diff options
Diffstat (limited to 'kubernetes/pomba/charts/pomba-validation-service/resources')
13 files changed, 411 insertions, 0 deletions
diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/README.txt b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/README.txt new file mode 100644 index 0000000000..5cc01497f5 --- /dev/null +++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/README.txt @@ -0,0 +1,10 @@ +This directory contains all external configuration files that +need to be mounted into an application container. + +See the configmap.yaml in the templates directory for an example +of how to load (ie map) config files from this directory, into +Kubernetes, for distribution within the k8s cluster. + +See deployment.yaml in the templates directory for an example +of how the 'config mapped' files are then mounted into the +containers. diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/aai-environment.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/aai-environment.properties new file mode 100644 index 0000000000..2d600ce41a --- /dev/null +++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/aai-environment.properties @@ -0,0 +1,15 @@ +host=dummy-host.onap.org +port=8443 +httpProtocol=https +trustStorePath=/auth/tomcat_keystore +#trustStorePassword intentionally left blank +trustStorePassword.x= +keyStorePath=/auth/client-cert-onap.p12 +keyStorePassword.x=dfcfd1003bdde18de8efea3c8661510e +keyManagerFactoryAlgorithm=SunX509 +keyStoreType=PKCS12 +securityProtocol=TLS +connectionTimeout=5000 +readTimeout=1000 + +baseModelURI=/aai/v8/service-design-and-creation/models/model diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/client-cert-onap.p12 b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/client-cert-onap.p12 Binary files differnew file mode 100644 index 0000000000..dbf4fcacec --- /dev/null +++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/client-cert-onap.p12 diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/tomcat_keystore b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/tomcat_keystore Binary files differnew file mode 100644 index 0000000000..9eec841aa2 --- /dev/null +++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth/tomcat_keystore diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth_policy.json b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth_policy.json new file mode 100644 index 0000000000..ea5565a71e --- /dev/null +++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/auth_policy.json @@ -0,0 +1,46 @@ +{"roles": [ + { + "name": "admin", + "functions": [ + { + "name": "actions", + "methods": [ + {"name": "GET"}, + {"name": "DELETE"}, + {"name": "PUT"} + ] + }, + { + "name": "validate", + "methods": [{"name": "POST"}] + } + ], + "users": [ + {"username": "CN=common-name, OU=org-unit, O=org, L=location, ST=state, C=US"}, + {"username": "CN=test, OU=qa, O=Test Ltd, L=London, ST=London, C=GB"}, + {"username": "CN=aai-client.dev.att.com, OU=aai digicert client dev, O=\"AT&T Services, Inc.\", L=Dallas, ST=Texas, C=US"} + ] + }, + { + "name": "ops", + "functions": [{ + "name": "actions", + "methods": [{"name": "POST"}] + }], + "users": [ + {"username": "CN=common-name, OU=org-unit, O=org, L=location, ST=state, C=US"}, + {"username": "CN=test, OU=qa, O=Test Ltd, L=London, ST=London, C=GB"} + ] + }, + { + "name": "basicauth", + "functions": [{ + "name": "util", + "methods": [{"name": "GET"}] + }], + "users": [{ + "user": "aai", + "pass": "OBF:1u2a1t2v1vgb1s3g1s3m1vgj1t3b1u30" + }] + } +]} diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-indexing.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-indexing.properties new file mode 100644 index 0000000000..06f4626ab6 --- /dev/null +++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/rule-indexing.properties @@ -0,0 +1,4 @@ +rule.indexing.events=POA-EVENT +rule.indexing.exclude.oxm.validation=POA-EVENT +rule.indexing.key.attributes=$.poa-event.modelVersionId,$.poa-event.modelInvariantId +rule.indexing.default.key=default-rules diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/schemaIngest.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/schemaIngest.properties new file mode 100644 index 0000000000..41e83bb11d --- /dev/null +++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/schemaIngest.properties @@ -0,0 +1,7 @@ +# Properties for the SchemaLocationsBean +# The AAI Schema jar will be unpacked to bundleconfig/etc +schemaConfig=bundleconfig +# Files named aai_oxm_v*.xml are unpacked here: +nodeDir=${APP_HOME}/bundleconfig/etc/oxm +# Dummy folder/directory: +edgeDir=${APP_HOME}/bundleconfig/etc/oxm diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties new file mode 100644 index 0000000000..f15f46dd11 --- /dev/null +++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-audit-result.properties @@ -0,0 +1,22 @@ +# ============LICENSE_START=================================================== +# Copyright (c) 2018 Amdocs +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END===================================================== + +poa-audit-result.name=POA-AUDIT-RESULT +poa-audit-result.host=message-router:3904 +poa-audit-result.publisher.partition=1 +poa-audit-result.username= +poa-audit-result.password= +poa-audit-result.transport.type=HTTPAUTH diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties new file mode 100644 index 0000000000..79aa5398ae --- /dev/null +++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/topics/topic-poa-rule-validation.properties @@ -0,0 +1,23 @@ +# ============LICENSE_START=================================================== +# Copyright (c) 2018 Amdocs +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END===================================================== + +poa-rule-validation.name=POA-RULE-VALIDATION +poa-rule-validation.host=message-router:3904 +poa-rule-validation.username= +poa-rule-validation.password= +poa-rule-validation.consumer.group=poa-validator-test +poa-rule-validation.consumer.id=test +poa-rule-validation.transport.type=HTTPAUTH diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service-auth.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service-auth.properties new file mode 100644 index 0000000000..8bbd4233a6 --- /dev/null +++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service-auth.properties @@ -0,0 +1,2 @@ +auth.policy.file=${CONFIG_HOME}/auth_policy.json +auth.authentication.disable=false diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service.properties new file mode 100644 index 0000000000..9b2e86213a --- /dev/null +++ b/kubernetes/pomba/charts/pomba-validation-service/resources/appconfig/validation-service.properties @@ -0,0 +1,13 @@ +topic.publish.enable=true +topic.publish.retries=3 +topic.consume.enable=true +topic.consume.polling.interval.seconds=3 + +event.domain=onap +event.action.exclude=DELETE +event.type.rule=POA-EVENT +event.type.model=NOT-APPLICABLE-IN-POMBA +event.type.end=END-EVENT + +model.cache.expirySeconds=3 +aai.oxm.version=10 diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/application.properties b/kubernetes/pomba/charts/pomba-validation-service/resources/application.properties new file mode 100644 index 0000000000..a71bb9b01e --- /dev/null +++ b/kubernetes/pomba/charts/pomba-validation-service/resources/application.properties @@ -0,0 +1,43 @@ +# ============LICENSE_START=================================================== +# Copyright (c) 2018 Amdocs +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END===================================================== + +# Note that the start.sh script sets the following System Properties +# We provide default values here for testing purposes +APP_HOME=. +CONFIG_HOME=appconfig +com.att.eelf.logging.path=src/main/resources +com.att.eelf.logging.file=logback.xml +logback.configurationFile=${com.att.eelf.logging.path}/${com.att.eelf.logging.file} + +schemaIngestPropLoc=${CONFIG_HOME}/schemaIngest.properties + +server.port=9501 +server.ssl.client-auth=want +server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore +# Work-around for missing Java certificates file "cacerts". This default value should be overridden. +server.ssl.trust-store=${CONFIG_HOME}/auth/tomcat_keystore + +server.tomcat.max-threads=200 +# The minimum number of threads always kept alive +server.tomcat.min-spare-threads=25 + +# Spring Boot logging +logging.config=${logback.configurationFile} + +consumer.topic.names=poa-rule-validation +publisher.topic.names=poa-audit-result + +topics.properties.location=${CONFIG_HOME}/topics/ diff --git a/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy b/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy new file mode 100644 index 0000000000..c6699091f7 --- /dev/null +++ b/kubernetes/pomba/charts/pomba-validation-service/resources/bundleconfig/etc/rules/poa-event/default-rules.groovy @@ -0,0 +1,226 @@ +/* + * ============LICENSE_START=================================================== + * Copyright (c) 2018 Amdocs + * ============================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END===================================================== + */ + +entity { + name 'POA-EVENT' + indexing { + indices 'default-rules' + } + validation { + + // NDCB-AAI comparison: Context level + useRule { + name 'NDCB-AAI-attribute-comparison' + attributes 'context-list.ndcb', 'context-list.aai' + } + + // NDCB-AAI comparison: Service entity + useRule { + name 'NDCB-AAI-attribute-comparison' + attributes 'context-list.ndcb.service', 'context-list.aai.service' + } + + // NDCB-AAI comparison: VF list + useRule { + name 'NDCB-AAI-attribute-comparison' + attributes 'context-list.ndcb.vfList[*]', 'context-list.aai.vfList[*]' + } + + // NDCB-AAI comparison: VF-Module list + useRule { + name 'NDCB-AAI-attribute-comparison' + attributes 'context-list.ndcb.vfList[*].vfModuleList[*]', 'context-list.aai.vfList[*].vfModuleList[*]' + } + + // NDCB-AAI comparison: VNFC list + useRule { + name 'NDCB-AAI-attribute-comparison' + attributes 'context-list.ndcb.vfList[*].vnfcList[*]', 'context-list.aai.vfList[*].vnfcList[*]' + } + + // NDCB-AAI comparison: VM list + useRule { + name 'NDCB-AAI-attribute-comparison' + attributes 'context-list.ndcb.vfList[*].vfModuleList[*].vmList[*]', 'context-list.aai.vfList[*].vfModuleList[*].vmList[*]' + } + + // NDCB-AAI comparison: Network list + useRule { + name 'NDCB-AAI-attribute-comparison' + attributes 'context-list.ndcb.vfList[*].vfModuleList[*].networkList[*]', 'context-list.aai.vfList[*].vfModuleList[*].networkList[*]' + } + + // SDC-AAI VNFC type + useRule { + name 'SDC-AAI-vnfc-type' + attributes 'context-list.sdc.vfList[*].vnfcList[*]', 'context-list.aai.vfList[*].vnfcList[*]' + } + + // SDC-AAI VNFC node count + useRule { + name 'SDC-AAI-vnfc-node-count' + attributes 'context-list.sdc.vfList[*].vnfcList[*]', 'context-list.aai.vfList[*].vnfcList[*]' + } + + // SDC-AAI VF-Module instance + useRule { + name 'SDC-AAI-vf-module-instance-check' + attributes 'context-list.ndcb.vfList[*].vfModuleList[*]', 'context-list.aai.vfList[*].vfModuleList[*]' + } + } +} + +rule { + name 'SDC-AAI-vnfc-type' + category 'INVALID_VALUE' + description 'Validate that each VNFC instance in AAI conforms to a VNFC type defined in SDC model' + errorText 'AAI VNFC instance includes non-specified type in design SDC model' + severity 'ERROR' + attributes 'sdcList', 'aaiList' + validate ''' + def getVnfcTypes = { parsedData -> + parsedData.collect{ it.findResult{ k, v -> if(k.equals("type")) {return "$v"}}} + } + + def slurper = new groovy.json.JsonSlurper() + def sdcTypes = getVnfcTypes(slurper.parseText(sdcList.toString())) + def aaiTypes = getVnfcTypes(slurper.parseText(aaiList.toString())) + + // each type in AAI must exist in SDC + return aaiTypes.containsAll(sdcTypes) + ''' +} + +rule { + name 'SDC-AAI-vnfc-node-count' + category 'INVALID_VALUE' + description 'Validate that for each VNFC node defined in SDC model, there is at least one VNFC instance in AAI' + errorText 'Design has specified types but not all of them exist in AAI' + severity 'WARNING' + attributes 'sdcList', 'aaiList' + validate ''' + def getVnfcNodes = { parsedData -> + parsedData.collect { new Tuple2( + it.findResult{ k, v -> if(k.equals("name")) {return "$v"}}, + it.findResult{ k, v -> if(k.equals("type")) {return "$v"}}) + } + } + + def slurper = new groovy.json.JsonSlurper() + def sdcNodes = getVnfcNodes(slurper.parseText(sdcList.toString())) + def aaiNodes = getVnfcNodes(slurper.parseText(aaiList.toString())) + + // each node in AAI must exist in SDC + return aaiNodes.containsAll(sdcNodes) + ''' +} + +rule { + name 'SDC-AAI-vf-module-instance-check' + category 'INVALID_VALUE' + description 'Validate that each VF module instance in AAI conforms to a VF module defined in SDC service model' + errorText 'One or more AAI VF module instance(s) not defined in SDC model' + severity 'CRITICAL' + attributes 'sdcList', 'aaiList' + validate ''' + def getVfModules = { parsedData -> + parsedData.collect{ it.findResult{ k, v -> if(k.equals("name")) {return "$v"}}} + } + + def slurper = new groovy.json.JsonSlurper() + def sdcVfModules = getVfModules(slurper.parseText(sdcList.toString())) + def aaiVfModules = getVfModules(slurper.parseText(aaiList.toString())) + + // all VF modules in AAI must exist in SDC + return aaiVfModules.containsAll(sdcVfModules) + ''' +} + +rule { + name 'NDCB-AAI-attribute-comparison' + category 'INVALID_VALUE' + description 'Verify that every attribute in Network-Discovery is the same as in AAI' + errorText 'Some attributes in Network-Discovery are not equal to attributes in AAI' + severity 'ERROR' + attributes 'ndcbItems', 'aaiItems' + validate ''' + Closure<java.util.Map> getAttributes = { parsedData -> + java.util.Map attributeMap = new java.util.HashMap() + + def isAttributeDataQualityOk = { attribute -> + attribute.findResult{ k, v -> if(k.equals("dataQuality") ) {return v.get("status")}}.equals("ok") + } + + def addToMap = { attrKey, attrValue -> + java.util.Set values = attributeMap.get("$attrKey") + if(values == null) { + values = new java.util.HashSet() + attributeMap.put("$attrKey", values) + } + values.add("$attrValue") + } + + def addAttributeToMap = { attribute -> + if(isAttributeDataQualityOk(attribute)) { + String key, value + attribute.each { k, v -> + if(k.equals("name")) {key = "$v"} + if(k.equals("value")) {value = "$v"} + } + addToMap("$key", "$value") + } + } + + def processKeyValue = { key, value -> + if(value instanceof java.util.ArrayList) { + if(key.equals("attributeList")) { + value.each { + addAttributeToMap(it) + } + } + } else if(!(value instanceof groovy.json.internal.LazyMap)) { + // only add key-value attributes, skip the rest + addToMap("$key", "$value") + } + } + + if(parsedData instanceof java.util.ArrayList) { + parsedData.each { + it.each { key, value -> processKeyValue(key, value) } + } + } else { + parsedData.each { key, value -> processKeyValue(key, value) } + } + return attributeMap + } + + def slurper = new groovy.json.JsonSlurper() + java.util.Map ndcb = getAttributes(slurper.parseText(ndcbItems.toString())) + java.util.Map aai = getAttributes(slurper.parseText(aaiItems.toString())) + + ndcb.each{ ndcbKey, ndcbValueList -> + def aaiValueList = aai.get("$ndcbKey") + aaiValueList.each{ aaiValue -> + if(!ndcbValueList.any{ it == "$aaiValue" }) { + return false + } + } + } + return true + ''' +}
\ No newline at end of file |