From c73866cf44cad2be9a91ea1e2a3a77fcc29d9c2a Mon Sep 17 00:00:00 2001
From: "Kotagiri, Ramprasad (rp5662)" <rp5662@att.com>
Date: Mon, 3 Feb 2020 13:43:25 -0500
Subject: DCAE dashboard security fixes

Portal SDK ver 2.6.0, non-root user for docker container
Change label on Dashboard Home page, API changes, Container optimization

Change-Id: Ie2c8efd76d34fddc2b182d5ed494761522695914
Issue-ID: DCAEGEN2-1638
Issue-ID: CCSDK-1485
Issue-ID: DCAEGEN2-1921
Issue-ID: DCAEGEN2-1915
Issue-ID: DCAEGEN2-1856
Issue-ID: DCAEGEN2-1556
Issue-ID: DCAEGEN2-1592
Signed-off-by: Kotagiri, Ramprasad (rp5662) <rp5662@att.com>
---
 .../dashboard/controller/CloudifyController.java   | 201 ---------------------
 .../dashboard/controller/CommonApiController.java  |   2 +-
 2 files changed, 1 insertion(+), 202 deletions(-)

(limited to 'ccsdk-app-common/src/main')

diff --git a/ccsdk-app-common/src/main/java/org/onap/ccsdk/dashboard/controller/CloudifyController.java b/ccsdk-app-common/src/main/java/org/onap/ccsdk/dashboard/controller/CloudifyController.java
index 16949cd..93748f3 100644
--- a/ccsdk-app-common/src/main/java/org/onap/ccsdk/dashboard/controller/CloudifyController.java
+++ b/ccsdk-app-common/src/main/java/org/onap/ccsdk/dashboard/controller/CloudifyController.java
@@ -211,35 +211,6 @@ public class CloudifyController extends DashboardRestrictedBaseController {
         return outboundJson;
     }
 
-    /**
-     * Serves one page of blueprints
-     * 
-     * @param request HttpServletRequest
-     * @return List of CloudifyBlueprint objects
-     */
-    /*
-     * @RequestMapping(value = { BLUEPRINTS_PATH }, method = RequestMethod.GET,
-     * produces = "application/json")
-     * 
-     * @ResponseBody public String getBlueprintsByPage(HttpServletRequest request) {
-     * preLogAudit(request); String json = getItemListForPageWrapper(request,
-     * CloudifyDataItem.BLUEPRINT); postLogAudit(request); return json; }
-     */
-    /**
-     * Serves one page of deployments
-     * 
-     * @param request HttpServletRequest
-     * @return List of CloudifyDeployment objects
-     */
-
-    /*
-     * @RequestMapping(value = { DEPLOYMENTS_PATH }, method = RequestMethod.GET,
-     * produces = "application/json")
-     * 
-     * @ResponseBody public String getDeploymentsByPage(HttpServletRequest request)
-     * { preLogAudit(request); String json = getItemListForPageWrapper(request,
-     * CloudifyDataItem.DEPLOYMENT); postLogAudit(request); return json; }
-     */
     /**
      * gets the tenants list
      * 
@@ -297,106 +268,6 @@ public class CloudifyController extends DashboardRestrictedBaseController {
         return objectMapper.writeValueAsString(result);
     }
 
-    /**
-     * Gets the specified blueprint content for viewing.
-     * 
-     * @param id      Blueprint ID
-     * @param request HttpServletRequest
-     * @return Blueprint as YAML; or error.
-     * @throws Exception on serialization error
-     * 
-     */
-    /*
-     * @RequestMapping(value = { VIEW_BLUEPRINTS_PATH + "/{id}" }, method =
-     * RequestMethod.GET, produces = "application/yaml")
-     * 
-     * @ResponseBody public String viewBlueprintContentById(@PathVariable("id")
-     * String id, HttpServletRequest request) throws Exception {
-     * preLogAudit(request); ECTransportModel result = null; try { result =
-     * cloudifyClient.viewBlueprint(id); } catch (HttpStatusCodeException e) {
-     * MDC.put(SystemProperties.STATUS_CODE, "ERROR"); MDC.put("TargetEntity",
-     * "Cloudify Manager"); MDC.put("TargetServiceName", "Cloudify Manager");
-     * MDC.put("ErrorCode", "300"); MDC.put("ErrorCategory", "ERROR");
-     * MDC.put("ErrorDescription", "Viewing blueprint " + id + " failed!");
-     * logger.error(EELFLoggerDelegate.errorLogger,
-     * "viewBlueprintContentById caught exception"); result = new
-     * RestResponseError(e.getResponseBodyAsString()); } catch (Throwable t) {
-     * MDC.put(SystemProperties.STATUS_CODE, "ERROR"); MDC.put("TargetEntity",
-     * "Cloudify Manager"); MDC.put("TargetServiceName", "Cloudify Manager");
-     * MDC.put("ErrorCode", "300"); MDC.put("ErrorCategory", "ERROR");
-     * MDC.put("ErrorDescription", "Viewing blueprint " + id + " failed!");
-     * logger.error(EELFLoggerDelegate.errorLogger,
-     * "viewBlueprintContentById caught exception"); result = new
-     * RestResponseError("getBlueprintContentById failed", t); } finally {
-     * postLogAudit(request); } return objectMapper.writeValueAsString(result); }
-     */
-    /**
-     * Processes request to upload a blueprint from a remote server.
-     * 
-     * @param request   HttpServletRequest
-     * @param blueprint Cloudify blueprint
-     * @return Blueprint as uploaded; or error.
-     * @throws Exception on serialization error
-     */
-    /*
-     * @RequestMapping(value = { BLUEPRINTS_PATH }, method = RequestMethod.POST,
-     * produces = "application/json")
-     * 
-     * @ResponseBody public String uploadBlueprint(HttpServletRequest
-     * request, @RequestBody CloudifyBlueprintUpload blueprint) throws Exception {
-     * preLogAudit(request); ECTransportModel result = null; try { result =
-     * cloudifyClient.uploadBlueprint(blueprint); } catch (HttpStatusCodeException
-     * e) { MDC.put(SystemProperties.STATUS_CODE, "ERROR"); MDC.put("TargetEntity",
-     * "Cloudify Manager"); MDC.put("TargetServiceName", "Cloudify Manager");
-     * MDC.put("ErrorCode", "300"); MDC.put("ErrorCategory", "ERROR");
-     * MDC.put("ErrorDescription", "Uploading blueprint failed!");
-     * logger.error(EELFLoggerDelegate.errorLogger,
-     * "uploadBlueprint caught exception"); result = new
-     * RestResponseError(e.getResponseBodyAsString()); } catch (Throwable t) {
-     * MDC.put(SystemProperties.STATUS_CODE, "ERROR"); MDC.put("TargetEntity",
-     * "Cloudify Manager"); MDC.put("TargetServiceName", "Cloudify Manager");
-     * MDC.put("ErrorCode", "300"); MDC.put("ErrorCategory", "ERROR");
-     * MDC.put("ErrorDescription", "Uploading blueprint failed!");
-     * logger.error(EELFLoggerDelegate.errorLogger,
-     * "uploadBlueprint caught exception"); result = new
-     * RestResponseError("uploadBlueprint failed", t); } finally {
-     * postLogAudit(request); } return objectMapper.writeValueAsString(result); }
-     */
-    /**
-     * Deletes the specified blueprint.
-     * 
-     * @param id       Blueprint ID
-     * @param request  HttpServletRequest
-     * @param response HttpServletResponse
-     * @return No content on success; error on failure.
-     * @throws Exception On serialization failure
-     */
-
-    /*
-     * @RequestMapping(value = { BLUEPRINTS_PATH + "/{id}" }, method =
-     * RequestMethod.DELETE, produces = "application/json")
-     * 
-     * @ResponseBody public String deleteBlueprint(@PathVariable("id") String id,
-     * HttpServletRequest request, HttpServletResponse response) throws Exception {
-     * preLogAudit(request); ECTransportModel result = null; try { int code =
-     * cloudifyClient.deleteBlueprint(id); response.setStatus(code); } catch
-     * (HttpStatusCodeException e) { MDC.put(SystemProperties.STATUS_CODE, "ERROR");
-     * MDC.put("TargetEntity", "Cloudify Manager"); MDC.put("TargetServiceName",
-     * "Cloudify Manager"); MDC.put("ErrorCode", "300"); MDC.put("ErrorCategory",
-     * "ERROR"); MDC.put("ErrorDescription", "Deleting blueprint " + id +
-     * " failed!"); logger.error(EELFLoggerDelegate.errorLogger,
-     * "deleteBlueprint caught exception"); result = new
-     * RestResponseError(e.getResponseBodyAsString()); } catch (Throwable t) {
-     * MDC.put(SystemProperties.STATUS_CODE, "ERROR"); MDC.put("TargetEntity",
-     * "Cloudify Manager"); MDC.put("TargetServiceName", "Cloudify Manager");
-     * MDC.put("ErrorCode", "300"); MDC.put("ErrorCategory", "ERROR");
-     * MDC.put("ErrorDescription", "Deleting blueprint " + id + " failed!");
-     * logger.error(EELFLoggerDelegate.errorLogger,
-     * "deleteBlueprint caught exception"); result = new
-     * RestResponseError("deleteBlueprint failed on ID " + id, t); } finally {
-     * postLogAudit(request); } if (result == null) return null; else return
-     * objectMapper.writeValueAsString(result); }
-     */
     /**
      * Gets the specified deployment.
      * 
@@ -553,78 +424,6 @@ public class CloudifyController extends DashboardRestrictedBaseController {
         return outboundJson;
     }
 
-    /**
-     * Processes request to create a deployment based on a blueprint.
-     * 
-     * @param request    HttpServletRequest
-     * @param deployment Deployment to upload
-     * @return Body of deployment; error on failure
-     * @throws Exception On serialization failure
-     */
-    /*
-     * @RequestMapping(value = { DEPLOYMENTS_PATH }, method = RequestMethod.POST,
-     * produces = "application/json")
-     * 
-     * @ResponseBody public String createDeployment(HttpServletRequest
-     * request, @RequestBody CloudifyDeploymentRequest deployment) throws Exception
-     * { preLogAudit(request); ECTransportModel result = null; try { result =
-     * cloudifyClient.createDeployment(deployment); } catch (HttpStatusCodeException
-     * e) { MDC.put(SystemProperties.STATUS_CODE, "ERROR"); MDC.put("TargetEntity",
-     * "Cloudify Manager"); MDC.put("TargetServiceName", "Cloudify Manager");
-     * MDC.put("ErrorCode", "300"); MDC.put("ErrorCategory", "ERROR");
-     * MDC.put("ErrorDescription", "Creating deployment failed!");
-     * logger.error(EELFLoggerDelegate.errorLogger,
-     * "createDeployment caught exception"); result = new
-     * RestResponseError(e.getResponseBodyAsString()); } catch (Throwable t) {
-     * MDC.put(SystemProperties.STATUS_CODE, "ERROR"); MDC.put("TargetEntity",
-     * "Cloudify Manager"); MDC.put("TargetServiceName", "Cloudify Manager");
-     * MDC.put("ErrorCode", "300"); MDC.put("ErrorCategory", "ERROR");
-     * MDC.put("ErrorDescription", "Creating deployment failed!");
-     * logger.error(EELFLoggerDelegate.errorLogger,
-     * "createDeployment caught exception"); result = new
-     * RestResponseError("createDeployment failed", t); } finally {
-     * postLogAudit(request); } return objectMapper.writeValueAsString(result); }
-     */
-    /**
-     * Deletes the specified deployment.
-     * 
-     * @param id              Deployment ID
-     * @param ignoreLiveNodes Boolean indicator whether to force a delete in case of
-     *                        live nodes
-     * @param request         HttpServletRequest
-     * @param response        HttpServletResponse
-     * @return Passes thru HTTP status code from remote endpoint; no body on success
-     * @throws Exception on serialization failure
-     */
-
-    /*
-     * @RequestMapping(value = { DEPLOYMENTS_PATH + "/{id}" }, method =
-     * RequestMethod.DELETE, produces = "application/json")
-     * 
-     * @ResponseBody public String deleteDeployment(@PathVariable("id") String id,
-     * 
-     * @RequestParam(value = "ignore_live_nodes", required = false) Boolean
-     * ignoreLiveNodes, HttpServletRequest request, HttpServletResponse response)
-     * throws Exception { preLogAudit(request); ECTransportModel result = null; try
-     * { int code = cloudifyClient.deleteDeployment(id, ignoreLiveNodes == null ?
-     * false : ignoreLiveNodes); response.setStatus(code); } catch
-     * (HttpStatusCodeException e) { MDC.put(SystemProperties.STATUS_CODE, "ERROR");
-     * MDC.put("TargetEntity", "Cloudify Manager"); MDC.put("TargetServiceName",
-     * "Cloudify Manager"); MDC.put("ErrorCode", "300"); MDC.put("ErrorCategory",
-     * "ERROR"); MDC.put("ErrorDescription", "Deleting deployment " + id +
-     * " failed!"); logger.error(EELFLoggerDelegate.errorLogger,
-     * "deleteDeployment caught exception"); result = new
-     * RestResponseError(e.getResponseBodyAsString()); } catch (Throwable t) {
-     * MDC.put(SystemProperties.STATUS_CODE, "ERROR"); MDC.put("TargetEntity",
-     * "Cloudify Manager"); MDC.put("TargetServiceName", "Cloudify Manager");
-     * MDC.put("ErrorCategory", "ERROR"); MDC.put("ErrorDescription",
-     * "Deleting deployment " + id + " failed!");
-     * logger.error(EELFLoggerDelegate.errorLogger,
-     * "deleteDeployment caught exception"); result = new
-     * RestResponseError("deleteDeployment failed on ID " + id, t); } finally {
-     * postLogAudit(request); } if (result == null) return null; else return
-     * objectMapper.writeValueAsString(result); }
-     */
     /**
      * Gets and serves one page of executions:
      * <OL>
diff --git a/ccsdk-app-common/src/main/java/org/onap/ccsdk/dashboard/controller/CommonApiController.java b/ccsdk-app-common/src/main/java/org/onap/ccsdk/dashboard/controller/CommonApiController.java
index c63f263..bd53145 100644
--- a/ccsdk-app-common/src/main/java/org/onap/ccsdk/dashboard/controller/CommonApiController.java
+++ b/ccsdk-app-common/src/main/java/org/onap/ccsdk/dashboard/controller/CommonApiController.java
@@ -96,7 +96,7 @@ import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.core.type.TypeReference;
 
 @RestController
-@RequestMapping("/api-if")
+@RequestMapping("/nb-api")
 public class CommonApiController extends DashboardRestrictedBaseController {
     private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(CommonApiController.class);
 
-- 
cgit 1.2.3-korg