Refactoring log-protect for hiding sensitive data in logs

Issue-ID: CCSDK-2010
Signed-off-by: Jozsef Csongvai <jozsef.csongvai@bell.ca>
Change-Id: I72a4d8d49a202cea0fa1a200c7466300de1ff0b0

5 files changed, 127 insertions, 21 deletions

diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintConstants.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintConstants.kt
index 571f0a176..5aaf6ccd9 100644
--- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintConstants.kt
+++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintConstants.kt
@@ -218,6 +218,8 @@ object BluePrintConstants {
 
     val USE_SCRIPT_COMPILE_CACHE: Boolean = (System.getenv("USE_SCRIPT_COMPILE_CACHE") ?: "true").toBoolean()
 
+    const val LOG_PROTECT: String = "log-protect"
+
     /** Cluster Properties */
     val CLUSTER_ENABLED = (System.getenv("CLUSTER_ENABLED") ?: "false").toBoolean()
     const val PROPERTY_CLUSTER_ID = "CLUSTER_ID"
diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/common/ApplicationConstants.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/common/ApplicationConstants.kt
index 66bc3b3cb..35f7ef184 100644
--- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/common/ApplicationConstants.kt
+++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/common/ApplicationConstants.kt
@@ -20,4 +20,5 @@ object ApplicationConstants {
     const val ACTIVE_Y = "Y"
     const val ACTIVE_N = "N"
     const val ASDC_ARTIFACT_TYPE_SDNC_MODEL = "SDNC_MODEL"
+    const val LOG_REDACTED = "****REDACTED****"
 }
diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintRuntimeService.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintRuntimeService.kt
index a6d2de476..a7ed577dd 100644
--- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintRuntimeService.kt
+++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintRuntimeService.kt
@@ -26,12 +26,14 @@ import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintError
 import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintProcessorException
 import org.onap.ccsdk.cds.controllerblueprints.core.asJsonNode
 import org.onap.ccsdk.cds.controllerblueprints.core.asJsonType
+import org.onap.ccsdk.cds.controllerblueprints.core.common.ApplicationConstants.LOG_REDACTED
 import org.onap.ccsdk.cds.controllerblueprints.core.data.ArtifactDefinition
 import org.onap.ccsdk.cds.controllerblueprints.core.data.NodeTemplate
 import org.onap.ccsdk.cds.controllerblueprints.core.data.PropertyDefinition
 import org.onap.ccsdk.cds.controllerblueprints.core.returnNullIfMissing
 import org.onap.ccsdk.cds.controllerblueprints.core.rootFieldsToMap
 import org.onap.ccsdk.cds.controllerblueprints.core.utils.BluePrintMetadataUtils
+import org.onap.ccsdk.cds.controllerblueprints.core.utils.PropertyDefinitionUtils.Companion.hasLogProtect
 import org.slf4j.LoggerFactory
 import java.io.File
 
@@ -452,7 +454,6 @@ open class DefaultBluePrintRuntimeService(private var id: String, private var bl
 
     override fun setInputValue(propertyName: String, value: JsonNode) {
         val path = """${BluePrintConstants.PATH_INPUTS}${BluePrintConstants.PATH_DIVIDER}$propertyName"""
-        log.trace("setting input path ({}), values ({})", path, value)
         put(path, value)
     }
 
@@ -594,34 +595,31 @@ open class DefaultBluePrintRuntimeService(private var id: String, private var bl
     }
 
     override fun assignWorkflowInputs(workflowName: String, jsonNode: JsonNode) {
-        log.info("For workflow ($workflowName) driving input data from ($jsonNode)")
+        log.info("Deriving input data for workflow: ($workflowName)")
+
         val dynamicInputPropertiesName = "$workflowName-properties"
 
         bluePrintContext.workflowByName(workflowName).inputs
-            ?.forEach { propertyName, property ->
-                if (propertyName != dynamicInputPropertiesName) {
-                    val valueNode: JsonNode =
-                        jsonNode.at(BluePrintConstants.PATH_DIVIDER + propertyName).returnNullIfMissing()
-                            ?: property.defaultValue
-                            ?: NullNode.getInstance()
-                    log.trace("Setting input data - attribute:($propertyName) value:($valueNode)")
-                    setInputValue(propertyName, valueNode)
-                }
-            }
+                ?.filter { (propertyName, property) -> propertyName != dynamicInputPropertiesName }
+                ?.forEach { propertyName, property -> findAndSetInputValue(propertyName, property, jsonNode) }
         // Load Dynamic data Types
         jsonNode.get(dynamicInputPropertiesName)?.let {
-            bluePrintContext.dataTypeByName("dt-$dynamicInputPropertiesName")?.properties
-                ?.forEach { propertyName, property ->
-                    val valueNode: JsonNode =
-                        it.at(BluePrintConstants.PATH_DIVIDER + propertyName).returnNullIfMissing()
-                            ?: property.defaultValue
-                            ?: NullNode.getInstance()
-                    log.trace("Setting input data - attribute:($propertyName) value:($valueNode)")
-                    setInputValue(propertyName, valueNode)
-                }
+            bluePrintContext.dataTypeByName("dt-$dynamicInputPropertiesName")
+                    ?.properties
+                    ?.forEach { propertyName, property -> findAndSetInputValue(propertyName, property, it) }
         }
     }
 
+    private fun findAndSetInputValue(propertyName: String, property: PropertyDefinition, jsonNode: JsonNode) {
+        val valueNode = jsonNode.at(BluePrintConstants.PATH_DIVIDER + propertyName)
+                .returnNullIfMissing()
+                ?: property.defaultValue
+                ?: NullNode.getInstance()
+        val loggableValue = if (hasLogProtect(property)) LOG_REDACTED else valueNode.toString()
+        log.info("Setting input data - attribute:($propertyName) value:($loggableValue)")
+        setInputValue(propertyName, valueNode)
+    }
+
     override fun resolveWorkflowOutputs(workflowName: String): MutableMap<String, JsonNode> {
         log.info("resolveWorkflowOutputs for workflow($workflowName)")
         val outputs = bluePrintContext.workflowByName(workflowName).outputs ?: mutableMapOf()
diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/utils/PropertyDefinitionUtils.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/utils/PropertyDefinitionUtils.kt
new file mode 100644
index 000000000..35f2f6d83
--- /dev/null
+++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/utils/PropertyDefinitionUtils.kt
@@ -0,0 +1,37 @@
+/*
+ * Copyright © 2019 Bell Canada.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onap.ccsdk.cds.controllerblueprints.core.utils
+
+import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintConstants.LOG_PROTECT
+import org.onap.ccsdk.cds.controllerblueprints.core.data.PropertyDefinition
+
+class PropertyDefinitionUtils {
+    companion object {
+        fun hasLogProtect(metadata: MutableMap<String, String>?) = metadata?.get(LOG_PROTECT)
+                ?.let {
+                    when (it.toLowerCase()) {
+                        "true" -> true
+                        "yes" -> true
+                        "y" -> true
+                        else -> false
+                    }
+                } ?: false
+
+        fun hasLogProtect(propertyDefinition: PropertyDefinition?) = propertyDefinition
+                ?.let { p -> hasLogProtect(p.metadata) } ?: false
+    }
+}
diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/test/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/utils/PropertyDefinitionUtilsTest.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/test/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/utils/PropertyDefinitionUtilsTest.kt
new file mode 100644
index 000000000..83764c517
--- /dev/null
+++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/test/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/utils/PropertyDefinitionUtilsTest.kt
@@ -0,0 +1,68 @@
+/*
+ * Copyright © 2019 Bell Canada.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onap.ccsdk.cds.controllerblueprints.core.utils
+
+import org.junit.Test
+import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintConstants.LOG_PROTECT
+import org.onap.ccsdk.cds.controllerblueprints.core.data.PropertyDefinition
+import org.onap.ccsdk.cds.controllerblueprints.core.utils.PropertyDefinitionUtils.Companion.hasLogProtect
+import kotlin.test.assertFalse
+import kotlin.test.assertTrue
+
+class PropertyDefinitionUtilsTest {
+
+    @Test
+    fun testLogProtectMetadata() {
+        val metadata = mutableMapOf<String, String>()
+
+        assertFalse { hasLogProtect(metadata) }
+
+        metadata[LOG_PROTECT] = "true"
+        assertTrue { hasLogProtect(metadata) }
+        metadata.clear()
+
+        metadata[LOG_PROTECT] = "yes"
+        assertTrue { hasLogProtect(metadata) }
+        metadata.clear()
+
+        metadata[LOG_PROTECT] = "y"
+        assertTrue { hasLogProtect(metadata) }
+        metadata.clear()
+
+        metadata[LOG_PROTECT] = "false"
+        assertFalse { hasLogProtect(metadata) }
+        metadata.clear()
+
+        val nullMetadata: MutableMap<String, String>? = null
+        assertFalse { hasLogProtect(nullMetadata) }
+    }
+
+    @Test
+    fun testHasLogProtectPropertyDefinition() {
+        var propertyDefinition: PropertyDefinition? = null
+        assertFalse { hasLogProtect(propertyDefinition) }
+
+        propertyDefinition = PropertyDefinition()
+        assertFalse { hasLogProtect(propertyDefinition) }
+
+        val metadata = mutableMapOf<String, String>()
+        metadata[LOG_PROTECT] = "TRUE"
+        propertyDefinition.metadata = metadata
+
+        assertTrue { hasLogProtect(propertyDefinition) }
+    }
+}