diff options
Diffstat (limited to 'aai-core')
5 files changed, 102 insertions, 53 deletions
diff --git a/aai-core/pom.xml b/aai-core/pom.xml index 8f03d5d8..56183fe8 100644 --- a/aai-core/pom.xml +++ b/aai-core/pom.xml @@ -8,9 +8,9 @@ Copyright © 2019 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - + http://www.apache.org/licenses/LICENSE-2.0 - + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -26,7 +26,7 @@ limitations under the License. <parent> <groupId>org.onap.aai.aai-common</groupId> <artifactId>aai-parent</artifactId> - <version>1.8.0-SNAPSHOT</version> + <version>1.8.1-SNAPSHOT</version> <relativePath>../aai-parent/pom.xml</relativePath> </parent> <artifactId>aai-core</artifactId> @@ -96,7 +96,7 @@ limitations under the License. <version>2.8</version> </plugin> <plugin> - <!-- explicitly define maven-deploy-plugin after other to force exec + <!-- explicitly define maven-deploy-plugin after other to force exec order --> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-deploy-plugin</artifactId> @@ -133,7 +133,7 @@ limitations under the License. <dependency> <groupId>com.att.eelf</groupId> <artifactId>eelf-core</artifactId> - <exclusions><!-- excluding transitive dependency coming from this artifact, + <exclusions><!-- excluding transitive dependency coming from this artifact, as we would need powermock-api-mockito2 --> <exclusion> <groupId>org.powermock</groupId> diff --git a/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java b/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java index 4ece3771..c383f0c5 100644 --- a/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java +++ b/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java @@ -20,24 +20,23 @@ package org.onap.aai.introspection.sideeffect; -import java.io.UnsupportedEncodingException; -import java.net.URISyntaxException; - -import java.util.List; -import java.util.Map.Entry; -import java.util.Optional; +import org.apache.commons.lang3.ObjectUtils; import org.apache.tinkerpop.gremlin.structure.Vertex; -import org.apache.tinkerpop.gremlin.structure.VertexProperty; -import org.onap.aai.edges.exceptions.AmbiguousRuleChoiceException; -import org.onap.aai.edges.exceptions.EdgeRuleNotFoundException; import org.onap.aai.exceptions.AAIException; import org.onap.aai.introspection.Introspector; import org.onap.aai.schema.enums.PropertyMetadata; import org.onap.aai.serialization.db.DBSerializer; import org.onap.aai.serialization.engines.TransactionalGraphEngine; +import org.springframework.util.CollectionUtils; + +import java.util.Map.Entry; +import java.util.Optional; public class OwnerCheck extends SideEffect { + public static final String READ_ONLY_SUFFIX = "_readOnly"; + private static final String DATA_OWNER = "data-owner"; + public OwnerCheck(Introspector obj, Vertex self, TransactionalGraphEngine dbEngine, DBSerializer serializer) { super(obj, self, dbEngine, serializer); } @@ -55,21 +54,15 @@ public class OwnerCheck extends SideEffect { } public static boolean isAuthorized(java.util.Set<String> groups, Vertex vertex) { - if (groups != null && !groups.isEmpty()) { - List<Vertex> owningEntity = vertex.graph().traversal() - .V(vertex) - .bothE("org.onap.relationships.inventory.BelongsTo") - .otherV() - .has("aai-node-type", "owning-entity") - .toList(); - - if(!owningEntity.isEmpty()) { - VertexProperty owningEntityName = owningEntity.get(0).property("owning-entity-name"); - - return groups.contains(owningEntityName.orElseGet(null)); + if (!CollectionUtils.isEmpty(groups)) { + Object dataOwnerProperty = vertex.property(DATA_OWNER).orElse(null); + if (ObjectUtils.isNotEmpty(dataOwnerProperty)) { + String dataOwner = dataOwnerProperty.toString(); + String dataOwnerWithReadAccess = dataOwner + READ_ONLY_SUFFIX; + return groups.stream() + .anyMatch(group -> group.equals(dataOwner) || group.equals(dataOwnerWithReadAccess)); } } - return true; } diff --git a/aai-core/src/main/java/org/onap/aai/serialization/db/DBSerializer.java b/aai-core/src/main/java/org/onap/aai/serialization/db/DBSerializer.java index 14621e83..7ab49a13 100644 --- a/aai-core/src/main/java/org/onap/aai/serialization/db/DBSerializer.java +++ b/aai-core/src/main/java/org/onap/aai/serialization/db/DBSerializer.java @@ -115,6 +115,7 @@ public class DBSerializer { private Map<String, Pair<Introspector, LinkedHashMap<String, Introspector>>> impliedDeleteUriObjectPair = new LinkedHashMap<>(); private int notificationDepth; private boolean isDeltaEventsEnabled; + private boolean isMultiTenancyEnabled; /** * Instantiates a new DB serializer. @@ -271,6 +272,7 @@ public class DBSerializer { EdgeSerializer es = ctx.getBean(EdgeSerializer.class); setEdgeSerializer(es); isDeltaEventsEnabled = Boolean.parseBoolean(SpringContextAware.getApplicationContext().getEnvironment().getProperty("delta.events.enabled", FALSE)); + isMultiTenancyEnabled = Boolean.parseBoolean(SpringContextAware.getApplicationContext().getEnvironment().getProperty("multi.tenancy.enabled", FALSE)); } public void setEdgeSerializer(EdgeSerializer edgeSer) { @@ -2270,10 +2272,12 @@ public class DBSerializer { private void executePreSideEffects(Introspector obj, Vertex self) throws AAIException { - SideEffectRunner runner = new SideEffectRunner.Builder(this.engine, this).addSideEffect(DataCopy.class) - .addSideEffect(PrivateEdge.class).addSideEffect(OwnerCheck.class).build(); - - runner.execute(obj, self); + SideEffectRunner.Builder runnerBuilder = + new SideEffectRunner.Builder(this.engine, this).addSideEffect(DataCopy.class).addSideEffect(PrivateEdge.class); + if (isMultiTenancyEnabled) { + runnerBuilder.addSideEffect(OwnerCheck.class); + } + runnerBuilder.build().execute(obj, self); } private void executePostSideEffects(Introspector obj, Vertex self) throws AAIException { @@ -2286,11 +2290,13 @@ public class DBSerializer { private void enrichData(Introspector obj, Vertex self) throws AAIException { - SideEffectRunner runner = - new SideEffectRunner.Builder(this.engine, this).addSideEffect(DataLinkReader.class) - .addSideEffect(OwnerCheck.class).build(); + SideEffectRunner.Builder runnerBuilder = + new SideEffectRunner.Builder(this.engine, this).addSideEffect(DataLinkReader.class); - runner.execute(obj, self); + if (isMultiTenancyEnabled) { + runnerBuilder.addSideEffect(OwnerCheck.class); + } + runnerBuilder.build().execute(obj, self); } public double getDBTimeMsecs() { diff --git a/aai-core/src/test/java/org/onap/aai/introspection/sideeffect/OwnerCheckTest.java b/aai-core/src/test/java/org/onap/aai/introspection/sideeffect/OwnerCheckTest.java index 0e33f6c7..9f101965 100644 --- a/aai-core/src/test/java/org/onap/aai/introspection/sideeffect/OwnerCheckTest.java +++ b/aai-core/src/test/java/org/onap/aai/introspection/sideeffect/OwnerCheckTest.java @@ -86,16 +86,10 @@ public class OwnerCheckTest extends AAISetup { .addV("pnf") .property("aai-node-type", "pnf") .property("pnf-name", "my-pnf") + .property("data-owner", "Operator") .property(AAIProperties.AAI_URI, "/network/pnfs/pnf/my-pnf") .property("model-invariant-id", "key1") .as("v1") - .addV("owning-entity") - .property("aai-node-type", "owning-entity") - .property("owning-entity-name", "OE-Generic") - .property("owning-entity-id", "367c897c-8cec-47ba-b7f5-4b6139f06691") - .property(AAIProperties.AAI_URI,"/network/pnfs/pnf/my-pnf/business/owning-entities/owning-entity/367c897c-8cec-47ba-b7f5-4b6139f06691") - .as("oe") - .addE("org.onap.relationships.inventory.BelongsTo").to("v1").from("oe") .property(EdgeProperty.CONTAINS.toString(), true) .addV("model-ver") .property("aai-node-type", "model-ver") @@ -137,14 +131,13 @@ public class OwnerCheckTest extends AAISetup { } @Test - public void shouldFailComparisonWithDiffOwningEntity() throws Exception { + public void shouldFailIfGroupsNotContainsDataOwner() throws Exception { final Loader loader = loaderFactory.createLoaderForVersion(ModelType.MOXY, schemaVersions.getDefaultVersion()); final Introspector obj = loader.introspectorFromName("pnf"); obj.setValue("pnf-name", "my-pnf"); obj.setValue("model-invariant-id", "key1"); obj.setValue("model-version-id", "key2"); - //obj.setValue("owning-entity-id", "367c897c-8cec-47ba-b7f5-4b6139f06691"); TransactionalGraphEngine spy = spy(dbEngine); TransactionalGraphEngine.Admin adminSpy = spy(dbEngine.asAdmin()); Graph g = graph.newTransaction(); @@ -152,30 +145,29 @@ public class OwnerCheckTest extends AAISetup { when(spy.asAdmin()).thenReturn(adminSpy); when(adminSpy.getTraversalSource()).thenReturn(traversal); DBSerializer serializer = - new DBSerializer(schemaVersions.getDefaultVersion(), - spy, introspectorFactoryType, - "AAI_TEST", new HashSet<>(Arrays.asList("OE-GenericI", "OE-GenericII"))); + new DBSerializer(schemaVersions.getDefaultVersion(), + spy, introspectorFactoryType, + "AAI_TEST", new HashSet<>(Arrays.asList("OperatorI", "OperatorII"))); Vertex selfV = g.traversal().V().has("aai-node-type", "pnf").next(); OwnerCheck ownerCheck = new OwnerCheck(obj, selfV, spy, serializer); thrown.expect(AAIException.class); - thrown.expectMessage("Group(s) :[OE-GenericI, OE-GenericII] not authorized to perform function"); + thrown.expectMessage("Group(s) :[OperatorII, OperatorI] not authorized to perform function"); ownerCheck.execute(); g.tx().rollback(); } @Test - public void shouldPassIfOwningEntityEqual() throws Exception { + public void shouldPassIfGroupsContainsDataOwner() throws Exception { final Loader loader = loaderFactory.createLoaderForVersion(ModelType.MOXY, schemaVersions.getDefaultVersion()); final Introspector obj = loader.introspectorFromName("pnf"); obj.setValue("pnf-name", "my-pnf"); obj.setValue("model-invariant-id", "key1"); obj.setValue("model-version-id", "key2"); - //obj.setValue("owning-entity-id", "367c897c-8cec-47ba-b7f5-4b6139f06691"); TransactionalGraphEngine spy = spy(dbEngine); TransactionalGraphEngine.Admin adminSpy = spy(dbEngine.asAdmin()); Graph g = graph.newTransaction(); @@ -189,25 +181,78 @@ public class OwnerCheckTest extends AAISetup { DBSerializer serializer = new DBSerializer(schemaVersions.getDefaultVersion(), spy, introspectorFactoryType, - "AAI_TEST", new HashSet<>(Arrays.asList("OE-Generic", "OE-GenericII"))); + "AAI_TEST", new HashSet<>(Arrays.asList("OperatorIII", "Operator"))); + + OwnerCheck ownerCheck = new OwnerCheck(obj, selfV, spy, serializer); + + ownerCheck.execute(); + g.tx().rollback(); + } + + @Test + public void shouldPassIfGroupsIsEmpty() throws Exception { + + final Loader loader = loaderFactory.createLoaderForVersion(ModelType.MOXY, schemaVersions.getDefaultVersion()); + final Introspector obj = loader.introspectorFromName("pnf"); + obj.setValue("pnf-name", "my-pnf"); + obj.setValue("model-invariant-id", "key1"); + obj.setValue("model-version-id", "key2"); + TransactionalGraphEngine spy = spy(dbEngine); + TransactionalGraphEngine.Admin adminSpy = spy(dbEngine.asAdmin()); + Graph g = graph.newTransaction(); + GraphTraversalSource traversal = g.traversal(); + when(spy.asAdmin()).thenReturn(adminSpy); + when(adminSpy.getTraversalSource()).thenReturn(traversal); + DBSerializer serializer = + new DBSerializer(schemaVersions.getDefaultVersion(), + spy, introspectorFactoryType, + "AAI_TEST"); + + Vertex selfV = g.traversal().V().has("aai-node-type", "pnf").next(); OwnerCheck ownerCheck = new OwnerCheck(obj, selfV, spy, serializer); ownerCheck.execute(); + g.tx().rollback(); + } + + @Test + public void shouldPassIfDataOwnerIsNull() throws Exception { + + final Loader loader = loaderFactory.createLoaderForVersion(ModelType.MOXY, schemaVersions.getDefaultVersion()); + final Introspector obj = loader.introspectorFromName("pnf"); + obj.setValue("pnf-name", "my-pnf"); + obj.setValue("model-invariant-id", "key1"); + obj.setValue("model-version-id", "key2"); + obj.setValue("data-owner", null); + TransactionalGraphEngine spy = spy(dbEngine); + TransactionalGraphEngine.Admin adminSpy = spy(dbEngine.asAdmin()); + Graph g = graph.newTransaction(); + GraphTraversalSource traversal = g.traversal(); + when(spy.asAdmin()).thenReturn(adminSpy); + when(adminSpy.getTraversalSource()).thenReturn(traversal); + DBSerializer serializer = + new DBSerializer(schemaVersions.getDefaultVersion(), + spy, introspectorFactoryType, + "AAI_TEST"); + + Vertex selfV = g.traversal().V().has("aai-node-type", "pnf").next(); + OwnerCheck ownerCheck = new OwnerCheck(obj, selfV, spy, serializer); + ownerCheck.execute(); g.tx().rollback(); } @Test - public void shouldPassIfUserOwningEntityEmptyl() throws Exception { + public void shouldPassIfDataOwnerIsEmpty() throws Exception { final Loader loader = loaderFactory.createLoaderForVersion(ModelType.MOXY, schemaVersions.getDefaultVersion()); final Introspector obj = loader.introspectorFromName("pnf"); obj.setValue("pnf-name", "my-pnf"); obj.setValue("model-invariant-id", "key1"); obj.setValue("model-version-id", "key2"); - //obj.setValue("owning-entity-id", "367c897c-8cec-47ba-b7f5-4b6139f06691"); + obj.setValue("data-owner", ""); TransactionalGraphEngine spy = spy(dbEngine); TransactionalGraphEngine.Admin adminSpy = spy(dbEngine.asAdmin()); Graph g = graph.newTransaction(); diff --git a/aai-core/src/test/resources/onap/oxm/v14/aai_oxm_v14.xml b/aai-core/src/test/resources/onap/oxm/v14/aai_oxm_v14.xml index b08e4fb1..99596cde 100644 --- a/aai-core/src/test/resources/onap/oxm/v14/aai_oxm_v14.xml +++ b/aai-core/src/test/resources/onap/oxm/v14/aai_oxm_v14.xml @@ -5131,6 +5131,11 @@ <xml-property name="ownerCheck" value="N/A"/> </xml-properties> </xml-element> + <xml-element java-attribute="dataOwner" name="data-owner" type="java.lang.String"> + <xml-properties> + <xml-property name="description" value="Resource owner"/> + </xml-properties> + </xml-element> <xml-element java-attribute="pnfName2" name="pnf-name2" type="java.lang.String"> <xml-properties> <xml-property name="description" value="name of Physical Network Function."/> |