diff options
Diffstat (limited to 'policy-persistence/src/main/java/org/openecomp/policy/drools/core/RepositoryAudit.java')
-rw-r--r-- | policy-persistence/src/main/java/org/openecomp/policy/drools/core/RepositoryAudit.java | 524 |
1 files changed, 524 insertions, 0 deletions
diff --git a/policy-persistence/src/main/java/org/openecomp/policy/drools/core/RepositoryAudit.java b/policy-persistence/src/main/java/org/openecomp/policy/drools/core/RepositoryAudit.java new file mode 100644 index 00000000..86c672e2 --- /dev/null +++ b/policy-persistence/src/main/java/org/openecomp/policy/drools/core/RepositoryAudit.java @@ -0,0 +1,524 @@ +/*- + * ============LICENSE_START======================================================= + * policy-persistence + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.openecomp.policy.drools.core; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.nio.file.attribute.BasicFileAttributes; +import java.nio.file.Files; +import java.nio.file.FileVisitor; +import java.nio.file.FileVisitResult; +import java.nio.file.Path; +import java.nio.file.SimpleFileVisitor; +import java.util.LinkedList; +import java.util.Properties; +import java.util.concurrent.Callable; +import java.util.concurrent.TimeUnit; + +import org.openecomp.policy.common.logging.flexlogger.FlexLogger; +import org.openecomp.policy.common.logging.flexlogger.Logger; + + +/** + * This class audits the Maven repository + */ +public class RepositoryAudit extends DroolsPDPIntegrityMonitor.AuditBase +{ + private static final long DEFAULT_TIMEOUT = 60; // timeout in 60 seconds + + // get an instance of logger + private static Logger logger = FlexLogger.getLogger(RepositoryAudit.class); + // single global instance of this audit object + static private RepositoryAudit instance = new RepositoryAudit(); + + /** + * @return the single 'RepositoryAudit' instance + */ + static DroolsPDPIntegrityMonitor.AuditBase getInstance() + { + return(instance); + } + + /** + * Constructor - set the name to 'Repository' + */ + private RepositoryAudit() + { + super("Repository"); + } + + /** + * Invoke the audit + * + * @param properties properties to be passed to the audit + */ + @Override + public void invoke(Properties properties) + throws IOException, InterruptedException + { + logger.info("Running 'RepositoryAudit.invoke'"); + + boolean isActive = true; + String repoAuditIsActive = IntegrityMonitorProperties.getProperty("repository.audit.is.active"); + logger.debug("RepositoryAudit.invoke: repoAuditIsActive = " + repoAuditIsActive); + + if (repoAuditIsActive != null) { + try { + isActive = Boolean.parseBoolean(repoAuditIsActive.trim()); + } catch (NumberFormatException e) { + logger.warn("RepositoryAudit.invoke: Ignoring invalid property: repository.audit.is.active = " + repoAuditIsActive); + } + } + + if(!isActive){ + logger.info("RepositoryAudit.invoke: exiting because isActive = " + isActive); + return; + } + + // Fetch repository information from 'IntegrityMonitorProperties' + String repositoryId = + IntegrityMonitorProperties.getProperty("repository.audit.id"); + String repositoryUrl = + IntegrityMonitorProperties.getProperty("repository.audit.url"); + String repositoryUsername = + IntegrityMonitorProperties.getProperty("repository.audit.username"); + String repositoryPassword = + IntegrityMonitorProperties.getProperty("repository.audit.password"); + boolean upload = + (repositoryId != null && repositoryUrl != null + && repositoryUsername != null && repositoryPassword != null); + + // used to incrementally construct response as problems occur + // (empty = no problems) + StringBuilder response = new StringBuilder(); + + long timeoutInSeconds = DEFAULT_TIMEOUT; + String timeoutString = + IntegrityMonitorProperties.getProperty("repository.audit.timeout"); + if (timeoutString != null && !timeoutString.isEmpty()) + { + try + { + timeoutInSeconds = Long.valueOf(timeoutString); + } + catch (NumberFormatException e) + { + logger.error + ("RepositoryAudit: Invalid 'repository.audit.timeout' value: '" + + timeoutString + "'"); + response.append("Invalid 'repository.audit.timeout' value: '") + .append(timeoutString).append("'\n"); + setResponse(response.toString()); + } + } + + // artifacts to be downloaded + LinkedList<Artifact> artifacts = new LinkedList<Artifact>(); + + /* + * 1) create temporary directory + */ + Path dir = Files.createTempDirectory("auditRepo"); + logger.info("RepositoryAudit: temporary directory = " + dir); + + // nested 'pom.xml' file and 'repo' directory + Path pom = dir.resolve("pom.xml"); + Path repo = dir.resolve("repo"); + + /* + * 2) Create test file, and upload to repository + * (only if repository information is specified) + */ + String groupId = null; + String artifactId = null; + String version = null; + if (upload) + { + groupId = "org.openecomp.policy.audit"; + artifactId = "repository-audit"; + version = "0." + System.currentTimeMillis(); + + if (repositoryUrl.toLowerCase().contains("snapshot")) + { + // use SNAPSHOT version + version += "-SNAPSHOT"; + } + + // create text file to write + FileOutputStream fos = + new FileOutputStream(dir.resolve("repository-audit.txt").toFile()); + try + { + fos.write(version.getBytes()); + } + finally + { + fos.close(); + } + + // try to install file in repository + if (runProcess + (timeoutInSeconds, dir.toFile(), null, + "mvn", "deploy:deploy-file", + "-DrepositoryId=" + repositoryId, + "-Durl=" + repositoryUrl, + "-Dfile=repository-audit.txt", + "-DgroupId=" + groupId, + "-DartifactId=" + artifactId, + "-Dversion=" + version, + "-Dpackaging=txt", + "-DgeneratePom=false") != 0) + { + logger.error + ("RepositoryAudit: 'mvn deploy:deploy-file' failed"); + response.append("'mvn deploy:deploy-file' failed\n"); + setResponse(response.toString()); + } + else + { + logger.info + ("RepositoryAudit: 'mvn deploy:deploy-file succeeded"); + + // we also want to include this new artifact in the download + // test (steps 3 and 4) + artifacts.add(new Artifact(groupId, artifactId, version, "txt")); + } + } + + /* + * 3) create 'pom.xml' file in temporary directory + */ + artifacts.add(new Artifact("org.apache.maven/maven-embedder/3.2.2")); + + StringBuilder sb = new StringBuilder(); + sb.append + ("<project xmlns=\"http://maven.apache.org/POM/4.0.0\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n" + + " xsi:schemaLocation=\"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd\">\n" + + "\n" + + " <modelVersion>4.0.0</modelVersion>\n" + + " <groupId>empty</groupId>\n" + + " <artifactId>empty</artifactId>\n" + + " <version>1.0-SNAPSHOT</version>\n" + + " <packaging>pom</packaging>\n" + + "\n" + + " <build>\n" + + " <plugins>\n" + + " <plugin>\n" + + " <groupId>org.apache.maven.plugins</groupId>\n" + + " <artifactId>maven-dependency-plugin</artifactId>\n" + + " <version>2.10</version>\n" + + " <executions>\n" + + " <execution>\n" + + " <id>copy</id>\n" + + " <goals>\n" + + " <goal>copy</goal>\n" + + " </goals>\n" + + " <configuration>\n" + + " <localRepositoryDirectory>") + .append(repo) + .append("</localRepositoryDirectory>\n") + .append(" <artifactItems>\n"); + for (Artifact artifact : artifacts) + { + // each artifact results in an 'artifactItem' element + sb.append + (" <artifactItem>\n" + + " <groupId>") + .append(artifact.groupId) + .append + ("</groupId>\n" + + " <artifactId>") + .append(artifact.artifactId) + .append + ("</artifactId>\n" + + " <version>") + .append(artifact.version) + .append + ("</version>\n" + + " <type>") + .append(artifact.type) + .append + ("</type>\n" + + " </artifactItem>\n"); + } + sb.append + (" </artifactItems>\n" + + " </configuration>\n" + + " </execution>\n" + + " </executions>\n" + + " </plugin>\n" + + " </plugins>\n" + + " </build>\n" + + "</project>\n"); + FileOutputStream fos = new FileOutputStream(pom.toFile()); + try + { + fos.write(sb.toString().getBytes()); + } + finally + { + fos.close(); + } + + /* + * 4) Invoke external 'mvn' process to do the downloads + */ + + // output file = ${dir}/out (this supports step '4a') + File output = dir.resolve("out").toFile(); + + // invoke process, and wait for response + int rval = runProcess + (timeoutInSeconds, dir.toFile(), output, "mvn", "compile"); + logger.info("RepositoryAudit: 'mvn' return value = " + rval); + if (rval != 0) + { + logger.error + ("RepositoryAudit: 'mvn compile' invocation failed"); + response.append("'mvn compile' invocation failed\n"); + setResponse(response.toString()); + } + + /* + * 4a) Check attempted and successful downloads from output file + * Note: at present, this step just generates log messages, + * but doesn't do any verification. + */ + if (rval == 0) + { + // place output in 'fileContents' (replacing the Return characters + // with Newline) + byte[] outputData = new byte[(int)output.length()]; + FileInputStream fis = new FileInputStream(output); + fis.read(outputData); + String fileContents = new String(outputData).replace('\r','\n'); + fis.close(); + + // generate log messages from 'Downloading' and 'Downloaded' + // messages within the 'mvn' output + int index = 0; + while ((index = fileContents.indexOf("\nDown", index)) > 0) + { + index += 5; + if (fileContents.regionMatches(index, "loading: ", 0, 9)) + { + index += 9; + int endIndex = fileContents.indexOf('\n', index); + logger.info + ("RepositoryAudit: Attempted download: '" + + fileContents.substring(index, endIndex) + "'"); + index = endIndex; + } + else if (fileContents.regionMatches(index, "loaded: ", 0, 8)) + { + index += 8; + int endIndex = fileContents.indexOf(' ', index); + logger.info + ("RepositoryAudit: Successful download: '" + + fileContents.substring(index, endIndex) + "'"); + index = endIndex; + } + } + } + + /* + * 5) Check the contents of the directory to make sure the downloads + * were successful + */ + for (Artifact artifact : artifacts) + { + if (repo.resolve(artifact.groupId.replace('.','/')) + .resolve(artifact.artifactId) + .resolve(artifact.version) + .resolve(artifact.artifactId + "-" + artifact.version + "." + + artifact.type).toFile().exists()) + { + // artifact exists, as expected + logger.info("RepositoryAudit: " + + artifact.toString() + ": exists"); + } + else + { + // Audit ERROR: artifact download failed for some reason + logger.error("RepositoryAudit: " + + artifact.toString() + ": does not exist"); + response.append("Failed to download artifact: ") + .append(artifact).append('\n'); + setResponse(response.toString()); + } + } + + /* + * 6) Use 'curl' to delete the uploaded test file + * (only if repository information is specified) + */ + if (upload) + { + if (runProcess + (timeoutInSeconds, dir.toFile(), null, + "curl", + "--request", "DELETE", + "--user", repositoryUsername + ":" + repositoryPassword, + (repositoryUrl + "/" + groupId.replace('.', '/') + "/" + + artifactId + "/" + version)) + != 0) + { + logger.error + ("RepositoryAudit: delete of uploaded artifact failed"); + response.append("delete of uploaded artifact failed\n"); + setResponse(response.toString()); + } + else + { + logger.info + ("RepositoryAudit: delete of uploaded artifact succeeded"); + artifacts.add(new Artifact(groupId, artifactId, version, "txt")); + } + } + + /* + * 7) Remove the temporary directory + */ + Files.walkFileTree + (dir, + new SimpleFileVisitor<Path>() + { + public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) + { + // logger.info("RepositoryAudit: Delete " + file); + file.toFile().delete(); + return(FileVisitResult.CONTINUE); + } + + public FileVisitResult postVisitDirectory(Path file, IOException e) + throws IOException + { + if (e == null) + { + // logger.info("RepositoryAudit: Delete " + file); + file.toFile().delete(); + return(FileVisitResult.CONTINUE); + } + else + { + throw(e); + } + } + }); + } + + /** + * Run a process, and wait for the response + * + * @param timeoutInSeconds the number of seconds to wait for the + * process to terminate + * @param directory the execution directory of the process + * (null = current directory) + * @param stdout the file to contain the standard output + * (null = discard standard output) + * @param command command and arguments + * @return the return value of the process + * @throws IOException, InterruptedException + */ + static int runProcess(long timeoutInSeconds, + File directory, File stdout, String... command) + throws IOException, InterruptedException + { + ProcessBuilder pb = new ProcessBuilder(command); + if (directory != null) + { + pb.directory(directory); + } + if (stdout != null) + { + pb.redirectOutput(stdout); + } + + Process process = pb.start(); + if (process.waitFor(timeoutInSeconds, TimeUnit.SECONDS)) + { + // process terminated before the timeout + return(process.exitValue()); + } + + // process timed out -- kill it, and return -1 + process.destroyForcibly(); + return(-1); + } + + /* ============================================================ */ + + /** + * An instance of this class exists for each artifact that we are trying + * to download. + */ + static class Artifact + { + String groupId, artifactId, version, type; + + /** + * Constructor - populate the 'Artifact' instance + * + * @param groupId groupId of artifact + * @param artifactId artifactId of artifact + * @param version version of artifact + * @param type type of the artifact (e.g. "jar") + */ + Artifact(String groupId, String artifactId, String version, String type) + { + this.groupId = groupId; + this.artifactId = artifactId; + this.version = version; + this.type = type; + } + + /** + * Constructor - populate an 'Artifact' instance + * + * @param artifact a string of the form: + * "<groupId>/<artifactId>/<version>[/<type>]" + * @throws IllegalArgumentException if 'artifact' has the incorrect format + */ + Artifact(String artifact) + { + String[] segments = artifact.split("/"); + if (segments.length != 4 && segments.length != 3) + { + throw(new IllegalArgumentException("groupId/artifactId/version/type")); + } + groupId = segments[0]; + artifactId = segments[1]; + version = segments[2]; + type = (segments.length == 4 ? segments[3] : "jar"); + } + + /** + * @return the artifact id in the form: + * "<groupId>/<artifactId>/<version>/<type>" + */ + public String toString() + { + return(groupId + "/" + artifactId + "/" + version + "/" + type); + } + } +} |