aboutsummaryrefslogtreecommitdiffstats
path: root/participant/participant-impl/participant-impl-kubernetes/src/main
diff options
context:
space:
mode:
authorLathish <lathishbabu.ganesan@est.tech>2022-02-24 13:26:01 +0000
committerLathish <lathishbabu.ganesan@est.tech>2022-03-01 09:27:40 +0000
commit807c61281dda39440b8cba0e1fc83407d62aff05 (patch)
treea5166593900910902e08634f363d2a86566d66ff /participant/participant-impl/participant-impl-kubernetes/src/main
parent9e0501aa456201c8886e410708ab2d8488cdb0b3 (diff)
Accept only Whitelisted Repos from Tosca Template
Issue-ID: POLICY-3894 Change-Id: Iaffaf3f1243f6070c600a58891899e9e1e326732 Signed-off-by: Lathish <lathishbabu.ganesan@est.tech>
Diffstat (limited to 'participant/participant-impl/participant-impl-kubernetes/src/main')
-rw-r--r--participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/configurations/HelmRepositoryConfig.java41
-rw-r--r--participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/handler/AutomationCompositionElementHandler.java15
-rw-r--r--participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/helm/HelmClient.java8
-rw-r--r--participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/models/HelmRepository.java10
-rw-r--r--participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartService.java25
-rw-r--r--participant/participant-impl/participant-impl-kubernetes/src/main/resources/config/application.yaml13
6 files changed, 89 insertions, 23 deletions
diff --git a/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/configurations/HelmRepositoryConfig.java b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/configurations/HelmRepositoryConfig.java
new file mode 100644
index 000000000..4d00e38ec
--- /dev/null
+++ b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/configurations/HelmRepositoryConfig.java
@@ -0,0 +1,41 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2022 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.clamp.acm.participant.kubernetes.configurations;
+
+import java.lang.invoke.MethodHandles;
+import java.util.ArrayList;
+import java.util.List;
+import lombok.Data;
+import org.onap.policy.clamp.acm.participant.kubernetes.models.HelmRepository;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+@Component
+@ConfigurationProperties(prefix = "helm")
+@Data
+public class HelmRepositoryConfig {
+
+ private final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
+
+ private List<HelmRepository> repos = new ArrayList<>();
+}
diff --git a/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/handler/AutomationCompositionElementHandler.java b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/handler/AutomationCompositionElementHandler.java
index 753608686..b4cca3acf 100644
--- a/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/handler/AutomationCompositionElementHandler.java
+++ b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/handler/AutomationCompositionElementHandler.java
@@ -146,13 +146,14 @@ public class AutomationCompositionElementHandler implements AutomationCompositio
LOGGER.info("Installation request received for the Helm Chart {} ", chartData);
try {
var chartInfo = CODER.convert(chartData, ChartInfo.class);
- chartService.installChart(chartInfo);
- chartMap.put(element.getId(), chartInfo);
-
- var config = CODER.convert(nodeTemplate.getProperties(), ThreadConfig.class);
- checkPodStatus(automationCompositionId, element.getId(), chartInfo, config.uninitializedToPassiveTimeout,
- config.podStatusCheckInterval);
-
+ if (chartService.installChart(chartInfo)) {
+ chartMap.put(element.getId(), chartInfo);
+
+ var config = CODER.convert(nodeTemplate.getProperties(),
+ ThreadConfig.class);
+ checkPodStatus(automationCompositionId, element.getId(), chartInfo,
+ config.uninitializedToPassiveTimeout, config.podStatusCheckInterval);
+ }
} catch (ServiceException | CoderException | IOException | ExecutionException
| InterruptedException e) {
LOGGER.warn("Installation of Helm chart failed", e);
diff --git a/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/helm/HelmClient.java b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/helm/HelmClient.java
index 6a7c62b2e..f3f7d3427 100644
--- a/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/helm/HelmClient.java
+++ b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/helm/HelmClient.java
@@ -190,18 +190,14 @@ public class HelmClient {
if (StringUtils.isEmpty(repo.getAddress())) {
throw new ServiceException("Repository Should have valid address");
}
- var url = repo.getProtocol() + "://" + repo.getAddress();
- if (repo.getPort() != null) {
- url = url + ":" + repo.getPort();
- }
// @formatter:off
List<String> helmArguments = new ArrayList<>(
List.of(
"helm",
"repo",
- "add", repo.getRepoName(), url
+ "add", repo.getRepoName(), repo.getAddress()
));
- if (repo.getUserName() != null && repo.getPassword() != null) {
+ if (!StringUtils.isEmpty(repo.getUserName()) && !StringUtils.isEmpty(repo.getPassword())) {
helmArguments.addAll(List.of("--username", repo.getUserName(), "--password", repo.getPassword()));
}
return new ProcessBuilder().command(helmArguments);
diff --git a/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/models/HelmRepository.java b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/models/HelmRepository.java
index 2e25e42a6..ff3b9e336 100644
--- a/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/models/HelmRepository.java
+++ b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/models/HelmRepository.java
@@ -1,6 +1,6 @@
/*-
* ========================LICENSE_START=================================
- * Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ * Copyright (C) 2021-2022 Nordix Foundation. All rights reserved.
* ======================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -18,21 +18,21 @@
package org.onap.policy.clamp.acm.participant.kubernetes.models;
+import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
+import lombok.NoArgsConstructor;
@Data
@Builder
+@NoArgsConstructor
+@AllArgsConstructor
public class HelmRepository {
private String repoName;
- private String protocol;
-
private String address;
- private String port;
-
private String userName;
private String password;
diff --git a/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartService.java b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartService.java
index dc4762d9a..e9cd8a2c3 100644
--- a/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartService.java
+++ b/participant/participant-impl/participant-impl-kubernetes/src/main/java/org/onap/policy/clamp/acm/participant/kubernetes/service/ChartService.java
@@ -21,6 +21,7 @@ package org.onap.policy.clamp.acm.participant.kubernetes.service;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.util.Collection;
+import org.onap.policy.clamp.acm.participant.kubernetes.configurations.HelmRepositoryConfig;
import org.onap.policy.clamp.acm.participant.kubernetes.exception.ServiceException;
import org.onap.policy.clamp.acm.participant.kubernetes.helm.HelmClient;
import org.onap.policy.clamp.acm.participant.kubernetes.models.ChartInfo;
@@ -41,6 +42,9 @@ public class ChartService {
@Autowired
private HelmClient helmClient;
+ @Autowired
+ private HelmRepositoryConfig helmRepositoryConfig;
+
/**
* Get all the installed charts.
* @return list of charts.
@@ -84,25 +88,40 @@ public class ChartService {
/**
* Install a helm chart.
* @param chart name and version.
+ * @return boolean flag to indicate success or failure
* @throws ServiceException in case of error
* @throws IOException in case of IO errors
*/
- public void installChart(ChartInfo chart) throws ServiceException, IOException {
+ public boolean installChart(ChartInfo chart) throws ServiceException, IOException {
+ boolean whiteListed = false;
if (chart.getRepository() == null) {
String repoName = findChartRepo(chart);
if (repoName == null) {
logger.error("Chart repository could not be found. Skipping chart Installation "
+ "for the chart {} ", chart.getChartId().getName());
- return;
+ return false;
} else {
HelmRepository repo = HelmRepository.builder().repoName(repoName).build();
chart.setRepository(repo);
}
} else {
// Add remote repository if passed via TOSCA
- configureRepository(chart.getRepository());
+ // check whether the repo is whitelisted
+ for (HelmRepository repo : helmRepositoryConfig.getRepos()) {
+ if (repo.getAddress().equals(chart.getRepository().getAddress())
+ && chart.getRepository().getAddress().contains("https")) {
+ configureRepository(chart.getRepository());
+ whiteListed = true;
+ break;
+ }
+ }
+ if (!whiteListed) {
+ logger.error("Repository is not Whitelisted / plain http in not allowed");
+ return false;
+ }
}
helmClient.installChart(chart);
+ return true;
}
diff --git a/participant/participant-impl/participant-impl-kubernetes/src/main/resources/config/application.yaml b/participant/participant-impl/participant-impl-kubernetes/src/main/resources/config/application.yaml
index 3be0fb2c0..3718fed26 100644
--- a/participant/participant-impl/participant-impl-kubernetes/src/main/resources/config/application.yaml
+++ b/participant/participant-impl/participant-impl-kubernetes/src/main/resources/config/application.yaml
@@ -13,7 +13,7 @@ participant:
reportingTimeIntervalMs: 120000
description: Participant Description
participantId:
- name: org.onap.policy.clamp.acm.KubernetesParticipant
+ name: K8sParticipant0
version: 2.3.4
participantType:
name: org.onap.k8s.acm.K8SAutomationCompositionParticipant
@@ -46,7 +46,7 @@ server:
logging:
# Configuration of logging
level:
- ROOT: ERROR
+ ROOT: INFO
org.springframework: ERROR
org.springframework.data: ERROR
org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR
@@ -58,3 +58,12 @@ logging:
chart:
api:
enabled: false
+
+helm:
+ repos:
+ -
+ repoName: kong
+ address: https://charts.konghq.com
+ -
+ repoName: bitnami
+ address: https://charts.bitnami.com/bitnami \ No newline at end of file