aboutsummaryrefslogtreecommitdiffstats
path: root/participant
diff options
context:
space:
mode:
Diffstat (limited to 'participant')
-rw-r--r--participant/participant-impl/participant-impl-http/src/main/java/org/onap/policy/clamp/controlloop/participant/http/config/SecurityConfig.java45
-rw-r--r--participant/participant-impl/participant-impl-http/src/main/resources/config/application.yaml16
-rw-r--r--participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/handler/ClElementHandlerTest.java (renamed from participant/participant-impl/participant-impl-http/src/test/java/handler/ClElementHandlerTest.java)7
-rw-r--r--participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/rest/ActuatorControllerTest.java92
-rw-r--r--participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/utils/CommonActuatorController.java114
-rw-r--r--participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/utils/CommonTestData.java (renamed from participant/participant-impl/participant-impl-http/src/test/java/utils/CommonTestData.java)2
-rw-r--r--participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/utils/ToscaUtils.java (renamed from participant/participant-impl/participant-impl-http/src/test/java/utils/ToscaUtils.java)2
-rw-r--r--participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/webclient/ClHttpClientTest.java (renamed from participant/participant-impl/participant-impl-http/src/test/java/webclient/ClHttpClientTest.java)4
-rw-r--r--participant/participant-impl/participant-impl-http/src/test/resources/application_test.properties24
-rw-r--r--participant/participant-impl/participant-impl-kubernetes/src/main/resources/config/application.yaml6
-rw-r--r--participant/participant-impl/participant-impl-kubernetes/src/test/java/org/onap/policy/clamp/controlloop/participant/kubernetes/rest/ActuatorControllerTest.java92
-rw-r--r--participant/participant-impl/participant-impl-kubernetes/src/test/java/org/onap/policy/clamp/controlloop/participant/kubernetes/utils/CommonActuatorController.java114
-rw-r--r--participant/participant-impl/participant-impl-kubernetes/src/test/resources/application_test.properties5
-rw-r--r--participant/participant-impl/participant-impl-policy/src/main/java/org/onap/policy/clamp/controlloop/participant/policy/config/SecurityConfig.java45
-rw-r--r--participant/participant-impl/participant-impl-policy/src/main/resources/config/application.yaml16
-rw-r--r--participant/participant-impl/participant-impl-policy/src/test/java/org/onap/policy/clamp/controlloop/participant/policy/main/rest/ActuatorControllerTest.java92
-rw-r--r--participant/participant-impl/participant-impl-policy/src/test/java/org/onap/policy/clamp/controlloop/participant/policy/main/utils/CommonActuatorController.java114
-rw-r--r--participant/participant-impl/participant-impl-policy/src/test/resources/application_test.properties6
-rw-r--r--participant/pom.xml11
19 files changed, 791 insertions, 16 deletions
diff --git a/participant/participant-impl/participant-impl-http/src/main/java/org/onap/policy/clamp/controlloop/participant/http/config/SecurityConfig.java b/participant/participant-impl/participant-impl-http/src/main/java/org/onap/policy/clamp/controlloop/participant/http/config/SecurityConfig.java
new file mode 100644
index 000000000..499bbe153
--- /dev/null
+++ b/participant/participant-impl/participant-impl-http/src/main/java/org/onap/policy/clamp/controlloop/participant/http/config/SecurityConfig.java
@@ -0,0 +1,45 @@
+/*-
+ * ========================LICENSE_START=================================
+ * Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ * ======================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ========================LICENSE_END===================================
+ */
+
+package org.onap.policy.clamp.controlloop.participant.http.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+ @Value("${security.enable-csrf:true}")
+ private boolean csrfEnabled = true;
+
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ // @formatter:off
+ http.authorizeRequests()
+ .antMatchers().authenticated()
+ .anyRequest().authenticated()
+ .and().httpBasic();
+ // @formatter:on
+
+ if (!csrfEnabled) {
+ http.csrf().disable();
+ }
+ }
+}
diff --git a/participant/participant-impl/participant-impl-http/src/main/resources/config/application.yaml b/participant/participant-impl/participant-impl-http/src/main/resources/config/application.yaml
index 664c6e878..df0ad7df3 100644
--- a/participant/participant-impl/participant-impl-http/src/main/resources/config/application.yaml
+++ b/participant/participant-impl/participant-impl-http/src/main/resources/config/application.yaml
@@ -1,3 +1,10 @@
+spring:
+ security:
+ user:
+ name: participantUser
+ password: zb!XztG34
+security:
+ enable-csrf: false
participant:
intermediaryParameters:
reportingTimeIntervalMs: 120000
@@ -20,3 +27,12 @@ participant:
servers:
- ${topicServer:message-router}
topicCommInfrastructure: dmaap
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
+server:
+ port: 8084
+ servlet:
+ context-path: /onap/httpparticipant
diff --git a/participant/participant-impl/participant-impl-http/src/test/java/handler/ClElementHandlerTest.java b/participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/handler/ClElementHandlerTest.java
index d1556ea08..d80436ef3 100644
--- a/participant/participant-impl/participant-impl-http/src/test/java/handler/ClElementHandlerTest.java
+++ b/participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/handler/ClElementHandlerTest.java
@@ -18,7 +18,7 @@
* ============LICENSE_END=========================================================
*/
-package handler;
+package org.onap.policy.clamp.controlloop.participant.http.handler;
import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
import static org.mockito.ArgumentMatchers.any;
@@ -33,13 +33,14 @@ import org.mockito.Mock;
import org.mockito.Spy;
import org.onap.policy.clamp.controlloop.models.controlloop.concepts.ControlLoopElement;
import org.onap.policy.clamp.controlloop.participant.http.main.handler.ControlLoopElementHandler;
+import org.onap.policy.clamp.controlloop.participant.http.utils.CommonTestData;
+import org.onap.policy.clamp.controlloop.participant.http.utils.ToscaUtils;
import org.onap.policy.clamp.controlloop.participant.intermediary.api.ParticipantIntermediaryApi;
import org.onap.policy.common.utils.coder.CoderException;
import org.onap.policy.models.tosca.authorative.concepts.ToscaNodeTemplate;
import org.onap.policy.models.tosca.authorative.concepts.ToscaServiceTemplate;
import org.springframework.test.context.junit.jupiter.SpringExtension;
-import utils.CommonTestData;
-import utils.ToscaUtils;
+
@ExtendWith(SpringExtension.class)
class ClElementHandlerTest {
diff --git a/participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/rest/ActuatorControllerTest.java b/participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/rest/ActuatorControllerTest.java
new file mode 100644
index 000000000..8efff8f6a
--- /dev/null
+++ b/participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/rest/ActuatorControllerTest.java
@@ -0,0 +1,92 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2021 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.clamp.controlloop.participant.http.rest;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import javax.ws.rs.client.Invocation;
+import javax.ws.rs.core.Response;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.onap.policy.clamp.controlloop.participant.http.utils.CommonActuatorController;
+import org.springframework.boot.test.autoconfigure.actuate.metrics.AutoConfigureMetrics;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+
+@AutoConfigureMetrics
+@ExtendWith(SpringExtension.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
+@TestPropertySource(locations = {"classpath:application_test.properties"})
+class ActuatorControllerTest extends CommonActuatorController {
+
+ private static final String HEALTH_ENDPOINT = "health";
+ private static final String METRICS_ENDPOINT = "metrics";
+ private static final String PROMETHEUS_ENDPOINT = "prometheus";
+
+ @LocalServerPort
+ private int randomServerPort;
+
+ @BeforeEach
+ public void setUpPort() {
+ super.setHttpPrefix(randomServerPort);
+ }
+
+ @Test
+ void testGetHealth_Unauthorized() throws Exception {
+ assertUnauthorizedActGet(HEALTH_ENDPOINT);
+ }
+
+ @Test
+ void testGetMetrics_Unauthorized() throws Exception {
+ assertUnauthorizedActGet(METRICS_ENDPOINT);
+ }
+
+ @Test
+ void testGetPrometheus_Unauthorized() throws Exception {
+ assertUnauthorizedActGet(PROMETHEUS_ENDPOINT);
+ }
+
+ @Test
+ void testGetHealth() throws Exception {
+ Invocation.Builder invocationBuilder = super.sendActRequest(HEALTH_ENDPOINT);
+ Response rawresp = invocationBuilder.buildGet().invoke();
+ assertEquals(Response.Status.OK.getStatusCode(), rawresp.getStatus());
+ }
+
+ @Test
+ void testGetMetrics() throws Exception {
+ Invocation.Builder invocationBuilder = super.sendActRequest(METRICS_ENDPOINT);
+ Response rawresp = invocationBuilder.buildGet().invoke();
+ assertEquals(Response.Status.OK.getStatusCode(), rawresp.getStatus());
+ }
+
+ @Test
+ void testGePrometheus() throws Exception {
+ Invocation.Builder invocationBuilder = super.sendActRequest(PROMETHEUS_ENDPOINT);
+ Response rawresp = invocationBuilder.buildGet().invoke();
+ assertEquals(Response.Status.OK.getStatusCode(), rawresp.getStatus());
+ }
+
+}
diff --git a/participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/utils/CommonActuatorController.java b/participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/utils/CommonActuatorController.java
new file mode 100644
index 000000000..5ebce8126
--- /dev/null
+++ b/participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/utils/CommonActuatorController.java
@@ -0,0 +1,114 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2021 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.clamp.controlloop.participant.http.utils;
+
+import static org.junit.Assert.assertEquals;
+
+import javax.ws.rs.client.Client;
+import javax.ws.rs.client.ClientBuilder;
+import javax.ws.rs.client.Invocation;
+import javax.ws.rs.client.WebTarget;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import org.glassfish.jersey.client.ClientProperties;
+import org.glassfish.jersey.client.authentication.HttpAuthenticationFeature;
+import org.onap.policy.common.gson.GsonMessageBodyHandler;
+import org.onap.policy.common.utils.network.NetworkUtil;
+
+/**
+ * Class to perform Rest unit tests.
+ *
+ */
+public class CommonActuatorController {
+
+ public static final String SELF = NetworkUtil.getHostname();
+ public static final String CONTEXT_PATH = "onap/httpparticipant";
+ public static final String ACTUATOR_ENDPOINT = CONTEXT_PATH + "/actuator/";
+
+ private static String httpPrefix;
+
+ /**
+ * Sends a request to an actuator endpoint.
+ *
+ * @param endpoint the target endpoint
+ * @return a request builder
+ * @throws Exception if an error occurs
+ */
+ protected Invocation.Builder sendActRequest(final String endpoint) throws Exception {
+ return sendFqeRequest(httpPrefix + ACTUATOR_ENDPOINT + endpoint, true);
+ }
+
+ /**
+ * Sends a request to an actuator endpoint, without any authorization header.
+ *
+ * @param endpoint the target endpoint
+ * @return a request builder
+ * @throws Exception if an error occurs
+ */
+ protected Invocation.Builder sendNoAuthActRequest(final String endpoint) throws Exception {
+ return sendFqeRequest(httpPrefix + ACTUATOR_ENDPOINT + endpoint, false);
+ }
+
+ /**
+ * Sends a request to a fully qualified endpoint.
+ *
+ * @param fullyQualifiedEndpoint the fully qualified target endpoint
+ * @param includeAuth if authorization header should be included
+ * @return a request builder
+ * @throws Exception if an error occurs
+ */
+ protected Invocation.Builder sendFqeRequest(final String fullyQualifiedEndpoint, boolean includeAuth)
+ throws Exception {
+ final Client client = ClientBuilder.newBuilder().build();
+
+ client.property(ClientProperties.METAINF_SERVICES_LOOKUP_DISABLE, "true");
+ client.register(GsonMessageBodyHandler.class);
+
+ if (includeAuth) {
+ client.register(HttpAuthenticationFeature.basic("participantUser", "zb!XztG34"));
+ }
+
+ final WebTarget webTarget = client.target(fullyQualifiedEndpoint);
+
+ return webTarget.request(MediaType.APPLICATION_JSON, MediaType.TEXT_PLAIN);
+ }
+
+ /**
+ * Assert that GET call to actuator endpoint is Unauthorized.
+ *
+ * @param endPoint the endpoint
+ * @throws Exception if an error occurs
+ */
+ protected void assertUnauthorizedActGet(final String endPoint) throws Exception {
+ Response rawresp = sendNoAuthActRequest(endPoint).buildGet().invoke();
+ assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), rawresp.getStatus());
+ }
+
+ /**
+ * Set Up httpPrefix.
+ *
+ * @param port the port
+ */
+ protected void setHttpPrefix(int port) {
+ httpPrefix = "http://" + SELF + ":" + port + "/";
+ }
+
+}
diff --git a/participant/participant-impl/participant-impl-http/src/test/java/utils/CommonTestData.java b/participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/utils/CommonTestData.java
index 0ebf9212a..1f92a86e0 100644
--- a/participant/participant-impl/participant-impl-http/src/test/java/utils/CommonTestData.java
+++ b/participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/utils/CommonTestData.java
@@ -19,7 +19,7 @@
* ============LICENSE_END=========================================================
*/
-package utils;
+package org.onap.policy.clamp.controlloop.participant.http.utils;
import java.util.List;
import java.util.Map;
diff --git a/participant/participant-impl/participant-impl-http/src/test/java/utils/ToscaUtils.java b/participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/utils/ToscaUtils.java
index 0bad5ed96..fdba28c0e 100644
--- a/participant/participant-impl/participant-impl-http/src/test/java/utils/ToscaUtils.java
+++ b/participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/utils/ToscaUtils.java
@@ -18,7 +18,7 @@
* ============LICENSE_END=========================================================
*/
-package utils;
+package org.onap.policy.clamp.controlloop.participant.http.utils;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
diff --git a/participant/participant-impl/participant-impl-http/src/test/java/webclient/ClHttpClientTest.java b/participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/webclient/ClHttpClientTest.java
index cf9619d41..e3ff9dbba 100644
--- a/participant/participant-impl/participant-impl-http/src/test/java/webclient/ClHttpClientTest.java
+++ b/participant/participant-impl/participant-impl-http/src/test/java/org/onap/policy/clamp/controlloop/participant/http/webclient/ClHttpClientTest.java
@@ -18,7 +18,7 @@
* ============LICENSE_END=========================================================
*/
-package webclient;
+package org.onap.policy.clamp.controlloop.participant.http.webclient;
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
@@ -41,10 +41,10 @@ import org.mockserver.model.Parameter;
import org.onap.policy.clamp.controlloop.participant.http.main.models.ConfigRequest;
import org.onap.policy.clamp.controlloop.participant.http.main.models.ConfigurationEntity;
import org.onap.policy.clamp.controlloop.participant.http.main.webclient.ClHttpClient;
+import org.onap.policy.clamp.controlloop.participant.http.utils.CommonTestData;
import org.onap.policy.common.utils.network.NetworkUtil;
import org.onap.policy.models.tosca.authorative.concepts.ToscaConceptIdentifier;
import org.springframework.test.context.junit.jupiter.SpringExtension;
-import utils.CommonTestData;
@ExtendWith(SpringExtension.class)
class ClHttpClientTest {
diff --git a/participant/participant-impl/participant-impl-http/src/test/resources/application_test.properties b/participant/participant-impl/participant-impl-http/src/test/resources/application_test.properties
new file mode 100644
index 000000000..698a965b8
--- /dev/null
+++ b/participant/participant-impl/participant-impl-http/src/test/resources/application_test.properties
@@ -0,0 +1,24 @@
+spring.security.user.name=participantUser
+spring.security.user.password=zb!XztG34
+
+server.servlet.context-path=/onap/httpparticipant
+server.error.path=/error
+server.http-port=8084
+
+participant.name=ControlLoopParticipant Http Test
+participant.intermediaryParameters.name=Participant parameters
+participant.intermediaryParameters.reportingTimeInterval=120000
+participant.intermediaryParameters.description=Participant Description
+participant.intermediaryParameters.participantId.name=HttpParticipant0
+participant.intermediaryParameters.participantId.version=1.0.0
+participant.intermediaryParameters.participantType.name=org.onap.k8s.controlloop.HttpControlLoopParticipant
+participant.intermediaryParameters.participantType.version=2.3.4
+participant.intermediaryParameters.clampControlLoopTopics.name=ControlLoop Topics
+participant.intermediaryParameters.clampControlLoopTopics.topicSources[0].topic=POLICY-CLRUNTIME-PARTICIPANT
+participant.intermediaryParameters.clampControlLoopTopics.topicSources[0].servers[0]=localhost
+participant.intermediaryParameters.clampControlLoopTopics.topicSources[0].topicCommInfrastructure=dmaap
+participant.intermediaryParameters.clampControlLoopTopics.topicSources[0].fetchTimeout=15000
+participant.intermediaryParameters.clampControlLoopTopics.topicSinks[0].topic=POLICY-CLRUNTIME-PARTICIPANT
+participant.intermediaryParameters.clampControlLoopTopics.topicSinks[0].servers[0]=localhost
+participant.intermediaryParameters.clampControlLoopTopics.topicSinks[0].topicCommInfrastructure=dmaap
+management.endpoints.web.exposure.include=health,metrics,prometheus
diff --git a/participant/participant-impl/participant-impl-kubernetes/src/main/resources/config/application.yaml b/participant/participant-impl/participant-impl-kubernetes/src/main/resources/config/application.yaml
index e1693318e..f77153a25 100644
--- a/participant/participant-impl/participant-impl-kubernetes/src/main/resources/config/application.yaml
+++ b/participant/participant-impl/participant-impl-kubernetes/src/main/resources/config/application.yaml
@@ -1,7 +1,7 @@
spring:
security:
user:
- name: healthcheck
+ name: participantUser
password: zb!XztG34
security:
enable-csrf: false
@@ -37,10 +37,8 @@ management:
endpoints:
web:
exposure:
- include: "loggers,logfile,health,info,metrics,threaddump,heapdump"
+ include: health, metrics, prometheus
server:
- # Configuration of the HTTP/REST server. The parameters are defined and handled by the springboot framework.
- # See springboot documentation.
port: 8083
servlet:
context-path: /onap/k8sparticipant
diff --git a/participant/participant-impl/participant-impl-kubernetes/src/test/java/org/onap/policy/clamp/controlloop/participant/kubernetes/rest/ActuatorControllerTest.java b/participant/participant-impl/participant-impl-kubernetes/src/test/java/org/onap/policy/clamp/controlloop/participant/kubernetes/rest/ActuatorControllerTest.java
new file mode 100644
index 000000000..1442e9f1f
--- /dev/null
+++ b/participant/participant-impl/participant-impl-kubernetes/src/test/java/org/onap/policy/clamp/controlloop/participant/kubernetes/rest/ActuatorControllerTest.java
@@ -0,0 +1,92 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2021 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.clamp.controlloop.participant.kubernetes.rest;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import javax.ws.rs.client.Invocation;
+import javax.ws.rs.core.Response;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.onap.policy.clamp.controlloop.participant.kubernetes.utils.CommonActuatorController;
+import org.springframework.boot.test.autoconfigure.actuate.metrics.AutoConfigureMetrics;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+
+@AutoConfigureMetrics
+@ExtendWith(SpringExtension.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
+@TestPropertySource(locations = {"classpath:application_test.properties"})
+class ActuatorControllerTest extends CommonActuatorController {
+
+ private static final String HEALTH_ENDPOINT = "health";
+ private static final String METRICS_ENDPOINT = "metrics";
+ private static final String PROMETHEUS_ENDPOINT = "prometheus";
+
+ @LocalServerPort
+ private int randomServerPort;
+
+ @BeforeEach
+ public void setUpPort() {
+ super.setHttpPrefix(randomServerPort);
+ }
+
+ @Test
+ void testGetHealth_Unauthorized() throws Exception {
+ assertUnauthorizedActGet(HEALTH_ENDPOINT);
+ }
+
+ @Test
+ void testGetMetrics_Unauthorized() throws Exception {
+ assertUnauthorizedActGet(METRICS_ENDPOINT);
+ }
+
+ @Test
+ void testGetPrometheus_Unauthorized() throws Exception {
+ assertUnauthorizedActGet(PROMETHEUS_ENDPOINT);
+ }
+
+ @Test
+ void testGetHealth() throws Exception {
+ Invocation.Builder invocationBuilder = super.sendActRequest(HEALTH_ENDPOINT);
+ Response rawresp = invocationBuilder.buildGet().invoke();
+ assertEquals(Response.Status.OK.getStatusCode(), rawresp.getStatus());
+ }
+
+ @Test
+ void testGetMetrics() throws Exception {
+ Invocation.Builder invocationBuilder = super.sendActRequest(METRICS_ENDPOINT);
+ Response rawresp = invocationBuilder.buildGet().invoke();
+ assertEquals(Response.Status.OK.getStatusCode(), rawresp.getStatus());
+ }
+
+ @Test
+ void testGePrometheus() throws Exception {
+ Invocation.Builder invocationBuilder = super.sendActRequest(PROMETHEUS_ENDPOINT);
+ Response rawresp = invocationBuilder.buildGet().invoke();
+ assertEquals(Response.Status.OK.getStatusCode(), rawresp.getStatus());
+ }
+
+}
diff --git a/participant/participant-impl/participant-impl-kubernetes/src/test/java/org/onap/policy/clamp/controlloop/participant/kubernetes/utils/CommonActuatorController.java b/participant/participant-impl/participant-impl-kubernetes/src/test/java/org/onap/policy/clamp/controlloop/participant/kubernetes/utils/CommonActuatorController.java
new file mode 100644
index 000000000..35ffbb5e9
--- /dev/null
+++ b/participant/participant-impl/participant-impl-kubernetes/src/test/java/org/onap/policy/clamp/controlloop/participant/kubernetes/utils/CommonActuatorController.java
@@ -0,0 +1,114 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2021 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.clamp.controlloop.participant.kubernetes.utils;
+
+import static org.junit.Assert.assertEquals;
+
+import javax.ws.rs.client.Client;
+import javax.ws.rs.client.ClientBuilder;
+import javax.ws.rs.client.Invocation;
+import javax.ws.rs.client.WebTarget;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import org.glassfish.jersey.client.ClientProperties;
+import org.glassfish.jersey.client.authentication.HttpAuthenticationFeature;
+import org.onap.policy.common.gson.GsonMessageBodyHandler;
+import org.onap.policy.common.utils.network.NetworkUtil;
+
+/**
+ * Class to perform Rest unit tests.
+ *
+ */
+public class CommonActuatorController {
+
+ public static final String SELF = NetworkUtil.getHostname();
+ public static final String CONTEXT_PATH = "onap/k8sparticipant";
+ public static final String ACTUATOR_ENDPOINT = CONTEXT_PATH + "/actuator/";
+
+ private static String httpPrefix;
+
+ /**
+ * Sends a request to an actuator endpoint.
+ *
+ * @param endpoint the target endpoint
+ * @return a request builder
+ * @throws Exception if an error occurs
+ */
+ protected Invocation.Builder sendActRequest(final String endpoint) throws Exception {
+ return sendFqeRequest(httpPrefix + ACTUATOR_ENDPOINT + endpoint, true);
+ }
+
+ /**
+ * Sends a request to an actuator endpoint, without any authorization header.
+ *
+ * @param endpoint the target endpoint
+ * @return a request builder
+ * @throws Exception if an error occurs
+ */
+ protected Invocation.Builder sendNoAuthActRequest(final String endpoint) throws Exception {
+ return sendFqeRequest(httpPrefix + ACTUATOR_ENDPOINT + endpoint, false);
+ }
+
+ /**
+ * Sends a request to a fully qualified endpoint.
+ *
+ * @param fullyQualifiedEndpoint the fully qualified target endpoint
+ * @param includeAuth if authorization header should be included
+ * @return a request builder
+ * @throws Exception if an error occurs
+ */
+ protected Invocation.Builder sendFqeRequest(final String fullyQualifiedEndpoint, boolean includeAuth)
+ throws Exception {
+ final Client client = ClientBuilder.newBuilder().build();
+
+ client.property(ClientProperties.METAINF_SERVICES_LOOKUP_DISABLE, "true");
+ client.register(GsonMessageBodyHandler.class);
+
+ if (includeAuth) {
+ client.register(HttpAuthenticationFeature.basic("participantUser", "zb!XztG34"));
+ }
+
+ final WebTarget webTarget = client.target(fullyQualifiedEndpoint);
+
+ return webTarget.request(MediaType.APPLICATION_JSON, MediaType.TEXT_PLAIN);
+ }
+
+ /**
+ * Assert that GET call to actuator endpoint is Unauthorized.
+ *
+ * @param endPoint the endpoint
+ * @throws Exception if an error occurs
+ */
+ protected void assertUnauthorizedActGet(final String endPoint) throws Exception {
+ Response rawresp = sendNoAuthActRequest(endPoint).buildGet().invoke();
+ assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), rawresp.getStatus());
+ }
+
+ /**
+ * Set Up httpPrefix.
+ *
+ * @param port the port
+ */
+ protected void setHttpPrefix(int port) {
+ httpPrefix = "http://" + SELF + ":" + port + "/";
+ }
+
+}
diff --git a/participant/participant-impl/participant-impl-kubernetes/src/test/resources/application_test.properties b/participant/participant-impl/participant-impl-kubernetes/src/test/resources/application_test.properties
index 5c61535a7..b5b209fd1 100644
--- a/participant/participant-impl/participant-impl-kubernetes/src/test/resources/application_test.properties
+++ b/participant/participant-impl/participant-impl-kubernetes/src/test/resources/application_test.properties
@@ -1,7 +1,7 @@
-spring.security.user.name=healthcheck
+spring.security.user.name=participantUser
spring.security.user.password=zb!XztG34
-server.servlet.context-path=/onap/participantsim
+server.servlet.context-path=/onap/k8sparticipant
server.error.path=/error
server.http-port=8083
@@ -21,3 +21,4 @@ participant.intermediaryParameters.clampControlLoopTopics.topicSources[0].fetchT
participant.intermediaryParameters.clampControlLoopTopics.topicSinks[0].topic=POLICY-CLRUNTIME-PARTICIPANT
participant.intermediaryParameters.clampControlLoopTopics.topicSinks[0].servers[0]=localhost
participant.intermediaryParameters.clampControlLoopTopics.topicSinks[0].topicCommInfrastructure=dmaap
+management.endpoints.web.exposure.include=health,metrics,prometheus
diff --git a/participant/participant-impl/participant-impl-policy/src/main/java/org/onap/policy/clamp/controlloop/participant/policy/config/SecurityConfig.java b/participant/participant-impl/participant-impl-policy/src/main/java/org/onap/policy/clamp/controlloop/participant/policy/config/SecurityConfig.java
new file mode 100644
index 000000000..4ee8c41b0
--- /dev/null
+++ b/participant/participant-impl/participant-impl-policy/src/main/java/org/onap/policy/clamp/controlloop/participant/policy/config/SecurityConfig.java
@@ -0,0 +1,45 @@
+/*-
+ * ========================LICENSE_START=================================
+ * Copyright (C) 2021 Nordix Foundation. All rights reserved.
+ * ======================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ========================LICENSE_END===================================
+ */
+
+package org.onap.policy.clamp.controlloop.participant.policy.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@Configuration
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+ @Value("${security.enable-csrf:true}")
+ private boolean csrfEnabled = true;
+
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ // @formatter:off
+ http.authorizeRequests()
+ .antMatchers().authenticated()
+ .anyRequest().authenticated()
+ .and().httpBasic();
+ // @formatter:on
+
+ if (!csrfEnabled) {
+ http.csrf().disable();
+ }
+ }
+}
diff --git a/participant/participant-impl/participant-impl-policy/src/main/resources/config/application.yaml b/participant/participant-impl/participant-impl-policy/src/main/resources/config/application.yaml
index 62f8920a4..5839aae66 100644
--- a/participant/participant-impl/participant-impl-policy/src/main/resources/config/application.yaml
+++ b/participant/participant-impl/participant-impl-policy/src/main/resources/config/application.yaml
@@ -1,5 +1,8 @@
-server:
- port: 8082
+spring:
+ security:
+ user:
+ name: participantUser
+ password: zb!XztG34
participant:
pdpGroup: defaultGroup
@@ -43,3 +46,12 @@ participant:
servers:
- ${topicServer:localhost}
topicCommInfrastructure: dmaap
+management:
+ endpoints:
+ web:
+ exposure:
+ include: health, metrics, prometheus
+server:
+ port: 8085
+ servlet:
+ context-path: /onap/policyparticipant
diff --git a/participant/participant-impl/participant-impl-policy/src/test/java/org/onap/policy/clamp/controlloop/participant/policy/main/rest/ActuatorControllerTest.java b/participant/participant-impl/participant-impl-policy/src/test/java/org/onap/policy/clamp/controlloop/participant/policy/main/rest/ActuatorControllerTest.java
new file mode 100644
index 000000000..9cc16e287
--- /dev/null
+++ b/participant/participant-impl/participant-impl-policy/src/test/java/org/onap/policy/clamp/controlloop/participant/policy/main/rest/ActuatorControllerTest.java
@@ -0,0 +1,92 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2021 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.clamp.controlloop.participant.policy.main.rest;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import javax.ws.rs.client.Invocation;
+import javax.ws.rs.core.Response;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.onap.policy.clamp.controlloop.participant.policy.main.utils.CommonActuatorController;
+import org.springframework.boot.test.autoconfigure.actuate.metrics.AutoConfigureMetrics;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+
+@AutoConfigureMetrics
+@ExtendWith(SpringExtension.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
+@TestPropertySource(locations = {"classpath:application_test.properties"})
+class ActuatorControllerTest extends CommonActuatorController {
+
+ private static final String HEALTH_ENDPOINT = "health";
+ private static final String METRICS_ENDPOINT = "metrics";
+ private static final String PROMETHEUS_ENDPOINT = "prometheus";
+
+ @LocalServerPort
+ private int randomServerPort;
+
+ @BeforeEach
+ public void setUpPort() {
+ super.setHttpPrefix(randomServerPort);
+ }
+
+ @Test
+ void testGetHealth_Unauthorized() throws Exception {
+ assertUnauthorizedActGet(HEALTH_ENDPOINT);
+ }
+
+ @Test
+ void testGetMetrics_Unauthorized() throws Exception {
+ assertUnauthorizedActGet(METRICS_ENDPOINT);
+ }
+
+ @Test
+ void testGetPrometheus_Unauthorized() throws Exception {
+ assertUnauthorizedActGet(PROMETHEUS_ENDPOINT);
+ }
+
+ @Test
+ void testGetHealth() throws Exception {
+ Invocation.Builder invocationBuilder = super.sendActRequest(HEALTH_ENDPOINT);
+ Response rawresp = invocationBuilder.buildGet().invoke();
+ assertEquals(Response.Status.OK.getStatusCode(), rawresp.getStatus());
+ }
+
+ @Test
+ void testGetMetrics() throws Exception {
+ Invocation.Builder invocationBuilder = super.sendActRequest(METRICS_ENDPOINT);
+ Response rawresp = invocationBuilder.buildGet().invoke();
+ assertEquals(Response.Status.OK.getStatusCode(), rawresp.getStatus());
+ }
+
+ @Test
+ void testGePrometheus() throws Exception {
+ Invocation.Builder invocationBuilder = super.sendActRequest(PROMETHEUS_ENDPOINT);
+ Response rawresp = invocationBuilder.buildGet().invoke();
+ assertEquals(Response.Status.OK.getStatusCode(), rawresp.getStatus());
+ }
+
+}
diff --git a/participant/participant-impl/participant-impl-policy/src/test/java/org/onap/policy/clamp/controlloop/participant/policy/main/utils/CommonActuatorController.java b/participant/participant-impl/participant-impl-policy/src/test/java/org/onap/policy/clamp/controlloop/participant/policy/main/utils/CommonActuatorController.java
new file mode 100644
index 000000000..ec6e30918
--- /dev/null
+++ b/participant/participant-impl/participant-impl-policy/src/test/java/org/onap/policy/clamp/controlloop/participant/policy/main/utils/CommonActuatorController.java
@@ -0,0 +1,114 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2021 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.clamp.controlloop.participant.policy.main.utils;
+
+import static org.junit.Assert.assertEquals;
+
+import javax.ws.rs.client.Client;
+import javax.ws.rs.client.ClientBuilder;
+import javax.ws.rs.client.Invocation;
+import javax.ws.rs.client.WebTarget;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import org.glassfish.jersey.client.ClientProperties;
+import org.glassfish.jersey.client.authentication.HttpAuthenticationFeature;
+import org.onap.policy.common.gson.GsonMessageBodyHandler;
+import org.onap.policy.common.utils.network.NetworkUtil;
+
+/**
+ * Class to perform Rest unit tests.
+ *
+ */
+public class CommonActuatorController {
+
+ public static final String SELF = NetworkUtil.getHostname();
+ public static final String CONTEXT_PATH = "onap/policyparticipant";
+ public static final String ACTUATOR_ENDPOINT = CONTEXT_PATH + "/actuator/";
+
+ private static String httpPrefix;
+
+ /**
+ * Sends a request to an actuator endpoint.
+ *
+ * @param endpoint the target endpoint
+ * @return a request builder
+ * @throws Exception if an error occurs
+ */
+ protected Invocation.Builder sendActRequest(final String endpoint) throws Exception {
+ return sendFqeRequest(httpPrefix + ACTUATOR_ENDPOINT + endpoint, true);
+ }
+
+ /**
+ * Sends a request to an actuator endpoint, without any authorization header.
+ *
+ * @param endpoint the target endpoint
+ * @return a request builder
+ * @throws Exception if an error occurs
+ */
+ protected Invocation.Builder sendNoAuthActRequest(final String endpoint) throws Exception {
+ return sendFqeRequest(httpPrefix + ACTUATOR_ENDPOINT + endpoint, false);
+ }
+
+ /**
+ * Sends a request to a fully qualified endpoint.
+ *
+ * @param fullyQualifiedEndpoint the fully qualified target endpoint
+ * @param includeAuth if authorization header should be included
+ * @return a request builder
+ * @throws Exception if an error occurs
+ */
+ protected Invocation.Builder sendFqeRequest(final String fullyQualifiedEndpoint, boolean includeAuth)
+ throws Exception {
+ final Client client = ClientBuilder.newBuilder().build();
+
+ client.property(ClientProperties.METAINF_SERVICES_LOOKUP_DISABLE, "true");
+ client.register(GsonMessageBodyHandler.class);
+
+ if (includeAuth) {
+ client.register(HttpAuthenticationFeature.basic("participantUser", "zb!XztG34"));
+ }
+
+ final WebTarget webTarget = client.target(fullyQualifiedEndpoint);
+
+ return webTarget.request(MediaType.APPLICATION_JSON, MediaType.TEXT_PLAIN);
+ }
+
+ /**
+ * Assert that GET call to actuator endpoint is Unauthorized.
+ *
+ * @param endPoint the endpoint
+ * @throws Exception if an error occurs
+ */
+ protected void assertUnauthorizedActGet(final String endPoint) throws Exception {
+ Response rawresp = sendNoAuthActRequest(endPoint).buildGet().invoke();
+ assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), rawresp.getStatus());
+ }
+
+ /**
+ * Set Up httpPrefix.
+ *
+ * @param port the port
+ */
+ protected void setHttpPrefix(int port) {
+ httpPrefix = "http://" + SELF + ":" + port + "/";
+ }
+
+}
diff --git a/participant/participant-impl/participant-impl-policy/src/test/resources/application_test.properties b/participant/participant-impl/participant-impl-policy/src/test/resources/application_test.properties
index 70d52b413..f857704d3 100644
--- a/participant/participant-impl/participant-impl-policy/src/test/resources/application_test.properties
+++ b/participant/participant-impl/participant-impl-policy/src/test/resources/application_test.properties
@@ -1,5 +1,8 @@
-server.servlet.context-path=/onap/participantsim
+spring.security.user.name=participantUser
+spring.security.user.password=zb!XztG34
+server.servlet.context-path=/onap/policyparticipant
server.error.path=/error
+server.http-port=8085
participant.policyApiParameters.clientName=api
participant.policyApiParameters.hostname=localhost
@@ -22,3 +25,4 @@ participant.intermediaryParameters.clampControlLoopTopics.topicSources[0].fetchT
participant.intermediaryParameters.clampControlLoopTopics.topicSinks[0].topic=POLICY-CLRUNTIME-PARTICIPANT
participant.intermediaryParameters.clampControlLoopTopics.topicSinks[0].servers[0]=localhost
participant.intermediaryParameters.clampControlLoopTopics.topicSinks[0].topicCommInfrastructure=dmaap
+management.endpoints.web.exposure.include=health,metrics,prometheus
diff --git a/participant/pom.xml b/participant/pom.xml
index 1134239cd..e679bb227 100644
--- a/participant/pom.xml
+++ b/participant/pom.xml
@@ -100,6 +100,17 @@
</exclusion>
</exclusions>
</dependency>
+ <!-- Actuator dependencies for participants added here to avoid http security conflicts in clamp/runtime -->
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-actuator</artifactId>
+ <version>${version.springboot}</version>
+ </dependency>
+ <dependency>
+ <groupId>io.micrometer</groupId>
+ <artifactId>micrometer-registry-prometheus</artifactId>
+ <version>${version.io.micrometer}</version>
+ </dependency>
</dependencies>
<build>