2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.dmaap.dbcapi.service;
23 import org.onap.dmaap.dbcapi.aaf.AafService;
24 import org.onap.dmaap.dbcapi.aaf.AafUserRole;
25 import org.onap.dmaap.dbcapi.aaf.DmaapGrant;
26 import org.onap.dmaap.dbcapi.aaf.DmaapPerm;
27 import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
28 import org.onap.dmaap.dbcapi.model.ApiError;
29 import org.onap.dmaap.dbcapi.model.DmaapObject.DmaapObject_Status;
30 import org.onap.dmaap.dbcapi.model.MR_Client;
32 public class AafPermissionService extends BaseLoggingClass {
34 private final AafService aafService;
35 private final DmaapService dmaapService;
37 public AafPermissionService() {
38 this(new AafService(AafService.ServiceType.AAF_TopicMgr), new DmaapService());
41 AafPermissionService(AafService aafService, DmaapService dmaapService) {
42 this.aafService = aafService;
43 this.dmaapService = dmaapService;
46 void assignIdentityToRole(MR_Client client, String role, ApiError err) {
48 AafUserRole ur = new AafUserRole(client.getClientIdentity(), role);
49 client.setStatus(DmaapObject_Status.VALID);
50 int rc = aafService.addUserRole(ur);
51 if (rc != 201 && rc != 409) {
52 client.setStatus(DmaapObject_Status.INVALID);
53 assignClientToRoleError(err, rc, client.getClientIdentity(), role);
57 void grantClientRolePerms(MR_Client client, ApiError err) {
60 String instance = ":topic." + client.getFqtn();
61 client.setStatus(DmaapObject_Status.VALID);
63 for (String action : client.getAction()) {
64 if (client.getClientRole() != null) {
65 int rc = grantPermForClientRole(client.getClientRole(), instance, action);
66 if (rc != 201 && rc != 409) {
67 client.setStatus(DmaapObject_Status.INVALID);
68 grantPermsError(err, rc, dmaapService.getTopicPerm(), instance, action, client.getClientRole());
72 logger.warn("No Grant of " + permissionFullName(dmaapService.getTopicPerm(), instance, action) + " because role is null ");
77 void revokeClientPerms(MR_Client client, ApiError err) {
79 String instance = ":topic." + client.getFqtn();
80 client.setStatus(DmaapObject_Status.VALID);
82 for (String action : client.getAction()) {
84 int rc = revokePermForClientRole(client.getClientRole(), instance, action);
86 if (rc != 200 && rc != 404) {
87 client.setStatus(DmaapObject_Status.INVALID);
88 revokePermsError(err, rc, dmaapService.getTopicPerm(), instance, action, client.getClientRole());
94 private int grantPermForClientRole(String clientRole, String instance, String action) {
95 DmaapPerm perm = new DmaapPerm(dmaapService.getTopicPerm(), instance, action);
96 DmaapGrant g = new DmaapGrant(perm, clientRole);
97 return aafService.addGrant(g);
100 private int revokePermForClientRole(String clientRole, String instance, String action) {
101 DmaapPerm perm = new DmaapPerm(dmaapService.getTopicPerm(), instance, action);
102 DmaapGrant g = new DmaapGrant(perm, clientRole);
103 return aafService.delGrant(g);
106 private void assignClientToRoleError(ApiError err, int code, String clientIdentity, String role) {
108 err.setMessage("Failed to add user " + clientIdentity + " to " + role);
109 logger.warn(err.getMessage());
112 private void grantPermsError(ApiError err, int code, String permission, String instance, String action, String role) {
114 err.setMessage("Grant of " + permissionFullName(permission, instance, action) + " failed for " + role);
115 logger.warn(err.getMessage());
118 private void revokePermsError(ApiError err, int code, String permission, String instance, String action, String role) {
120 err.setMessage("Revoke of " + permissionFullName(permission, instance, action) + " failed for " + role);
121 logger.warn(err.getMessage());
124 private String permissionFullName(String permission, String instance, String action) {
125 return permission + "|" + instance + "|" + action;
128 private void okStatus(ApiError err) {
130 err.setMessage("OK");