Code Review / dmaap / dbcapi.git / blob
? search:


33cc32758b358dd707b7a6567f3a47b658cf7255
[dmaap/dbcapi.git] / src / main / java / org / onap / dmaap / dbcapi / authentication / ApiPerms.java
1 /*-
2  * ============LICENSE_START=======================================================
3  * org.onap.dmaap
4  * ================================================================================
5  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6  * 
7  * Modifications Copyright (C) 2018 IBM.
8  * ================================================================================
9  * Licensed under the Apache License, Version 2.0 (the "License");
10  * you may not use this file except in compliance with the License.
11  * You may obtain a copy of the License at
12  * 
13  *      http://www.apache.org/licenses/LICENSE-2.0
14  * 
15  * Unless required by applicable law or agreed to in writing, software
16  * distributed under the License is distributed on an "AS IS" BASIS,
17  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18  * See the License for the specific language governing permissions and
19  * limitations under the License.
20  * ============LICENSE_END=========================================================
21  */
22
23 package org.onap.dmaap.dbcapi.authentication;
24
25 import com.att.eelf.configuration.EELFLogger;
26 import com.att.eelf.configuration.EELFManager;
27
28 import org.onap.dmaap.dbcapi.aaf.AafService;
29 import org.onap.dmaap.dbcapi.aaf.DmaapGrant;
30 import org.onap.dmaap.dbcapi.aaf.DmaapPerm;
31 import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType;
32 import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
33 import org.onap.dmaap.dbcapi.logging.DmaapbcLogMessageEnum;
34 import org.onap.dmaap.dbcapi.model.Dmaap;
35 import org.onap.dmaap.dbcapi.service.DmaapService;
36 import org.onap.dmaap.dbcapi.util.DmaapConfig;
37
38 public  class ApiPerms extends BaseLoggingClass {
39         static String topic = "topics";
40         static String mrClusters = "mr_clusters";
41         static String mrClients = "mr_clients";
42         static String feed = "feeds";
43         static String drSubs = "dr_subs";
44         static String drPubs = "dr_pubs";
45         static String drNodes = "dr_nodes";
46         static String dcaeLocations = "dcaeLocations";
47         static String inventory = "Inventory";
48         static String portalUser = "PortalUser";
49         static String orchestrator = "Orchestrator";
50         static String delete = "DELETE";
51         static String dmaap = "dmaap";
52         static String controller = "Controller";
53         
54         private static class PermissionMap {
55                 static final EELFLogger logger = EELFManager.getInstance().getLogger( PermissionMap.class );
56                 static final EELFLogger errorLogger = EELFManager.getInstance().getErrorLogger();
57                 String uri;
58                 String action;
59                 String[] roles;
60                 
61                 private PermissionMap( String u, String a, String[] r ) {
62                         this.setUri(u);
63                         this.setAction(a);
64                         this.setRoles(r);
65                 }       
66                 
67                 public String getUri() {
68                         return uri;
69                 }
70                 public void setUri(String uri) {
71                         this.uri = uri;
72                 }
73                 public String getAction() {
74                         return action;
75                 }
76                 public void setAction(String action) {
77                         this.action = action;
78                 }
79
80                 public String[] getRoles() {
81                         return roles;
82                 }
83                 public void setRoles(String[] roles) {
84                         this.roles = roles;
85                 }
86
87                 public static void initMap( PermissionMap[] pmap, String instance ) {
88
89                         DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig();
90                         String api = p.getProperty("ApiNamespace", "apiNamespace.not.set");
91
92                         AafService aaf = new AafService(ServiceType.AAF_Admin);
93                         
94                         for ( int i = 0; i < pmap.length ; i++ ) {
95                                 String uri = new String( api + "." + pmap[i].getUri());
96                                 DmaapPerm perm = new DmaapPerm( uri, instance, pmap[i].getAction() );
97                                 int rc = aaf.addPerm( perm );
98                                 if ( rc != 201 &&  rc != 409 ) {
99                                         errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE,  Integer.toString(rc), "add perm",  perm.toString() );
100
101                                 }
102                                 for( String r: pmap[i].getRoles()) {
103                                         String fr = new String( api + "." + r );
104                                         logger.debug( "i:" + i + " granting perm " + perm.toString()+ " to role=" + fr );
105                                         DmaapGrant grant = new DmaapGrant( perm, fr );
106                                         rc = aaf.addGrant( grant );
107                                         if ( rc != 201 && rc != 409 ) {
108                                                 errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE,  Integer.toString(rc), "grant perm",  perm.toString() );
109                                         }
110                                 }
111                                 
112                         }
113                 }
114         }
115         
116         static PermissionMap[] bootMap = {
117                 new PermissionMap( dmaap, "GET", new String[] { controller }),
118                 new PermissionMap( dmaap, "POST", new String[] { controller }), 
119                 new PermissionMap( dmaap, "PUT", new String[] { controller }),
120                 new PermissionMap( dmaap, delete, new String[] { controller })
121         
122         };
123
124         static PermissionMap[] envMap = {
125                 new PermissionMap( dmaap, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
126                 new PermissionMap( dmaap, "POST", new String[] { controller } ),                
127                 new PermissionMap( dmaap, "PUT", new String[] { controller }),
128                 new PermissionMap( dmaap, delete, new String[] { controller }),
129                 new PermissionMap( "bridge", "GET", new String[] {  "Metrics" }),
130                 //new PermissionMap( "bridge", "POST", new String[] { "Metrics" } ),            
131                 //new PermissionMap( "bridge", "PUT", new String[] { "Metrics" }),
132                 //new PermissionMap( "bridge", delete, new String[] { "Metrics" }),
133                 new PermissionMap( dcaeLocations, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
134                 new PermissionMap( dcaeLocations, "POST", new String[] { controller } ),                
135                 new PermissionMap( dcaeLocations, "PUT", new String[] { controller }),
136                 new PermissionMap( dcaeLocations, delete, new String[] { controller }),
137                 new PermissionMap( drNodes, "GET", new String[] { controller, orchestrator, inventory,  portalUser }),
138                 new PermissionMap( drNodes, "POST", new String[] { controller } ),              
139                 new PermissionMap( drNodes, "PUT", new String[] { controller }),
140                 new PermissionMap( drNodes, delete, new String[] { controller }),
141                 new PermissionMap( drPubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
142                 new PermissionMap( drPubs, "POST", new String[] { controller, orchestrator,portalUser } ),              
143                 new PermissionMap( drPubs, "PUT", new String[] { controller, orchestrator,portalUser }),
144                 new PermissionMap( drPubs, delete, new String[] { controller, orchestrator,portalUser }),
145                 new PermissionMap( drSubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
146                 new PermissionMap( drSubs, "POST", new String[] { controller, orchestrator,portalUser } ),              
147                 new PermissionMap( drSubs, "PUT", new String[] { controller, orchestrator,portalUser }),
148                 new PermissionMap( drSubs, delete, new String[] { controller, orchestrator,portalUser }),
149                 new PermissionMap( feed, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
150                 new PermissionMap( feed, "POST", new String[] { controller, orchestrator,portalUser } ),                
151                 new PermissionMap( feed, "PUT", new String[] { controller, orchestrator, portalUser }),
152                 new PermissionMap( feed, delete, new String[] { controller, portalUser }),
153                 new PermissionMap( mrClients, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
154                 new PermissionMap( mrClients, "POST", new String[] { controller,orchestrator, portalUser } ),           
155                 new PermissionMap( mrClients, "PUT", new String[] { controller, orchestrator,portalUser }),
156                 new PermissionMap( mrClients, delete, new String[] { controller,orchestrator, portalUser }),
157                 new PermissionMap( mrClusters, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
158                 new PermissionMap( mrClusters, "POST", new String[] { controller } ),           
159                 new PermissionMap( mrClusters, "PUT", new String[] { controller }),
160                 new PermissionMap( mrClusters, delete, new String[] { controller }),
161                 new PermissionMap( topic, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
162                 new PermissionMap( topic, "POST", new String[] { controller, orchestrator } ),          
163                 new PermissionMap( topic, "PUT", new String[] { controller, orchestrator }),
164                 new PermissionMap( topic, delete, new String[] { controller, orchestrator })
165         };
166         
167         public void setBootMap() {
168                 String instance = "boot";
169                 PermissionMap.initMap( bootMap, instance );
170         }
171         
172         public void setEnvMap() {
173                 Dmaap dmaapVar = new DmaapService().getDmaap();
174                 String dmaapName = dmaapVar.getDmaapName();
175                 PermissionMap.initMap( envMap, dmaapName );
176         }
177         
178
179 }
Provides a northbound REST API to ONAP clients to manage DMaaP resources. This includes DMaaP components such as MR and DR, as well as provisioning of topics and feeds. Southbound, it communicates with the respective component APIs.