summaryrefslogtreecommitdiffstats
path: root/aai-resources/src
diff options
context:
space:
mode:
Diffstat (limited to 'aai-resources/src')
-rw-r--r--aai-resources/src/it/java/org/onap/aai/multitenancy/KeycloakTestConfiguration.java73
-rw-r--r--aai-resources/src/it/java/org/onap/aai/multitenancy/KeycloakTestProperties.java44
-rw-r--r--aai-resources/src/it/java/org/onap/aai/multitenancy/MultiTenancyIT.java119
-rw-r--r--aai-resources/src/it/java/org/onap/aai/multitenancy/RoleHandler.java57
-rw-r--r--aai-resources/src/it/resources/application-keycloak-test.properties17
-rw-r--r--aai-resources/src/it/resources/multi-tenancy-realm.json173
-rw-r--r--aai-resources/src/it/resources/payloads/resource/pnf.json9
-rw-r--r--aai-resources/src/main/java/org/onap/aai/web/MicrometerConfiguration.java4
-rw-r--r--aai-resources/src/main/resources/application.properties10
-rw-r--r--aai-resources/src/test/java/org/onap/aai/rest/ConfigurationTest.java4
-rw-r--r--aai-resources/src/test/resources/application-test.properties1
11 files changed, 14 insertions, 497 deletions
diff --git a/aai-resources/src/it/java/org/onap/aai/multitenancy/KeycloakTestConfiguration.java b/aai-resources/src/it/java/org/onap/aai/multitenancy/KeycloakTestConfiguration.java
deleted file mode 100644
index 01f335aa..00000000
--- a/aai-resources/src/it/java/org/onap/aai/multitenancy/KeycloakTestConfiguration.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.multitenancy;
-
-import com.github.dockerjava.api.model.ExposedPort;
-import com.github.dockerjava.api.model.HostConfig;
-import com.github.dockerjava.api.model.PortBinding;
-import com.github.dockerjava.api.model.Ports;
-import dasniko.testcontainers.keycloak.KeycloakContainer;
-import org.keycloak.adapters.springboot.KeycloakSpringBootProperties;
-import org.keycloak.admin.client.Keycloak;
-import org.keycloak.admin.client.KeycloakBuilder;
-import org.keycloak.representations.adapters.config.AdapterConfig;
-import org.springframework.boot.test.context.TestConfiguration;
-import org.springframework.context.annotation.Bean;
-
-@TestConfiguration
-class KeycloakTestConfiguration {
-
- @Bean
- public AdapterConfig adapterConfig() {
- return new KeycloakSpringBootProperties();
- }
-
- @Bean
- KeycloakContainer keycloakContainer(KeycloakTestProperties properties) {
- KeycloakContainer keycloak = new KeycloakContainer("jboss/keycloak:12.0.4")
- .withRealmImportFile(properties.realmJson)
- .withCreateContainerCmdModifier(cmd -> cmd.withHostConfig(
- new HostConfig().withPortBindings(new PortBinding(Ports.Binding.bindPort(Integer.parseInt(properties.port)), new ExposedPort(8080)))
- ));
- keycloak.start();
- return keycloak;
- }
-
- @Bean
- Keycloak keycloakAdminClient(KeycloakContainer keycloak, KeycloakTestProperties properties) {
- return KeycloakBuilder.builder()
- .serverUrl(keycloak.getAuthServerUrl())
- .realm(properties.realm)
- .clientId(properties.adminCli)
- .username(keycloak.getAdminUsername())
- .password(keycloak.getAdminPassword())
- .build();
- }
-
- @Bean
- RoleHandler roleHandler(Keycloak adminClient, KeycloakTestProperties properties) {
- return new RoleHandler(adminClient, properties);
- }
-
- @Bean
- KeycloakTestProperties properties() {
- return new KeycloakTestProperties();
- }
-}
diff --git a/aai-resources/src/it/java/org/onap/aai/multitenancy/KeycloakTestProperties.java b/aai-resources/src/it/java/org/onap/aai/multitenancy/KeycloakTestProperties.java
deleted file mode 100644
index de62d2da..00000000
--- a/aai-resources/src/it/java/org/onap/aai/multitenancy/KeycloakTestProperties.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.multitenancy;
-
-import org.springframework.beans.factory.annotation.Value;
-
-class KeycloakTestProperties {
-
- @Value("${test.keycloak.realm.json}")
- public String realmJson;
-
- @Value("${keycloak.realm}")
- public String realm;
-
- @Value("${keycloak.resource}")
- public String clientId;
-
- @Value("${test.keycloak.client.secret}")
- public String clientSecret;
-
- @Value("${test.keycloak.admin.cli}")
- public String adminCli;
-
- @Value("${test.keycloak.auth-server-port}")
- public String port;
-
-}
diff --git a/aai-resources/src/it/java/org/onap/aai/multitenancy/MultiTenancyIT.java b/aai-resources/src/it/java/org/onap/aai/multitenancy/MultiTenancyIT.java
deleted file mode 100644
index 2ad9616d..00000000
--- a/aai-resources/src/it/java/org/onap/aai/multitenancy/MultiTenancyIT.java
+++ /dev/null
@@ -1,119 +0,0 @@
-/**
- * ============LICENSE_START==================================================
- * org.onap.aai
- * ===========================================================================
- * Copyright © 2017-2020 AT&T Intellectual Property. All rights reserved.
- * ===========================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END====================================================
- */
-package org.onap.aai.multitenancy;
-
-import dasniko.testcontainers.keycloak.KeycloakContainer;
-import org.junit.Test;
-import org.keycloak.admin.client.Keycloak;
-import org.keycloak.admin.client.KeycloakBuilder;
-import org.keycloak.representations.AccessTokenResponse;
-import org.onap.aai.PayloadUtil;
-import org.onap.aai.rest.AbstractSpringRestTest;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Import;
-import org.springframework.http.*;
-import org.springframework.test.context.TestPropertySource;
-
-import java.util.Collections;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-
-@Import(KeycloakTestConfiguration.class)
-@TestPropertySource(locations = "classpath:application-keycloak-test.properties")
-public class MultiTenancyIT extends AbstractSpringRestTest {
-
- @Autowired
- private KeycloakContainer keycloakContainer;
- @Autowired
- private RoleHandler roleHandler;
- @Autowired
- private KeycloakTestProperties properties;
-
- @Test
- public void testCreateAndGetPnf() throws Exception {
- baseUrl = "http://localhost:" + randomPort;
- String endpoint = baseUrl + "/aai/v23/network/pnfs/pnf/pnf-1";
- ResponseEntity responseEntity = null;
-
- // create pnf with ran (operator)
- String username = "ran", password = "ran";
- headers = this.getHeaders(username, password);
- httpEntity = new HttpEntity(PayloadUtil.getResourcePayload("pnf.json"), headers);
- responseEntity = restTemplate.exchange(endpoint, HttpMethod.PUT, httpEntity, String.class);
- assertEquals(HttpStatus.CREATED, responseEntity.getStatusCode());
-
- // get pnf with bob (operator_readOnly)
- username = "bob"; password = "bob";
- headers = this.getHeaders(username, password);
- httpEntity = new HttpEntity("", headers);
- responseEntity = restTemplate.exchange(endpoint, HttpMethod.GET, httpEntity, String.class);
- assertEquals(HttpStatus.OK, responseEntity.getStatusCode());
-
- // get pnf with ted (selector)
- username = "ted"; password = "ted";
- headers = this.getHeaders(username, password);
- httpEntity = new HttpEntity("", headers);
- responseEntity = restTemplate.exchange(endpoint, HttpMethod.GET, httpEntity, String.class);
- assertEquals(HttpStatus.FORBIDDEN, responseEntity.getStatusCode());
-
- // add role to ted and try to get pnf again
- roleHandler.addToUser(RoleHandler.OPERATOR_READ_ONLY, username);
- headers = this.getHeaders(username, password);
- httpEntity = new HttpEntity("", headers);
- responseEntity = restTemplate.exchange(endpoint, HttpMethod.GET, httpEntity, String.class);
- assertEquals(HttpStatus.OK, responseEntity.getStatusCode());
-
- // get pnf with ran
- username = "ran"; password = "ran";
- headers = this.getHeaders(username, password);
- httpEntity = new HttpEntity("", headers);
- responseEntity = restTemplate.exchange(endpoint, HttpMethod.GET, httpEntity, String.class);
- assertEquals(HttpStatus.OK, responseEntity.getStatusCode());
- }
-
- private HttpHeaders getHeaders(String username, String password) {
- HttpHeaders headers = new HttpHeaders();
-
- headers.setContentType(MediaType.APPLICATION_JSON);
- headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
- headers.add("Real-Time", "true");
- headers.add("X-FromAppId", "JUNIT");
- headers.add("X-TransactionId", "JUNIT");
- headers.add("Authorization", "Bearer " + getStringToken(username, password));
-
- return headers;
- }
-
- private String getStringToken(String username, String password) {
- Keycloak keycloakClient = KeycloakBuilder.builder()
- .serverUrl(keycloakContainer.getAuthServerUrl())
- .realm(properties.realm)
- .clientId(properties.clientId)
- .clientSecret(properties.clientSecret)
- .username(username)
- .password(password)
- .build();
-
- AccessTokenResponse tokenResponse = keycloakClient.tokenManager().getAccessToken();
- assertNotNull(tokenResponse);
- return tokenResponse.getToken();
- }
-}
diff --git a/aai-resources/src/it/java/org/onap/aai/multitenancy/RoleHandler.java b/aai-resources/src/it/java/org/onap/aai/multitenancy/RoleHandler.java
deleted file mode 100644
index 0769c156..00000000
--- a/aai-resources/src/it/java/org/onap/aai/multitenancy/RoleHandler.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.multitenancy;
-
-import org.keycloak.admin.client.Keycloak;
-import org.keycloak.admin.client.resource.RealmResource;
-
-import java.util.Collections;
-
-class RoleHandler {
-
- /**
- Following roles should be the same as given roles in multi-tenancy-realm json file
- */
- final static String OPERATOR = "operator";
- final static String OPERATOR_READ_ONLY = "operator_readOnly";
- private final Keycloak adminClient;
- private final KeycloakTestProperties properties;
-
- RoleHandler(Keycloak adminClient, KeycloakTestProperties properties) {
- this.adminClient = adminClient;
- this.properties = properties;
- }
-
- void addToUser(String role, String username) {
- RealmResource realm = adminClient.realm(properties.realm);
- realm.users().get(username)
- .roles()
- .realmLevel()
- .add(Collections.singletonList(realm.roles().get(role).toRepresentation()));
- }
-
- void removeFromUser(String role, String username) {
- RealmResource realm = adminClient.realm(properties.realm);
- realm.users().get(username)
- .roles()
- .realmLevel()
- .remove(Collections.singletonList(realm.roles().get(role).toRepresentation()));
- }
-}
diff --git a/aai-resources/src/it/resources/application-keycloak-test.properties b/aai-resources/src/it/resources/application-keycloak-test.properties
deleted file mode 100644
index ca0266b0..00000000
--- a/aai-resources/src/it/resources/application-keycloak-test.properties
+++ /dev/null
@@ -1,17 +0,0 @@
-test.keycloak.realm.json=multi-tenancy-realm.json
-test.keycloak.client.secret=secret
-test.keycloak.admin.cli=admin-cli
-test.keycloak.auth-server-port=58180
-
-keycloak.auth-server-url=http://localhost:58180/auth
-keycloak.realm=aai-resources
-keycloak.resource=aai-resources-app
-keycloak.public-client=true
-keycloak.principal-attribute=preferred_username
-
-keycloak.ssl-required=external
-keycloak.bearer-only=true
-
-multi.tenancy.enabled=true
-spring.profiles.active=production,keycloak
-schema.version.list=v10,v11,v12,v13,v14,v15,v23
diff --git a/aai-resources/src/it/resources/multi-tenancy-realm.json b/aai-resources/src/it/resources/multi-tenancy-realm.json
deleted file mode 100644
index 401187b2..00000000
--- a/aai-resources/src/it/resources/multi-tenancy-realm.json
+++ /dev/null
@@ -1,173 +0,0 @@
-{
- "id": "aai-resources",
- "realm": "aai-resources",
- "notBefore": 0,
- "revokeRefreshToken": false,
- "refreshTokenMaxReuse": 0,
- "accessTokenLifespan": 300,
- "accessTokenLifespanForImplicitFlow": 900,
- "ssoSessionIdleTimeout": 1800,
- "ssoSessionMaxLifespan": 36000,
- "ssoSessionIdleTimeoutRememberMe": 0,
- "ssoSessionMaxLifespanRememberMe": 0,
- "offlineSessionIdleTimeout": 2592000,
- "offlineSessionMaxLifespanEnabled": false,
- "offlineSessionMaxLifespan": 5184000,
- "clientSessionIdleTimeout": 0,
- "clientSessionMaxLifespan": 0,
- "clientOfflineSessionIdleTimeout": 0,
- "clientOfflineSessionMaxLifespan": 0,
- "accessCodeLifespan": 60,
- "accessCodeLifespanUserAction": 300,
- "accessCodeLifespanLogin": 1800,
- "actionTokenGeneratedByAdminLifespan": 43200,
- "actionTokenGeneratedByUserLifespan": 300,
- "enabled": true,
- "sslRequired": "external",
- "registrationAllowed": false,
- "registrationEmailAsUsername": false,
- "rememberMe": false,
- "verifyEmail": false,
- "loginWithEmailAllowed": true,
- "duplicateEmailsAllowed": false,
- "resetPasswordAllowed": false,
- "editUsernameAllowed": false,
- "bruteForceProtected": false,
- "permanentLockout": false,
- "maxFailureWaitSeconds": 900,
- "minimumQuickLoginWaitSeconds": 60,
- "waitIncrementSeconds": 60,
- "quickLoginCheckMilliSeconds": 1000,
- "maxDeltaTimeSeconds": 43200,
- "failureFactor": 30,
- "users": [
- {
- "username": "admin",
- "enabled": true,
- "credentials": [
- {
- "type": "password",
- "value": "admin"
- }
- ],
- "clientRoles": {
- "realm-management": ["manage-users", "view-clients", "view-realm", "view-users"]
- }
- },
- {
- "id": "ran",
- "username": "ran",
- "enabled": true,
- "credentials": [
- {
- "type": "password",
- "value": "ran"
- }
- ],
- "realmRoles": [
- "operator"
- ]
- },
- {
- "id": "bob",
- "username": "bob",
- "enabled": true,
- "credentials": [
- {
- "type": "password",
- "value": "bob"
- }
- ],
- "realmRoles": [
- "operator_readOnly"
- ]
- },
- {
- "id": "ted",
- "username": "ted",
- "enabled": true,
- "credentials": [
- {
- "type": "password",
- "value": "ted"
- }
- ],
- "realmRoles": [
- "selector"
- ]
- }
- ],
- "roles": {
- "realm": [
- {
- "name": "operator",
- "description": "Operator privileges"
- },
- {
- "name": "operator_readOnly",
- "description": "Operator's read only privileges"
- },
- {
- "name": "selector",
- "description": "Selector privileges"
- },
- {
- "name": "selector_readOnly",
- "description": "Selector's read only privileges"
- },
- {
- "name": "admin",
- "description": "Administrator privileges"
- }
- ]
- },
- "clients": [
- {
- "clientId": "aai-resources-app",
- "enabled": true,
- "secret": "secret",
- "directAccessGrantsEnabled": true,
- "authorizationServicesEnabled": true,
- "authorizationSettings": {
- "allowRemoteResourceManagement": true,
- "policyEnforcementMode": "ENFORCING"
- }
- }
- ],
- "defaultDefaultClientScopes": [
- "roles",
- "email",
- "web-origins",
- "profile",
- "role_list"
- ],
- "clientScopes": [
- {
- "id": "0f7dfd8b-c230-4664-8d77-da85bcc4fe2a",
- "name": "roles",
- "description": "OpenID Connect scope for add user roles to the access token",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "display.on.consent.screen": "true",
- "consent.screen.text": "${rolesScopeConsentText}"
- },
- "protocolMappers": [
- {
- "id": "4b9f8798-8990-4c0d-87d3-034e72655e3b",
- "name": "realm roles",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-realm-role-mapper",
- "consentRequired": false,
- "config": {
- "multivalued": "true",
- "user.attribute": "foo",
- "access.token.claim": "true",
- "claim.name": "realm_access.roles",
- "jsonType.label": "String"
- }
- }
- ]
- }
- ]
-} \ No newline at end of file
diff --git a/aai-resources/src/it/resources/payloads/resource/pnf.json b/aai-resources/src/it/resources/payloads/resource/pnf.json
deleted file mode 100644
index 64523d16..00000000
--- a/aai-resources/src/it/resources/payloads/resource/pnf.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
- "frame-id": 999,
- "in-maint": false,
- "ipaddress-v4-oam": "1.1.1.1",
- "pnf-name": "pnf-1",
- "pnf-name-2": "pnf-test-1",
- "data-owner": "operator",
- "prov-status": "in_service"
-} \ No newline at end of file
diff --git a/aai-resources/src/main/java/org/onap/aai/web/MicrometerConfiguration.java b/aai-resources/src/main/java/org/onap/aai/web/MicrometerConfiguration.java
index 0be4e0b5..bbe94fc6 100644
--- a/aai-resources/src/main/java/org/onap/aai/web/MicrometerConfiguration.java
+++ b/aai-resources/src/main/java/org/onap/aai/web/MicrometerConfiguration.java
@@ -21,6 +21,7 @@ package org.onap.aai.web;
import io.micrometer.core.instrument.Tag;
import io.micrometer.core.instrument.Tags;
import io.micrometer.jersey2.server.JerseyTags;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import io.micrometer.jersey2.server.JerseyTagsProvider;
import org.glassfish.jersey.server.ContainerResponse;
import org.glassfish.jersey.server.monitoring.RequestEvent;
@@ -31,6 +32,9 @@ import org.springframework.context.annotation.Configuration;
* Configuration Class to add customized tags to http metrics scraped in /actuator/prometheus endpoint
*/
@Configuration
+@ConditionalOnProperty(
+ value="scrape.uri.metrics",
+ havingValue = "true")
public class MicrometerConfiguration {
private static final String TAG_AAI_URI = "aai_uri";
private static final String NOT_AVAILABLE = "NOT AVAILABLE";
diff --git a/aai-resources/src/main/resources/application.properties b/aai-resources/src/main/resources/application.properties
index afaf88b3..60807ec2 100644
--- a/aai-resources/src/main/resources/application.properties
+++ b/aai-resources/src/main/resources/application.properties
@@ -95,12 +95,16 @@ schema.service.versions.override=false
#To Expose the Prometheus scraping endpoint
management.server.port=8448
#To Enable Actuator Endpoint, you can override this to True in OOM charts
-management.endpoints.enabled-by-default=false
+management.endpoints.enabled-by-default=true
#To Enable Actuator Endpoint, you can override this in OOM Charts
-#management.endpoints.web.exposure.include=info, health, prometheus
+management.endpoints.web.exposure.include=info, health, prometheus
management.metrics.web.server.auto-time-requests=false
management.metrics.tags.group_id=aai
-management.metrics.tags.app_id=${info.build.artifact}
+# management.metrics.tags.app_id=${info.build.artifact}
+# management.metrics.tags.aai_uri=${schema.uri.base.path}
+#It is not advisable to use labels to store dimensions with high cardinality.
+#Enable this option only for debug purposes. For more information: https://github.com/micrometer-metrics/micrometer/issues/1584
+scrape.uri.metrics=false
# Location of the cadi properties file should be specified here
aaf.cadi.file=${server.local.startpath}/cadi.properties
diff --git a/aai-resources/src/test/java/org/onap/aai/rest/ConfigurationTest.java b/aai-resources/src/test/java/org/onap/aai/rest/ConfigurationTest.java
index 39f71fde..caaf91af 100644
--- a/aai-resources/src/test/java/org/onap/aai/rest/ConfigurationTest.java
+++ b/aai-resources/src/test/java/org/onap/aai/rest/ConfigurationTest.java
@@ -176,9 +176,9 @@ public class ConfigurationTest extends AbstractSpringRestTest {
responseEntity = restTemplate.exchange(actuatorurl + "/actuator/prometheus", HttpMethod.GET, httpEntity, String.class);
responseBody = (String) responseEntity.getBody();
assertEquals(HttpStatus.OK, responseEntity.getStatusCode());
- assertTrue(responseBody.contains("app_id"));
assertTrue(responseBody.contains("group_id"));
-
+ assertTrue(responseBody.contains("aai_uri"));
+
//Set Accept as MediaType.APPLICATION_JSON in order to get access of endpoint "/actuator/info" and "/actuator/health"
headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
httpEntity = new HttpEntity<String>(headers);
diff --git a/aai-resources/src/test/resources/application-test.properties b/aai-resources/src/test/resources/application-test.properties
index 8aee5e1a..e2282295 100644
--- a/aai-resources/src/test/resources/application-test.properties
+++ b/aai-resources/src/test/resources/application-test.properties
@@ -78,3 +78,4 @@ management.server.port=0
management.endpoints.enabled-by-default=true
management.endpoints.web.exposure.include=info, health, prometheus
management.metrics.web.server.auto-time-requests=false
+scrape.uri.metrics=true