From a3b442a09aa3666662003d7c8a5ed69ee24a373e Mon Sep 17 00:00:00 2001 From: Instrumental Date: Fri, 20 Dec 2019 15:55:27 -0600 Subject: [PATCH] Make Organization isRevoked return Date Issue-ID: AAF-1058 Change-Id: I4120235dc6f78fb1db0c7bea86c6938aae076b63 Signed-off-by: Instrumental --- .../java/org/onap/aaf/auth/batch/reports/Analyze.java | 17 ++++++++++------- .../java/org/onap/aaf/auth/batch/reports/NotInOrg.java | 3 ++- .../main/java/org/onap/aaf/auth/org/Organization.java | 6 +++--- .../src/main/java/org/onap/aaf/org/DefaultOrg.java | 8 +++++--- 4 files changed, 20 insertions(+), 14 deletions(-) diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java index 227717b7..ff2c72a5 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/Analyze.java @@ -219,11 +219,13 @@ public class Analyze extends Batch { // for users and approvers still valid String user = appr.getUser(); - if(org.isRevoked(noAvg, appr.getApprover())) { - deleteCW.comment("Approver ID is revoked"); + Date revokedAppr = org.isRevoked(noAvg, appr.getApprover()); + Date revokedUser = org.isRevoked(noAvg, user); + if(revokedAppr!=null) { + deleteCW.comment("Approver ID is revoked on " + revokedAppr); Approval.row(deleteCW, appr); - } else if(user!=null && !user.isEmpty() && org.isRevoked(noAvg, user)) { - deleteCW.comment("USER ID is revoked"); + } else if(user!=null && !user.isEmpty() && revokedUser!=null) { + deleteCW.comment("USER ID is revoked on " + revokedUser); Approval.row(deleteCW, appr); } else { ticket.approvals.add(appr); // add to found Ticket @@ -393,14 +395,15 @@ public class Analyze extends Batch { } return; } - if(org.isRevoked(trans, ur.user())) { + Date revoked = org.isRevoked(trans, ur.user()); + if(revoked!=null) { GregorianCalendar gc = new GregorianCalendar(); - gc.setTime(ur.expires()); + gc.setTime(revoked); GregorianCalendar gracePeriodEnds = org.expiration(gc, Expiration.RevokedGracePeriodEnds, ur.user()); if(now.after(gracePeriodEnds.getTime())) { ur.row(deleteCW, UserRole.UR,"Revoked ID, no grace period left"); } else { - ur.row(notCompliantCW, UserRole.UR, "Revoked ID: WARNING! GracePeriod Ends " + gracePeriodEnds.toString()); + ur.row(notCompliantCW, UserRole.UR, "Revoked ID: WARNING! GracePeriod Ends " + Chrono.dateOnlyStamp(gracePeriodEnds)); } return; } diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java index fadd0682..dc45ecae 100644 --- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java +++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java @@ -134,7 +134,8 @@ public class NotInOrg extends Batch { private Writer whichWriter(AuthzTrans transNoAvg, String id) { Writer w = whichWriter.get(id); if(w==null) { - w = org.isRevoked(transNoAvg, id)? + Date revoked = org.isRevoked(transNoAvg, id); + w = revoked != null? notInOrgDeleteW: notInOrgW; whichWriter.put(id,w); diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java index 95f37859..f34ed151 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java @@ -124,7 +124,7 @@ public interface Organization { * feed with a "Deleted ID" feed. * */ - public boolean isRevoked(AuthzTrans trans, String id); + public Date isRevoked(AuthzTrans trans, String id); /** @@ -575,9 +575,9 @@ public interface Organization { } @Override - public boolean isRevoked(AuthzTrans trans, String id) { + public Date isRevoked(AuthzTrans trans, String id) { // provide a corresponding feed that indicates that an ID has been intentionally removed from identities.dat table. - return false; + return null; } @Override diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java index 2440e02e..307c9c95 100644 --- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java +++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java @@ -41,6 +41,7 @@ import org.onap.aaf.auth.org.OrganizationException; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.util.FQI; import org.onap.aaf.misc.env.Env; +import org.onap.aaf.org.Identities.Data; public class DefaultOrg implements Organization { private static final String AAF_DATA_DIR = "aaf_data_dir"; @@ -172,7 +173,7 @@ public class DefaultOrg implements Organization { * If the ID isn't in the revoked file, if it exists, it is revoked. */ @Override - public boolean isRevoked(AuthzTrans trans, String key) { + public Date isRevoked(AuthzTrans trans, String key) { if(revoked!=null) { try { revoked.open(trans, DefaultOrgIdentity.TIMEOUT); @@ -185,7 +186,8 @@ public class DefaultOrg implements Organization { } else { search = key; } - return revoked.find(search, r)!=null; + Data revokedData = revoked.find(search, r); + return revokedData==null?null:new Date(); } finally { revoked.close(trans); } @@ -193,7 +195,7 @@ public class DefaultOrg implements Organization { trans.error().log(e); } } - return false; + return null; } /* (non-Javadoc) -- 2.16.6