<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
</parent>
<artifactId>aaf-auth-client</artifactId>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
--- /dev/null
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.auth.batch.reports;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+import java.util.UUID;
+
+import org.onap.aaf.auth.batch.Batch;
+import org.onap.aaf.auth.env.AuthzTrans;
+import org.onap.aaf.auth.org.OrganizationException;
+import org.onap.aaf.cadi.routing.GreatCircle;
+import org.onap.aaf.cadi.util.CSV;
+import org.onap.aaf.cadi.util.CSV.Visitor;
+import org.onap.aaf.cadi.util.CSV.Writer;
+import org.onap.aaf.misc.env.APIException;
+import org.onap.aaf.misc.env.Env;
+import org.onap.aaf.misc.env.TimeTaken;
+import org.onap.aaf.misc.env.util.Chrono;
+import org.onap.aaf.misc.env.util.Split;
+
+import com.datastax.driver.core.ResultSet;
+import com.datastax.driver.core.Row;
+import com.datastax.driver.core.SimpleStatement;
+import com.datastax.driver.core.Statement;
+
+
+public class ApprovedRpt extends Batch {
+
+ private static final String APPR_RPT = "ApprovedRpt";
+ private static final String CSV = ".csv";
+ private static final String INFO = "info";
+ private Date now;
+ private Writer approvedW;
+ private CSV historyR;
+ private static String yr_mon;
+
+ public ApprovedRpt(AuthzTrans trans) throws APIException, IOException, OrganizationException {
+ super(trans.env());
+ trans.info().log("Starting Connection Process");
+
+ TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
+ try {
+// TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
+// try {
+// session = cluster.connect();
+// } finally {
+// tt.done();
+// }
+
+ now = new Date();
+ String sdate = Chrono.dateOnlyStamp(now);
+ File file = new File(logDir(),APPR_RPT + sdate +CSV);
+ CSV csv = new CSV(env.access(),file);
+ approvedW = csv.writer(false);
+
+ historyR = new CSV(env.access(),args()[1]).setDelimiter('|');
+
+ yr_mon = args()[0];
+ } finally {
+ tt0.done();
+ }
+ }
+
+ @Override
+ protected void run(AuthzTrans trans) {
+ try {
+ Map<String,Boolean> checked = new TreeMap<String, Boolean>();
+
+ final AuthzTrans transNoAvg = trans.env().newTransNoAvg();
+// ResultSet results;
+// Statement stmt = new SimpleStatement( "select dateof(id), approver, status, user, type, memo from authz.approved;" );
+// results = session.execute(stmt);
+// Iterator<Row> iter = results.iterator();
+// Row row;
+ /*
+ * while (iter.hasNext()) {
+ ++totalLoaded;
+ row = iter.next();
+ d = row.getTimestamp(0);
+ if(d.after(begin)) {
+ approvedW.row("aprvd",
+ Chrono.dateOnlyStamp(d),
+ row.getString(1),
+ row.getString(2),
+ row.getString(3),
+ row.getString(4),
+ row.getString(5)
+ );
+ }
+ }
+
+ */
+ int totalLoaded = 0;
+ Date d;
+ GregorianCalendar gc = new GregorianCalendar();
+ gc.add(GregorianCalendar.MONTH, -2);
+ Date begin = gc.getTime();
+ approvedW.comment("date, approver, status, user, role, memo");
+
+ historyR.visit(row -> {
+ String s = row.get(7);
+ if(s.equals(yr_mon)) {
+ String target = row.get(5);
+ if("user_role".equals(target)) {
+ String action = row.get(1);
+ switch(action) {
+ case "create":
+ write("created",row);
+ break;
+ case "update":
+ write("approved",row);
+ break;
+ case "delete":
+ write("denied",row);
+ break;
+ }
+ }
+ }
+ });
+
+ } catch (Exception e) {
+ trans.info().log(e);
+ }
+ }
+
+ private void write(String a_or_d, List<String> row) {
+ String[] target = Split.splitTrim('|', row.get(4));
+
+ if(target.length>1) {
+ UUID id = UUID.fromString(row.get(0));
+ Date date = Chrono.uuidToDate(id);
+ String status;
+ String memo;
+ String approver = row.get(6);
+ if("batch:JobChange".equals(approver)) {
+ status = "reduced";
+ memo = "existing role membership reduced to invoke reapproval";
+ } else {
+ status = a_or_d;
+ memo = row.get(2);
+ }
+ if(!approver.equals(target[0])) {
+ approvedW.row(
+ Chrono.niceDateStamp(date),
+ approver,
+ status,
+ target[0],
+ target[1],
+ memo
+ );
+ }
+ }
+
+
+ }
+
+}
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
return Result.err(Status.ERR_DependencyExists, sb.toString());
}
- if (move && parent == null) {
- return Result
- .err(Status.ERR_DependencyExists,
- "Cannot move users, roles or permissions - parent is missing.\nDelete dependencies and try again");
- }
- else if (move && parent.type == NsType.COMPANY.type) {
+ if (move && (parent == null || parent.type == NsType.COMPANY.type)) {
return Result
.err(Status.ERR_DependencyExists,
"Cannot move users, roles or permissions to [%s].\nDelete dependencies and try again",
// Attached to any Roles?
if (fullperm.roles != null) {
- if (force) {
+ if (force || fullperm.roles.contains(user+":user")) {
for (String role : fullperm.roles) {
Result<Void> rv = null;
Result<RoleDAO.Data> rrdd = RoleDAO.Data.decode(trans, q, role);
approvalDAO.close(trans);
}
- public Result<PermDAO.Data> permFrom(AuthzTrans trans, String type,
- String instance, String action) {
- Result<NsDAO.Data> rnd = deriveNs(trans, type);
- if (rnd.isOK()) {
- return Result.ok(new PermDAO.Data(new NsSplit(rnd.value, type),
- instance, action));
- } else {
- return Result.err(rnd);
- }
+ public Result<PermDAO.Data> permFrom(AuthzTrans trans, String type, String instance, String action) {
+ if(type.indexOf('@') >= 0) {
+ int colon = type.indexOf(':');
+ if(colon>=0) {
+ PermDAO.Data pdd = new PermDAO.Data();
+ pdd.ns = type.substring(0, colon);
+ pdd.type = type.substring(colon+1);
+ pdd.instance = instance;
+ pdd.action = action;
+
+ return Result.ok(pdd);
+ } else {
+ return Result.err(Result.ERR_BadData,"Could not extract ns and type from " + type);
+ }
+ } else {
+ Result<NsDAO.Data> rnd = deriveNs(trans, type);
+ if (rnd.isOK()) {
+ return Result.ok(new PermDAO.Data(new NsSplit(rnd.value, type),
+ instance, action));
+ } else {
+ return Result.err(rnd);
+ }
+ }
}
/**
return Result.ok(rlpUser);
}
- public Result<List<PermDAO.Data>> getPermsByType(AuthzTrans trans, String perm) {
- Result<NsSplit> nss = deriveNsSplit(trans, perm);
- if (nss.notOK()) {
- return Result.err(nss);
- }
- return permDAO.readByType(trans, nss.value.ns, nss.value.name);
+ public Result<List<PermDAO.Data>> getPermsByType(AuthzTrans trans, String type) {
+ if(type.indexOf('@') >= 0) {
+ int colon = type.indexOf(':');
+ if(colon>=0) {
+ return permDAO.readByType(trans, type.substring(0, colon),type.substring(colon+1));
+ } else {
+ return Result.err(Result.ERR_BadData, "%s is malformed",type);
+ }
+ } else {
+ Result<NsSplit> nss = deriveNsSplit(trans, type);
+ if (nss.notOK()) {
+ return Result.err(nss);
+ }
+ return permDAO.readByType(trans, nss.value.ns, nss.value.name);
+ }
}
public Result<List<PermDAO.Data>> getPermsByName(AuthzTrans trans, String type, String instance, String action) {
if(name.indexOf('.')>=0) {
aaf_url = "https://"+Config.AAF_LOCATE_URL_TAG+'/'+name+':'+version;
} else {
- aaf_url = "https://"+Config.AAF_LOCATE_URL_TAG+"/%NS."+name+':'+version;
+ aaf_url = "https://"+Config.AAF_LOCATE_URL_TAG+"/%CNS.%NS."+name+':'+version;
}
RegistrationPropHolder rph = new RegistrationPropHolder(access,0);
aaf_url = rph.replacements(getClass().getSimpleName(),aaf_url, null,null);
Mockito.doReturn(access).when(env).access();
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LATITUDE,null);
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LONGITUDE,null);
- Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER_NS,"");
Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_APP_NS,"AAF_NS");
try {
DirectAAFLocator aafLocatorObj=new DirectAAFLocator(env, ldao,"test",null);
Mockito.doReturn(access).when(env).access();
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LATITUDE,null);
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LONGITUDE,null);
- Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER_NS,"");
Mockito.doReturn("20 30").when(access).getProperty(Config.AAF_URL,null);
try {
DirectAAFLocator aafLocatorObj=new DirectAAFLocator(env, ldao,"test","192.0.0.1");
Mockito.doReturn(trans).when(env).newTransNoAvg();
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LATITUDE,null);
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LONGITUDE,null);
- Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER_NS,"");
Mockito.doReturn("http://aafurl.com").when(access).getProperty(Config.AAF_URL,null);
try {
aafLocatorObj = new DirectAAFLocator(env, ldao,"test","30.20.30.30");
Mockito.doReturn(trans).when(env).newTransNoAvg();
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LATITUDE,null);
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LONGITUDE,null);
- Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER_NS,"");
Mockito.doReturn("http://aafurl.com").when(access).getProperty(Config.AAF_URL,null);
try {
aafLocatorObj = new DirectAAFLocator(env, ldao,"test","30.20.30.30");
Mockito.doReturn(access).when(env).access();
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LATITUDE,null);
Mockito.doReturn("20").when(access).getProperty(Config.CADI_LONGITUDE,null);
- Mockito.doReturn("20").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER,"");
+ Mockito.doReturn("").when(access).getProperty(Config.AAF_LOCATOR_CONTAINER_NS,"");
Mockito.doReturn("http://aafurl.com").when(access).getProperty(Config.AAF_URL,null);
DirectLocatorCreator directLocObj = new DirectLocatorCreator(env, locateDAO);
try {
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
import org.onap.aaf.auth.cm.mapper.Mapper.API;
import org.onap.aaf.auth.cm.service.CMService;
import org.onap.aaf.auth.cm.service.Code;
+import org.onap.aaf.auth.cm.validation.CertmanValidator;
import org.onap.aaf.auth.dao.CassAccess;
import org.onap.aaf.auth.dao.cass.LocateDAO;
import org.onap.aaf.auth.direct.DirectLocatorCreator;
public class AAF_CM extends AbsService<AuthzEnv, AuthzTrans> {
private static final String USER_PERMS = "userPerms";
+ private static final String CM_ALLOW_TMP = "cm_allow_tmp";
private static final Map<String,CA> certAuths = new TreeMap<>();
public static Facade1_0 facade1_0; // this is the default Facade
public static Facade1_0 facade1_0_XML; // this is the XML Facade
if (aafEnv==null) {
throw new APIException("aaf_env needs to be set");
}
+
+ // Check for allowing /tmp in Properties
+ String allowTmp = env.getProperty(CM_ALLOW_TMP);
+ if("true".equalsIgnoreCase(allowTmp)) {
+ CertmanValidator.allowTmp();
+ }
+
// Initialize Facade for all uses
AuthzTrans trans = env.newTrans();
this.env = env;
this.env_tag = env==null || env.isEmpty()?false:
Boolean.parseBoolean(access.getProperty(CM_CA_ENV_TAG, Boolean.FALSE.toString()));
- permNS = CM_CA_PREFIX + name;
- permType = access.getProperty(permNS + ".perm_type",null);
+ permNS=null;
+ String prefix = CM_CA_PREFIX + name;
+ permType = access.getProperty(prefix + ".perm_type",null);
if (permType==null) {
- throw new CertException(permNS + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
+ throw new CertException(prefix + ".perm_type" + MUST_EXIST_TO_CREATE_CSRS_FOR + caName);
}
caIssuerDNs = Split.splitTrim(':', access.getProperty(Config.CADI_X509_ISSUERS, null));
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
+import java.util.Set;
import org.onap.aaf.auth.cm.data.CertDrop;
import org.onap.aaf.auth.cm.data.CertRenew;
List<ArtiDAO.Data> ladd = new ArrayList<>();
for (Artifact arti : artifacts.getArtifact()) {
ArtiDAO.Data data = new ArtiDAO.Data();
- data.mechid = arti.getMechid();
- data.machine = arti.getMachine();
- data.type(true).addAll(arti.getType());
- data.ca = arti.getCa();
- data.dir = arti.getDir();
- data.os_user = arti.getOsUser();
+ data.mechid = trim(arti.getMechid());
+ data.machine = trim(arti.getMachine());
+ if(arti.getType()!=null) {
+ Set<String> ss = data.type(true);
+ for(String t : arti.getType()) {
+ ss.add(trim(t));
+ }
+ }
+ data.ca = trim(arti.getCa());
+ data.dir = trim(arti.getDir());
+ data.os_user = trim(arti.getOsUser());
// Optional (on way in)
- data.ns = arti.getNs();
+ data.ns = trim(arti.getNs());
data.renewDays = arti.getRenewDays();
- data.notify = arti.getNotification();
+ data.notify = trim(arti.getNotification());
// Ignored on way in for create/update
- data.sponsor = arti.getSponsor();
- data.expires = null;
-
- // Derive Optional Data from Machine (Domain) if exists
- if (data.machine!=null) {
- if (data.ca==null && data.machine.endsWith(".att.com")) {
- data.ca = "aaf"; // default
- }
- if (data.ns==null ) {
- data.ns=FQI.reverseDomain(data.machine);
- }
+ data.sponsor = (arti.getSponsor());
+ if(arti.getSans()!=null) {
+ Set<String> ls = data.sans(true);
+ for(String t : arti.getSans()) {
+ ls.add(trim(t));
+ }
}
- data.sans(true).addAll(arti.getSans());
+ data.expires = null;
ladd.add(data);
}
return ladd;
Artifacts artis = new Artifacts();
for (ArtiDAO.Data arti : lArtiDAO.value) {
Artifact a = new Artifact();
- a.setMechid(arti.mechid);
- a.setMachine(arti.machine);
- a.setSponsor(arti.sponsor);
- a.setNs(arti.ns);
- a.setCa(arti.ca);
- a.setDir(arti.dir);
- a.getType().addAll(arti.type(false));
- a.setOsUser(arti.os_user);
+ a.setMechid(trim(arti.mechid));
+ a.setMachine(trim(arti.machine));
+ a.setSponsor(trim(arti.sponsor));
+ a.setNs(trim(arti.ns));
+ a.setCa(trim(arti.ca));
+ a.setDir(trim(arti.dir));
+ for(String t : arti.type(false)) {
+ a.getType().add(trim(t));
+ }
+ a.setOsUser(trim(arti.os_user));
a.setRenewDays(arti.renewDays);
- a.setNotification(arti.notify);
- a.getSans().addAll(arti.sans(false));
+ a.setNotification(trim(arti.notify));
+ for(String t : arti.sans(false)) {
+ a.getSans().add(trim(t));
+ }
artis.getArtifact().add(a);
}
return Result.ok(artis);
+ private String trim(String s) {
+ if(s==null) {
+ return s;
+ } else {
+ return s.trim();
+ }
+ }
}
\ No newline at end of file
ArtiDAO.Data data = new ArtiDAO.Data();
data.mechid = trim(arti.getMechid());
data.machine = trim(arti.getMachine());
- Set<String> ss = data.type(true);
if(arti.getType()!=null) {
+ Set<String> ss = data.type(true);
for(String t : arti.getType()) {
ss.add(t.trim());
}
// Ignored on way in for create/update
data.sponsor = trim(arti.getSponsor());
data.expires = null;
- ss = data.sans(true);
if(arti.getSans()!=null) {
+ Set<String> ss = data.sans(true);
for(String s : arti.getSans()) {
ss.add(s.trim());
}
trans.error().log("CMService var primary is null");
} else {
String fg = fqdns.get(i);
- if (fg!=null && fg.equals(primary.getHostName())) {
+ if (fg!=null && primary!=null && fg.equals(primary.getHostName())) {
if (i != 0) {
String tmp = fqdns.get(0);
fqdns.set(0, primary.getHostName());
}
}
} catch (Exception e) {
- trans.debug().log(e);
+ trans.error().log(e);
return Result.err(Status.ERR_Denied,
"AppID Sponsorship cannot be determined at this time. Try later.");
}
// Policy 6: Only do Domain by Exception
if (add.machine.startsWith("*")) { // Domain set
CA ca = certManager.getCA(add.ca);
-
if (!trans.fish(new AAFPermission(ca.getPermNS(),ca.getPermType(), add.ca, DOMAIN))) {
return Result.err(Result.ERR_Denied, "Domain Artifacts (%s) requires specific Permission",
add.machine);
package org.onap.aaf.auth.cm.validation;
import java.util.List;
+import java.util.regex.Pattern;
import org.onap.aaf.auth.dao.cass.ArtiDAO;
import org.onap.aaf.auth.dao.cass.ArtiDAO.Data;
private static final String MUST_HAVE_AT_LEAST = " must have at least ";
private static final String IS_NULL = " is null.";
private static final String ARTIFACTS_MUST_HAVE_AT_LEAST = "Artifacts must have at least ";
-
+ private static final Pattern ALPHA_NUM = Pattern.compile("[a-zA-Z0-9]*");
+
+ private static boolean disallowTmp = true;
+ public static void allowTmp() {
+ disallowTmp=false;
+ }
+
public CertmanValidator nullBlankMin(String name, List<String> list, int min) {
if (list==null) {
msg(name + IS_NULL);
} else {
for (ArtiDAO.Data a : list) {
allRequired(a);
- if(a.dir!=null && a.dir.startsWith("/tmp")) {
+ if(disallowTmp && a.dir!=null && a.dir.startsWith("/tmp")) {
msg("Certificates may not be deployed into /tmp directory (they will be removed at a random time by O/S)");
}
}
nullOrBlank(MACHINE, a.machine);
nullOrBlank("ca",a.ca);
nullOrBlank("dir",a.dir);
- nullOrBlank("os_user",a.os_user);
+ match("NS must be dot separated AlphaNumeric",a.ns,NAME_CHARS);
+ match("O/S User must be AlphaNumeric",a.os_user,ALPHA_NUM);
// Note: AppName, Notify & Sponsor are currently not required
}
return this;
public void artisRequired_shouldReportErrorWhenArtifactDoesNotHaveAllRequiredFields() {
certmanValidator.artisRequired(newArrayList(newArtifactData("id", "", "ca", "dir", "user")), 1);
- assertEquals("machine is blank.\n", certmanValidator.errs());
+ assertEquals("machine is blank.\n" + "NS must be dot separated AlphaNumeric\n", certmanValidator.errs());
}
@Test
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
}
protected final boolean noMatch(String str, Pattern p) {
- return !p.matcher(str).matches();
+ return str==null || !p.matcher(str).matches();
}
+
+ protected final void match(String text, String str, Pattern p) {
+ if(str==null || !p.matcher(str).matches()) {
+ msg(text);
+ }
+ }
+
protected final boolean nob(String str, Pattern p) {
return str==null || !p.matcher(str).matches();
}
<artifactId>authparent</artifactId>
<relativePath>../pom.xml</relativePath>
<groupId>org.onap.aaf.authz</groupId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
</parent>
<artifactId>aaf-auth-deforg</artifactId>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
import org.onap.aaf.cadi.client.Retryable;
import org.onap.aaf.cadi.util.Vars;
import org.onap.aaf.misc.env.APIException;
-import org.onap.aaf.misc.env.Slot;
import org.onap.aaf.misc.env.Data.TYPE;
+import org.onap.aaf.misc.env.Slot;
import org.onap.aaf.misc.env.util.IPValidator;
import org.onap.aaf.misc.env.util.Split;
import org.onap.aaf.misc.xgen.Cache;
import org.onap.aaf.misc.xgen.DynamicCode;
+import org.onap.aaf.misc.xgen.Mark;
import org.onap.aaf.misc.xgen.html.HTMLGen;
import aaf.v2_0.Error;
cache.dynamic(hgen, new DynamicCode<HTMLGen,AAF_GUI, AuthzTrans>() {
@Override
public void code(final AAF_GUI gui, final AuthzTrans trans,final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
-trans.info().log("Step 1");
+ trans.info().log("Step 1");
final Artifact arti = new Artifact();
final String machine = trans.get(sMachine,null);
final String ca = trans.get(sCA, null);
}
}
- // Disallow Domain based Definitions without exception
- if (machine.startsWith("*")) { // Domain set
- if (!trans.fish(getPerm(ca, "domain"))) {
- hgen.p("Policy Failure: Domain Artifact Declarations are only allowed by Exception.");
- return;
- }
- }
}
arti.setMechid((String)trans.get(sID,null));
if (f==null) {
hgen.p("Unknown Command");
} else {
- if (f.body().contains("%")) {
+ if (f.code() > 201) {
Error err = gui.getDF(Error.class).newData().in(TYPE.JSON).load(f.body()).asObject();
- hgen.p(Vars.convert(err.getText(),err.getVariables()));
+ if(f.body().contains("%") ) {
+ hgen.p(Vars.convert(err.getText(),err.getVariables()));
+ } else {
+ int colon = err.getText().indexOf(':');
+ if(colon>0) {
+ hgen.p(err.getMessageId() + ": " + err.getText().substring(0, colon));
+ Mark bq = new Mark();
+ hgen.incr(bq,"blockquote");
+ for(String em : Split.splitTrim('\n', err.getText().substring(colon+1))) {
+ hgen.p(em);
+ }
+ hgen.end(bq);
+ } else {
+ hgen.p(err.getMessageId() + ": " + err.getText());
+ }
+ }
} else {
hgen.p(arti.getMechid() + " on " + arti.getMachine() + ": " + f.body());
}
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
protected AAFConHttp _newAAFConHttp() throws CadiException {
try {
if (dal==null) {
- dal = AbsAAFLocator.create("%AAF_NS.service",Config.AAF_DEFAULT_API_VERSION);
+ dal = AbsAAFLocator.create("%CNS.%NS.service",Config.AAF_DEFAULT_API_VERSION);
}
// utilize pre-constructed DirectAAFLocator
return new AAFConHttp(env.access(),dal);
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>authparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
--- /dev/null
+#########
+# ============LICENSE_START====================================================
+# org.onap.aaf
+# ===========================================================================
+# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
+# ===========================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END====================================================
+#
+FROM ${DOCKER_REPOSITORY}/onap/aaf/aaf_core:${AAF_VERSION}
+MAINTAINER AAF Team, AT&T 2018
+ENV VERSION=${AAF_VERSION}
+
+LABEL description="aaf_${AAF_COMPONENT}"
+LABEL version=${AAF_VERSION}
+
+COPY bin/pod_wait.sh /opt/app/aaf/bin/
+RUN mkdir -p /opt/app/osaaf &&\
+ mkdir -p /opt/app/aaf/status &&\
+ chmod 755 /opt/app/aaf/bin/* &&\
+ if [ -n "${DUSER}" ]; then chown ${DUSER}:${DUSER} /opt/app/aaf/status \
+ && chown ${DUSER}:${DUSER} /opt/app/osaaf \
+ && chown -R ${DUSER}:${DUSER} /opt/app/aaf; fi
+
+#CMD ["bash","-c","cd /opt/app/aaf;bin/${AAF_COMPONENT}"]
+CMD []
+
+# For Debugging installation
+# CMD ["/bin/bash","-c","pwd;cd /opt/app/osaaf;find /opt/app/osaaf -depth;df -k; cat /opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT};cat /etc/hosts;/opt/app/aaf/${AAF_COMPONENT}/bin/${AAF_COMPONENT}"]
+# Java Debugging VM Args
+# "-Xdebug",\
+# "-Xnoagent",\
+# "-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8000",\
+
+# TLS Debugging VM Args
+# "-Djavax.net.debug","ssl", \
+
. ./aaf.props
DOCKER=${DOCKER:=docker}
-CADI_VERSION=${CADI_VERSION:=2.1.14-SNAPSHOT}
+CADI_VERSION=${CADI_VERSION:=2.1.15-SNAPSHOT}
for V in VERSION DOCKER_REPOSITORY HOSTNAME CONTAINER_NS AAF_FQDN AAF_FQDN_IP DEPLOY_FQI APP_FQDN APP_FQI VOLUME DRIVER LATITUDE LONGITUDE; do
if [ "$(grep $V ./aaf.props)" = "" ]; then
# When using Docker Repo, add, and include trailing "/"
# repository: nexus3.onap.org:10003/
# repository: localhost:5000/
- version: 2.1.14-SNAPSHOT
+ version: 2.1.15-SNAPSHOT
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
appVersion: "1.0"
description: AAF Helm Chart
name: aaf
-version: 2.1.14-SNAPSHOT
+version: 2.1.15-SNAPSHOT
aaf_env: "DEV"
public_fqdn: "aaf.osaaf.org"
# DUBLIN ONLY - for M4 compatibility with Casablanca
- aaf_locator_name: "public.%NS.%N"
- aaf_locator_name_helm: "%NS.%N"
+# aaf_locator_name: "public.%NS.%N"
+# aaf_locator_name_helm: "%NS.%N"
# EL ALTO and Beyond
-# aaf_locator_name: "%NS.%N"
-# aaf_locator_name_helm: "%CNS.%NS.%N"
+ aaf_locator_name: "%NS.%N"
+ aaf_locator_name_helm: "%CNS.%NS.%N"
cadi_latitude: "38.0"
cadi_longitude: "-72.0"
cass:
# When using Docker Repo, add, and include trailing "/"
# repository: nexus3.onap.org:10003/
# repository: localhost:5000/
- version: 2.1.14-SNAPSHOT
+ version: 2.1.15-SNAPSHOT
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
</parent>
<artifactId>authparent</artifactId>
<name>AAF Auth Parent</name>
cd /opt/app/osaaf/logs
for D in `find . -type d`; do
if [ "$D" != "./" ]; then
- rm -f $D/*.log
+ rm -f $D/*.log.*
fi
done
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
List<SecuritySetter<HttpURLConnection>> lss = loadSetters(access,si);
/////////
String directAAFURL = aaf_urls.get(Config.AAF_URL);
- if(directAAFURL!=null && !directAAFURL.contains("/locate/") || !directAAFURL.contains("AAF_LOCATE_URL")) {
+ if(directAAFURL!=null && !(directAAFURL.contains("/locate/") || directAAFURL.contains("AAF_LOCATE_URL"))) {
print(true,"Test Connections by non-located aaf_url");
Locator<URI> locator = new SingleEndpointLocator(directAAFURL);
connectTest(locator,new URI(directAAFURL));
import org.onap.aaf.cadi.LocatorException;
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.Symm;
+import org.onap.aaf.cadi.aaf.TestConnectivity;
import org.onap.aaf.cadi.aaf.client.ErrMessage;
import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
System.out.println(HASHES);
}
CmdLine.main(newArgs);
+ } else if(args.length>0 && "connectivity".equals(args[0])) {
+ String[] newArgs = new String[args.length-1];
+ System.arraycopy(args, 1, newArgs, 0, newArgs.length);
+ if(newArgs.length>0 && newArgs[0].indexOf('@')>=0) {
+ newArgs[0]=FQI.reverseDomain(newArgs[0])+".props";
+ }
+ TestConnectivity.main(newArgs);
} else {
try {
AAFSSO aafsso=null;
}
// NOTE: CHANGE IN CMDS should be reflected in AAFSSO constructor, to get FQI->aaf-id or not
System.out.println("Usage: java -jar <cadi-aaf-*-full.jar> cmd [<tag=value>]*");
- System.out.println(" create <FQI> [<machine>]");
- System.out.println(" read <FQI> [<machine>]");
- System.out.println(" update <FQI> [<machine>]");
- System.out.println(" delete <FQI> [<machine>]");
- System.out.println(" copy <FQI> <machine> <newmachine>[,<newmachine>]*");
- System.out.println(" place <FQI> [<machine>]");
- System.out.println(" showpass <FQI> [<machine>]");
- System.out.println(" check <FQI> [<machine>]");
- System.out.println(" keypairgen <FQI>");
- System.out.println(" config <FQI>");
- System.out.println(" validate <NS>.props>");
+ System.out.println(" create <FQI> [<machine>]");
+ System.out.println(" read <FQI> [<machine>]");
+ System.out.println(" update <FQI> [<machine>]");
+ System.out.println(" delete <FQI> [<machine>]");
+ System.out.println(" copy <FQI> <machine> <newmachine>[,<newmachine>]*");
+ System.out.println(" place <FQI> [<machine>]");
+ System.out.println(" showpass <FQI> [<machine>]");
+ System.out.println(" check <FQI> [<machine>]");
+ System.out.println(" keypairgen <FQI>");
+ System.out.println(" config <FQI>");
+ System.out.println(" validate <NS>.props>");
+ System.out.println(" connectivity <NS>.props>");
System.out.println(" --- Additional Tool Access ---");
System.out.println(" ** Type with no params for Tool Help");
System.out.println(" ** If using with Agent, preface with \"cadi\"");
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
<relativePath>..</relativePath>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
package org.onap.aaf.cadi;
+import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintStream;
import java.io.PrintWriter;
+import java.io.StringBufferInputStream;
import java.io.StringWriter;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
if (o!=null) {
if(o.getClass().isArray()) {
first = write(first,sb,(Object[])o);
+ } else if(o instanceof Throwable) {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ PrintStream ps = new PrintStream(baos);
+ ((Throwable)o).printStackTrace(ps);
+ sb.append(baos.toString());
} else {
s=o.toString();
if (first) {
public static<T> void add(Access access, final String tag, List<Priori<T>> list) {
String plugins = access.getProperty(tag, null);
if(plugins!=null) {
+ access.log(Level.INIT, "Adding TAF Plugins: ", plugins);
for(String tafs : Split.splitTrim(';', plugins)) {
String[] pluginArray = Split.splitTrim(',', tafs);
String clssn = null;
try {
list.add(new Priori<T>(cnst.newInstance(access),priority));
} catch (InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) {
- access.printf(Level.ERROR, "%s cannot be constructed with Access.\n",clssn);
+ String hostname = access.getProperty(Config.HOSTNAME,null);
+ if(hostname==null) {
+ access.printf(Level.ERROR, "%s cannot be constructed on this machine. Set valid 'hostname' in your properties\n",clssn);
+ } else {
+ access.printf(Level.ERROR, "%s cannot be constructed on %s with Access.\n",clssn, hostname);
+ }
}
} catch (NoSuchMethodException | SecurityException e) {
access.printf(Level.ERROR, "%s needs a Constructor taking Access as sole param.\n",clssn);
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
</parent>
<artifactId>cadiparent</artifactId>
<name>AAF CADI Parent (Code, Access, Data, Identity)</name>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>cadiparent</artifactId>
<relativePath>..</relativePath>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<name>CADI Servlet Sample (Test Only)</name>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
</parent>
<artifactId>miscparent</artifactId>
<name>AAF Misc Parent</name>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<parent>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>miscparent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<relativePath>..</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.onap.aaf.authz</groupId>
<artifactId>parent</artifactId>
- <version>2.1.14-SNAPSHOT</version>
+ <version>2.1.15-SNAPSHOT</version>
<name>aaf-authz</name>
<packaging>pom</packaging>
# Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... )
# because they are used in Jenkins, whose plug-in doesn't support
-# This TAG <version>2.1.14-SNAPSHOT</version> is here to help remember to change this file. Keep it up to date with the following "real" entries:
+# This TAG <version>2.1.15-SNAPSHOT</version> is here to help remember to change this file. Keep it up to date with the following "real" entries:
major=2
minor=1
-patch=14
+patch=15
base_version=${major}.${minor}.${patch}
Code Review / aaf / authz.git / commitdiff