X-Git-Url: https://gerrit.onap.org/r/gitweb?p=dmaap%2Fdbcapi.git;a=blobdiff_plain;f=src%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdbcapi%2Fservice%2FMR_ClientService.java;fp=src%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdbcapi%2Fservice%2FMR_ClientService.java;h=5fe6b66a95e714e3211779e45188bb0dbca6b57e;hp=81b0ccdc4e87508cd2ffd9e91b5433d790c16448;hb=e01dcd3ea03b02294d4b0f3cd46e825499ec4d49;hpb=2d1b398cd414a71efc85913c162e2f78dfae7c06 diff --git a/src/main/java/org/onap/dmaap/dbcapi/service/MR_ClientService.java b/src/main/java/org/onap/dmaap/dbcapi/service/MR_ClientService.java index 81b0ccd..5fe6b66 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/service/MR_ClientService.java +++ b/src/main/java/org/onap/dmaap/dbcapi/service/MR_ClientService.java @@ -22,12 +22,8 @@ package org.onap.dmaap.dbcapi.service; -import org.onap.dmaap.dbcapi.aaf.AafService; import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType; import org.onap.dmaap.dbcapi.aaf.AafServiceImpl; -import org.onap.dmaap.dbcapi.aaf.AafUserRole; -import org.onap.dmaap.dbcapi.aaf.DmaapGrant; -import org.onap.dmaap.dbcapi.aaf.DmaapPerm; import org.onap.dmaap.dbcapi.client.MrProvConnection; import org.onap.dmaap.dbcapi.database.DatabaseClass; import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; @@ -52,6 +48,8 @@ public class MR_ClientService extends BaseLoggingClass { private Map clusters = DatabaseClass.getMr_clusters(); private Map locations = DatabaseClass.getDcaeLocations(); private DmaapService dmaap = new DmaapService(); + private AafPermissionService aafPermissionService = + new AafPermissionService(new AafServiceImpl(ServiceType.AAF_TopicMgr), dmaap); private String centralCname; public MR_ClientService() { @@ -110,15 +108,15 @@ public class MR_ClientService extends BaseLoggingClass { // ONAP style: clients specify Identity to be assigned to generated Role String role = client.getClientRole(); if (role != null) { - grantClientRolePerms(client, err); + updateApiError(err, aafPermissionService.grantClientRolePerms(client)); } else if (client.hasClientIdentity()) { if (client.isSubscriber()) { role = topic.getSubscriberRole(); - assignIdentityToRole(client, role, err); + updateApiError(err, aafPermissionService.assignClientToRole(client, role)); } if (client.isPublisher()) { role = topic.getPublisherRole(); - assignIdentityToRole(client, role, err); + updateApiError(err, aafPermissionService.assignClientToRole(client, role)); } } if (!client.isStatusValid()) { @@ -180,67 +178,6 @@ public class MR_ClientService extends BaseLoggingClass { return DmaapObject_Status.INVALID; } - private void grantClientRolePerms(MR_Client client, ApiError err) { - AafService aaf = new AafServiceImpl(ServiceType.AAF_TopicMgr); - - String instance = ":topic." + client.getFqtn(); - client.setStatus(DmaapObject_Status.VALID); - String role = client.getClientRole(); - for (String want : client.getAction()) { - int rc; - DmaapPerm perm = new DmaapPerm(dmaap.getTopicPerm(), instance, want); - if (role != null) { - DmaapGrant g = new DmaapGrant(perm, role); - rc = aaf.addGrant(g); - if (rc != 201 && rc != 409) { - client.setStatus(DmaapObject_Status.INVALID); - err.setCode(rc); - err.setMessage("Grant of " + dmaap.getTopicPerm() + "|" + instance + "|" + want + " failed for " + role); - logger.warn(err.getMessage()); - return; - } - } else { - logger.warn("No Grant of " + dmaap.getTopicPerm() + "|" + instance + "|" + want + " because role is null "); - } - } - } - - private void assignIdentityToRole(MR_Client client, String role, ApiError err) { - AafService aaf = new AafServiceImpl(ServiceType.AAF_TopicMgr); - - AafUserRole ur = new AafUserRole(client.getClientIdentity(), role); - int rc = aaf.addUserRole(ur); - if (rc != 201 && rc != 409) { - client.setStatus(DmaapObject_Status.INVALID); - err.setCode(rc); - err.setMessage("Failed to add user " + client.getClientIdentity() + " to " + role); - logger.warn(err.getMessage()); - return; - } - client.setStatus(DmaapObject_Status.VALID); - - } - - private void revokeClientPerms(MR_Client client, ApiError err) { - AafService aaf = new AafServiceImpl(ServiceType.AAF_TopicMgr); - - String instance = ":topic." + client.getFqtn(); - client.setStatus(DmaapObject_Status.VALID); - for (String want : client.getAction()) { - int rc; - DmaapPerm perm = new DmaapPerm(dmaap.getTopicPerm(), instance, want); - DmaapGrant g = new DmaapGrant(perm, client.getClientRole()); - rc = aaf.delGrant(g); - if (rc != 200 && rc != 404) { - client.setStatus(DmaapObject_Status.INVALID); - err.setCode(rc); - err.setMessage("Revoke of " + dmaap.getTopicPerm() + "|" + instance + "|" + want + " failed for " + client.getClientRole()); - logger.warn(err.getMessage()); - return; - } - } - } - public MR_Client updateMr_Client(MR_Client client, ApiError apiError) { MR_Client c = mr_clients.get(client.getMrClientId()); if (c == null) { @@ -286,7 +223,7 @@ public class MR_ClientService extends BaseLoggingClass { // remove from AAF if (deleteLevel >= 2) { - revokeClientPerms(client, apiError); + updateApiError(apiError, aafPermissionService.revokeClientPerms(client)); if (!apiError.is2xx()) { return; } @@ -297,4 +234,9 @@ public class MR_ClientService extends BaseLoggingClass { } } + private void updateApiError(ApiError err, ApiError permissionServiceError) { + err.setCode(permissionServiceError.getCode()); + err.setMessage(permissionServiceError.getMessage()); + err.setFields(permissionServiceError.getFields()); + } }