From 695695493b86a2fe925b6db0c381288ef6b3c0c1 Mon Sep 17 00:00:00 2001 From: dglFromAtt Date: Wed, 6 Feb 2019 20:21:04 -0500 Subject: [PATCH] Able to disable feature for creating Topic Roles Patchset 2: increment version Change-Id: Ib7b4af0164643940bba608d743b42b350af44363 Signed-off-by: dglFromAtt Issue-ID: DMAAP-1027 Signed-off-by: dglFromAtt --- pom.xml | 2 +- .../onap/dmaap/dbcapi/service/TopicService.java | 122 +++++++++++---------- version.properties | 2 +- 3 files changed, 69 insertions(+), 57 deletions(-) diff --git a/pom.xml b/pom.xml index 2650e46..b735c48 100644 --- a/pom.xml +++ b/pom.xml @@ -381,7 +381,7 @@ UTF-8 9.4.12.RC2 1.0.0 - 1.0.21-SNAPSHOT + 1.0.22-SNAPSHOT 0.7.7.201606060606 3.2 diff --git a/src/main/java/org/onap/dmaap/dbcapi/service/TopicService.java b/src/main/java/org/onap/dmaap/dbcapi/service/TopicService.java index 8ade70f..eeffa5b 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/service/TopicService.java +++ b/src/main/java/org/onap/dmaap/dbcapi/service/TopicService.java @@ -69,16 +69,19 @@ public class TopicService extends BaseLoggingClass { private MirrorMakerService bridge = new MirrorMakerService(); private static String centralCname; + private static boolean createTopicRoles; public TopicService(){ DmaapConfig p = (DmaapConfig)DmaapConfig.getConfig(); defaultGlobalMrHost = p.getProperty("MR.globalHost", "global.host.not.set"); centralCname = p.getProperty("MR.CentralCname"); + createTopicRoles = "true".equalsIgnoreCase(p.getProperty("aaf.CreateTopicRoles", "true")); logger.info( "TopicService properties: CentralCname=" + centralCname + - " defaultGlobarlMrHost=" + defaultGlobalMrHost ); + " defaultGlobarlMrHost=" + defaultGlobalMrHost + + " createTopicRoles=" + createTopicRoles ); } public Map getTopics() { @@ -118,9 +121,9 @@ public class TopicService extends BaseLoggingClass { } private void aafTopicSetup(Topic topic, ApiError err ) { - - String t = dmaapSvc.getTopicPerm(); - if ( t == null ) { + + String nsr = dmaapSvc.getDmaap().getTopicNsRoot(); + if ( nsr == null ) { err.setCode(500); err.setMessage("Unable to establish AAF namespace root: (check /dmaap object)" ); err.setFields("topicNsRoot"); @@ -130,76 +133,85 @@ public class TopicService extends BaseLoggingClass { // establish AAF Connection using TopicMgr identity AafService aaf = new AafService(ServiceType.AAF_TopicMgr); - + AafRole pubRole = null; + AafRole subRole = null; - // create AAF namespace for this topic - AafNamespace ns = new AafNamespace( topic.getFqtn(), aaf.getIdentity()); - { - int rc = aaf.addNamespace( ns ); + // creating Topic Roles was not an original feature. + // For backwards compatibility, only do this if the feature is enabled. + // Also, if the namespace of the topic is a foreign namespace, (i.e. not the same as our root ns) + // then we likely don't have permission to create sub-ns and Roles so don't try. + if ( createTopicRoles && topic.getFqtn().startsWith(nsr)) { + // create AAF namespace for this topic + AafNamespace ns = new AafNamespace( topic.getFqtn(), aaf.getIdentity()); + { + int rc = aaf.addNamespace( ns ); + if ( rc != 201 && rc != 409 ) { + err.setCode(500); + err.setMessage("Unexpected response from AAF:" + rc ); + err.setFields("namespace:" + topic.getFqtn() + " identity="+ aaf.getIdentity()); + return; + } + } + + // create AAF Roles for MR clients of this topic + String rn = "publisher"; + pubRole = new AafRole( topic.getFqtn(), rn ); + int rc = aaf.addRole( pubRole ); if ( rc != 201 && rc != 409 ) { err.setCode(500); err.setMessage("Unexpected response from AAF:" + rc ); - err.setFields("namespace:" + topic.getFqtn() + " identity="+ aaf.getIdentity()); + err.setFields("topic:" + topic.getFqtn() + " role="+ rn); return; } + topic.setPublisherRole( pubRole.getFullyQualifiedRole() ); + + rn = "subscriber"; + subRole = new AafRole( topic.getFqtn(), rn ); + rc = aaf.addRole( subRole ); + if ( rc != 201 && rc != 409 ) { + err.setCode(500); + err.setMessage("Unexpected response from AAF:" + rc ); + err.setFields("topic:" + topic.getFqtn() + " role="+ rn); + return; + } + topic.setSubscriberRole( subRole.getFullyQualifiedRole() ); } - - // create AAF Roles for MR clients of this topic - String rn = "publisher"; - AafRole pubRole = new AafRole( topic.getFqtn(), rn ); - int rc = aaf.addRole( pubRole ); - if ( rc != 201 && rc != 409 ) { - err.setCode(500); - err.setMessage("Unexpected response from AAF:" + rc ); - err.setFields("topic:" + topic.getFqtn() + " role="+ rn); - return; - } - topic.setPublisherRole( pubRole.getFullyQualifiedRole() ); - - rn = "subscriber"; - AafRole subRole = new AafRole( topic.getFqtn(), rn ); - rc = aaf.addRole( subRole ); - if ( rc != 201 && rc != 409 ) { - err.setCode(500); - err.setMessage("Unexpected response from AAF:" + rc ); - err.setFields("topic:" + topic.getFqtn() + " role="+ rn); - return; - } - topic.setSubscriberRole( subRole.getFullyQualifiedRole() ); - // create AAF perms checked by MR String instance = ":topic." + topic.getFqtn(); String[] actions = { "pub", "sub", "view" }; + String t = dmaapSvc.getTopicPerm(); for ( String action : actions ){ DmaapPerm perm = new DmaapPerm( t, instance, action ); - rc = aaf.addPerm( perm ); + int rc = aaf.addPerm( perm ); if ( rc != 201 && rc != 409 ) { err.setCode(500); err.setMessage("Unexpected response from AAF:" + rc ); err.setFields("t="+t + " instance="+ instance + " action="+ action); return; } - // Grant perms to our default Roles - if ( action.equals( "pub") || action.equals( "view") ) { - DmaapGrant g = new DmaapGrant( perm, pubRole.getFullyQualifiedRole() ); - rc = aaf.addGrant( g ); - if ( rc != 201 && rc != 409 ) { - err.setCode(rc); - err.setMessage( "Grant of " + perm.toString() + " failed for " + pubRole.getFullyQualifiedRole() ); - logger.warn( err.getMessage()); - return; - } - } - if ( action.equals( "sub") || action.equals( "view") ) { - DmaapGrant g = new DmaapGrant( perm, subRole.getFullyQualifiedRole() ); - rc = aaf.addGrant( g ); - if ( rc != 201 && rc != 409 ) { - err.setCode(rc); - err.setMessage( "Grant of " + perm.toString() + " failed for " + subRole.getFullyQualifiedRole() ); - logger.warn( err.getMessage()); - return; - } + if ( createTopicRoles ) { + // Grant perms to our default Roles + if ( action.equals( "pub") || action.equals( "view") ) { + DmaapGrant g = new DmaapGrant( perm, pubRole.getFullyQualifiedRole() ); + rc = aaf.addGrant( g ); + if ( rc != 201 && rc != 409 ) { + err.setCode(rc); + err.setMessage( "Grant of " + perm.toString() + " failed for " + pubRole.getFullyQualifiedRole() ); + logger.warn( err.getMessage()); + return; + } + } + if ( action.equals( "sub") || action.equals( "view") ) { + DmaapGrant g = new DmaapGrant( perm, subRole.getFullyQualifiedRole() ); + rc = aaf.addGrant( g ); + if ( rc != 201 && rc != 409 ) { + err.setCode(rc); + err.setMessage( "Grant of " + perm.toString() + " failed for " + subRole.getFullyQualifiedRole() ); + logger.warn( err.getMessage()); + return; + } + } } } diff --git a/version.properties b/version.properties index e04b5bc..7674d90 100644 --- a/version.properties +++ b/version.properties @@ -27,7 +27,7 @@ major=1 minor=0 -patch=21 +patch=22 base_version=${major}.${minor}.${patch} # Release must be completed with git revision # in Jenkins -- 2.16.6