From: pkaras Date: Mon, 3 Jun 2019 12:01:27 +0000 (+0200) Subject: AafService - interface was introduced X-Git-Tag: 2.0.1~17 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=dmaap%2Fdbcapi.git;a=commitdiff_plain;h=bf91de122a24dbfc9a0158556e290df21472240b AafService - interface was introduced Change-Id: I1942d4ebe7c5c776df5e369f1f422f2e15d6ee99 Issue-ID: DMAAP-1211 Signed-off-by: piotr.karas --- diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/AafService.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafService.java index 9d8776a..30efbf2 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/aaf/AafService.java +++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafService.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -20,179 +20,27 @@ package org.onap.dmaap.dbcapi.aaf; -import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; -import org.onap.dmaap.dbcapi.logging.DmaapbcLogMessageEnum; -import org.onap.dmaap.dbcapi.util.DmaapConfig; - /* * this service uses the AAF REST API endpoints to provision values in AAF */ -public class AafService extends BaseLoggingClass { - public enum ServiceType { - AAF_Admin, - AAF_TopicMgr - } - - private AafConnection aaf; - private ServiceType ctype; - private String aafURL ; - private String identity; - private boolean useAAF = false; - - - - public String getIdentity() { - return identity; - } - - - public void setIdentity(String identity) { - this.identity = identity; - } - - - private String getCred( boolean wPwd ) { - String mechIdProperty = null; - String pwdProperty = null; - DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig(); - AafDecrypt decryptor = new AafDecrypt(); - - if ( ctype == ServiceType.AAF_Admin ) { - mechIdProperty = "aaf.AdminUser"; - pwdProperty = "aaf.AdminPassword"; - } else if ( ctype == ServiceType.AAF_TopicMgr ){ - mechIdProperty = "aaf.TopicMgrUser"; - pwdProperty = "aaf.TopicMgrPassword"; - } else { - logger.error( "Unexpected case for AAF credential type: " + ctype ); - return null; - } - identity = p.getProperty( mechIdProperty, "noMechId@domain.netset.com" ); +public interface AafService { + enum ServiceType { + AAF_Admin, + AAF_TopicMgr + } - String pwd = ""; - String encPwd = p.getProperty( pwdProperty, "notSet" ); + String getIdentity(); - - pwd = decryptor.decrypt(encPwd); - - if ( wPwd ) { - return identity + ":" + pwd; - } else { - return identity; - } - - - } - - - public AafService(ServiceType t ) { - DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig(); - aafURL = p.getProperty( "aaf.URL", "https://authentication.domain.netset.com:8100/proxy/"); - initAafService( t ); - } - public AafService( ServiceType t, String url ) { - aafURL = url; - initAafService( t ); - } - - private void initAafService( ServiceType t ) { - DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig(); - useAAF= "true".equalsIgnoreCase(p.getProperty("UseAAF", "false")); - logger.info( "AafService initAafService: useAAF=" + useAAF); - - ctype = t; - aaf = new AafConnection( getCred( true ) ); - } - - public int addPerm(DmaapPerm perm) { - logger.info( "entry: addPerm() " ); - return doPost( perm, "authz/perm", 201); - } - public int addGrant(DmaapGrant grant ) { - logger.info( "entry: addGrant() " ); - return doPost( grant, "authz/role/perm", 201 ); - } - public int addUserRole( AafUserRole ur ) { - logger.info( "entry: addUserRole() " ); - return doPost( ur, "authz/userRole", 201 ); - } + int addPerm(DmaapPerm perm); - public int delGrant( DmaapGrant grant ) { - int rc = -1; - logger.info( "entry: delGrant() " ); + int addGrant(DmaapGrant grant); - String pURL = aafURL + "authz/role/:" + grant.getRole() + "/perm"; - - if ( useAAF ) { - rc = aaf.delAaf( grant, pURL ); - } else { - rc = 200; - } - switch( rc ) { - case 401: - case 403: - errorLogger.error(DmaapbcLogMessageEnum.AAF_CREDENTIAL_ERROR, getCred( false ) ); - System.exit(1); - break; - - case 404: - logger.warn( "Perm not found...ignore"); - break; - - case 200: - logger.info( "expected response" ); - break; - default : - logger.error( "Unexpected response: " + rc ); - break; - } - - return rc; - } + int addUserRole(AafUserRole ur); - public int addRole(AafRole role) { - logger.info( "entry: addRole() " ); - return doPost( role, "authz/role", 201 ); - } + int delGrant(DmaapGrant grant); - - - public int addNamespace(AafNamespace ns) { - logger.info( "entry: addNamespace() " ); - return doPost( ns, "authz/ns", 201 ); - } + int addRole(AafRole role); - - private int doPost( AafObject obj, String uri, int expect ) { - int rc = -1; - logger.info( "entry: doPost() " ); - String pURL = aafURL + uri; - logger.info( "doPost: useAAF=" + useAAF ); - if ( useAAF ) { - logger.info( "doPost: " + obj.toJSON()); - rc = aaf.postAaf( obj, pURL ); - } else { - rc = expect; - } - switch( rc ) { - case 401: - case 403: - errorLogger.error(DmaapbcLogMessageEnum.AAF_CREDENTIAL_ERROR, getCred( false ) ); - System.exit(1); - case 409: - logger.warn( "Object for " + uri + " already exists. Possible conflict."); - break; - - default : - if ( rc == expect ) { - logger.info( "expected response: " + rc); - } else { - logger.error( "Unexpected response: " + rc ); - } - break; - } - - return rc; - } + int addNamespace(AafNamespace ns); } diff --git a/src/main/java/org/onap/dmaap/dbcapi/aaf/AafServiceImpl.java b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafServiceImpl.java new file mode 100644 index 0000000..4397a88 --- /dev/null +++ b/src/main/java/org/onap/dmaap/dbcapi/aaf/AafServiceImpl.java @@ -0,0 +1,196 @@ +/*- + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.dmaap.dbcapi.aaf; + +import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; +import org.onap.dmaap.dbcapi.logging.DmaapbcLogMessageEnum; +import org.onap.dmaap.dbcapi.util.DmaapConfig; + +public class AafServiceImpl extends BaseLoggingClass implements AafService { + public enum ServiceType { + AAF_Admin, + AAF_TopicMgr + } + + private AafConnection aaf; + private AafService.ServiceType ctype; + private String aafURL; + private String identity; + private boolean useAAF = false; + + + public String getIdentity() { + return identity; + } + + + public void setIdentity(String identity) { + this.identity = identity; + } + + + private String getCred(boolean wPwd) { + String mechIdProperty = null; + String pwdProperty = null; + DmaapConfig p = (DmaapConfig) DmaapConfig.getConfig(); + AafDecrypt decryptor = new AafDecrypt(); + + if (ctype == AafService.ServiceType.AAF_Admin) { + mechIdProperty = "aaf.AdminUser"; + pwdProperty = "aaf.AdminPassword"; + } else if (ctype == AafService.ServiceType.AAF_TopicMgr) { + mechIdProperty = "aaf.TopicMgrUser"; + pwdProperty = "aaf.TopicMgrPassword"; + } else { + logger.error("Unexpected case for AAF credential type: " + ctype); + return null; + } + identity = p.getProperty(mechIdProperty, "noMechId@domain.netset.com"); + + String pwd = ""; + String encPwd = p.getProperty(pwdProperty, "notSet"); + + + pwd = decryptor.decrypt(encPwd); + + if (wPwd) { + return identity + ":" + pwd; + } else { + return identity; + } + + + } + + + public AafServiceImpl(AafService.ServiceType t) { + DmaapConfig p = (DmaapConfig) DmaapConfig.getConfig(); + aafURL = p.getProperty("aaf.URL", "https://authentication.domain.netset.com:8100/proxy/"); + initAafService(t); + } + + public AafServiceImpl(AafService.ServiceType t, String url) { + aafURL = url; + initAafService(t); + } + + private void initAafService(AafService.ServiceType t) { + DmaapConfig p = (DmaapConfig) DmaapConfig.getConfig(); + useAAF = "true".equalsIgnoreCase(p.getProperty("UseAAF", "false")); + logger.info("AafService initAafService: useAAF=" + useAAF); + + ctype = t; + aaf = new AafConnection(getCred(true)); + } + + public int addPerm(DmaapPerm perm) { + logger.info("entry: addPerm() "); + return doPost(perm, "authz/perm", 201); + } + + public int addGrant(DmaapGrant grant) { + logger.info("entry: addGrant() "); + return doPost(grant, "authz/role/perm", 201); + } + + public int addUserRole(AafUserRole ur) { + logger.info("entry: addUserRole() "); + return doPost(ur, "authz/userRole", 201); + } + + public int delGrant(DmaapGrant grant) { + int rc = -1; + logger.info("entry: delGrant() "); + + String pURL = aafURL + "authz/role/:" + grant.getRole() + "/perm"; + + if (useAAF) { + rc = aaf.delAaf(grant, pURL); + } else { + rc = 200; + } + switch (rc) { + case 401: + case 403: + errorLogger.error(DmaapbcLogMessageEnum.AAF_CREDENTIAL_ERROR, getCred(false)); + System.exit(1); + break; + + case 404: + logger.warn("Perm not found...ignore"); + break; + + case 200: + logger.info("expected response"); + break; + default: + logger.error("Unexpected response: " + rc); + break; + } + + return rc; + } + + public int addRole(AafRole role) { + logger.info("entry: addRole() "); + return doPost(role, "authz/role", 201); + } + + + public int addNamespace(AafNamespace ns) { + logger.info("entry: addNamespace() "); + return doPost(ns, "authz/ns", 201); + } + + + private int doPost(AafObject obj, String uri, int expect) { + int rc = -1; + logger.info("entry: doPost() "); + String pURL = aafURL + uri; + logger.info("doPost: useAAF=" + useAAF); + if (useAAF) { + logger.info("doPost: " + obj.toJSON()); + rc = aaf.postAaf(obj, pURL); + } else { + rc = expect; + } + switch (rc) { + case 401: + case 403: + errorLogger.error(DmaapbcLogMessageEnum.AAF_CREDENTIAL_ERROR, getCred(false)); + System.exit(1); + case 409: + logger.warn("Object for " + uri + " already exists. Possible conflict."); + break; + + + default: + if (rc == expect) { + logger.info("expected response: " + rc); + } else { + logger.error("Unexpected response: " + rc); + } + break; + } + + return rc; + } +} \ No newline at end of file diff --git a/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java b/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java index 33cc327..02bab63 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java +++ b/src/main/java/org/onap/dmaap/dbcapi/authentication/ApiPerms.java @@ -26,6 +26,7 @@ import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; import org.onap.dmaap.dbcapi.aaf.AafService; +import org.onap.dmaap.dbcapi.aaf.AafServiceImpl; import org.onap.dmaap.dbcapi.aaf.DmaapGrant; import org.onap.dmaap.dbcapi.aaf.DmaapPerm; import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType; @@ -89,7 +90,7 @@ public class ApiPerms extends BaseLoggingClass { DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig(); String api = p.getProperty("ApiNamespace", "apiNamespace.not.set"); - AafService aaf = new AafService(ServiceType.AAF_Admin); + AafService aaf = new AafServiceImpl(ServiceType.AAF_Admin); for ( int i = 0; i < pmap.length ; i++ ) { String uri = new String( api + "." + pmap[i].getUri()); diff --git a/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java b/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java index 00d6066..0be6c28 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java +++ b/src/main/java/org/onap/dmaap/dbcapi/service/AafPermissionService.java @@ -21,6 +21,7 @@ package org.onap.dmaap.dbcapi.service; import org.onap.dmaap.dbcapi.aaf.AafService; +import org.onap.dmaap.dbcapi.aaf.AafServiceImpl; import org.onap.dmaap.dbcapi.aaf.AafUserRole; import org.onap.dmaap.dbcapi.aaf.DmaapGrant; import org.onap.dmaap.dbcapi.aaf.DmaapPerm; @@ -38,7 +39,7 @@ public class AafPermissionService extends BaseLoggingClass { private final DmaapService dmaapService; public AafPermissionService() { - this(new AafService(AafService.ServiceType.AAF_TopicMgr), new DmaapService()); + this(new AafServiceImpl(AafService.ServiceType.AAF_TopicMgr), new DmaapService()); } AafPermissionService(AafService aafService, DmaapService dmaapService) { diff --git a/src/main/java/org/onap/dmaap/dbcapi/service/DmaapService.java b/src/main/java/org/onap/dmaap/dbcapi/service/DmaapService.java index 3ea44cc..92455cd 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/service/DmaapService.java +++ b/src/main/java/org/onap/dmaap/dbcapi/service/DmaapService.java @@ -24,6 +24,7 @@ package org.onap.dmaap.dbcapi.service; import java.util.ArrayList; import org.onap.dmaap.dbcapi.aaf.AafService; +import org.onap.dmaap.dbcapi.aaf.AafServiceImpl; import org.onap.dmaap.dbcapi.aaf.DmaapGrant; import org.onap.dmaap.dbcapi.aaf.DmaapPerm; import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType; @@ -85,7 +86,7 @@ public class DmaapService extends BaseLoggingClass { nd.setLastMod(); dmaapholder.update(nd); - AafService aaf = new AafService( ServiceType.AAF_Admin); + AafService aaf = new AafServiceImpl( ServiceType.AAF_Admin); ApiPolicy apiPolicy = new ApiPolicy(); if ( apiPolicy.isPermissionClassSet() ) { ApiPerms p = new ApiPerms(); @@ -134,7 +135,7 @@ public class DmaapService extends BaseLoggingClass { ApiPerms p = new ApiPerms(); p.setEnvMap(); } - AafService aaf = new AafService( ServiceType.AAF_Admin); + AafService aaf = new AafServiceImpl( ServiceType.AAF_Admin); if ( multiSite ) { anythingWrong = setTopicMgtPerms( nd, aaf ) || createMmaTopic(); } diff --git a/src/main/java/org/onap/dmaap/dbcapi/service/MR_ClientService.java b/src/main/java/org/onap/dmaap/dbcapi/service/MR_ClientService.java index 23627b5..81b0ccd 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/service/MR_ClientService.java +++ b/src/main/java/org/onap/dmaap/dbcapi/service/MR_ClientService.java @@ -24,6 +24,7 @@ package org.onap.dmaap.dbcapi.service; import org.onap.dmaap.dbcapi.aaf.AafService; import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType; +import org.onap.dmaap.dbcapi.aaf.AafServiceImpl; import org.onap.dmaap.dbcapi.aaf.AafUserRole; import org.onap.dmaap.dbcapi.aaf.DmaapGrant; import org.onap.dmaap.dbcapi.aaf.DmaapPerm; @@ -180,7 +181,7 @@ public class MR_ClientService extends BaseLoggingClass { } private void grantClientRolePerms(MR_Client client, ApiError err) { - AafService aaf = new AafService(ServiceType.AAF_TopicMgr); + AafService aaf = new AafServiceImpl(ServiceType.AAF_TopicMgr); String instance = ":topic." + client.getFqtn(); client.setStatus(DmaapObject_Status.VALID); @@ -205,7 +206,7 @@ public class MR_ClientService extends BaseLoggingClass { } private void assignIdentityToRole(MR_Client client, String role, ApiError err) { - AafService aaf = new AafService(ServiceType.AAF_TopicMgr); + AafService aaf = new AafServiceImpl(ServiceType.AAF_TopicMgr); AafUserRole ur = new AafUserRole(client.getClientIdentity(), role); int rc = aaf.addUserRole(ur); @@ -221,7 +222,7 @@ public class MR_ClientService extends BaseLoggingClass { } private void revokeClientPerms(MR_Client client, ApiError err) { - AafService aaf = new AafService(ServiceType.AAF_TopicMgr); + AafService aaf = new AafServiceImpl(ServiceType.AAF_TopicMgr); String instance = ":topic." + client.getFqtn(); client.setStatus(DmaapObject_Status.VALID); diff --git a/src/main/java/org/onap/dmaap/dbcapi/service/TopicService.java b/src/main/java/org/onap/dmaap/dbcapi/service/TopicService.java index 83591dd..72f04bd 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/service/TopicService.java +++ b/src/main/java/org/onap/dmaap/dbcapi/service/TopicService.java @@ -26,6 +26,7 @@ import org.onap.dmaap.dbcapi.aaf.AafNamespace; import org.onap.dmaap.dbcapi.aaf.AafRole; import org.onap.dmaap.dbcapi.aaf.AafService; import org.onap.dmaap.dbcapi.aaf.AafService.ServiceType; +import org.onap.dmaap.dbcapi.aaf.AafServiceImpl; import org.onap.dmaap.dbcapi.aaf.DmaapGrant; import org.onap.dmaap.dbcapi.aaf.DmaapPerm; import org.onap.dmaap.dbcapi.database.DatabaseClass; @@ -146,7 +147,7 @@ public class TopicService extends BaseLoggingClass { } // establish AAF Connection using TopicMgr identity - AafService aaf = new AafService(ServiceType.AAF_TopicMgr); + AafService aaf = new AafServiceImpl(ServiceType.AAF_TopicMgr); AafRole pubRole = null; AafRole subRole = null;