oom - Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).

Linux Foundation Collaborative Projects

about summary refs log tree commit diff stats

path: root/kubernetes/clamp

Age	Commit message (Expand)	Author	Files	Lines
2018-05-18	Incorect DCAE urls	ac2550	1	-2/+2
2018-05-17	Merge "Clamp cannot connect to SDC"	Mike Elliott	4	-10/+41
2018-05-17	Merge "ELK version bump"	Mike Elliott	3	-6/+6
2018-05-17	Fix clamp changing persistence permissions	BorislavG	1	-0/+1
2018-05-17	ELK version bump	ac2550	3	-6/+6
2018-05-17	Dmaap and Clamp nsPrefix Changes	Priyanka	1	-1/+0
2018-05-16	Clamp cannot connect to SDC	ac2550	4	-10/+41
2018-05-15	Add clamp dashboard charts	ac2550	25	-0/+1455
2018-05-10	Improve docker registry secret management	BorislavG	2	-2/+0
2018-05-08	Sync docker image images with docker-manifest.csv	Gary Wu	1	-1/+1
2018-05-06	Fix inconsistent repository references	BorislavG	2	-2/+2
2018-05-02	Clamp Health Check Fails due to wrong db name	Priyanka Jain	1	-1/+1
2018-05-01	Issue in Clamp Configuration	Priyanka Jain	1	-1/+1
2018-04-26	Remove namespace from clamp values	ac2550	1	-10/+10
2018-04-24	Make all services independent of helm Release.Name	BorislavG	4	-7/+9
2018-04-16	Update readiness-check version	BorislavG	1	-1/+1
2018-04-10	Correction of Chart name for Clamp	vaibhav	2	-1/+20
2018-04-04	External dependencies config	ac2550	1	-4/+15
2018-03-28	Apache2 license addition for sql and js files	vaibhav_16dec	3	-0/+45
2018-03-22	Fix license for PV and PVC yamls	Mike Elliott	2	-0/+4
2018-03-22	License addition in all yamls	vaibhav_16dec	14	-0/+196
2018-03-21	Add Helm Chart Standardization for Clamp	vaibhav_16dec	25	-207/+522
2018-03-12	Register Clamp API to MSB	YuanHu	1	-0/+11
2018-03-07	Replica scaling of Clamp and AAF conatiner	vaibhav_16dec	3	-1/+4
2018-03-01	Run all components in one namespace	BorislavG	5	-15/+15
2018-02-25	clamp persistence folder parametrization	kerenj	2	-2/+3
2018-02-22	clamp - readiness image update	kerenj	1	-1/+1
2018-01-23	clamp config seg	mayankg2703	7	-7/+947
2017-12-15	Merge "Update annotations to spec for clamp"	Mandeep Khinda	1	-27/+16
2017-11-28	Adjust clamp to latest	Alexis de Talhouët	2	-4/+5
2017-11-23	Update annotations to spec for clamp	kiranya	1	-27/+16
2017-10-29	Add option to disable specific deployments	yuryn	4	-0/+10
2017-09-20	Added CLAMP containers to ONAP Kubernetes	Dusan Rozman	6	-0/+180

rt org.springframework.boot.autoconfigure.condition.ConditionalOnProperty import org.springframework.stereotype.Service import javax.annotation.PostConstruct /** * Audit service used to produce execution service input and output message * sent into dedicated kafka topics. * * @param bluePrintMessageLibPropertyService Service used to instantiate audit service producers * @param blueprintsProcessorCatalogService Service used to get the base path of the current CBA executed * * @property inputInstance Request Kakfa Producer instance * @property outputInstance Response Kakfa Producer instance * @property log Audit Service logger */ @ConditionalOnProperty( name = ["blueprintsprocessor.messageproducer.self-service-api.audit.kafkaEnable"], havingValue = "true" ) @Service class KafkaPublishAuditService( private val bluePrintMessageLibPropertyService: BlueprintMessageLibPropertyService, private val blueprintsProcessorCatalogService: BlueprintCatalogService ) : PublishAuditService { private var inputInstance: BlueprintMessageProducerService? = null private var outputInstance: BlueprintMessageProducerService? = null private val log = LoggerFactory.getLogger(KafkaPublishAuditService::class.toString()) companion object { const val INPUT_SELECTOR = "self-service-api.audit.request" const val OUTPUT_SELECTOR = "self-service-api.audit.response" } @PostConstruct private fun init() { log.info("Kakfa audit service is enabled") } /** * Publish execution input into a kafka topic. * The correlation UUID is used to link the input to its output. * Sensitive data within the request are hidden. * @param executionServiceInput Audited BP request */ override suspend fun publishExecutionInput(executionServiceInput: ExecutionServiceInput) { val secureExecutionServiceInput = hideSensitiveData(executionServiceInput) val key = secureExecutionServiceInput.actionIdentifiers.blueprintName try { this.inputInstance = this.getInputInstance(INPUT_SELECTOR) this.inputInstance!!.sendMessage(key, secureExecutionServiceInput) } catch (ex: Exception) { log.error("Failed to publish execution request to Kafka.", ex) } } /** * Publish execution output into a kafka topic. * The correlation UUID is used to link the output to its input. * A correlation UUID is added to link the input to its output. * @param correlationUUID UUID used to link the audited response to its audited request * @param executionServiceOutput Audited BP response */ override suspend fun publishExecutionOutput(correlationUUID: String, executionServiceOutput: ExecutionServiceOutput) { executionServiceOutput.correlationUUID = correlationUUID val key = executionServiceOutput.actionIdentifiers.blueprintName try { this.outputInstance = this.getOutputInstance(OUTPUT_SELECTOR) this.outputInstance!!.sendMessage(key, executionServiceOutput) } catch (ex: Exception) { log.error("Failed to publish execution response to Kafka.", ex) } } /** * Return the input kafka producer instance using a [selector] if not already instantiated. * @param selector Selector to retrieve request kafka producer configuration */ private fun getInputInstance(selector: String): BlueprintMessageProducerService = inputInstance ?: createInstance(selector) /** * Return the output kafka producer instance using a [selector] if not already instantiated. * @param selector Selector to retrieve response kafka producer configuration */ private fun getOutputInstance(selector: String): BlueprintMessageProducerService = outputInstance ?: createInstance(selector) /** * Create a kafka producer instance using a [selector]. * @param selector Selector to retrieve kafka producer configuration */ private fun createInstance(selector: String): BlueprintMessageProducerService { log.info("Setting up message producer($selector)...") return bluePrintMessageLibPropertyService.blueprintMessageProducerService(selector) } /** * Hide sensitive data in the [executionServiceInput]. * Sensitive data are declared in the resource resolution mapping using * the property metadata "log-protect" set to true. * @param executionServiceInput BP Execution Request where data needs to be hidden */ private suspend fun hideSensitiveData( executionServiceInput: ExecutionServiceInput ): ExecutionServiceInput { var clonedExecutionServiceInput = ExecutionServiceInput().apply { correlationUUID = executionServiceInput.correlationUUID commonHeader = executionServiceInput.commonHeader actionIdentifiers = executionServiceInput.actionIdentifiers payload = executionServiceInput.payload.deepCopy() stepData = executionServiceInput.stepData } val blueprintName = clonedExecutionServiceInput.actionIdentifiers.blueprintName val workflowName = clonedExecutionServiceInput.actionIdentifiers.actionName if (blueprintName == "default") return clonedExecutionServiceInput try { if (clonedExecutionServiceInput.payload .path("$workflowName-request").has("$workflowName-properties") ) { /** Retrieving sensitive input parameters */ val requestId = clonedExecutionServiceInput.commonHeader.requestId val blueprintVersion = clonedExecutionServiceInput.actionIdentifiers.blueprintVersion val basePath = blueprintsProcessorCatalogService.getFromDatabase(blueprintName, blueprintVersion) val blueprintRuntimeService = BlueprintMetadataUtils.getBlueprintRuntime(requestId, basePath.toString()) val blueprintContext = blueprintRuntimeService.bluePrintContext() val workflowSteps = blueprintContext.workflowByName(workflowName).steps checkNotNull(workflowSteps) { "Failed to get step(s) for workflow($workflowName)" } workflowSteps.forEach { step -> val nodeTemplateName = step.value.target checkNotNull(nodeTemplateName) { "Failed to get node template target for workflow($workflowName), step($step)" } val nodeTemplate = blueprintContext.nodeTemplateByName(nodeTemplateName) /** We need to check in his Node Template Dependencies is case of a Node Template DG */ if (nodeTemplate.type == BlueprintConstants.NODE_TEMPLATE_TYPE_DG) { val dependencyNodeTemplate = nodeTemplate.properties?.get(BlueprintConstants.PROPERTY_DG_DEPENDENCY_NODE_TEMPLATE) as ArrayNode dependencyNodeTemplate.forEach { dependencyNodeTemplateName -> clonedExecutionServiceInput = hideSensitiveDataFromResourceResolution( blueprintRuntimeService, blueprintContext, clonedExecutionServiceInput, workflowName, dependencyNodeTemplateName.asText() ) } } else { clonedExecutionServiceInput = hideSensitiveDataFromResourceResolution( blueprintRuntimeService, blueprintContext, clonedExecutionServiceInput, workflowName, nodeTemplateName ) } } } } catch (ex: Exception) { val errMsg = "Couldn't hide sensitive data in the execution request." log.error(errMsg, ex) clonedExecutionServiceInput.payload.replace( "$workflowName-request", "$errMsg $ex".asJsonPrimitive() ) } return clonedExecutionServiceInput } /** * Hide sensitive data in [executionServiceInput] if the given [nodeTemplateName] is a * resource resolution component. * @param blueprintRuntimeService Current blueprint runtime service * @param blueprintContext Current blueprint runtime context * @param executionServiceInput BP Execution Request where data needs to be hidden * @param workflowName Current workflow being executed * @param nodeTemplateName Node template to check for sensitive data * @return [executionServiceInput] with sensitive inputs replaced by a generic string */ private suspend fun hideSensitiveDataFromResourceResolution( blueprintRuntimeService: BlueprintRuntimeService<MutableMap<String, JsonNode>>, blueprintContext: BlueprintContext, executionServiceInput: ExecutionServiceInput, workflowName: String, nodeTemplateName: String ): ExecutionServiceInput { val nodeTemplate = blueprintContext.nodeTemplateByName(nodeTemplateName) if (nodeTemplate.type == BlueprintConstants.NODE_TEMPLATE_TYPE_COMPONENT_RESOURCE_RESOLUTION) { val interfaceName = blueprintContext.nodeTemplateFirstInterfaceName(nodeTemplateName) val operationName = blueprintContext.nodeTemplateFirstInterfaceFirstOperationName(nodeTemplateName) val propertyAssignments: MutableMap<String, JsonNode> = blueprintContext.nodeTemplateInterfaceOperationInputs(nodeTemplateName, interfaceName, operationName) ?: hashMapOf() /** Getting values define in artifact-prefix-names */ val input = executionServiceInput.payload.get("$workflowName-request") blueprintRuntimeService.assignWorkflowInputs(workflowName, input) val artifactPrefixNamesNode = propertyAssignments[ResourceResolutionConstants.INPUT_ARTIFACT_PREFIX_NAMES] val propertyAssignmentService = PropertyAssignmentService(blueprintRuntimeService) val artifactPrefixNamesNodeValue = propertyAssignmentService.resolveAssignmentExpression( BlueprintConstants.MODEL_DEFINITION_TYPE_NODE_TEMPLATE, nodeTemplateName, ResourceResolutionConstants.INPUT_ARTIFACT_PREFIX_NAMES, artifactPrefixNamesNode!! ) val artifactPrefixNames = JacksonUtils.getListFromJsonNode(artifactPrefixNamesNodeValue!!, String::class.java) /** Storing mapping entries with metadata log-protect set to true */ val sensitiveParameters: List<String> = artifactPrefixNames .map { "$it-mapping" } .map { blueprintRuntimeService.resolveNodeTemplateArtifact(nodeTemplateName, it) } .flatMap { JacksonUtils.getListFromJson(it, ResourceAssignment::class.java) } .filter { PropertyDefinitionUtils.hasLogProtect(it.property) } .map { it.name } /** Hiding sensitive input parameters from the request */ var workflowProperties: ObjectNode = executionServiceInput.payload .path("$workflowName-request") .path("$workflowName-properties") as ObjectNode sensitiveParameters.forEach { sensitiveParameter -> if (workflowProperties.has(sensitiveParameter)) { workflowProperties.replace(sensitiveParameter, ApplicationConstants.LOG_REDACTED.asJsonPrimitive()) } } } return executionServiceInput } }