From 0a7d68420e7b95dfffb043ebbe2f52ec24effae4 Mon Sep 17 00:00:00 2001 From: Jozsef Csongvai Date: Thu, 19 Dec 2019 11:05:33 -0500 Subject: Refactoring log-protect for hiding sensitive data in logs Issue-ID: CCSDK-2010 Signed-off-by: Jozsef Csongvai Change-Id: I72a4d8d49a202cea0fa1a200c7466300de1ff0b0 --- .../core/BluePrintConstants.kt | 2 + .../core/common/ApplicationConstants.kt | 1 + .../core/service/BluePrintRuntimeService.kt | 40 ++++++------- .../core/utils/PropertyDefinitionUtils.kt | 37 ++++++++++++ .../core/utils/PropertyDefinitionUtilsTest.kt | 68 ++++++++++++++++++++++ 5 files changed, 127 insertions(+), 21 deletions(-) create mode 100644 ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/utils/PropertyDefinitionUtils.kt create mode 100644 ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/test/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/utils/PropertyDefinitionUtilsTest.kt (limited to 'ms/blueprintsprocessor/modules/blueprints/blueprint-core') diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintConstants.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintConstants.kt index 571f0a176..5aaf6ccd9 100644 --- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintConstants.kt +++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/BluePrintConstants.kt @@ -218,6 +218,8 @@ object BluePrintConstants { val USE_SCRIPT_COMPILE_CACHE: Boolean = (System.getenv("USE_SCRIPT_COMPILE_CACHE") ?: "true").toBoolean() + const val LOG_PROTECT: String = "log-protect" + /** Cluster Properties */ val CLUSTER_ENABLED = (System.getenv("CLUSTER_ENABLED") ?: "false").toBoolean() const val PROPERTY_CLUSTER_ID = "CLUSTER_ID" diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/common/ApplicationConstants.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/common/ApplicationConstants.kt index 66bc3b3cb..35f7ef184 100644 --- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/common/ApplicationConstants.kt +++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/common/ApplicationConstants.kt @@ -20,4 +20,5 @@ object ApplicationConstants { const val ACTIVE_Y = "Y" const val ACTIVE_N = "N" const val ASDC_ARTIFACT_TYPE_SDNC_MODEL = "SDNC_MODEL" + const val LOG_REDACTED = "****REDACTED****" } diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintRuntimeService.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintRuntimeService.kt index a6d2de476..a7ed577dd 100644 --- a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintRuntimeService.kt +++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/service/BluePrintRuntimeService.kt @@ -26,12 +26,14 @@ import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintError import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintProcessorException import org.onap.ccsdk.cds.controllerblueprints.core.asJsonNode import org.onap.ccsdk.cds.controllerblueprints.core.asJsonType +import org.onap.ccsdk.cds.controllerblueprints.core.common.ApplicationConstants.LOG_REDACTED import org.onap.ccsdk.cds.controllerblueprints.core.data.ArtifactDefinition import org.onap.ccsdk.cds.controllerblueprints.core.data.NodeTemplate import org.onap.ccsdk.cds.controllerblueprints.core.data.PropertyDefinition import org.onap.ccsdk.cds.controllerblueprints.core.returnNullIfMissing import org.onap.ccsdk.cds.controllerblueprints.core.rootFieldsToMap import org.onap.ccsdk.cds.controllerblueprints.core.utils.BluePrintMetadataUtils +import org.onap.ccsdk.cds.controllerblueprints.core.utils.PropertyDefinitionUtils.Companion.hasLogProtect import org.slf4j.LoggerFactory import java.io.File @@ -452,7 +454,6 @@ open class DefaultBluePrintRuntimeService(private var id: String, private var bl override fun setInputValue(propertyName: String, value: JsonNode) { val path = """${BluePrintConstants.PATH_INPUTS}${BluePrintConstants.PATH_DIVIDER}$propertyName""" - log.trace("setting input path ({}), values ({})", path, value) put(path, value) } @@ -594,34 +595,31 @@ open class DefaultBluePrintRuntimeService(private var id: String, private var bl } override fun assignWorkflowInputs(workflowName: String, jsonNode: JsonNode) { - log.info("For workflow ($workflowName) driving input data from ($jsonNode)") + log.info("Deriving input data for workflow: ($workflowName)") + val dynamicInputPropertiesName = "$workflowName-properties" bluePrintContext.workflowByName(workflowName).inputs - ?.forEach { propertyName, property -> - if (propertyName != dynamicInputPropertiesName) { - val valueNode: JsonNode = - jsonNode.at(BluePrintConstants.PATH_DIVIDER + propertyName).returnNullIfMissing() - ?: property.defaultValue - ?: NullNode.getInstance() - log.trace("Setting input data - attribute:($propertyName) value:($valueNode)") - setInputValue(propertyName, valueNode) - } - } + ?.filter { (propertyName, property) -> propertyName != dynamicInputPropertiesName } + ?.forEach { propertyName, property -> findAndSetInputValue(propertyName, property, jsonNode) } // Load Dynamic data Types jsonNode.get(dynamicInputPropertiesName)?.let { - bluePrintContext.dataTypeByName("dt-$dynamicInputPropertiesName")?.properties - ?.forEach { propertyName, property -> - val valueNode: JsonNode = - it.at(BluePrintConstants.PATH_DIVIDER + propertyName).returnNullIfMissing() - ?: property.defaultValue - ?: NullNode.getInstance() - log.trace("Setting input data - attribute:($propertyName) value:($valueNode)") - setInputValue(propertyName, valueNode) - } + bluePrintContext.dataTypeByName("dt-$dynamicInputPropertiesName") + ?.properties + ?.forEach { propertyName, property -> findAndSetInputValue(propertyName, property, it) } } } + private fun findAndSetInputValue(propertyName: String, property: PropertyDefinition, jsonNode: JsonNode) { + val valueNode = jsonNode.at(BluePrintConstants.PATH_DIVIDER + propertyName) + .returnNullIfMissing() + ?: property.defaultValue + ?: NullNode.getInstance() + val loggableValue = if (hasLogProtect(property)) LOG_REDACTED else valueNode.toString() + log.info("Setting input data - attribute:($propertyName) value:($loggableValue)") + setInputValue(propertyName, valueNode) + } + override fun resolveWorkflowOutputs(workflowName: String): MutableMap { log.info("resolveWorkflowOutputs for workflow($workflowName)") val outputs = bluePrintContext.workflowByName(workflowName).outputs ?: mutableMapOf() diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/utils/PropertyDefinitionUtils.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/utils/PropertyDefinitionUtils.kt new file mode 100644 index 000000000..35f2f6d83 --- /dev/null +++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/main/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/utils/PropertyDefinitionUtils.kt @@ -0,0 +1,37 @@ +/* + * Copyright © 2019 Bell Canada. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.ccsdk.cds.controllerblueprints.core.utils + +import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintConstants.LOG_PROTECT +import org.onap.ccsdk.cds.controllerblueprints.core.data.PropertyDefinition + +class PropertyDefinitionUtils { + companion object { + fun hasLogProtect(metadata: MutableMap?) = metadata?.get(LOG_PROTECT) + ?.let { + when (it.toLowerCase()) { + "true" -> true + "yes" -> true + "y" -> true + else -> false + } + } ?: false + + fun hasLogProtect(propertyDefinition: PropertyDefinition?) = propertyDefinition + ?.let { p -> hasLogProtect(p.metadata) } ?: false + } +} diff --git a/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/test/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/utils/PropertyDefinitionUtilsTest.kt b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/test/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/utils/PropertyDefinitionUtilsTest.kt new file mode 100644 index 000000000..83764c517 --- /dev/null +++ b/ms/blueprintsprocessor/modules/blueprints/blueprint-core/src/test/kotlin/org/onap/ccsdk/cds/controllerblueprints/core/utils/PropertyDefinitionUtilsTest.kt @@ -0,0 +1,68 @@ +/* + * Copyright © 2019 Bell Canada. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.ccsdk.cds.controllerblueprints.core.utils + +import org.junit.Test +import org.onap.ccsdk.cds.controllerblueprints.core.BluePrintConstants.LOG_PROTECT +import org.onap.ccsdk.cds.controllerblueprints.core.data.PropertyDefinition +import org.onap.ccsdk.cds.controllerblueprints.core.utils.PropertyDefinitionUtils.Companion.hasLogProtect +import kotlin.test.assertFalse +import kotlin.test.assertTrue + +class PropertyDefinitionUtilsTest { + + @Test + fun testLogProtectMetadata() { + val metadata = mutableMapOf() + + assertFalse { hasLogProtect(metadata) } + + metadata[LOG_PROTECT] = "true" + assertTrue { hasLogProtect(metadata) } + metadata.clear() + + metadata[LOG_PROTECT] = "yes" + assertTrue { hasLogProtect(metadata) } + metadata.clear() + + metadata[LOG_PROTECT] = "y" + assertTrue { hasLogProtect(metadata) } + metadata.clear() + + metadata[LOG_PROTECT] = "false" + assertFalse { hasLogProtect(metadata) } + metadata.clear() + + val nullMetadata: MutableMap? = null + assertFalse { hasLogProtect(nullMetadata) } + } + + @Test + fun testHasLogProtectPropertyDefinition() { + var propertyDefinition: PropertyDefinition? = null + assertFalse { hasLogProtect(propertyDefinition) } + + propertyDefinition = PropertyDefinition() + assertFalse { hasLogProtect(propertyDefinition) } + + val metadata = mutableMapOf() + metadata[LOG_PROTECT] = "TRUE" + propertyDefinition.metadata = metadata + + assertTrue { hasLogProtect(propertyDefinition) } + } +} -- cgit 1.2.3-korg