+ public static void row(CSV.RowSetter crs, Approval app) {
+ crs.row("approval",app.add.id,app.add.ticket,app.add.user,app.role,app.add.memo);
+ }
- public static void load(Trans trans, Session session, Creator<Approval> creator ) {
- trans.info().log( "query: " + creator.select() );
- TimeTaken tt = trans.start("Load Notify", Env.REMOTE);
-
+ private static int call(Trans trans, Session session, String query, Creator<Approval> creator, Visitor<Approval> visitor) {
+ TimeTaken tt = trans.start("DB Query", Env.REMOTE);
ResultSet results;
try {
- Statement stmt = new SimpleStatement(creator.select());
+ Statement stmt = new SimpleStatement( query );
results = session.execute(stmt);
+ int count = 0;
+ for (Row row : results.all()) {
+ ++count;
+ visitor.visit(creator.create(row));
+ }
+ return count;
} finally {
tt.done();
}
- int count = 0;
- tt = trans.start("Process Notify", Env.SUB);
-
- try {
- List<Approval> ln;
- for (Row row : results.all()) {
- ++count;
- try {
- Approval app = creator.create(row);
- list.add(app);
-
- String person = app.getApprover();
- if (person!=null) {
- ln = byApprover.get(person);
- if (ln==null) {
- ln = new ArrayList<>();
- byApprover.put(app.getApprover(), ln);
- }
- ln.add(app);
- }
-
-
- person = app.getUser();
- if (person!=null) {
- ln = byUser.get(person);
- if (ln==null) {
- ln = new ArrayList<>();
- byUser.put(app.getUser(), ln);
- }
- ln.add(app);
- }
- UUID ticket = app.getTicket();
- if (ticket!=null) {
- ln = byTicket.get(ticket);
- if (ln==null) {
- ln = new ArrayList<>();
- byTicket.put(app.getTicket(), ln);
- }
- ln.add(app);
- }
- } finally {
- tt.done();
- }
- }
- } finally {
- tt.done();
- trans.info().log("Found",count,"Approval Records");
- }
}
-
+
@Override
public void expunge() {
List<Approval> la = byApprover.get(getApprover());
if (la!=null) {
la.remove(this);
}
-
+
la = byUser.get(getUser());
if (la!=null) {
la.remove(this);
}
public static void clear() {
- byApprover.clear();
- byUser.clear();
- byTicket.clear();
- list.clear();
- cache.resetLocalData();
+ byApprover.clear();
+ byUser.clear();
+ byTicket.clear();
+ list.clear();
+ cache.resetLocalData();
}
-// public void update(AuthzTrans trans, ApprovalDAO apprDAO, boolean dryRun) {
-// if (dryRun) {
-// trans.info().printf("Would update Approval %s, %s, last_notified %s",add.id,add.status,add.last_notified);
-// } else {
-// trans.info().printf("Update Approval %s, %s, last_notified %s",add.id,add.status,add.last_notified);
-// apprDAO.update(trans, add);
-// }
-// }
-
- public static Creator<Approval> v2_0_17 = new Creator<Approval>() {
- @Override
- public Approval create(Row row) {
- return new Approval(row.getUUID(0), row.getUUID(1), row.getString(2),
- row.getString(3),row.getString(4),row.getString(5),row.getString(6),row.getString(7),
- row.getLong(8)/1000);
- }
-
- @Override
- public String select() {
- return "select id,ticket,approver,user,memo,operation,status,type,WRITETIME(status) from authz.approval";
- }
- };
-// /**
-// * @return the lastNotified
-// */
-// public Date getLast_notified() {
-// return add.last_notified;
-// }
-// /**
-// * @param lastNotified the lastNotified to set
-// */
-// public void setLastNotified(Date last_notified) {
-// add.last_notified = last_notified;
-// }
/**
* @return the status
*/
add.ticket=null;
add.status="lapsed";
}
-
+
public String getRole() {
return role;
}
-
+
public String toString() {
return getUser() + ' ' + getMemo();
}
}
}
}
-
+
public static void resetLocalData() {
cache.resetLocalData();
}
-
+
public static int sizeForDeletion() {
return cache.cacheSize();
}
return cache.contains(a);
}
- public static void deleteByIDBatch(StringBuilder sb, String id) {
- sb.append("DELETE from authz.approval where id=");
- sb.append(id);
- sb.append(";\n");
- }
+ public static void deleteByIDBatch(StringBuilder sb, String id) {
+ sb.append("DELETE from authz.approval where id=");
+ sb.append(id);
+ sb.append(";\n");
+ }
}
Code Review / aaf / authz.git / blobdiff