diff options
-rw-r--r-- | catalog-be/src/main/java/org/openecomp/sdc/be/filters/ThreadLocalUtils.java | 39 | ||||
-rwxr-xr-x | catalog-be/src/main/resources/scripts/sdcBePy/users/data/users.json | 9 | ||||
-rw-r--r-- | catalog-be/src/test/resources/config/catalog-be/configuration.yaml | 2 | ||||
-rw-r--r-- | catalog-model/src/main/java/org/openecomp/sdc/be/model/operations/impl/UserAdminOperation.java | 23 | ||||
-rw-r--r-- | docs/configuration.rst | 6 | ||||
-rw-r--r-- | docs/index.rst | 1 | ||||
-rw-r--r-- | docs/spelling_wordlist.txt | 138 | ||||
-rw-r--r-- | docs/useradministration.rst | 67 |
8 files changed, 181 insertions, 104 deletions
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/filters/ThreadLocalUtils.java b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/ThreadLocalUtils.java index 42b0291c89..13abdd3546 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/filters/ThreadLocalUtils.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/ThreadLocalUtils.java @@ -25,10 +25,14 @@ import java.util.List; import java.util.Optional; import java.util.Set; import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.lang3.StringUtils; import org.onap.sdc.security.AuthenticationCookie; import org.onap.sdc.security.IUsersThreadLocalHolder; import org.onap.sdc.security.PortalClient; import org.onap.sdc.security.RestrictionAccessFilterException; +import org.openecomp.sdc.be.config.Configuration; +import org.openecomp.sdc.be.config.ConfigurationManager; import org.openecomp.sdc.be.model.User; import org.openecomp.sdc.be.user.UserBusinessLogic; import org.openecomp.sdc.common.api.Constants; @@ -41,15 +45,15 @@ public class ThreadLocalUtils implements IUsersThreadLocalHolder { private static final Logger log = Logger.getLogger(ThreadLocalUtils.class); @Autowired - PortalClient portalClient; + private PortalClient portalClient; @Autowired - UserBusinessLogic userBusinessLogic; + private UserBusinessLogic userBusinessLogic; @Override public void setUserContext(AuthenticationCookie authenticationCookie) { UserContext userContext; userContext = new UserContext(authenticationCookie.getUserID(), authenticationCookie.getRoles(), authenticationCookie.getFirstName(), - authenticationCookie.getLastName()); + authenticationCookie.getLastName()); ThreadLocalsHolder.setUserContext(userContext); } @@ -59,7 +63,7 @@ public class ThreadLocalUtils implements IUsersThreadLocalHolder { Set<String> roles = null; try { final Optional<String> userRolesFromPortalOptional = portalClient.fetchUserRolesFromPortal(userId); - if (userRolesFromPortalOptional.isPresent()){ + if (userRolesFromPortalOptional.isPresent()) { roles = new HashSet<>(List.of(userRolesFromPortalOptional.get())); } } catch (RestrictionAccessFilterException e) { @@ -74,17 +78,28 @@ public class ThreadLocalUtils implements IUsersThreadLocalHolder { } protected void setUserContextFromDB(HttpServletRequest httpRequest) { - String user_id = httpRequest.getHeader(Constants.USER_ID_HEADER); - //there are some internal request that have no user_id header e.g. healthcheck - if (user_id != null) { - updateUserContext(user_id); - } else { - log.debug("user_id value in req header is null, userContext will not be initialized"); + String userId = httpRequest.getHeader(Constants.USER_ID_HEADER); + final Configuration.BasicAuthConfig basicAuthConf = ConfigurationManager.getConfigurationManager().getConfiguration().getBasicAuth(); + if (StringUtils.isBlank(userId)) { + final String excludedUrls = basicAuthConf.getExcludedUrls(); + //there are some internal request that have no user_id header e.g. healthcheck + if (StringUtils.isBlank(excludedUrls) || !checkForExclusion(excludedUrls, httpRequest.getPathInfo())) { + log.info("UserId is empty"); + userId = "cs0008"; + } else { + log.debug("user_id value in req header is null, userContext will not be initialized"); + return; + } } + updateUserContext(userId); + } + + private boolean checkForExclusion(final String excludedUrls, final String pathInfo) { + return Arrays.stream(excludedUrls.split(";")).anyMatch(s -> s.endsWith(pathInfo)); } - private void updateUserContext(String user_id) { - User user = userBusinessLogic.getUser(user_id, false); + private void updateUserContext(String userId) { + User user = userBusinessLogic.getUser(userId, false); Set<String> roles = new HashSet<>(Arrays.asList(user.getRole())); UserContext userContext = new UserContext(user.getUserId(), roles, user.getFirstName(), user.getLastName()); ThreadLocalsHolder.setUserContext(userContext); diff --git a/catalog-be/src/main/resources/scripts/sdcBePy/users/data/users.json b/catalog-be/src/main/resources/scripts/sdcBePy/users/data/users.json index ed3adafe66..0c9b556acf 100755 --- a/catalog-be/src/main/resources/scripts/sdcBePy/users/data/users.json +++ b/catalog-be/src/main/resources/scripts/sdcBePy/users/data/users.json @@ -7,13 +7,6 @@ "email": "demo@openecomp.org" }, { - "userId": "gv0001", - "firstName": "Giuseppe", - "lastName": "Verdi", - "role": "GOVERNOR", - "email": "gv0001@openecomp.org" - }, - { "userId": "jh0003", "firstName": "Jimmy", "lastName": "Hendrix", @@ -34,4 +27,4 @@ "role": "DESIGNER", "email": "cs0008r@openecomp.org" } -]
\ No newline at end of file +] diff --git a/catalog-be/src/test/resources/config/catalog-be/configuration.yaml b/catalog-be/src/test/resources/config/catalog-be/configuration.yaml index 94e5dd5761..282c4d32f0 100644 --- a/catalog-be/src/test/resources/config/catalog-be/configuration.yaml +++ b/catalog-be/src/test/resources/config/catalog-be/configuration.yaml @@ -86,7 +86,7 @@ basicAuth: enabled: false userName: test userPass: test - excludedUrls: + excludedUrls: '/test1' cassandraConfig: cassandraHosts: ['localhost'] diff --git a/catalog-model/src/main/java/org/openecomp/sdc/be/model/operations/impl/UserAdminOperation.java b/catalog-model/src/main/java/org/openecomp/sdc/be/model/operations/impl/UserAdminOperation.java index 64bc923857..1552aa3faa 100644 --- a/catalog-model/src/main/java/org/openecomp/sdc/be/model/operations/impl/UserAdminOperation.java +++ b/catalog-model/src/main/java/org/openecomp/sdc/be/model/operations/impl/UserAdminOperation.java @@ -21,14 +21,16 @@ package org.openecomp.sdc.be.model.operations.impl; import static org.apache.commons.collections.CollectionUtils.isEmpty; -import fj.data.Either; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; import javax.validation.constraints.NotNull; + +import fj.data.Either; import org.apache.commons.lang3.BooleanUtils; +import org.apache.commons.lang3.StringUtils; import org.apache.tinkerpop.gremlin.structure.Direction; import org.apache.tinkerpop.gremlin.structure.Edge; import org.apache.tinkerpop.gremlin.structure.Vertex; @@ -119,14 +121,13 @@ public class UserAdminOperation { } private void validateUserExists(Wrapper<Either<User, ActionStatus>> resultWrapper, Wrapper<UserData> userWrapper, String id) { - if (id == null) { - log.info("User userId is empty"); - resultWrapper.setInnerElement(Either.right(ActionStatus.MISSING_USER_ID)); - return; + if (StringUtils.isBlank(id)) { + log.warn("User userId is empty"); + id = "cs0008"; } id = id.toLowerCase(); Either<UserData, JanusGraphOperationStatus> either = janusGraphGenericDao - .getNode(UniqueIdBuilder.getKeyByNodeType(NodeTypeEnum.User), id, UserData.class); + .getNode(UniqueIdBuilder.getKeyByNodeType(NodeTypeEnum.User), id, UserData.class); if (either.isRight()) { resultWrapper.setInnerElement(getUserNotFoundError(id, either.right().value())); } else { @@ -187,7 +188,7 @@ public class UserAdminOperation { public Either<User, ActionStatus> deleteUserData(String id) { Either<User, ActionStatus> result; Either<UserData, JanusGraphOperationStatus> eitherGet = janusGraphGenericDao - .getNode(UniqueIdBuilder.getKeyByNodeType(NodeTypeEnum.User), id, UserData.class); + .getNode(UniqueIdBuilder.getKeyByNodeType(NodeTypeEnum.User), id, UserData.class); if (eitherGet.isRight()) { log.debug("Problem while retriving user with userId {}", id); if (eitherGet.right().value() == JanusGraphOperationStatus.NOT_FOUND) { @@ -247,13 +248,13 @@ public class UserAdminOperation { public @NotNull List<Edge> getUserPendingTasksList(User user, List<Object> states) { JanusGraphVertex userVertex = janusGraphGenericDao.getVertexByProperty(UniqueIdBuilder.getKeyByNodeType(NodeTypeEnum.User), user.getUserId()) - .left().on(this::handleJanusGraphError); + .left().on(this::handleJanusGraphError); List<Edge> pendingTasks = new ArrayList<>(); for (Object state : states) { Map<String, Object> property = new HashMap<>(); property.put(GraphPropertiesDictionary.STATE.getProperty(), state); List<Edge> edges = janusGraphGenericDao.getOutgoingEdgesByCriteria(userVertex, GraphEdgeLabels.STATE, property).left() - .on(this::handleJanusGraphError); + .on(this::handleJanusGraphError); for (Edge edge : edges) { Vertex vertex = edge.inVertex(); if (!isComponentDeleted(vertex)) { @@ -301,7 +302,7 @@ public class UserAdminOperation { Object componentName = edge.inVertex().property(GraphPropertyEnum.NAME.getProperty()).value(); Object componentState = edge.inVertex().property(GraphPropertyEnum.STATE.getProperty()).value(); log.debug("The user userId = {} is working on the component name = {} uid = {} in state {}", user.getUserId(), componentName, - resourceUuid, componentState); + resourceUuid, componentState); } } } @@ -316,7 +317,7 @@ public class UserAdminOperation { propertiesToMatch.put(GraphPropertiesDictionary.USER_STATUS.getProperty(), status); } Either<List<UserData>, JanusGraphOperationStatus> userNodes = janusGraphGenericDao - .getByCriteria(NodeTypeEnum.User, propertiesToMatch, UserData.class); + .getByCriteria(NodeTypeEnum.User, propertiesToMatch, UserData.class); janusGraphGenericDao.commit(); return convertToUsers(role, userNodes); } finally { diff --git a/docs/configuration.rst b/docs/configuration.rst index 5de8edebdd..480aeadd8b 100644 --- a/docs/configuration.rst +++ b/docs/configuration.rst @@ -1292,9 +1292,6 @@ FE-configuration.yaml - &HTTP_IV_USER HTTP_IV_USER - &iv-user iv-user - - - &USER_ID USER_ID - - &user-id user-id - - - &HTTP_CSP_ATTUID HTTP_CSP_ATTUID - &csp-attuid csp-attuid - @@ -1315,6 +1312,9 @@ FE-configuration.yaml - - &HTTP_CSP_EMAIL HTTP_CSP_EMAIL - &csp-email csp-email + - + - &USER_ID USER_ID + - &user-id user-id # Frontend configuration version version: 1.0 diff --git a/docs/index.rst b/docs/index.rst index 14a21503a8..d129a8203a 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -25,3 +25,4 @@ SDC Documentation dcaedesigner.rst workflow.rst sdc-helm-validator.rst + useradministration.rst diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt index 14ef4585da..475573def3 100644 --- a/docs/spelling_wordlist.txt +++ b/docs/spelling_wordlist.txt @@ -1,83 +1,83 @@ -Kohn -init -json -Backend -Catalog -yaml -janusgraph -Onboarding -externaltesting -vnfrepo -Frontend -onboarding -onapapi -vnfsdk -PackageResource -csars -csar -vtp -testsuites -testSuiteName -testcases -testCaseName -sdc -cassandra -Externalized -onboarded -subprojects -openecomp +adapters api -webapp -impl -xml -src +artifact +Artifact +artifactArtifact +artifacts +async backend +Backend +boolean +cassandra catalog -frontend -validator -trift -async -http -vm -feproxy -Guilin -Pluggable -onap -stderrout -logback +Catalog config -fe -artifactArtifact +Cryptographic +csar +csars +Deployable +env Env -artifact -artifacts -lifecycle -serviceresource -url -VNF ENV -MURANO -boolean -env -uniqueId -Artifact -req +Externalized +externaltesting +fe +feproxy forcap +frontend +Frontend +Guilin +http +impl +init innerType -adapters -runtime -xNF +isLinted +isStrictLinted +janusgraph +json +jtosca +Kohn +lifecycle +logback mano -tgz +MURANO +onap +onapapi +onboarded +onboarding +Onboarding +openecomp +PackageResource +Pluggable pnfd -Cryptographic pre -vFW readme -Deployable +req +runtime +sdc +serviceresource +src +stderrout +subprojects +testCaseName +testcases +testSuiteName +testsuites +tgz +tosca +trift +uniqueId +url +validator versionDesired +vFW +vm +VNF +vnfrepo +vnfsdk +vtp vX -isLinted -isStrictLinted -tosca -jtosca +webapp +xml +xNF +yaml diff --git a/docs/useradministration.rst b/docs/useradministration.rst new file mode 100644 index 0000000000..f32f9dd8c6 --- /dev/null +++ b/docs/useradministration.rst @@ -0,0 +1,67 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. Copyright 2023 Nordix + +.. _useradministration: + +=================== +User Administration +=================== + +.. contents:: + :depth: 3 +.. + +Initial User Creation +--------------------- + +During initial install following users are created: + +:: + + { + { + "userId": "demo", + "firstName": "demo", + "lastName": "demo", + "role": "ADMIN", + "email": "demo@openecomp.org" + }, + { + "userId": "jh0003", + "firstName": "Jimmy", + "lastName": "Hendrix", + "role": "Admin", + "email": "jh0003@openecomp.org" + }, + { + "userId": "jm0007", + "firstName": "Joni", + "lastName": "Mitchell", + "role": "TESTER", + "email": "jm0007@openecomp.org" + }, + { + "userId": "cs0008", + "firstName": "Carlos", + "lastName": "Santana", + "role": "DESIGNER", + "email": "cs0008r@openecomp.org" + } + } + +Default User +------------ + +By default, SDC UI is launched with default user 'cs0008'. To override see section :ref:`Using Cookies to set User <using_cookies>`. + + +Using Cookies to set User +------------------------- +.. _using_cookies: + +The default user can be overridden by setting the following cookie in your browser or API call: + +:: + + USER_ID:<any existed user (created by initial install or by Administrator)> |