2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
7 * Modifications Copyright (C) 2018 IBM.
8 * ================================================================================
9 * Licensed under the Apache License, Version 2.0 (the "License");
10 * you may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 * ============LICENSE_END=========================================================
23 package org.onap.dmaap.dbcapi.authentication;
25 import com.att.eelf.configuration.EELFLogger;
26 import com.att.eelf.configuration.EELFManager;
28 import org.onap.dmaap.dbcapi.aaf.AafService;
29 import org.onap.dmaap.dbcapi.aaf.DmaapGrant;
30 import org.onap.dmaap.dbcapi.aaf.DmaapPerm;
31 import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType;
32 import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
33 import org.onap.dmaap.dbcapi.logging.DmaapbcLogMessageEnum;
34 import org.onap.dmaap.dbcapi.model.Dmaap;
35 import org.onap.dmaap.dbcapi.service.DmaapService;
36 import org.onap.dmaap.dbcapi.util.DmaapConfig;
38 public class ApiPerms extends BaseLoggingClass {
39 static String topic = "topics";
40 static String mrClusters = "mr_clusters";
41 static String mrClients = "mr_clients";
42 static String feed = "feeds";
43 static String drSubs = "dr_subs";
44 static String drPubs = "dr_pubs";
45 static String drNodes = "dr_nodes";
46 static String dcaeLocations = "dcaeLocations";
47 static String inventory = "Inventory";
48 static String portalUser = "PortalUser";
49 static String orchestrator = "Orchestrator";
50 static String delete = "DELETE";
51 static String dmaap = "dmaap";
52 static String controller = "Controller";
54 private static class PermissionMap {
55 static final EELFLogger logger = EELFManager.getInstance().getLogger( PermissionMap.class );
56 static final EELFLogger errorLogger = EELFManager.getInstance().getErrorLogger();
61 private PermissionMap( String u, String a, String[] r ) {
67 public String getUri() {
70 public void setUri(String uri) {
73 public String getAction() {
76 public void setAction(String action) {
80 public String[] getRoles() {
83 public void setRoles(String[] roles) {
87 public static void initMap( PermissionMap[] pmap, String instance ) {
89 DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig();
90 String api = p.getProperty("ApiNamespace", "apiNamespace.not.set");
92 AafService aaf = new AafService(ServiceType.AAF_Admin);
94 for ( int i = 0; i < pmap.length ; i++ ) {
95 String uri = new String( api + "." + pmap[i].getUri());
96 DmaapPerm perm = new DmaapPerm( uri, instance, pmap[i].getAction() );
97 int rc = aaf.addPerm( perm );
98 if ( rc != 201 && rc != 409 ) {
99 errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE, Integer.toString(rc), "add perm", perm.toString() );
102 for( String r: pmap[i].getRoles()) {
103 String fr = new String( api + "." + r );
104 logger.debug( "i:" + i + " granting perm " + perm.toString()+ " to role=" + fr );
105 DmaapGrant grant = new DmaapGrant( perm, fr );
106 rc = aaf.addGrant( grant );
107 if ( rc != 201 && rc != 409 ) {
108 errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE, Integer.toString(rc), "grant perm", perm.toString() );
116 static PermissionMap[] bootMap = {
117 new PermissionMap( dmaap, "GET", new String[] { controller }),
118 new PermissionMap( dmaap, "POST", new String[] { controller }),
119 new PermissionMap( dmaap, "PUT", new String[] { controller }),
120 new PermissionMap( dmaap, delete, new String[] { controller })
124 static PermissionMap[] envMap = {
125 new PermissionMap( dmaap, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
126 new PermissionMap( dmaap, "POST", new String[] { controller } ),
127 new PermissionMap( dmaap, "PUT", new String[] { controller }),
128 new PermissionMap( dmaap, delete, new String[] { controller }),
129 new PermissionMap( "bridge", "GET", new String[] { "Metrics" }),
130 //new PermissionMap( "bridge", "POST", new String[] { "Metrics" } ),
131 //new PermissionMap( "bridge", "PUT", new String[] { "Metrics" }),
132 //new PermissionMap( "bridge", delete, new String[] { "Metrics" }),
133 new PermissionMap( dcaeLocations, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
134 new PermissionMap( dcaeLocations, "POST", new String[] { controller } ),
135 new PermissionMap( dcaeLocations, "PUT", new String[] { controller }),
136 new PermissionMap( dcaeLocations, delete, new String[] { controller }),
137 new PermissionMap( drNodes, "GET", new String[] { controller, orchestrator, inventory, portalUser }),
138 new PermissionMap( drNodes, "POST", new String[] { controller } ),
139 new PermissionMap( drNodes, "PUT", new String[] { controller }),
140 new PermissionMap( drNodes, delete, new String[] { controller }),
141 new PermissionMap( drPubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
142 new PermissionMap( drPubs, "POST", new String[] { controller, orchestrator,portalUser } ),
143 new PermissionMap( drPubs, "PUT", new String[] { controller, orchestrator,portalUser }),
144 new PermissionMap( drPubs, delete, new String[] { controller, orchestrator,portalUser }),
145 new PermissionMap( drSubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
146 new PermissionMap( drSubs, "POST", new String[] { controller, orchestrator,portalUser } ),
147 new PermissionMap( drSubs, "PUT", new String[] { controller, orchestrator,portalUser }),
148 new PermissionMap( drSubs, delete, new String[] { controller, orchestrator,portalUser }),
149 new PermissionMap( feed, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
150 new PermissionMap( feed, "POST", new String[] { controller, orchestrator,portalUser } ),
151 new PermissionMap( feed, "PUT", new String[] { controller, orchestrator, portalUser }),
152 new PermissionMap( feed, delete, new String[] { controller, portalUser }),
153 new PermissionMap( mrClients, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
154 new PermissionMap( mrClients, "POST", new String[] { controller,orchestrator, portalUser } ),
155 new PermissionMap( mrClients, "PUT", new String[] { controller, orchestrator,portalUser }),
156 new PermissionMap( mrClients, delete, new String[] { controller,orchestrator, portalUser }),
157 new PermissionMap( mrClusters, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
158 new PermissionMap( mrClusters, "POST", new String[] { controller } ),
159 new PermissionMap( mrClusters, "PUT", new String[] { controller }),
160 new PermissionMap( mrClusters, delete, new String[] { controller }),
161 new PermissionMap( topic, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
162 new PermissionMap( topic, "POST", new String[] { controller, orchestrator } ),
163 new PermissionMap( topic, "PUT", new String[] { controller, orchestrator }),
164 new PermissionMap( topic, delete, new String[] { controller, orchestrator })
167 public void setBootMap() {
168 String instance = "boot";
169 PermissionMap.initMap( bootMap, instance );
172 public void setEnvMap() {
173 Dmaap dmaapVar = new DmaapService().getDmaap();
174 String dmaapName = dmaapVar.getDmaapName();
175 PermissionMap.initMap( envMap, dmaapName );