diff options
Diffstat (limited to 'catalog-be/src/main/java/org/openecomp/sdc/be/servlets')
3 files changed, 88 insertions, 24 deletions
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ElementServlet.java b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ElementServlet.java index 5e4085cf33..578319208c 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ElementServlet.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ElementServlet.java @@ -33,6 +33,8 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; +import java.util.stream.Collectors; import javax.inject.Inject; import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest; @@ -79,9 +81,10 @@ import org.openecomp.sdc.be.ui.model.UiCategories; import org.openecomp.sdc.be.user.UserBusinessLogic; import org.openecomp.sdc.common.api.Constants; import org.openecomp.sdc.common.log.wrappers.Logger; +import org.openecomp.sdc.common.util.Multitenancy; import org.openecomp.sdc.exception.ResponseFormat; import org.springframework.stereotype.Controller; - +import org.keycloak.representations.AccessToken; @Path("/v1/") /** * @@ -522,8 +525,23 @@ public class ElementServlet extends BeGenericServlet { log.debug("failed to get followed resources services "); return buildErrorResponse(followedResourcesServices.right().value()); } - Object data = RepresentationUtils.toRepresentation(followedResourcesServices.left().value()); - return buildOkResponse(getComponentsUtils().getResponseFormat(ActionStatus.OK), data); + Multitenancy keyaccess= new Multitenancy(); + if (keyaccess.multiTenancyCheck()) { + AccessToken.Access realmAccess = keyaccess.getAccessToken(request).getRealmAccess(); + Set<String> realmroles = realmAccess.getRoles(); + Map<String, List<? extends Component>> dataResponse = new HashMap<>(); + followedResourcesServices.left().value().entrySet().stream() + .forEach(component->{component.setValue(component.getValue().stream().filter(cm->realmroles.stream() + .anyMatch(role->cm.getTenant().equals(role))).collect(Collectors.toList())); + dataResponse.put(component.getKey(), component.getValue()); + }); + Object data = RepresentationUtils.toRepresentation(dataResponse); + return buildOkResponse(getComponentsUtils().getResponseFormat(ActionStatus.OK), data); + } + else{ + Object data = RepresentationUtils.toRepresentation(followedResourcesServices.left().value()); + return buildOkResponse(getComponentsUtils().getResponseFormat(ActionStatus.OK), data); + } } catch (Exception e) { BeEcompErrorManager.getInstance().logBeRestApiGeneralError("Get Followed Resources / Services Categories"); log.debug("Getting followed resources/services failed with exception", e); diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ResourcesServlet.java b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ResourcesServlet.java index d84e40c3d8..08f26fff4a 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ResourcesServlet.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ResourcesServlet.java @@ -35,6 +35,7 @@ import java.io.File; import java.io.IOException; import java.util.List; import java.util.Map; +import java.util.Set; import javax.inject.Inject; import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest; @@ -56,6 +57,7 @@ import org.glassfish.jersey.media.multipart.FormDataContentDisposition; import org.glassfish.jersey.media.multipart.FormDataParam; import org.json.JSONException; import org.json.JSONObject; +import org.keycloak.representations.AccessToken; import org.openecomp.sdc.be.components.impl.ComponentInstanceBusinessLogic; import org.openecomp.sdc.be.components.impl.CsarValidationUtils; import org.openecomp.sdc.be.components.impl.ImportUtils; @@ -87,6 +89,7 @@ import org.openecomp.sdc.common.log.wrappers.Logger; import org.openecomp.sdc.common.util.ValidationUtils; import org.openecomp.sdc.common.zip.exception.ZipException; import org.openecomp.sdc.exception.ResponseFormat; +import org.openecomp.sdc.common.util.Multitenancy; import org.springframework.stereotype.Controller; @Loggable(prepend = true, value = Loggable.DEBUG, trim = false) @@ -115,11 +118,12 @@ public class ResourcesServlet extends AbstractValidationsServlet { @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @Operation(description = "Create Resource", method = "POST", summary = "Returns created resource", responses = { - @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Resource.class)))), - @ApiResponse(responseCode = "201", description = "Resource created"), - @ApiResponse(responseCode = "403", description = "Restricted operation"), - @ApiResponse(responseCode = "400", description = "Invalid content / Missing content"), - @ApiResponse(responseCode = "409", description = "Resource already exist")}) + @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Resource.class)))), + @ApiResponse(responseCode = "201", description = "Resource created"), + @ApiResponse(responseCode = "403", description = "Restricted operation"), + @ApiResponse(responseCode = "400", description = "Invalid content / Missing content"), + @ApiResponse(responseCode = "409", description = "Resource already exist"), + @ApiResponse(responseCode = "401", description = "Unauthorized Tenant")}) @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE) public Response createResource(@Parameter(description = "Resource object to be created", required = true) String data, @Context final HttpServletRequest request, @HeaderParam(value = Constants.USER_ID_HEADER) String userId) @@ -148,14 +152,33 @@ public class ResourcesServlet extends AbstractValidationsServlet { response = buildErrorResponse(convertResponse.right().value()); return response; } + Multitenancy keyaccess = new Multitenancy(); Resource resource = convertResponse.left().value(); - Resource createdResource = resourceBusinessLogic.createResource(resource, AuditingActionEnum.CREATE_RESOURCE, modifier, null, null); - Object representation = RepresentationUtils.toRepresentation(createdResource); - response = buildOkResponse(getComponentsUtils().getResponseFormat(ActionStatus.CREATED), representation); - responseWrapper.setInnerElement(response); - loggerSupportability - .log(LoggerSupportabilityActions.CREATE_RESOURCE, resource.getComponentMetadataForSupportLog(), StatusCode.COMPLETE, - "Resource successfully created user {}", userId); + if (keyaccess.multiTenancyCheck()) + { + AccessToken.Access realmAccess = keyaccess.getAccessToken(request).getRealmAccess(); + Set<String> realmroles = realmAccess.getRoles(); + boolean match = realmroles.contains(resource.getTenant()); + if (match) { + Resource createdResource = resourceBusinessLogic.createResource(resource, AuditingActionEnum.CREATE_RESOURCE, modifier, null, null); + Object representation = RepresentationUtils.toRepresentation(createdResource); + response = buildOkResponse(getComponentsUtils().getResponseFormat(ActionStatus.CREATED), representation); + responseWrapper.setInnerElement(response); + loggerSupportability + .log(LoggerSupportabilityActions.CREATE_RESOURCE, resource.getComponentMetadataForSupportLog(), StatusCode.COMPLETE, + "Resource successfully created user {}", userId); + } else { + return Response.status(401, "Unauthorized Tenant").build(); + } + } else { + Resource createdResource = resourceBusinessLogic.createResource(resource, AuditingActionEnum.CREATE_RESOURCE, modifier, null, null); + Object representation = RepresentationUtils.toRepresentation(createdResource); + response = buildOkResponse(getComponentsUtils().getResponseFormat(ActionStatus.CREATED), representation); + responseWrapper.setInnerElement(response); + loggerSupportability + .log(LoggerSupportabilityActions.CREATE_RESOURCE, resource.getComponentMetadataForSupportLog(), StatusCode.COMPLETE, + "Resource successfully created user {}", userId); + } } return responseWrapper.getInnerElement(); } catch (final IOException | ZipException e) { diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ServiceServlet.java b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ServiceServlet.java index fcac7dce35..3c2b72be2a 100644 --- a/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ServiceServlet.java +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/servlets/ServiceServlet.java @@ -41,6 +41,7 @@ import java.lang.reflect.Type; import java.util.ArrayList; import java.util.List; import java.util.Map; +import java.util.Set; import javax.inject.Inject; import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest; @@ -92,10 +93,11 @@ import org.openecomp.sdc.common.log.elements.LoggerSupportability; import org.openecomp.sdc.common.log.enums.LoggerSupportabilityActions; import org.openecomp.sdc.common.log.enums.StatusCode; import org.openecomp.sdc.common.log.wrappers.Logger; +import org.openecomp.sdc.common.util.Multitenancy; import org.openecomp.sdc.common.zip.exception.ZipException; import org.openecomp.sdc.exception.ResponseFormat; import org.springframework.stereotype.Controller; - +import org.keycloak.representations.AccessToken; @Loggable(prepend = true, value = Loggable.DEBUG, trim = false) @Path("/v1/catalog") @Server(url = "/sdc2/rest") @@ -127,7 +129,8 @@ public class ServiceServlet extends AbstractValidationsServlet { @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Service.class)))), @ApiResponse(responseCode = "201", description = "Service created"), @ApiResponse(responseCode = "403", description = "Restricted operation"), @ApiResponse(responseCode = "400", description = "Invalid content / Missing content"), - @ApiResponse(responseCode = "409", description = "Service already exist")}) + @ApiResponse(responseCode = "409", description = "Service already exist"), + @ApiResponse(responseCode = "401", description = "Unauthorized Tenant")}) @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE) public Response createService(@Parameter(description = "Service object to be created", required = true) String data, @Context final HttpServletRequest request, @HeaderParam(value = Constants.USER_ID_HEADER) String userId) { @@ -141,15 +144,35 @@ public class ServiceServlet extends AbstractValidationsServlet { if (convertResponse.isRight()) { throw new ByResponseFormatComponentException(convertResponse.right().value()); } + Multitenancy keyaccess = new Multitenancy(); Service service = convertResponse.left().value(); - Either<Service, ResponseFormat> actionResponse = serviceBusinessLogic.createService(service, modifier); - if (actionResponse.isRight()) { - log.debug("Failed to create service"); - throw new ByResponseFormatComponentException(actionResponse.right().value()); + if (keyaccess.multiTenancyCheck()) { + AccessToken.Access realmAccess = keyaccess.getAccessToken(request).getRealmAccess(); + Set<String> realmroles = realmAccess.getRoles(); + boolean match = realmroles.contains(service.getTenant()); + if (match) { + Either<Service, ResponseFormat> actionResponse = serviceBusinessLogic.createService(service, modifier); + if (actionResponse.isRight()) { + log.debug("Failed to create service"); + throw new ByResponseFormatComponentException(actionResponse.right().value()); + } + loggerSupportability.log(LoggerSupportabilityActions.CREATE_SERVICE, service.getComponentMetadataForSupportLog(), StatusCode.COMPLETE, + "Service {} has been created by user {} ", service.getName(), userId); + return buildOkResponse(getComponentsUtils().getResponseFormat(ActionStatus.CREATED), actionResponse.left().value()); + } else { + log.debug("Unauthorized Tenant"); + return Response.status(401, "Unauthorized Tenant").build(); + } + } else { + Either<Service, ResponseFormat> actionResponse = serviceBusinessLogic.createService(service, modifier); + if (actionResponse.isRight()) { + log.debug("Failed to create service"); + throw new ByResponseFormatComponentException(actionResponse.right().value()); + } + loggerSupportability.log(LoggerSupportabilityActions.CREATE_SERVICE, service.getComponentMetadataForSupportLog(), StatusCode.COMPLETE, + "Service {} has been created by user {} ", service.getName(), userId); + return buildOkResponse(getComponentsUtils().getResponseFormat(ActionStatus.CREATED), actionResponse.left().value()); } - loggerSupportability.log(LoggerSupportabilityActions.CREATE_SERVICE, service.getComponentMetadataForSupportLog(), StatusCode.COMPLETE, - "Service {} has been created by user {} ", service.getName(), userId); - return buildOkResponse(getComponentsUtils().getResponseFormat(ActionStatus.CREATED), actionResponse.left().value()); } public Either<Service, ResponseFormat> parseToService(String serviceJson, User user) { |