From 288ee60da14e8d50ce9628c5dc6225f0475295f4 Mon Sep 17 00:00:00 2001 From: efiacor Date: Tue, 18 Apr 2023 10:50:00 +0100 Subject: [SDC-DISTRO-CLIENT] Add truststore config Signed-off-by: efiacor Change-Id: Ie22aa2d78ebb2e0265a6d307ffd12a1656ca60d7 Issue-ID: SDC-4476 --- .../test/core/config/DistributionClientConfig.java | 24 ++++++++------- .../org/onap/sdc/api/consumer/IConfiguration.java | 18 ++++++++++++ .../main/java/org/onap/sdc/impl/Configuration.java | 24 ++++++++++++++- .../org/onap/sdc/utils/kafka/SdcKafkaConsumer.java | 1 + .../java/org/onap/sdc/http/HttpAsdcClientTest.java | 4 +-- .../org/onap/sdc/impl/DistributionClientTest.java | 12 ++------ .../java/org/onap/sdc/utils/TestConfiguration.java | 34 ++++++++-------------- 7 files changed, 72 insertions(+), 45 deletions(-) diff --git a/sdc-distribution-ci/src/main/java/org/onap/test/core/config/DistributionClientConfig.java b/sdc-distribution-ci/src/main/java/org/onap/test/core/config/DistributionClientConfig.java index 3f002a3..f229216 100644 --- a/sdc-distribution-ci/src/main/java/org/onap/test/core/config/DistributionClientConfig.java +++ b/sdc-distribution-ci/src/main/java/org/onap/test/core/config/DistributionClientConfig.java @@ -33,15 +33,12 @@ public class DistributionClientConfig implements IConfiguration { public static final String DEFAULT_PASSWORD = "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U"; public static final int DEFAULT_POLLING_INTERVAL = 20; public static final int DEFAULT_POLLING_TIMEOUT = 20; - public static final String DEFAULT_STATUS_TOPIC = "STATUS-TOPIC"; - public static final String DEFAULT_NOTIF_TOPIC = "NOTIF-TOPIC"; public static final String DEFAULT_USER = "dcae"; public static final String DEFAULT_KEY_STORE_PATH = "etc/sdc-client.jks"; public static final String DEFAULT_KEY_STORE_PASSWORD = "Aa123456"; public static final boolean DEFAULT_ACTIVATE_SERVER_TLS_AUTH = false; public static final boolean DEFAULT_IS_FILTER_IN_EMPTY_RESOURCES = true; public static final boolean DEFAULT_USE_HTTPS_WITH_SDC = false; - public static final String DEFAULT_MSG_BUS_ADDRESS = "localhost:9092"; private String sdcAddress; private String user; private String password; @@ -53,12 +50,11 @@ public class DistributionClientConfig implements IConfiguration { private String comsumerID; private String keyStorePath; private String keyStorePassword; + private final String trustStorePath; + private final String trustStorePassword; private boolean activateServerTLSAuth; private boolean isFilterInEmptyResources; private boolean useHttpsWithSDC; - private List msgBusAddress; - private String sdcStatusTopicName; - private String sdcNotificationTopicName; private String kafkaSecurityProtocolConfig; private String kafkaSaslMechanism; private String kafkaSaslJaasConfig; @@ -70,8 +66,6 @@ public class DistributionClientConfig implements IConfiguration { public DistributionClientConfig() { this.sdcAddress = DEFAULT_SDC_ADDRESS; - this.sdcStatusTopicName = DEFAULT_STATUS_TOPIC; - this.sdcNotificationTopicName = DEFAULT_NOTIF_TOPIC; this.comsumerID = DEFAULT_COMSUMER_ID; this.consumerGroup = DEFAULT_CONSUMER_GROUP; this.environmentName = DEFAULT_ENVIRONMENT_NAME; @@ -83,11 +77,11 @@ public class DistributionClientConfig implements IConfiguration { this.user = DEFAULT_USER; this.keyStorePath = DEFAULT_KEY_STORE_PATH; this.keyStorePassword = DEFAULT_KEY_STORE_PASSWORD; + this.trustStorePath = DEFAULT_KEY_STORE_PATH; + this.trustStorePassword = DEFAULT_KEY_STORE_PASSWORD; this.activateServerTLSAuth = DEFAULT_ACTIVATE_SERVER_TLS_AUTH; this.isFilterInEmptyResources = DEFAULT_IS_FILTER_IN_EMPTY_RESOURCES; this.useHttpsWithSDC = DEFAULT_USE_HTTPS_WITH_SDC; - this.msgBusAddress = new ArrayList<>(); - this.msgBusAddress.add(DEFAULT_MSG_BUS_ADDRESS); } @Override @@ -145,6 +139,16 @@ public class DistributionClientConfig implements IConfiguration { return keyStorePassword; } + @Override + public String getTrustStorePath() { + return trustStorePath; + } + + @Override + public String getTrustStorePassword() { + return trustStorePassword; + } + public String getComsumerID() { return comsumerID; } diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/api/consumer/IConfiguration.java b/sdc-distribution-client/src/main/java/org/onap/sdc/api/consumer/IConfiguration.java index a8ce1c7..be2a4cd 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/api/consumer/IConfiguration.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/api/consumer/IConfiguration.java @@ -172,6 +172,24 @@ public interface IConfiguration { */ String getKeyStorePassword(); + /** + * Return full path to TrustStore. + * + * @return Trust store path + */ + default String getTrustStorePath() { + return System.getenv().getOrDefault("TRUSTSTORE_PATH", "/var/run/secrets/truststore.jks"); + } + + /** + * Return the password for the TrustStore Key Store + * + * @return TrustStore password + */ + default String getTrustStorePassword(){ + return System.getenv().getOrDefault("TRUSTSTORE_PASSWORD", "changeit"); + } + /** * Sets whether SDC server TLS authentication is activated. If set to false, Key * Store path and password are not needed to be set. diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java index dd67656..add4185 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/impl/Configuration.java @@ -45,6 +45,8 @@ public class Configuration implements IConfiguration { private String comsumerID; private String keyStorePath; private String keyStorePassword; + private String trustStorePath; + private String trustStorePassword; private boolean activateServerTLSAuth; private final boolean filterInEmptyResources; private Boolean useHttpsWithSDC; @@ -72,6 +74,8 @@ public class Configuration implements IConfiguration { this.useHttpsWithSDC = other.isUseHttpsWithSDC(); this.keyStorePath = other.getKeyStorePath(); this.keyStorePassword = other.getKeyStorePassword(); + this.trustStorePath = other.getTrustStorePath(); + this.trustStorePassword = other.getTrustStorePassword(); this.activateServerTLSAuth = other.activateServerTLSAuth(); this.filterInEmptyResources = other.isFilterInEmptyResources(); this.httpProxyHost = other.getHttpProxyHost(); @@ -113,6 +117,16 @@ public class Configuration implements IConfiguration { return kafkaConsumerSessionTimeout; } + @Override + public String getTrustStorePath() { + return trustStorePath; + } + + @Override + public String getTrustStorePassword() { + return trustStorePassword; + } + @Override public Boolean isUseHttpsWithSDC() { return useHttpsWithSDC; @@ -271,6 +285,14 @@ public class Configuration implements IConfiguration { this.keyStorePassword = keyStorePassword; } + public void setTrustStorePath(String trustStorePath) { + this.trustStorePath = trustStorePath; + } + + public void setTrustStorePassword(String trustStorePassword) { + this.trustStorePassword = trustStorePassword; + } + public void setactivateServerTLSAuth(boolean activateServerTLSAuth) { this.activateServerTLSAuth = activateServerTLSAuth; } @@ -321,7 +343,7 @@ public class Configuration implements IConfiguration { + ", environmentName=" + environmentName + ", comsumerID=" + comsumerID + ", keyStorePath=" + keyStorePath - + ", keyStorePassword=" + keyStorePassword + + ", trustStorePath=" + trustStorePath + ", activateServerTLSAuth=" + activateServerTLSAuth + ", filterInEmptyResources=" + filterInEmptyResources + ", consumeProduceStatusTopic=" + consumeProduceStatusTopic diff --git a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaConsumer.java b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaConsumer.java index f87b7aa..982ba5d 100644 --- a/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaConsumer.java +++ b/sdc-distribution-client/src/main/java/org/onap/sdc/utils/kafka/SdcKafkaConsumer.java @@ -32,6 +32,7 @@ import org.apache.kafka.clients.consumer.ConsumerRecord; import org.apache.kafka.clients.consumer.ConsumerRecords; import org.apache.kafka.clients.consumer.KafkaConsumer; import org.apache.kafka.common.config.SaslConfigs; +import org.apache.kafka.common.config.SslConfigs; import org.apache.kafka.common.errors.InvalidGroupIdException; import org.onap.sdc.impl.Configuration; import org.slf4j.Logger; diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/http/HttpAsdcClientTest.java b/sdc-distribution-client/src/test/java/org/onap/sdc/http/HttpAsdcClientTest.java index 6193e4c..57a6623 100644 --- a/sdc-distribution-client/src/test/java/org/onap/sdc/http/HttpAsdcClientTest.java +++ b/sdc-distribution-client/src/test/java/org/onap/sdc/http/HttpAsdcClientTest.java @@ -65,7 +65,7 @@ class HttpSdcClientTest { void shouldCreateInitializedHttpClient() { // given TestConfiguration configuration = new TestConfiguration(); - configuration.setUseHttpsWithSDC(false); + configuration.setUseHttpsWithSDC(true); // when final HttpRequestFactory httpRequestFactory = new HttpRequestFactory( @@ -78,7 +78,7 @@ class HttpSdcClientTest { // then assertNotNull(httpSdcClient); - assertEquals(HttpClientFactory.HTTP, httpSdcClient.getHttpSchema()); + assertEquals(HttpClientFactory.HTTPS, httpSdcClient.getHttpSchema()); } @Test diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/impl/DistributionClientTest.java b/sdc-distribution-client/src/test/java/org/onap/sdc/impl/DistributionClientTest.java index 7354c6c..2037345 100644 --- a/sdc-distribution-client/src/test/java/org/onap/sdc/impl/DistributionClientTest.java +++ b/sdc-distribution-client/src/test/java/org/onap/sdc/impl/DistributionClientTest.java @@ -29,24 +29,16 @@ import static org.mockito.Mockito.doReturn; import static org.mockito.Mockito.mock; import fj.data.Either; -import java.io.IOException; import java.util.ArrayList; -import java.util.Arrays; import java.util.List; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.Assertions; -import org.junitpioneer.jupiter.SetEnvironmentVariable; import org.mockito.Mockito; -import org.onap.sdc.api.IDistributionClient; import org.onap.sdc.api.consumer.IConfiguration; -import org.onap.sdc.api.notification.IArtifactInfo; import org.onap.sdc.api.notification.IVfModuleMetadata; import org.onap.sdc.api.results.IDistributionClientResult; -import org.onap.sdc.http.HttpSdcClient; import org.onap.sdc.http.SdcConnectorClient; import org.onap.sdc.utils.ArtifactTypeEnum; -import org.onap.sdc.utils.ArtifactsUtils; import org.onap.sdc.utils.DistributionActionResultEnum; import org.onap.sdc.utils.Pair; import org.onap.sdc.utils.TestConfiguration; @@ -159,11 +151,11 @@ class DistributionClientTest { // no consumerId TestConfiguration testConsumerId = new TestConfiguration(); - testConsumerId.setComsumerID(null); + testConsumerId.setConsumerID(null); validationResult = client.init(testConsumerId, new TestNotificationCallback()); assertEquals(DistributionActionResultEnum.CONF_MISSING_CONSUMER_ID, validationResult.getDistributionActionResult()); - testConsumerId.setComsumerID(""); + testConsumerId.setConsumerID(""); validationResult = client.init(testConsumerId, new TestNotificationCallback()); assertEquals(DistributionActionResultEnum.CONF_MISSING_CONSUMER_ID, validationResult.getDistributionActionResult()); diff --git a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/TestConfiguration.java b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/TestConfiguration.java index 529124e..a132cd0 100644 --- a/sdc-distribution-client/src/test/java/org/onap/sdc/utils/TestConfiguration.java +++ b/sdc-distribution-client/src/test/java/org/onap/sdc/utils/TestConfiguration.java @@ -34,7 +34,7 @@ public class TestConfiguration implements IConfiguration { private List relevantArtifactTypes; private String consumerGroup; private String environmentName; - private String comsumerID; + private String consumerID; private final String kafkaSecurityProtocolConfig; private final String kafkaSaslMechanism; private final String kafkaSaslJaasConfig; @@ -45,7 +45,6 @@ public class TestConfiguration implements IConfiguration { private boolean activateServerTLSAuth; private boolean isFilterInEmptyResources; private boolean useHttpsWithSDC; - private List msgBusAddress; private String httpProxyHost; private int httpProxyPort; private String httpsProxyHost; @@ -56,7 +55,7 @@ public class TestConfiguration implements IConfiguration { public TestConfiguration() { this.sdcAddress = "localhost:8443"; - this.comsumerID = "mso-123456"; + this.consumerID = "mso-123456"; this.consumerGroup = "mso-group"; this.environmentName = "PROD"; this.password = "password"; @@ -69,13 +68,9 @@ public class TestConfiguration implements IConfiguration { this.user = "mso-user"; this.keyStorePath = "etc/sdc-client.jks"; this.keyStorePassword = "Aa123456"; - this.activateServerTLSAuth = false; + this.activateServerTLSAuth = true; this.isFilterInEmptyResources = false; this.useHttpsWithSDC = true; - msgBusAddress = new ArrayList<>(); - msgBusAddress.add("kafka-bootstrap1:9092"); - msgBusAddress.add("kafka-bootstrap2:9092"); - msgBusAddress.add("kafka-bootstrap3:9092"); this.kafkaSecurityProtocolConfig = "SASL_PLAINTEXT"; this.kafkaSaslMechanism = "PLAIN"; this.kafkaSaslJaasConfig = "org.apache.kafka.common.security.scram.ScramLoginModule required username=admin password=admin-secret;"; @@ -150,11 +145,6 @@ public class TestConfiguration implements IConfiguration { return environmentName; } - @Override - public String getConsumerID() { - return comsumerID; - } - @Override public String getKeyStorePath() { return keyStorePath; @@ -165,8 +155,8 @@ public class TestConfiguration implements IConfiguration { return keyStorePassword; } - public String getComsumerID() { - return comsumerID; + public String getConsumerID() { + return consumerID; } @Override @@ -194,8 +184,8 @@ public class TestConfiguration implements IConfiguration { return useSystemProxy; } - public void setComsumerID(String comsumerID) { - this.comsumerID = comsumerID; + public void setConsumerID(String consumerID) { + this.consumerID = consumerID; } public void setSdcAddress(String sdcAddress) { @@ -263,7 +253,7 @@ public class TestConfiguration implements IConfiguration { final int prime = 31; int result = 1; result = prime * result + ((sdcAddress == null) ? 0 : sdcAddress.hashCode()); - result = prime * result + ((comsumerID == null) ? 0 : comsumerID.hashCode()); + result = prime * result + ((consumerID == null) ? 0 : consumerID.hashCode()); result = prime * result + ((consumerGroup == null) ? 0 : consumerGroup.hashCode()); result = prime * result + ((environmentName == null) ? 0 : environmentName.hashCode()); result = prime * result + ((password == null) ? 0 : password.hashCode()); @@ -298,10 +288,10 @@ public class TestConfiguration implements IConfiguration { return false; } else if (!sdcAddress.equals(other.sdcAddress)) return false; - if (comsumerID == null) { - if (other.comsumerID != null) + if (consumerID == null) { + if (other.consumerID != null) return false; - } else if (!comsumerID.equals(other.comsumerID)) + } else if (!consumerID.equals(other.consumerID)) return false; if (consumerGroup == null) { if (other.consumerGroup != null) @@ -348,7 +338,7 @@ public class TestConfiguration implements IConfiguration { return "TestConfiguration [sdcAddress=" + sdcAddress + ", user=" + user + ", password=" + password + ", pollingInterval=" + pollingInterval + ", pollingTimeout=" + pollingTimeout + ", relevantArtifactTypes=" + relevantArtifactTypes + ", consumerGroup=" + consumerGroup - + ", environmentName=" + environmentName + ", comsumerID=" + comsumerID + "]"; + + ", environmentName=" + environmentName + ", comsumerID=" + consumerID + "]"; } @Override -- cgit 1.2.3-korg