Code Review / dmaap / dbcapi.git / blob
? search:


f3b9ebc10f1d6e53d0ed5fa6a30193c2b83fb3eb
[dmaap/dbcapi.git] / src / main / java / org / onap / dmaap / dbcapi / authentication / ApiPerms.java
1 /*-
2  * ============LICENSE_START=======================================================
3  * org.onap.dmaap
4  * ================================================================================
5  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6  * ================================================================================
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  * 
11  *      http://www.apache.org/licenses/LICENSE-2.0
12  * 
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  * ============LICENSE_END=========================================================
19  */
20
21 package org.onap.dmaap.dbcapi.authentication;
22
23 import com.att.eelf.configuration.EELFLogger;
24 import com.att.eelf.configuration.EELFManager;
25
26 import org.onap.dmaap.dbcapi.aaf.AafService;
27 import org.onap.dmaap.dbcapi.aaf.DmaapGrant;
28 import org.onap.dmaap.dbcapi.aaf.DmaapPerm;
29 import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType;
30 import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
31 import org.onap.dmaap.dbcapi.logging.DmaapbcLogMessageEnum;
32 import org.onap.dmaap.dbcapi.model.Dmaap;
33 import org.onap.dmaap.dbcapi.service.DmaapService;
34 import org.onap.dmaap.dbcapi.util.DmaapConfig;
35
36 public  class ApiPerms extends BaseLoggingClass {
37         static String topic = "topics";
38         static String mrClusters = "mr_clusters";
39         static String mrClients = "mr_clients";
40         static String feed = "feeds";
41         static String drSubs = "dr_subs";
42         static String drPubs = "dr_pubs";
43         static String drNodes = "dr_nodes";
44         static String dcaeLocations = "dcaeLocations";
45         static String inventory = "Inventory";
46         static String portalUser = "PortalUser";
47         static String orchestrator = "Orchestrator";
48         static String delete = "DELETE";
49         static String dmaap = "dmaap";
50         static String controller = "Controller";
51         
52         private static class PermissionMap {
53                 static final EELFLogger logger = EELFManager.getInstance().getLogger( PermissionMap.class );
54                 static final EELFLogger errorLogger = EELFManager.getInstance().getErrorLogger();
55                 String uri;
56                 String action;
57                 String[] roles;
58                 
59                 private PermissionMap( String u, String a, String[] r ) {
60                         this.setUri(u);
61                         this.setAction(a);
62                         this.setRoles(r);
63                 }       
64                 
65                 public String getUri() {
66                         return uri;
67                 }
68                 public void setUri(String uri) {
69                         this.uri = uri;
70                 }
71                 public String getAction() {
72                         return action;
73                 }
74                 public void setAction(String action) {
75                         this.action = action;
76                 }
77
78                 public String[] getRoles() {
79                         return roles;
80                 }
81                 public void setRoles(String[] roles) {
82                         this.roles = roles;
83                 }
84
85                 public static void initMap( PermissionMap[] pmap, String instance ) {
86
87                         DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig();
88                         String api = p.getProperty("ApiNamespace", "apiNamespace.not.set");
89                         
90                         // this is needed because PE AAF may be a different instance than AAF used by MR
91                         String peEnv = p.getProperty("PeAafEnvironment", "notSet");
92                         String url = p.getProperty( new String( "PeAafUrl." + peEnv ), "URL.not.set" );
93                         logger.info( "PeAafEnvironment=" + peEnv + " using URL " + url);
94                         AafService aaf = new AafService(ServiceType.AAF_Admin, url );
95                         
96                         for ( int i = 0; i < pmap.length ; i++ ) {
97                                 String uri = new String( api + "." + pmap[i].getUri());
98                                 DmaapPerm perm = new DmaapPerm( uri, instance, pmap[i].getAction() );
99                                 int rc = aaf.addPerm( perm );
100                                 if ( rc != 201 &&  rc != 409 ) {
101                                         errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE,  Integer.toString(rc), "add perm",  perm.toString() );
102
103                                 }
104                                 for( String r: pmap[i].getRoles()) {
105                                         String fr = new String( api + "." + r );
106                                         logger.debug( "i:" + i + " granting perm " + perm.toString()+ " to role=" + fr );
107                                         DmaapGrant grant = new DmaapGrant( perm, fr );
108                                         rc = aaf.addGrant( grant );
109                                         if ( rc != 201 && rc != 409 ) {
110                                                 errorLogger.error( DmaapbcLogMessageEnum.AAF_UNEXPECTED_RESPONSE,  Integer.toString(rc), "grant perm",  perm.toString() );
111                                         }
112                                 }
113                                 
114                         }
115                 }
116         }
117         
118         static PermissionMap[] bootMap = {
119                 new PermissionMap( dmaap, "GET", new String[] { controller }),
120                 new PermissionMap( dmaap, "POST", new String[] { controller }), 
121                 new PermissionMap( dmaap, "PUT", new String[] { controller }),
122                 new PermissionMap( dmaap, delete, new String[] { controller })
123         
124         };
125
126         static PermissionMap[] envMap = {
127                 new PermissionMap( dmaap, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
128                 new PermissionMap( dmaap, "POST", new String[] { controller } ),                
129                 new PermissionMap( dmaap, "PUT", new String[] { controller }),
130                 new PermissionMap( dmaap, delete, new String[] { controller }),
131                 new PermissionMap( "bridge", "GET", new String[] {  "Metrics" }),
132                 //new PermissionMap( "bridge", "POST", new String[] { "Metrics" } ),            
133                 //new PermissionMap( "bridge", "PUT", new String[] { "Metrics" }),
134                 //new PermissionMap( "bridge", delete, new String[] { "Metrics" }),
135                 new PermissionMap( dcaeLocations, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
136                 new PermissionMap( dcaeLocations, "POST", new String[] { controller } ),                
137                 new PermissionMap( dcaeLocations, "PUT", new String[] { controller }),
138                 new PermissionMap( dcaeLocations, delete, new String[] { controller }),
139                 new PermissionMap( drNodes, "GET", new String[] { controller, orchestrator, inventory,  portalUser }),
140                 new PermissionMap( drNodes, "POST", new String[] { controller } ),              
141                 new PermissionMap( drNodes, "PUT", new String[] { controller }),
142                 new PermissionMap( drNodes, delete, new String[] { controller }),
143                 new PermissionMap( drPubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
144                 new PermissionMap( drPubs, "POST", new String[] { controller, orchestrator,portalUser } ),              
145                 new PermissionMap( drPubs, "PUT", new String[] { controller, orchestrator,portalUser }),
146                 new PermissionMap( drPubs, delete, new String[] { controller, orchestrator,portalUser }),
147                 new PermissionMap( drSubs, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
148                 new PermissionMap( drSubs, "POST", new String[] { controller, orchestrator,portalUser } ),              
149                 new PermissionMap( drSubs, "PUT", new String[] { controller, orchestrator,portalUser }),
150                 new PermissionMap( drSubs, delete, new String[] { controller, orchestrator,portalUser }),
151                 new PermissionMap( feed, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
152                 new PermissionMap( feed, "POST", new String[] { controller, orchestrator,portalUser } ),                
153                 new PermissionMap( feed, "PUT", new String[] { controller, orchestrator, portalUser }),
154                 new PermissionMap( feed, delete, new String[] { controller, portalUser }),
155                 new PermissionMap( mrClients, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
156                 new PermissionMap( mrClients, "POST", new String[] { controller,orchestrator, portalUser } ),           
157                 new PermissionMap( mrClients, "PUT", new String[] { controller, orchestrator,portalUser }),
158                 new PermissionMap( mrClients, delete, new String[] { controller,orchestrator, portalUser }),
159                 new PermissionMap( mrClusters, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
160                 new PermissionMap( mrClusters, "POST", new String[] { controller } ),           
161                 new PermissionMap( mrClusters, "PUT", new String[] { controller }),
162                 new PermissionMap( mrClusters, delete, new String[] { controller }),
163                 new PermissionMap( topic, "GET", new String[] { controller, orchestrator, inventory, "Metrics", portalUser }),
164                 new PermissionMap( topic, "POST", new String[] { controller, orchestrator } ),          
165                 new PermissionMap( topic, "PUT", new String[] { controller, orchestrator }),
166                 new PermissionMap( topic, delete, new String[] { controller, orchestrator })
167         };
168         
169         public void setBootMap() {
170                 String instance = "boot";
171                 PermissionMap.initMap( bootMap, instance );
172         }
173         
174         public void setEnvMap() {
175                 Dmaap dmaap = new DmaapService().getDmaap();
176                 String dmaapName = dmaap.getDmaapName();
177                 PermissionMap.initMap( envMap, dmaapName );
178         }
179         
180
181 }
Provides a northbound REST API to ONAP clients to manage DMaaP resources. This includes DMaaP components such as MR and DR, as well as provisioning of topics and feeds. Southbound, it communicates with the respective component APIs.