From 0a7d68420e7b95dfffb043ebbe2f52ec24effae4 Mon Sep 17 00:00:00 2001
From: Jozsef Csongvai <jozsef.csongvai@bell.ca>
Date: Thu, 19 Dec 2019 11:05:33 -0500
Subject: Refactoring log-protect for hiding sensitive data in logs

Issue-ID: CCSDK-2010
Signed-off-by: Jozsef Csongvai <jozsef.csongvai@bell.ca>
Change-Id: I72a4d8d49a202cea0fa1a200c7466300de1ff0b0
---
 .../resolution/ResourceResolutionConstants.kt      |  1 -
 .../resolution/ResourceResolutionService.kt        |  5 +++-
 .../resolution/utils/ResourceAssignmentUtils.kt    | 28 ++++------------------
 3 files changed, 9 insertions(+), 25 deletions(-)

(limited to 'ms/blueprintsprocessor/functions/resource-resolution/src')

diff --git a/ms/blueprintsprocessor/functions/resource-resolution/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/resource/resolution/ResourceResolutionConstants.kt b/ms/blueprintsprocessor/functions/resource-resolution/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/resource/resolution/ResourceResolutionConstants.kt
index 0726d2871..c39933dc8 100644
--- a/ms/blueprintsprocessor/functions/resource-resolution/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/resource/resolution/ResourceResolutionConstants.kt
+++ b/ms/blueprintsprocessor/functions/resource-resolution/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/resource/resolution/ResourceResolutionConstants.kt
@@ -29,5 +29,4 @@ object ResourceResolutionConstants {
     const val RESOURCE_RESOLUTION_INPUT_OCCURRENCE = "occurrence"
     const val RESOURCE_RESOLUTION_INPUT_RESOURCE_ID = "resource-id"
     const val RESOURCE_RESOLUTION_INPUT_RESOURCE_TYPE = "resource-type"
-    const val RESOURCE_RESOLUTION_LOG_PROTECTED_METADATA = "log-protect"
 }
diff --git a/ms/blueprintsprocessor/functions/resource-resolution/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/resource/resolution/ResourceResolutionService.kt b/ms/blueprintsprocessor/functions/resource-resolution/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/resource/resolution/ResourceResolutionService.kt
index 14e60bc95..51e93a3c1 100644
--- a/ms/blueprintsprocessor/functions/resource-resolution/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/resource/resolution/ResourceResolutionService.kt
+++ b/ms/blueprintsprocessor/functions/resource-resolution/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/resource/resolution/ResourceResolutionService.kt
@@ -32,9 +32,11 @@ import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintProcessorException
 import org.onap.ccsdk.cds.controllerblueprints.core.asJsonPrimitive
 import org.onap.ccsdk.cds.controllerblueprints.core.asJsonType
 import org.onap.ccsdk.cds.controllerblueprints.core.checkNotEmpty
+import org.onap.ccsdk.cds.controllerblueprints.core.common.ApplicationConstants.LOG_REDACTED
 import org.onap.ccsdk.cds.controllerblueprints.core.service.BluePrintRuntimeService
 import org.onap.ccsdk.cds.controllerblueprints.core.service.BluePrintTemplateService
 import org.onap.ccsdk.cds.controllerblueprints.core.utils.JacksonUtils
+import org.onap.ccsdk.cds.controllerblueprints.core.utils.PropertyDefinitionUtils.Companion.hasLogProtect
 import org.onap.ccsdk.cds.controllerblueprints.resource.dict.ResourceAssignment
 import org.onap.ccsdk.cds.controllerblueprints.resource.dict.ResourceDefinition
 import org.onap.ccsdk.cds.controllerblueprints.resource.dict.utils.BulkResourceSequencingUtils
@@ -395,7 +397,8 @@ open class ResourceResolutionServiceImpl(
             if (resourceResolution.status == BluePrintConstants.STATUS_SUCCESS) {
                 resourceAssignmentList.forEach {
                     if (compareOne(resourceResolution, it)) {
-                        log.info("Resource ({}) already resolve: value=({})", it.name, resourceResolution.value)
+                        log.info("Resource ({}) already resolved: value=({})", it.name,
+                            if (hasLogProtect(it.property)) LOG_REDACTED else resourceResolution.value)
 
                         // Make sure to recreate value as per the defined type.
                         val value = resourceResolution.value!!.asJsonType(it.property!!.type)
diff --git a/ms/blueprintsprocessor/functions/resource-resolution/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/resource/resolution/utils/ResourceAssignmentUtils.kt b/ms/blueprintsprocessor/functions/resource-resolution/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/resource/resolution/utils/ResourceAssignmentUtils.kt
index b818cc2b1..a813c00ca 100644
--- a/ms/blueprintsprocessor/functions/resource-resolution/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/resource/resolution/utils/ResourceAssignmentUtils.kt
+++ b/ms/blueprintsprocessor/functions/resource-resolution/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/functions/resource/resolution/utils/ResourceAssignmentUtils.kt
@@ -31,6 +31,7 @@ import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintTypes
 import org.onap.ccsdk.cds.controllerblueprints.core.asJsonType
 import org.onap.ccsdk.cds.controllerblueprints.core.checkFileExists
 import org.onap.ccsdk.cds.controllerblueprints.core.checkNotEmpty
+import org.onap.ccsdk.cds.controllerblueprints.core.common.ApplicationConstants.LOG_REDACTED
 import org.onap.ccsdk.cds.controllerblueprints.core.isComplexType
 import org.onap.ccsdk.cds.controllerblueprints.core.isNotEmpty
 import org.onap.ccsdk.cds.controllerblueprints.core.isNullOrMissing
@@ -40,6 +41,7 @@ import org.onap.ccsdk.cds.controllerblueprints.core.rootFieldsToMap
 import org.onap.ccsdk.cds.controllerblueprints.core.service.BluePrintRuntimeService
 import org.onap.ccsdk.cds.controllerblueprints.core.utils.JacksonReactorUtils
 import org.onap.ccsdk.cds.controllerblueprints.core.utils.JacksonUtils
+import org.onap.ccsdk.cds.controllerblueprints.core.utils.PropertyDefinitionUtils.Companion.hasLogProtect
 import org.onap.ccsdk.cds.controllerblueprints.resource.dict.ResourceAssignment
 import org.onap.ccsdk.cds.controllerblueprints.resource.dict.ResourceDefinition
 import org.slf4j.LoggerFactory
@@ -159,9 +161,7 @@ class ResourceAssignmentUtils {
                         val type = nullToEmpty(it.property?.type).toLowerCase()
                         val value = useDefaultValueIfNull(it, rName)
                         val valueToPrint = getValueToLog(metadata, value)
-                        if (checkIfLogIsProtected(metadata)) {
-                            containsLogProtected = true
-                        }
+                        containsLogProtected = hasLogProtect(metadata)
                         logger.trace("Generating Resource name ($rName), type ($type), value ($valueToPrint)")
                         root.set(rName, value)
                     }
@@ -593,25 +593,7 @@ class ResourceAssignmentUtils {
             return (outputKeyMapping.size == 1)
         }
 
-        fun getValueToLog(metadata: MutableMap<String, String>?, value: Any): Any {
-            return if (checkIfLogIsProtected(metadata)) {
-                "******REDACTED******"
-            } else {
-                value
-            }
-        }
-
-        private fun checkIfLogIsProtected(metadata: MutableMap<String, String>?): Boolean {
-            var checkProtected = false
-            if (metadata != null &&
-                metadata.containsKey(ResourceResolutionConstants.RESOURCE_RESOLUTION_LOG_PROTECTED_METADATA)
-            ) {
-                val protectedMetadata = metadata[ResourceResolutionConstants.RESOURCE_RESOLUTION_LOG_PROTECTED_METADATA]
-                if (protectedMetadata == "yes" || protectedMetadata == "y") {
-                    checkProtected = true
-                }
-            }
-            return checkProtected
-        }
+        fun getValueToLog(metadata: MutableMap<String, String>?, value: Any): Any =
+                if (hasLogProtect(metadata)) LOG_REDACTED else value
     }
 }
-- 
cgit 1.2.3-korg