Code Review / aaf / authz.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Approval Batch, prep better JUnit
[aaf/authz.git] / auth / auth-batch / src / main / java / org / onap / aaf / auth / batch / reports / Expiring.java
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java
index 1a7db05..979bcd5 100644 (file)
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Expiring.java
@@ -3,6 +3,8 @@
  * org.onap.aaf
  * ===========================================================================
  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ *
+ * Modifications Copyright (C) 2019 IBM.
  * ===========================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,15 +36,17 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.TreeMap;
+import java.util.UUID;
 
 import org.onap.aaf.auth.batch.Batch;
+import org.onap.aaf.auth.batch.helpers.Approval;
 import org.onap.aaf.auth.batch.helpers.Cred;
+import org.onap.aaf.auth.batch.helpers.Cred.Instance;
 import org.onap.aaf.auth.batch.helpers.ExpireRange;
+import org.onap.aaf.auth.batch.helpers.ExpireRange.Range;
+import org.onap.aaf.auth.batch.helpers.Future;
 import org.onap.aaf.auth.batch.helpers.UserRole;
-import org.onap.aaf.auth.batch.helpers.Visitor;
 import org.onap.aaf.auth.batch.helpers.X509;
-import org.onap.aaf.auth.batch.helpers.Cred.Instance;
-import org.onap.aaf.auth.batch.helpers.ExpireRange.Range;
 import org.onap.aaf.auth.dao.cass.CredDAO;
 import org.onap.aaf.auth.env.AuthzTrans;
 import org.onap.aaf.auth.org.OrganizationException;
@@ -61,9 +65,9 @@ public class Expiring extends Batch {
        private static final String EXPIRED_OWNERS = "ExpiredOwners";
        private int minOwners;
        private Map<String, CSV.Writer> writerList;
-       private File logDir;
        private ExpireRange expireRange;
        private Date deleteDate;
+       private CSV.Writer deleteCW;
        
        public Expiring(AuthzTrans trans) throws APIException, IOException, OrganizationException {
         super(trans.env());
@@ -80,32 +84,31 @@ public class Expiring extends Batch {
             
             // Load Cred.  We don't follow Visitor, because we have to gather up everything into Identity Anyway
             Cred.load(trans, session);
-            UserRole.load(trans, session, UserRole.v2_0_11, new UserRole.DataLoadVisitor());
 
             minOwners=1;
 
             // Create Intermediate Output 
             writerList = new HashMap<>();
-            logDir = new File(logDir());
-            logDir.mkdirs();
             
             expireRange = new ExpireRange(trans.env().access());
             String sdate = Chrono.dateOnlyStamp(expireRange.now);
             for( List<Range> lr : expireRange.ranges.values()) {
                for(Range r : lr ) {
                        if(writerList.get(r.name())==null) {
-                       File file = new File(logDir,r.name() + sdate +CSV);
-                       CSV csv = new CSV(file);
+                       File file = new File(logDir(),r.name() + sdate +CSV);
+                       CSV csv = new CSV(env.access(),file);
                        CSV.Writer cw = csv.writer(false);
                        cw.row(INFO,r.name(),Chrono.dateOnlyStamp(expireRange.now),r.reportingLevel());
                        writerList.put(r.name(),cw);
                        if("Delete".equals(r.name())) {
-                               deleteDate = r.getStart();
+                               deleteDate = r.getEnd();
+                               deleteCW = cw;
                        }
+                       trans.init().log("Creating File:",file.getAbsolutePath());
                        }
                }
             }
-            
+            Approval.load(trans, session, Approval.v2_0_17);
         } finally {
             tt0.done();
         }
@@ -113,34 +116,53 @@ public class Expiring extends Batch {
 
     @Override
     protected void run(AuthzTrans trans) {
+       
+               ////////////////////
+               trans.info().log("Checking for Expired Futures");
+               Future.load(trans, session, Future.v2_0_17, fut -> {
+                       if(fut.expires().before(expireRange.now)) {
+                               Future.row(deleteCW,fut);
+                               List<Approval> appls = Approval.byTicket.get(fut.id());
+                               if(appls!=null) {
+                                       for(Approval a : appls) {
+                                               Approval.row(deleteCW, a);
+                                       }
+                               }
+                       }
+               });
+               
                try {
-                       File file = new File(logDir, EXPIRED_OWNERS + Chrono.dateOnlyStamp(expireRange.now) + CSV);
-                       final CSV ownerCSV = new CSV(file);
+                       File file = new File(logDir(), EXPIRED_OWNERS + Chrono.dateOnlyStamp(expireRange.now) + CSV);
+                       final CSV ownerCSV = new CSV(env.access(),file);
 
                        Map<String, Set<UserRole>> owners = new TreeMap<String, Set<UserRole>>();
                        trans.info().log("Process UserRoles");
-                       UserRole.load(trans, session, UserRole.v2_0_11, new Visitor<UserRole>() {
-                               @Override
-                               public void visit(UserRole ur) {
-                                       // Cannot just delete owners, unless there is at least one left. Process later
-                                       if ("owner".equals(ur.rname())) {
-                                               Set<UserRole> urs = owners.get(ur.role());
-                                               if (urs == null) {
-                                                       urs = new HashSet<UserRole>();
-                                                       owners.put(ur.role(), urs);
-                                               }
-                                               urs.add(ur);
-                                       } else {
-                                               writeAnalysis(trans,ur);
+                       
+                       /**
+                          Run through User Roles.  
+                          Owners are treated specially in next section.
+                          Regular roles are checked against Date Ranges.  If match Date Range, write out to appropriate file.
+                       */
+                       UserRole.load(trans, session, UserRole.v2_0_11, ur -> {
+                               // Cannot just delete owners, unless there is at least one left. Process later
+                               if ("owner".equals(ur.rname())) {
+                                       Set<UserRole> urs = owners.get(ur.role());
+                                       if (urs == null) {
+                                               urs = new HashSet<UserRole>();
+                                               owners.put(ur.role(), urs);
                                        }
+                                       urs.add(ur);
+                               } else {
+                                       writeAnalysis(trans,ur);
                                }
                        });
 
-                       // Now Process Owners, one owner Role at a time, ensuring one is left,
-                       // preferably
-                       // a good one. If so, process the others as normal. Otherwise, write
-                       // ExpiredOwners
-                       // report
+                       /**
+                         Now Process Owners, one owner Role at a time, ensuring one is left,
+                         preferably a good one. If so, process the others as normal. 
+                         
+                         Otherwise, write to ExpiredOwners Report
+                       */
                        if (!owners.values().isEmpty()) {
                                // Lazy Create file
                                CSV.Writer expOwner = null;
@@ -172,8 +194,12 @@ public class Expiring extends Batch {
                                }
                        }
                        
-                       trans.info().log("Checking for Expired Credentials");
-                       
+                       /**
+                        * Check for Expired Credentials
+                        * 
+                        * 
+                        */
+                       trans.info().log("Checking for Expired Credentials");                   
                        for (Cred cred : Cred.data.values()) {
                        List<Instance> linst = cred.instances;
                        if(linst!=null) {
@@ -195,24 +221,34 @@ public class Expiring extends Batch {
                                }
                        }
                        }
-                       
+
+                       ////////////////////
                        trans.info().log("Checking for Expired X509s");
-                       X509.load(trans, session, new Visitor<X509>() {
-                               @Override
-                               public void visit(X509 x509) {
-                                       try {
-                                               for(Certificate cert : Factory.toX509Certificate(x509.x509)) {
-                                                       writeAnalysis(trans, x509, (X509Certificate)cert);
-                                               }
-                                       } catch (CertificateException | IOException e) {
-                                               trans.error().log(e, "Error Decrypting X509");
+                       X509.load(trans, session, x509 -> {
+                               try {
+                                       for(Certificate cert : Factory.toX509Certificate(x509.x509)) {
+                                               writeAnalysis(trans, x509, (X509Certificate)cert);
                                        }
-                                       
+                               } catch (CertificateException | IOException e) {
+                                       trans.error().log(e, "Error Decrypting X509");
                                }
+
                        });
+
                } catch (FileNotFoundException e) {
                        trans.info().log(e);
                }
+               
+               ////////////////////
+               trans.info().log("Checking for Orphaned Approvals");
+               Approval.load(trans, session, Approval.v2_0_17, appr -> {
+                       UUID ticket = appr.add.ticket;
+                       if(ticket==null) {
+                               Approval.row(deleteCW,appr);
+                       }
+               });
+               
+
        }
     
  
ARCHIVED- 2022-02-15 at the request of the project