From 087706284431e63ea77b934859a47beeb59e4592 Mon Sep 17 00:00:00 2001 From: Instrumental Date: Wed, 18 Apr 2018 10:52:42 -0500 Subject: [PATCH] Support Multiple Realms for DefaultOrg Issue-ID: AAF-254 Change-Id: I89a9b1ceaa304861debd4c7dd21879e0b1fc902a Signed-off-by: Instrumental --- auth/auth-cass/docker/backup/backup.sh | 26 +++++++++++++--------- .../java/org/onap/aaf/auth/dao/hl/Function.java | 6 ++--- .../java/org/onap/aaf/auth/org/Organization.java | 15 +++++++++++++ .../org/onap/aaf/auth/org/OrganizationFactory.java | 8 +++++++ .../src/main/java/org/onap/aaf/org/DefaultOrg.java | 21 ++++++++++++++++- .../java/org/onap/aaf/org/test/JU_DefaultOrg.java | 5 +++++ .../auth/service/validation/ServiceValidator.java | 2 +- .../java/org/onap/aaf/cadi/test/JU_CmdLine.java | 4 ++++ 8 files changed, 71 insertions(+), 16 deletions(-) diff --git a/auth/auth-cass/docker/backup/backup.sh b/auth/auth-cass/docker/backup/backup.sh index db59d16e..1359d3de 100644 --- a/auth/auth-cass/docker/backup/backup.sh +++ b/auth/auth-cass/docker/backup/backup.sh @@ -1,28 +1,32 @@ # BEGIN Store prev -if [ -e "6day" ]; then - rm -Rf 6day +BD=/opt/app/osaaf/backup +if [ -e "$BD/6day" ]; then + rm -Rf $BD/6day fi -PREV=6day -for D in 5day 4day 3day 2day yesterday; do +PREV=$BD/6day +for D in $BD/5day $BD/4day $BD/3day $BD/2day $BD/yesterday; do if [ -e "$D" ]; then mv "$D" "$PREV" fi PREV="$D" done -if [ -e "today" ]; then - mv today yesterday - gzip yesterday/* +if [ -e "$BD/today" ]; then + if [ -e "$BD/backup.log" ]; then + mv $BD/backup.log $BD/today + fi + gzip $BD/today/* + mv $BD/today $BD/yesterday fi +mkdir $BD/today + # END Store prev date docker exec -t aaf_cass bash -c "mkdir -p /opt/app/cass_backup" -docker container cp cbackup.sh aaf_cass:/opt/app/cass_backup/backup.sh +docker container cp $BD/cbackup.sh aaf_cass:/opt/app/cass_backup/backup.sh # echo "login as Root, then run \nbash /opt/app/cass_backup/backup.sh" docker exec -t aaf_cass bash /opt/app/cass_backup/backup.sh -mkdir today -docker container cp aaf_cass:/opt/app/cass_backup/. today - +docker container cp aaf_cass:/opt/app/cass_backup/. $BD/today date diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java index 1f679075..b7b17c90 100644 --- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java +++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java @@ -40,23 +40,23 @@ import org.onap.aaf.auth.dao.cass.DelegateDAO; import org.onap.aaf.auth.dao.cass.FutureDAO; import org.onap.aaf.auth.dao.cass.Namespace; import org.onap.aaf.auth.dao.cass.NsDAO; +import org.onap.aaf.auth.dao.cass.NsDAO.Data; import org.onap.aaf.auth.dao.cass.NsSplit; import org.onap.aaf.auth.dao.cass.NsType; import org.onap.aaf.auth.dao.cass.PermDAO; import org.onap.aaf.auth.dao.cass.RoleDAO; import org.onap.aaf.auth.dao.cass.Status; import org.onap.aaf.auth.dao.cass.UserRoleDAO; -import org.onap.aaf.auth.dao.cass.NsDAO.Data; import org.onap.aaf.auth.dao.hl.Question.Access; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.auth.env.AuthzTrans.REQD_TYPE; import org.onap.aaf.auth.layer.Result; import org.onap.aaf.auth.org.Executor; import org.onap.aaf.auth.org.Organization; -import org.onap.aaf.auth.org.OrganizationException; import org.onap.aaf.auth.org.Organization.Expiration; import org.onap.aaf.auth.org.Organization.Identity; import org.onap.aaf.auth.org.Organization.Policy; +import org.onap.aaf.auth.org.OrganizationException; public class Function { @@ -735,7 +735,7 @@ public class Function { private Result checkValidID(AuthzTrans trans, Date now, String user) { Organization org = trans.org(); - if (user.endsWith(org.getRealm())) { + if (org.supportsRealm(user)) { try { if (org.getIdentity(trans, user) == null) { return Result.err(Status.ERR_Denied, diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java index 6d7a3586..8476e06c 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java @@ -78,6 +78,12 @@ public interface Organization { * @return */ public String getRealm(); + + public boolean supportsRealm(String user); + + public void addSupportedRealm(String r); + + String getDomain(); @@ -372,6 +378,15 @@ public interface Organization { return N_A; } + @Override + public boolean supportsRealm(String r) { + return false; + } + + @Override + public void addSupportedRealm(String r) { + } + @Override public String getDomain() { return N_A; diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java index 843e2682..57d37d0b 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java @@ -29,6 +29,7 @@ import java.util.concurrent.ConcurrentHashMap; import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.cadi.util.FQI; +import org.onap.aaf.cadi.util.Split; import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.impl.BasicEnv; @@ -98,6 +99,13 @@ public class OrganizationFactory { Class cls = (Class) Class.forName(orgClass); Constructor cnst = cls.getConstructor(Env.class,String.class); org = cnst.newInstance(env,orgNS); + String other_realms = env.getProperty(orgNS+".also_supports"); + if(other_realms!=null) { + for(String r : Split.splitTrim(',', other_realms)) { + org.addSupportedRealm(r); + } + } + } catch (ClassNotFoundException | NoSuchMethodException | SecurityException | InstantiationException | IllegalAccessException | IllegalArgumentException | InvocationTargetException e) { diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java index 5674e247..935f99bf 100644 --- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java +++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java @@ -56,9 +56,12 @@ public class DefaultOrg implements Organization { final String realm; private final String NAME,mailHost,mailFrom; + private final Set supportedRealms; public DefaultOrg(Env env, String realm) throws OrganizationException { this.realm = realm; + supportedRealms=new HashSet(); + supportedRealms.add(realm); domain=FQI.reverseDomain(realm); atDomain = '@'+domain; String s; @@ -668,5 +671,21 @@ public class DefaultOrg implements Organization { return addressArray; } - + private String extractRealm(final String r) { + int at; + if((at=r.indexOf('@'))>=0) { + return FQI.reverseDomain(r.substring(at+1)); + } + return r; + } + @Override + public boolean supportsRealm(final String r) { + return supportedRealms.contains(extractRealm(r)) || r.endsWith(realm); } + + @Override + public synchronized void addSupportedRealm(final String r) { + supportedRealms.add(extractRealm(r)); + } + +} diff --git a/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java index e6f058a4..d4606284 100644 --- a/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java +++ b/auth/auth-deforg/src/test/java/org/onap/aaf/org/test/JU_DefaultOrg.java @@ -109,6 +109,11 @@ public class JU_DefaultOrg { assertTrue(realmTest == REALM); } + public void supportsRealm() { + String otherRealm = "org.ossaf.something"; + defaultOrg.addSupportedRealm(otherRealm); + assertTrue(defaultOrg.supportsRealm(otherRealm)); + } //@Test public void testGetName() throws OrganizationException{ String testName = defaultOrg.getName(); diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java index 446bf46d..a6bbbb0b 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/validation/ServiceValidator.java @@ -153,7 +153,7 @@ public class ServiceValidator extends Validator { str = str.substring(0,idx); } - if(cd.id.endsWith(org.getRealm())) { + if(org.supportsRealm(cd.id)) { if(isNew && (str=org.isValidID(trans, str)).length()>0) { msg(cd.id,str); } diff --git a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CmdLine.java b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CmdLine.java index 31e5d32c..52be7d5e 100644 --- a/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CmdLine.java +++ b/cadi/core/src/test/java/org/onap/aaf/cadi/test/JU_CmdLine.java @@ -163,6 +163,10 @@ public class JU_CmdLine { assertThat(outContent.toString().length(), is(2074)); String filePath = "test/output_key"; + File testDir = new File("test"); + if(!testDir.exists()) { + testDir.mkdirs(); + } CmdLine.main(new String[]{"keygen", filePath}); File keyfile = new File(filePath); assertTrue(Files.isReadable(Paths.get(filePath))); -- 2.16.6