diff options
Diffstat (limited to 'policy-persistence/src/main/java/org/openecomp/policy/drools/core')
4 files changed, 1282 insertions, 0 deletions
diff --git a/policy-persistence/src/main/java/org/openecomp/policy/drools/core/DbAudit.java b/policy-persistence/src/main/java/org/openecomp/policy/drools/core/DbAudit.java new file mode 100644 index 00000000..51e92aa9 --- /dev/null +++ b/policy-persistence/src/main/java/org/openecomp/policy/drools/core/DbAudit.java @@ -0,0 +1,205 @@ +/*- + * ============LICENSE_START======================================================= + * policy-persistence + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.policy.drools.core; + +import java.sql.Connection; +import java.sql.DriverManager; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.util.Properties; +import java.util.UUID; + +import org.openecomp.policy.common.logging.flexlogger.FlexLogger; +import org.openecomp.policy.common.logging.flexlogger.Logger; +import org.openecomp.policy.common.logging.eelf.MessageCodes; +import org.openecomp.policy.drools.persistence.DroolsPersistenceProperties; + +/** + * This class audits the database + */ +public class DbAudit extends DroolsPDPIntegrityMonitor.AuditBase +{ + // get an instance of logger + private static Logger logger = FlexLogger.getLogger(DbAudit.class); + // single global instance of this audit object + static private DbAudit instance = new DbAudit(); + + // This indicates if 'CREATE TABLE IF NOT EXISTS Audit ...' should be + // invoked -- doing this avoids the need to create the table in advance. + static private boolean createTableNeeded = true; + + /** + * @return the single 'DbAudit' instance + */ + static DroolsPDPIntegrityMonitor.AuditBase getInstance() + { + return(instance); + } + + /** + * Constructor - set the name to 'Database' + */ + private DbAudit() + { + super("Database"); + } + + /** + * Invoke the audit + * + * @param properties properties to be passed to the audit + */ + @Override + public void invoke(Properties droolsPersistenceProperties) + { + logger.info("Running 'DbAudit.invoke'"); + boolean isActive = true; + String dbAuditIsActive = IntegrityMonitorProperties.getProperty("db.audit.is.active"); + logger.debug("DbAudit.invoke: dbAuditIsActive = " + dbAuditIsActive); + + if (dbAuditIsActive != null) { + try { + isActive = Boolean.parseBoolean(dbAuditIsActive.trim()); + } catch (NumberFormatException e) { + logger.warn("DbAudit.invoke: Ignoring invalid property: db.audit.is.active = " + dbAuditIsActive); + } + } + + if(!isActive){ + logger.info("DbAudit.invoke: exiting because isActive = " + isActive); + return; + } + + // fetch DB properties from properties file -- they are already known + // to exist, because they were verified by the 'IntegrityMonitor' + // constructor + String url = droolsPersistenceProperties.getProperty(DroolsPersistenceProperties.DB_URL); + String user = droolsPersistenceProperties.getProperty(DroolsPersistenceProperties.DB_USER); + String password = + droolsPersistenceProperties.getProperty(DroolsPersistenceProperties.DB_PWD); + + // connection to DB + Connection connection = null; + + // supports SQL operations + PreparedStatement statement = null; + ResultSet rs = null; + + // operation phase currently running -- used to construct an error + // message, if needed + String phase = null; + + try + { + // create connection to DB + phase = "creating connection"; + logger.info("DbAudit: Creating connection to " + url); + + connection = DriverManager.getConnection(url, user, password); + + // create audit table, if needed + if (createTableNeeded) + { + phase = "create table"; + logger.info("DbAudit: Creating 'Audit' table, if needed"); + statement = connection.prepareStatement + ("CREATE TABLE IF NOT EXISTS Audit (\n" + + " name varchar(64) DEFAULT NULL,\n" + + " UNIQUE KEY name (name)\n" + + ") DEFAULT CHARSET=latin1;"); + statement.execute(); + createTableNeeded = false; + } + + // insert an entry into the table + phase = "insert entry"; + String key = UUID.randomUUID().toString(); + statement = connection.prepareStatement + ("INSERT INTO Audit (name) VALUES (?)"); + statement.setString(1, key); + statement.executeUpdate(); + + // fetch the entry from the table + phase = "fetch entry"; + statement = connection.prepareStatement + ("SELECT name FROM Audit WHERE name = ?"); + statement.setString(1, key); + rs = statement.executeQuery(); + if (rs.first()) + { + // found entry + logger.info("DbAudit: Found key " + rs.getString(1)); + } + else + { + logger.error + ("DbAudit: can't find newly-created entry with key " + key); + setResponse("Can't find newly-created entry"); + } + + // delete entries from table + phase = "delete entry"; + statement = connection.prepareStatement + ("DELETE FROM Audit WHERE name = ?"); + statement.setString(1, key); + statement.executeUpdate(); + } + catch (Exception e) + { + String message = "DbAudit: Exception during audit, phase = " + phase; + logger.error(MessageCodes.EXCEPTION_ERROR, e, message); + setResponse(message); + } + finally + { + if (rs != null) + { + try + { + rs.close(); + } + catch (Exception e) + { + } + } + if (statement != null) + { + try + { + statement.close(); + } + catch (Exception e) + { + } + } + if (connection != null) + { + try + { + connection.close(); + } + catch (Exception e) + { + } + } + } + } +} diff --git a/policy-persistence/src/main/java/org/openecomp/policy/drools/core/DroolsPDPIntegrityMonitor.java b/policy-persistence/src/main/java/org/openecomp/policy/drools/core/DroolsPDPIntegrityMonitor.java new file mode 100644 index 00000000..2b6058fd --- /dev/null +++ b/policy-persistence/src/main/java/org/openecomp/policy/drools/core/DroolsPDPIntegrityMonitor.java @@ -0,0 +1,485 @@ +/*- + * ============LICENSE_START======================================================= + * policy-persistence + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.policy.drools.core; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.OutputStream; +import java.net.InetSocketAddress; +import java.util.LinkedList; +import java.util.Properties; +import java.util.concurrent.Callable; + +import org.openecomp.policy.common.im.IntegrityMonitor; +import org.openecomp.policy.common.logging.flexlogger.PropertyUtil; +import org.openecomp.policy.common.logging.flexlogger.FlexLogger; +import org.openecomp.policy.common.logging.flexlogger.Logger; +import org.openecomp.policy.common.logging.eelf.MessageCodes; +import org.openecomp.policy.drools.persistence.DroolsPdpsElectionHandler; +import org.openecomp.policy.drools.persistence.XacmlPersistenceProperties; +import com.sun.net.httpserver.HttpExchange; +import com.sun.net.httpserver.HttpHandler; +import com.sun.net.httpserver.HttpServer; + +/** + * This class extends 'IntegrityMonitor' for use in the 'Drools PDP' + * virtual machine. The included audits are 'Database' and 'Repository'. + */ +public class DroolsPDPIntegrityMonitor extends IntegrityMonitor +{ + + // get an instance of logger + private static Logger logger = FlexLogger.getLogger(DroolsPDPIntegrityMonitor.class); + + // static global instance + static private DroolsPDPIntegrityMonitor im = null; + + // list of audits to run + static private AuditBase[] audits = + new AuditBase[]{DbAudit.getInstance(), RepositoryAudit.getInstance()}; + + // save initialization properties + private Properties droolsPersistenceProperties = null; + + /** + * Static initialization -- create Drools Integrity Monitor, and + * an HTTP server to handle REST 'test' requests + */ + static public DroolsPDPIntegrityMonitor init(String configDir) throws Exception + { + + logger.info("init: Entering and invoking PropertyUtil.getProperties() on '" + + configDir + "'"); + + // read in properties + Properties integrityMonitorProperties = + PropertyUtil.getProperties(configDir + "/IntegrityMonitor.properties"); + Properties droolsPersistenceProperties = + PropertyUtil.getProperties(configDir + "/droolsPersistence.properties"); + Properties xacmlPersistenceProperties = + PropertyUtil.getProperties(configDir + "/xacmlPersistence.properties"); + + // fetch and verify definitions of some properties + // (the 'IntegrityMonitor' constructor does some additional verification) + String resourceName = integrityMonitorProperties.getProperty("resource.name"); + String hostPort = integrityMonitorProperties.getProperty("hostPort"); + String fpMonitorInterval = integrityMonitorProperties.getProperty("fp_monitor_interval"); + String failedCounterThreshold = integrityMonitorProperties.getProperty("failed_counter_threshold"); + String testTransInterval = integrityMonitorProperties.getProperty("test_trans_interval"); + String writeFpcInterval = integrityMonitorProperties.getProperty("write_fpc_interval"); + String siteName = integrityMonitorProperties.getProperty("site_name"); + String nodeType = integrityMonitorProperties.getProperty("node_type"); + String dependencyGroups = integrityMonitorProperties.getProperty("dependency_groups"); + String droolsJavaxPersistenceJdbcDriver = droolsPersistenceProperties.getProperty("javax.persistence.jdbc.driver"); + String droolsJavaxPersistenceJdbcUrl = droolsPersistenceProperties.getProperty("javax.persistence.jdbc.url"); + String droolsJavaxPersistenceJdbcUser = droolsPersistenceProperties.getProperty("javax.persistence.jdbc.user"); + String droolsJavaxPersistenceJdbcPassword = droolsPersistenceProperties.getProperty("javax.persistence.jdbc.password"); + String xacmlJavaxPersistenceJdbcDriver = xacmlPersistenceProperties.getProperty("javax.persistence.jdbc.driver"); + String xacmlJavaxPersistenceJdbcUrl = xacmlPersistenceProperties.getProperty("javax.persistence.jdbc.url"); + String xacmlJavaxPersistenceJdbcUser = xacmlPersistenceProperties.getProperty("javax.persistence.jdbc.user"); + String xacmlJavaxPersistenceJdbcPassword = xacmlPersistenceProperties.getProperty("javax.persistence.jdbc.password"); + + if (resourceName == null) + { + logger.error("init: Missing IntegrityMonitor property: 'resource.name'"); + throw(new Exception + ("Missing IntegrityMonitor property: 'resource.name'")); + } + if (hostPort == null) + { + logger.error("init: Missing IntegrityMonitor property: 'hostPort'"); + throw(new Exception + ("Missing IntegrityMonitor property: 'hostPort'")); + } + if (fpMonitorInterval == null) + { + logger.error("init: Missing IntegrityMonitor property: 'fp_monitor_interval'"); + throw(new Exception + ("Missing IntegrityMonitor property: 'fp_monitor_interval'")); + } + if (failedCounterThreshold == null) + { + logger.error("init: Missing IntegrityMonitor property: 'failed_counter_threshold'"); + throw(new Exception + ("Missing IntegrityMonitor property: 'failed_counter_threshold'")); + } + if (testTransInterval == null) + { + logger.error("init: Missing IntegrityMonitor property: 'test_trans_interval'"); + throw(new Exception + ("Missing IntegrityMonitor property: 'test_trans_interval'")); + } + if (writeFpcInterval == null) + { + logger.error("init: Missing IntegrityMonitor property: 'write_fpc_interval'"); + throw(new Exception + ("Missing IntegrityMonitor property: 'write_fpc_interval'")); + } + if (siteName == null) + { + logger.error("init: Missing IntegrityMonitor property: 'site_name'"); + throw(new Exception + ("Missing IntegrityMonitor property: 'site_name'")); + } + if (nodeType == null) + { + logger.error("init: Missing IntegrityMonitor property: 'node_type'"); + throw(new Exception + ("Missing IntegrityMonitor property: 'node_type'")); + } + if (dependencyGroups == null) + { + logger.error("init: Missing IntegrityMonitor property: 'dependency_groups'"); + throw(new Exception + ("Missing IntegrityMonitor property: 'dependency_groups'")); + } + if (droolsJavaxPersistenceJdbcDriver == null) + { + logger.error("init: Missing IntegrityMonitor property: 'javax.persistence.jbdc.driver for drools DB'"); + throw(new Exception + ("Missing IntegrityMonitor property: 'javax.persistence.jbdc.driver for drools DB'")); + } + if (droolsJavaxPersistenceJdbcUrl == null) + { + logger.error("init: Missing IntegrityMonitor property: 'javax.persistence.jbdc.url for drools DB'"); + throw(new Exception + ("Missing IntegrityMonitor property: 'javax.persistence.jbdc.url for drools DB'")); + } + if (droolsJavaxPersistenceJdbcUser == null) + { + logger.error("init: Missing IntegrityMonitor property: 'javax.persistence.jbdc.user for drools DB'"); + throw(new Exception + ("Missing IntegrityMonitor property: 'javax.persistence.jbdc.user for drools DB'")); + } + if (droolsJavaxPersistenceJdbcPassword == null) + { + logger.error("init: Missing IntegrityMonitor property: 'javax.persistence.jbdc.password for drools DB'"); + throw(new Exception + ("Missing IntegrityMonitor property: 'javax.persistence.jbdc.password for drools DB'")); + } + if (xacmlJavaxPersistenceJdbcDriver == null) + { + logger.error("init: Missing IntegrityMonitor property: 'javax.persistence.jbdc.driver for xacml DB'"); + throw(new Exception + ("Missing IntegrityMonitor property: 'javax.persistence.jbdc.driver for xacml DB'")); + } + if (xacmlJavaxPersistenceJdbcUrl == null) + { + logger.error("init: Missing IntegrityMonitor property: 'javax.persistence.jbdc.url for xacml DB'"); + throw(new Exception + ("Missing IntegrityMonitor property: 'javax.persistence.jbdc.url for xacml DB'")); + } + if (xacmlJavaxPersistenceJdbcUser == null) + { + logger.error("init: Missing IntegrityMonitor property: 'javax.persistence.jbdc.user for xacml DB'"); + throw(new Exception + ("Missing IntegrityMonitor property: 'javax.persistence.jbdc.user for xacml DB'")); + } + if (xacmlJavaxPersistenceJdbcPassword == null) + { + logger.error("init: Missing IntegrityMonitor property: 'javax.persistence.jbdc.password for xacml DB'"); + throw(new Exception + ("Missing IntegrityMonitor property: 'javax.persistence.jbdc.password' for xacml DB'")); + } + + logger.info("init: loading consolidatedProperties"); + Properties consolidatedProperties = new Properties(); + consolidatedProperties.load(new FileInputStream(new File(configDir + "/IntegrityMonitor.properties"))); + consolidatedProperties.load(new FileInputStream(new File(configDir + "/xacmlPersistence.properties"))); + // verify that consolidatedProperties has properties from both properties files. + logger.info("init: PDP_INSTANCE_ID=" + consolidatedProperties.getProperty(IntegrityMonitorProperties.PDP_INSTANCE_ID)); + logger.info("init: DB_URL=" + consolidatedProperties.getProperty(XacmlPersistenceProperties.DB_URL)); + + // Now that we've validated the properties, create Drools Integrity Monitor + // with these properties. + im = new DroolsPDPIntegrityMonitor(resourceName, + consolidatedProperties, droolsPersistenceProperties); + logger.info("init: New DroolsPDPIntegrityMonitor instantiated, hostPort=" + hostPort); + + // determine host and port for HTTP server + int index = hostPort.lastIndexOf(':'); + InetSocketAddress addr; + + if (index < 0) + { + addr = new InetSocketAddress(Integer.valueOf(hostPort)); + } + else + { + addr = new InetSocketAddress + (hostPort.substring(0, index), + Integer.valueOf(hostPort.substring(index + 1))); + } + + // create http server + try { + logger.info("init: Starting HTTP server, addr=" + addr); + HttpServer server = HttpServer.create(addr, 0); + server.createContext("/test", new TestHandler()); + server.setExecutor(null); + server.start(); + System.out.println("init: Started server on hostPort=" + hostPort); + } catch (Exception e) { + if (PolicyContainer.isUnitTesting) { + System.out + .println("init: Caught Exception attempting to start server on hostPort=" + + hostPort + ", message=" + e.getMessage()); + } else { + throw e; + } + } + + logger.info("init: Exiting and returning DroolsPDPIntegrityMonitor"); + return im; + } + + /** + * Constructor - pass arguments to superclass, but remember properties + * @param resourceName unique name of this Integrity Monitor + * @param url the JMX URL of the MBean server + * @param properties properties used locally, as well as by + * 'IntegrityMonitor' + * @throws Exception (passed from superclass) + */ + private DroolsPDPIntegrityMonitor(String resourceName, + Properties consolidatedProperties, + Properties droolsPersistenceProperties) throws Exception { + super(resourceName, consolidatedProperties); + this.droolsPersistenceProperties = droolsPersistenceProperties; + } + + /** + * Run tests (audits) unique to Drools PDP VM (Database + Repository) + */ + @Override + public void subsystemTest() throws Exception + { + logger.info("DroolsPDPIntegrityMonitor.subsystemTest called"); + + // clear all responses (non-null values indicate an error) + for (AuditBase audit : audits) + { + audit.setResponse(null); + } + + // invoke all of the audits + for (AuditBase audit : audits) + { + try + { + // invoke the audit (responses are stored within the audit object) + audit.invoke(droolsPersistenceProperties); + } + catch (Exception e) + { + logger.error(MessageCodes.EXCEPTION_ERROR, e, + audit.getName() + " audit error"); + if (audit.getResponse() == null) + { + // if there is no current response, use the exception message + audit.setResponse(e.getMessage()); + } + } + } + + // will contain list of subsystems where the audit failed + String responseMsg = ""; + + // Loop through all of the audits, and see which ones have failed. + // NOTE: response information is stored within the audit objects + // themselves -- only one can run at a time. + for (AuditBase audit : audits) + { + String response = audit.getResponse(); + if (response != null) + { + // the audit has failed -- add subsystem and + // and 'responseValue' with the new information + responseMsg = responseMsg.concat("\n" + audit.getName() + ": " + response); + } + } + + if(!responseMsg.isEmpty()){ + throw new Exception(responseMsg); + } + } + + /* ============================================================ */ + + /** + * This is the base class for audits invoked in 'subsystemTest' + */ + static public abstract class AuditBase + { + // name of the audit + protected String name; + + // non-null indicates the error response + protected String response; + + /** + * Constructor - initialize the name, and clear the initial response + * @param name name of the audit + */ + public AuditBase(String name) + { + this.name = name; + this.response = null; + } + + /** + * @return the name of this audit + */ + public String getName() + { + return(name); + } + + /** + * @return the response String (non-null indicates the error message) + */ + public String getResponse() + { + return(response); + } + + /** + * Set the response string to the specified value + * @param value the new value of the response string (null = no errors) + */ + public void setResponse(String value) + { + response = value; + } + + /** + * Abstract method to invoke the audit + * @param droolsPersistenceProperties Used for DB access + * @throws Exception passed in by the audit + */ + abstract void invoke(Properties droolsPersistenceProperties) throws Exception; + } + + /* ============================================================ */ + + /** + * This class is the HTTP handler for the REST 'test' invocation + */ + static class TestHandler implements HttpHandler + { + /** + * Handle an incoming REST 'test' invocation + * @param ex used to pass incoming and outgoing HTTP information + */ + @Override + public void handle(HttpExchange ex) throws IOException + { + + System.out.println("TestHandler.handle: Entering"); + + // The responses are stored within the audit objects, so we need to + // invoke the audits and get responses before we handle another + // request. + synchronized(TestHandler.class) + { + // will include messages associated with subsystem failures + StringBuilder body = new StringBuilder(); + + // 200=SUCCESS, 500=failure + int responseValue = 200; + + if (im != null) + { + try + { + // call 'IntegrityMonitor.evaluateSanity()' + im.evaluateSanity(); + } + catch (Exception e) + { + // this exception isn't coming from one of the audits, + // because those are caught in 'subsystemTest()' + logger.error + (MessageCodes.EXCEPTION_ERROR, e, + "DroolsPDPIntegrityMonitor.evaluateSanity()"); + + // include exception in HTTP response + body.append("\nException: " + e + "\n"); + responseValue = 500; + } + } +/* + * Audit failures are being logged. A string will be generated which captures the + * the audit failures. This string will be included in an exception coming from im.evaluateSanity(). + * + // will contain list of subsystems where the audit failed + LinkedList<String> subsystems = new LinkedList<String>(); + + // Loop through all of the audits, and see which ones have failed. + // NOTE: response information is stored within the audit objects + // themselves -- only one can run at a time. + for (AuditBase audit : audits) + { + String response = audit.getResponse(); + if (response != null) + { + // the audit has failed -- update 'subsystems', 'body', + // and 'responseValue' with the new information + subsystems.add(audit.getName()); + body + .append('\n') + .append(audit.getName()) + .append(":\n") + .append(response) + .append('\n'); + responseValue = 500; + } + } + + if (subsystems.size() != 0) + { + // there is at least one failure -- add HTTP headers + ex.getResponseHeaders().put("X-ECOMP-SubsystemFailure", + subsystems); + } +*/ + // send response, including the contents of 'body' + // (which is empty if everything is successful) + ex.sendResponseHeaders(responseValue, body.length()); + OutputStream os = ex.getResponseBody(); + os.write(body.toString().getBytes()); + os.close(); + System.out.println("TestHandler.handle: Exiting"); + } + } + } + public static DroolsPDPIntegrityMonitor getInstance() throws Exception{ + logger.info("getInstance() called"); + if (im == null) { + String msg = "No DroolsPDPIntegrityMonitor instance exists." + + " Please use the method DroolsPDPIntegrityMonitor init(String configDir)"; + throw new Exception(msg); + }else{ + return im; + } + } +} diff --git a/policy-persistence/src/main/java/org/openecomp/policy/drools/core/IntegrityMonitorProperties.java b/policy-persistence/src/main/java/org/openecomp/policy/drools/core/IntegrityMonitorProperties.java new file mode 100644 index 00000000..d1b1ad6d --- /dev/null +++ b/policy-persistence/src/main/java/org/openecomp/policy/drools/core/IntegrityMonitorProperties.java @@ -0,0 +1,68 @@ +/*- + * ============LICENSE_START======================================================= + * policy-persistence + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.policy.drools.core; + +import java.util.Properties; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import org.openecomp.policy.common.logging.flexlogger.FlexLogger; +import org.openecomp.policy.common.logging.flexlogger.Logger; + +public class IntegrityMonitorProperties { + // get an instance of logger + private static Logger logger = FlexLogger.getLogger(IntegrityMonitorProperties.class); + + public static final String PDP_INSTANCE_ID = "resource.name"; + + public static final String PDP_CHECK_INVERVAL = "pdp.checkInterval"; + public static final String PDP_UPDATE_INTERVAL = "pdp.updateInterval"; + public static final String PDP_TIMEOUT = "pdp.timeout"; + public static final String PDP_INITIAL_WAIT_PERIOD = "pdp.initialWait"; + + public static final String SITE_NAME = "site_name"; + + private static Properties properties = null; + /* + * Initialize the parameter values from the droolsPersitence.properties file values + * + * This is designed so that the Properties object is obtained from the droolsPersistence.properties + * file and then is passed to this method to initialize the value of the parameters. + * This allows the flexibility of JUnit tests using getProperties(filename) to get the + * properties while runtime methods can use getPropertiesFromClassPath(filename). + * + */ + public static void initProperties (Properties prop){ + logger.info("IntegrityMonitorProperties.initProperties(Properties): entry"); + logger.info("\n\nIntegrityMonitorProperties.initProperties: Properties = \n" + prop + "\n\n"); + + properties = prop; + } + + public static String getProperty(String key){ + return properties.getProperty(key); + } + + public static Properties getProperties() { + return properties; + } +} diff --git a/policy-persistence/src/main/java/org/openecomp/policy/drools/core/RepositoryAudit.java b/policy-persistence/src/main/java/org/openecomp/policy/drools/core/RepositoryAudit.java new file mode 100644 index 00000000..86c672e2 --- /dev/null +++ b/policy-persistence/src/main/java/org/openecomp/policy/drools/core/RepositoryAudit.java @@ -0,0 +1,524 @@ +/*- + * ============LICENSE_START======================================================= + * policy-persistence + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.policy.drools.core; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.nio.file.attribute.BasicFileAttributes; +import java.nio.file.Files; +import java.nio.file.FileVisitor; +import java.nio.file.FileVisitResult; +import java.nio.file.Path; +import java.nio.file.SimpleFileVisitor; +import java.util.LinkedList; +import java.util.Properties; +import java.util.concurrent.Callable; +import java.util.concurrent.TimeUnit; + +import org.openecomp.policy.common.logging.flexlogger.FlexLogger; +import org.openecomp.policy.common.logging.flexlogger.Logger; + + +/** + * This class audits the Maven repository + */ +public class RepositoryAudit extends DroolsPDPIntegrityMonitor.AuditBase +{ + private static final long DEFAULT_TIMEOUT = 60; // timeout in 60 seconds + + // get an instance of logger + private static Logger logger = FlexLogger.getLogger(RepositoryAudit.class); + // single global instance of this audit object + static private RepositoryAudit instance = new RepositoryAudit(); + + /** + * @return the single 'RepositoryAudit' instance + */ + static DroolsPDPIntegrityMonitor.AuditBase getInstance() + { + return(instance); + } + + /** + * Constructor - set the name to 'Repository' + */ + private RepositoryAudit() + { + super("Repository"); + } + + /** + * Invoke the audit + * + * @param properties properties to be passed to the audit + */ + @Override + public void invoke(Properties properties) + throws IOException, InterruptedException + { + logger.info("Running 'RepositoryAudit.invoke'"); + + boolean isActive = true; + String repoAuditIsActive = IntegrityMonitorProperties.getProperty("repository.audit.is.active"); + logger.debug("RepositoryAudit.invoke: repoAuditIsActive = " + repoAuditIsActive); + + if (repoAuditIsActive != null) { + try { + isActive = Boolean.parseBoolean(repoAuditIsActive.trim()); + } catch (NumberFormatException e) { + logger.warn("RepositoryAudit.invoke: Ignoring invalid property: repository.audit.is.active = " + repoAuditIsActive); + } + } + + if(!isActive){ + logger.info("RepositoryAudit.invoke: exiting because isActive = " + isActive); + return; + } + + // Fetch repository information from 'IntegrityMonitorProperties' + String repositoryId = + IntegrityMonitorProperties.getProperty("repository.audit.id"); + String repositoryUrl = + IntegrityMonitorProperties.getProperty("repository.audit.url"); + String repositoryUsername = + IntegrityMonitorProperties.getProperty("repository.audit.username"); + String repositoryPassword = + IntegrityMonitorProperties.getProperty("repository.audit.password"); + boolean upload = + (repositoryId != null && repositoryUrl != null + && repositoryUsername != null && repositoryPassword != null); + + // used to incrementally construct response as problems occur + // (empty = no problems) + StringBuilder response = new StringBuilder(); + + long timeoutInSeconds = DEFAULT_TIMEOUT; + String timeoutString = + IntegrityMonitorProperties.getProperty("repository.audit.timeout"); + if (timeoutString != null && !timeoutString.isEmpty()) + { + try + { + timeoutInSeconds = Long.valueOf(timeoutString); + } + catch (NumberFormatException e) + { + logger.error + ("RepositoryAudit: Invalid 'repository.audit.timeout' value: '" + + timeoutString + "'"); + response.append("Invalid 'repository.audit.timeout' value: '") + .append(timeoutString).append("'\n"); + setResponse(response.toString()); + } + } + + // artifacts to be downloaded + LinkedList<Artifact> artifacts = new LinkedList<Artifact>(); + + /* + * 1) create temporary directory + */ + Path dir = Files.createTempDirectory("auditRepo"); + logger.info("RepositoryAudit: temporary directory = " + dir); + + // nested 'pom.xml' file and 'repo' directory + Path pom = dir.resolve("pom.xml"); + Path repo = dir.resolve("repo"); + + /* + * 2) Create test file, and upload to repository + * (only if repository information is specified) + */ + String groupId = null; + String artifactId = null; + String version = null; + if (upload) + { + groupId = "org.openecomp.policy.audit"; + artifactId = "repository-audit"; + version = "0." + System.currentTimeMillis(); + + if (repositoryUrl.toLowerCase().contains("snapshot")) + { + // use SNAPSHOT version + version += "-SNAPSHOT"; + } + + // create text file to write + FileOutputStream fos = + new FileOutputStream(dir.resolve("repository-audit.txt").toFile()); + try + { + fos.write(version.getBytes()); + } + finally + { + fos.close(); + } + + // try to install file in repository + if (runProcess + (timeoutInSeconds, dir.toFile(), null, + "mvn", "deploy:deploy-file", + "-DrepositoryId=" + repositoryId, + "-Durl=" + repositoryUrl, + "-Dfile=repository-audit.txt", + "-DgroupId=" + groupId, + "-DartifactId=" + artifactId, + "-Dversion=" + version, + "-Dpackaging=txt", + "-DgeneratePom=false") != 0) + { + logger.error + ("RepositoryAudit: 'mvn deploy:deploy-file' failed"); + response.append("'mvn deploy:deploy-file' failed\n"); + setResponse(response.toString()); + } + else + { + logger.info + ("RepositoryAudit: 'mvn deploy:deploy-file succeeded"); + + // we also want to include this new artifact in the download + // test (steps 3 and 4) + artifacts.add(new Artifact(groupId, artifactId, version, "txt")); + } + } + + /* + * 3) create 'pom.xml' file in temporary directory + */ + artifacts.add(new Artifact("org.apache.maven/maven-embedder/3.2.2")); + + StringBuilder sb = new StringBuilder(); + sb.append + ("<project xmlns=\"http://maven.apache.org/POM/4.0.0\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n" + + " xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\">\n" + + "\n" + + " <modelVersion>4.0.0</modelVersion>\n" + + " <groupId>empty</groupId>\n" + + " <artifactId>empty</artifactId>\n" + + " <version>1.0-SNAPSHOT</version>\n" + + " <packaging>pom</packaging>\n" + + "\n" + + " <build>\n" + + " <plugins>\n" + + " <plugin>\n" + + " <groupId>org.apache.maven.plugins</groupId>\n" + + " <artifactId>maven-dependency-plugin</artifactId>\n" + + " <version>2.10</version>\n" + + " <executions>\n" + + " <execution>\n" + + " <id>copy</id>\n" + + " <goals>\n" + + " <goal>copy</goal>\n" + + " </goals>\n" + + " <configuration>\n" + + " <localRepositoryDirectory>") + .append(repo) + .append("</localRepositoryDirectory>\n") + .append(" <artifactItems>\n"); + for (Artifact artifact : artifacts) + { + // each artifact results in an 'artifactItem' element + sb.append + (" <artifactItem>\n" + + " <groupId>") + .append(artifact.groupId) + .append + ("</groupId>\n" + + " <artifactId>") + .append(artifact.artifactId) + .append + ("</artifactId>\n" + + " <version>") + .append(artifact.version) + .append + ("</version>\n" + + " <type>") + .append(artifact.type) + .append + ("</type>\n" + + " </artifactItem>\n"); + } + sb.append + (" </artifactItems>\n" + + " </configuration>\n" + + " </execution>\n" + + " </executions>\n" + + " </plugin>\n" + + " </plugins>\n" + + " </build>\n" + + "</project>\n"); + FileOutputStream fos = new FileOutputStream(pom.toFile()); + try + { + fos.write(sb.toString().getBytes()); + } + finally + { + fos.close(); + } + + /* + * 4) Invoke external 'mvn' process to do the downloads + */ + + // output file = ${dir}/out (this supports step '4a') + File output = dir.resolve("out").toFile(); + + // invoke process, and wait for response + int rval = runProcess + (timeoutInSeconds, dir.toFile(), output, "mvn", "compile"); + logger.info("RepositoryAudit: 'mvn' return value = " + rval); + if (rval != 0) + { + logger.error + ("RepositoryAudit: 'mvn compile' invocation failed"); + response.append("'mvn compile' invocation failed\n"); + setResponse(response.toString()); + } + + /* + * 4a) Check attempted and successful downloads from output file + * Note: at present, this step just generates log messages, + * but doesn't do any verification. + */ + if (rval == 0) + { + // place output in 'fileContents' (replacing the Return characters + // with Newline) + byte[] outputData = new byte[(int)output.length()]; + FileInputStream fis = new FileInputStream(output); + fis.read(outputData); + String fileContents = new String(outputData).replace('\r','\n'); + fis.close(); + + // generate log messages from 'Downloading' and 'Downloaded' + // messages within the 'mvn' output + int index = 0; + while ((index = fileContents.indexOf("\nDown", index)) > 0) + { + index += 5; + if (fileContents.regionMatches(index, "loading: ", 0, 9)) + { + index += 9; + int endIndex = fileContents.indexOf('\n', index); + logger.info + ("RepositoryAudit: Attempted download: '" + + fileContents.substring(index, endIndex) + "'"); + index = endIndex; + } + else if (fileContents.regionMatches(index, "loaded: ", 0, 8)) + { + index += 8; + int endIndex = fileContents.indexOf(' ', index); + logger.info + ("RepositoryAudit: Successful download: '" + + fileContents.substring(index, endIndex) + "'"); + index = endIndex; + } + } + } + + /* + * 5) Check the contents of the directory to make sure the downloads + * were successful + */ + for (Artifact artifact : artifacts) + { + if (repo.resolve(artifact.groupId.replace('.','/')) + .resolve(artifact.artifactId) + .resolve(artifact.version) + .resolve(artifact.artifactId + "-" + artifact.version + "." + + artifact.type).toFile().exists()) + { + // artifact exists, as expected + logger.info("RepositoryAudit: " + + artifact.toString() + ": exists"); + } + else + { + // Audit ERROR: artifact download failed for some reason + logger.error("RepositoryAudit: " + + artifact.toString() + ": does not exist"); + response.append("Failed to download artifact: ") + .append(artifact).append('\n'); + setResponse(response.toString()); + } + } + + /* + * 6) Use 'curl' to delete the uploaded test file + * (only if repository information is specified) + */ + if (upload) + { + if (runProcess + (timeoutInSeconds, dir.toFile(), null, + "curl", + "--request", "DELETE", + "--user", repositoryUsername + ":" + repositoryPassword, + (repositoryUrl + "/" + groupId.replace('.', '/') + "/" + + artifactId + "/" + version)) + != 0) + { + logger.error + ("RepositoryAudit: delete of uploaded artifact failed"); + response.append("delete of uploaded artifact failed\n"); + setResponse(response.toString()); + } + else + { + logger.info + ("RepositoryAudit: delete of uploaded artifact succeeded"); + artifacts.add(new Artifact(groupId, artifactId, version, "txt")); + } + } + + /* + * 7) Remove the temporary directory + */ + Files.walkFileTree + (dir, + new SimpleFileVisitor<Path>() + { + public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) + { + // logger.info("RepositoryAudit: Delete " + file); + file.toFile().delete(); + return(FileVisitResult.CONTINUE); + } + + public FileVisitResult postVisitDirectory(Path file, IOException e) + throws IOException + { + if (e == null) + { + // logger.info("RepositoryAudit: Delete " + file); + file.toFile().delete(); + return(FileVisitResult.CONTINUE); + } + else + { + throw(e); + } + } + }); + } + + /** + * Run a process, and wait for the response + * + * @param timeoutInSeconds the number of seconds to wait for the + * process to terminate + * @param directory the execution directory of the process + * (null = current directory) + * @param stdout the file to contain the standard output + * (null = discard standard output) + * @param command command and arguments + * @return the return value of the process + * @throws IOException, InterruptedException + */ + static int runProcess(long timeoutInSeconds, + File directory, File stdout, String... command) + throws IOException, InterruptedException + { + ProcessBuilder pb = new ProcessBuilder(command); + if (directory != null) + { + pb.directory(directory); + } + if (stdout != null) + { + pb.redirectOutput(stdout); + } + + Process process = pb.start(); + if (process.waitFor(timeoutInSeconds, TimeUnit.SECONDS)) + { + // process terminated before the timeout + return(process.exitValue()); + } + + // process timed out -- kill it, and return -1 + process.destroyForcibly(); + return(-1); + } + + /* ============================================================ */ + + /** + * An instance of this class exists for each artifact that we are trying + * to download. + */ + static class Artifact + { + String groupId, artifactId, version, type; + + /** + * Constructor - populate the 'Artifact' instance + * + * @param groupId groupId of artifact + * @param artifactId artifactId of artifact + * @param version version of artifact + * @param type type of the artifact (e.g. "jar") + */ + Artifact(String groupId, String artifactId, String version, String type) + { + this.groupId = groupId; + this.artifactId = artifactId; + this.version = version; + this.type = type; + } + + /** + * Constructor - populate an 'Artifact' instance + * + * @param artifact a string of the form: + * "<groupId>/<artifactId>/<version>[/<type>]" + * @throws IllegalArgumentException if 'artifact' has the incorrect format + */ + Artifact(String artifact) + { + String[] segments = artifact.split("/"); + if (segments.length != 4 && segments.length != 3) + { + throw(new IllegalArgumentException("groupId/artifactId/version/type")); + } + groupId = segments[0]; + artifactId = segments[1]; + version = segments[2]; + type = (segments.length == 4 ? segments[3] : "jar"); + } + + /** + * @return the artifact id in the form: + * "<groupId>/<artifactId>/<version>/<type>" + */ + public String toString() + { + return(groupId + "/" + artifactId + "/" + version + "/" + type); + } + } +} |