Code Review / dmaap / dbcapi.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Refactor code to support no AAF requests
[dmaap/dbcapi.git] / src / main / java / org / onap / dmaap / dbcapi / authentication / ApiPerms.java
1 /*-
2  * ============LICENSE_START=======================================================
3  * org.onap.dmaap
4  * ================================================================================
5  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6  * ================================================================================
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  * 
11  *      http://www.apache.org/licenses/LICENSE-2.0
12  * 
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  * ============LICENSE_END=========================================================
19  */
20
21 package org.onap.dmaap.dbcapi.authentication;
22
23 import com.att.eelf.configuration.EELFLogger;
24 import com.att.eelf.configuration.EELFManager;
25
26 import org.onap.dmaap.dbcapi.aaf.AafService;
27 import org.onap.dmaap.dbcapi.aaf.DmaapGrant;
28 import org.onap.dmaap.dbcapi.aaf.DmaapPerm;
29 import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType;
30 import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
31 import org.onap.dmaap.dbcapi.logging.DmaapbcLogMessageEnum;
32 import org.onap.dmaap.dbcapi.model.Dmaap;
33 import org.onap.dmaap.dbcapi.service.DmaapService;
34 import org.onap.dmaap.dbcapi.util.DmaapConfig;
35
36 public  class ApiPerms extends BaseLoggingClass {
37         
38         private static class PermissionMap {
39                 static final EELFLogger logger = EELFManager.getInstance().getLogger( PermissionMap.class );
40                 static final EELFLogger errorLogger = EELFManager.getInstance().getErrorLogger();
41                 String uri;
42                 String action;
43                 String[] roles;
44                 
45                 public String getUri() {
46                         return uri;
47                 }
48                 public void setUri(String uri) {
49                         this.uri = uri;
50                 }
51                 public String getAction() {
52                         return action;
53                 }
54                 public void setAction(String action) {
55                         this.action = action;
56                 }
57
58                 public String[] getRoles() {
59                         return roles;
60                 }
61                 public void setRoles(String[] roles) {
62                         this.roles = roles;
63                 }
64
65                 private PermissionMap( String u, String a, String[] r ) {
66                         this.setUri(u);
67                         this.setAction(a);
68                         this.setRoles(r);
69                 }
70                 
71                 static public void initMap( PermissionMap[] pmap, String instance ) {
72
73                         DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig();
74                         String api = p.getProperty("ApiNamespace", "apiNamespace.not.set");
75                         
76                         // this is needed because PE AAF may be a different instance than AAF used by MR
77                         String peEnv = p.getProperty("PeAafEnvironment", "notSet");
78                         String url = p.getProperty( new String( "PeAafUrl." + peEnv ), "URL.not.set" );
79                         logger.info( "PeAafEnvironment=" + peEnv + " using URL " + url);
80                         AafService aaf = new AafService(ServiceType.AAF_Admin, url );
81                         
82                         for ( int i = 0; i < pmap.length ; i++ ) {
83                                 String uri = new String( api + "." + pmap[i].getUri());
84                                 DmaapPerm perm = new DmaapPerm( uri, instance, pmap[i].getAction() );
85                                 int rc = aaf.addPerm( perm );
86                                 if ( rc != 201 &&  rc != 409 ) {
87                                         errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE,  Integer.toString(rc), "add perm",  perm.toString() );
88
89                                 }
90                                 for( String r: pmap[i].getRoles()) {
91                                         String fr = new String( api + "." + r );
92                                         logger.debug( "i:" + i + " granting perm " + perm.toString()+ " to role=" + fr );
93                                         DmaapGrant grant = new DmaapGrant( perm, fr );
94                                         rc = aaf.addGrant( grant );
95                                         if ( rc != 201 && rc != 409 ) {
96                                                 errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE,  Integer.toString(rc), "grant perm",  perm.toString() );
97                                         }
98                                 }
99                                 
100                         }
101                 }
102         }
103         
104         static PermissionMap[] bootMap = {
105                 new PermissionMap( "dmaap", "GET", new String[] { "Controller" }),
106                 new PermissionMap( "dmaap", "POST", new String[] { "Controller" }),     
107                 new PermissionMap( "dmaap", "PUT", new String[] { "Controller" }),
108                 new PermissionMap( "dmaap", "DELETE", new String[] { "Controller" })
109         
110         };
111
112         static PermissionMap[] envMap = {
113                 new PermissionMap( "dmaap", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
114                 new PermissionMap( "dmaap", "POST", new String[] { "Controller" } ),            
115                 new PermissionMap( "dmaap", "PUT", new String[] { "Controller" }),
116                 new PermissionMap( "dmaap", "DELETE", new String[] { "Controller" }),
117                 new PermissionMap( "bridge", "GET", new String[] {  "Metrics" }),
118                 //new PermissionMap( "bridge", "POST", new String[] { "Metrics" } ),            
119                 //new PermissionMap( "bridge", "PUT", new String[] { "Metrics" }),
120                 //new PermissionMap( "bridge", "DELETE", new String[] { "Metrics" }),
121                 new PermissionMap( "dcaeLocations", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
122                 new PermissionMap( "dcaeLocations", "POST", new String[] { "Controller" } ),            
123                 new PermissionMap( "dcaeLocations", "PUT", new String[] { "Controller" }),
124                 new PermissionMap( "dcaeLocations", "DELETE", new String[] { "Controller" }),
125                 new PermissionMap( "dr_nodes", "GET", new String[] { "Controller", "Orchestrator", "Inventory",  "PortalUser" }),
126                 new PermissionMap( "dr_nodes", "POST", new String[] { "Controller" } ),         
127                 new PermissionMap( "dr_nodes", "PUT", new String[] { "Controller" }),
128                 new PermissionMap( "dr_nodes", "DELETE", new String[] { "Controller" }),
129                 new PermissionMap( "dr_pubs", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
130                 new PermissionMap( "dr_pubs", "POST", new String[] { "Controller", "Orchestrator","PortalUser" } ),             
131                 new PermissionMap( "dr_pubs", "PUT", new String[] { "Controller", "Orchestrator","PortalUser" }),
132                 new PermissionMap( "dr_pubs", "DELETE", new String[] { "Controller", "Orchestrator","PortalUser" }),
133                 new PermissionMap( "dr_subs", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
134                 new PermissionMap( "dr_subs", "POST", new String[] { "Controller", "Orchestrator","PortalUser" } ),             
135                 new PermissionMap( "dr_subs", "PUT", new String[] { "Controller", "Orchestrator","PortalUser" }),
136                 new PermissionMap( "dr_subs", "DELETE", new String[] { "Controller", "Orchestrator","PortalUser" }),
137                 new PermissionMap( "feeds", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
138                 new PermissionMap( "feeds", "POST", new String[] { "Controller", "Orchestrator","PortalUser" } ),               
139                 new PermissionMap( "feeds", "PUT", new String[] { "Controller", "Orchestrator", "PortalUser" }),
140                 new PermissionMap( "feeds", "DELETE", new String[] { "Controller", "PortalUser" }),
141                 new PermissionMap( "mr_clients", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
142                 new PermissionMap( "mr_clients", "POST", new String[] { "Controller","Orchestrator", "PortalUser" } ),          
143                 new PermissionMap( "mr_clients", "PUT", new String[] { "Controller", "Orchestrator","PortalUser" }),
144                 new PermissionMap( "mr_clients", "DELETE", new String[] { "Controller","Orchestrator", "PortalUser" }),
145                 new PermissionMap( "mr_clusters", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
146                 new PermissionMap( "mr_clusters", "POST", new String[] { "Controller" } ),              
147                 new PermissionMap( "mr_clusters", "PUT", new String[] { "Controller" }),
148                 new PermissionMap( "mr_clusters", "DELETE", new String[] { "Controller" }),
149                 new PermissionMap( "topics", "GET", new String[] { "Controller", "Orchestrator", "Inventory", "Metrics", "PortalUser" }),
150                 new PermissionMap( "topics", "POST", new String[] { "Controller", "Orchestrator" } ),           
151                 new PermissionMap( "topics", "PUT", new String[] { "Controller", "Orchestrator" }),
152                 new PermissionMap( "topics", "DELETE", new String[] { "Controller", "Orchestrator" })
153         };
154         
155         public void setBootMap() {
156                 String instance = "boot";
157                 PermissionMap.initMap( bootMap, instance );
158         }
159         
160         public void setEnvMap() {
161                 Dmaap dmaap = new DmaapService().getDmaap();
162                 String dmaap_name = dmaap.getDmaapName();
163                 PermissionMap.initMap( envMap, dmaap_name );
164         }
165         
166
167 }
Provides a northbound REST API to ONAP clients to manage DMaaP resources. This includes DMaaP components such as MR and DR, as well as provisioning of topics and feeds. Southbound, it communicates with the respective component APIs.