diff options
Diffstat (limited to 'adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter')
10 files changed, 108 insertions, 7 deletions
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/pom.xml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/pom.xml index 09c28f93f1..e2dd64d0f4 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/pom.xml +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/pom.xml @@ -58,6 +58,24 @@ </configuration> </plugin> </plugins> + <resources> + <resource> + <directory>src/main/resources</directory> + <filtering>true</filtering> + <excludes> + <exclude>**/*.p12</exclude> + <exclude>**/*.jks</exclude> + </excludes> + </resource> + <resource> + <directory>src/main/resources</directory> + <filtering>false</filtering> + <includes> + <include>**/*.p12</include> + <include>**/*.jks</include> + </includes> + </resource> + </resources> </build> <dependencies> <dependency> diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/SdcPackageProvider.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/SdcPackageProvider.java index 57d6615d66..735e1f9d42 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/SdcPackageProvider.java +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/SdcPackageProvider.java @@ -49,6 +49,7 @@ import java.util.NoSuchElementException; import java.util.Set; import java.util.zip.ZipEntry; import java.util.zip.ZipInputStream; +import javax.net.ssl.SSLContext; import org.apache.commons.codec.binary.Base64; import org.apache.http.HttpEntity; import org.apache.http.client.methods.CloseableHttpResponse; @@ -133,7 +134,7 @@ public class SdcPackageProvider { private byte[] getPackage(final String csarId) { final String SERVICE_NAME = "vnfm-adapter"; - try (CloseableHttpClient client = HttpClients.createDefault()) { + try (CloseableHttpClient client = HttpClients.custom().setSSLContext(SSLContext.getDefault()).build()) { final HttpGet httpget = new HttpGet(format(GET_PACKAGE_URL, baseUrl, csarId)); httpget.setHeader(ACCEPT, APPLICATION_OCTET_STREAM_VALUE); httpget.setHeader("X-ECOMP-InstanceID", SERVICE_NAME); diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/aai/AaiServiceProviderImpl.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/aai/AaiServiceProviderImpl.java index 1fa62efa25..019a08af78 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/aai/AaiServiceProviderImpl.java +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/aai/AaiServiceProviderImpl.java @@ -28,6 +28,7 @@ import org.onap.aai.domain.yang.GenericVnfs; import org.onap.aai.domain.yang.Vserver; import org.onap.so.client.aai.AAIObjectType; import org.onap.so.client.aai.entities.uri.AAIUriFactory; +import org.onap.so.client.graphinventory.entities.uri.Depth; import org.onap.vnfmadapter.v1.model.Tenant; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -58,8 +59,8 @@ public class AaiServiceProviderImpl implements AaiServiceProvider { @Override public GenericVnfs invokeQueryGenericVnf(final String selfLink) { return aaiClientProvider.getAaiClient() - .get(GenericVnfs.class, AAIUriFactory.createResourceUri(AAIObjectType.GENERIC_VNFS) - .queryParam("selflink", selfLink.replaceAll("https", "http"))) + .get(GenericVnfs.class, + AAIUriFactory.createResourceUri(AAIObjectType.GENERIC_VNFS).queryParam("selflink", selfLink)) .orElseGet(() -> { logger.debug("No vnf found in AAI with selflink: {}", selfLink); return null; @@ -78,7 +79,8 @@ public class AaiServiceProviderImpl implements AaiServiceProvider { @Override public EsrVnfm invokeGetVnfm(final String vnfmId) { return aaiClientProvider.getAaiClient() - .get(EsrVnfm.class, AAIUriFactory.createResourceUri(AAIObjectType.VNFM, vnfmId)).orElseGet(() -> { + .get(EsrVnfm.class, AAIUriFactory.createResourceUri(AAIObjectType.VNFM, vnfmId).depth(Depth.ONE)) + .orElseGet(() -> { logger.debug("VNFM not found in AAI"); return null; }); diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java index 2aee1c06e3..ab631837db 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java @@ -22,16 +22,34 @@ package org.onap.so.adapters.vnfmadapter.extclients.vnfm; import static org.onap.so.client.RestTemplateConfig.CONFIGURABLE_REST_TEMPLATE; import com.google.gson.Gson; +import java.io.IOException; +import java.security.KeyManagementException; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; import java.util.Iterator; +import java.util.ListIterator; +import javax.net.ssl.SSLContext; +import org.apache.http.client.HttpClient; +import org.apache.http.conn.ssl.SSLConnectionSocketFactory; +import org.apache.http.impl.client.HttpClients; +import org.apache.http.ssl.SSLContextBuilder; import org.onap.so.adapters.vnfmadapter.extclients.vnfm.lcn.JSON; import org.onap.so.configuration.rest.BasicHttpHeadersProvider; import org.onap.so.configuration.rest.HttpHeadersProvider; +import org.onap.so.logging.jaxrs.filter.SpringClientFilter; import org.onap.so.rest.service.HttpRestServiceProvider; import org.onap.so.rest.service.HttpRestServiceProviderImpl; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.core.io.Resource; +import org.springframework.http.client.ClientHttpRequestInterceptor; +import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.http.converter.HttpMessageConverter; import org.springframework.http.converter.json.GsonHttpMessageConverter; import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; @@ -43,6 +61,13 @@ import org.springframework.web.client.RestTemplate; @Configuration public class VnfmServiceProviderConfiguration { + private static final Logger logger = LoggerFactory.getLogger(VnfmServiceProviderConfiguration.class); + + @Value("${http.client.ssl.trust-store:#{null}}") + private Resource keyStore; + @Value("${http.client.ssl.trust-store-password:#{null}}") + private String keyStorePassword; + @Bean(name = "vnfmServiceProvider") public HttpRestServiceProvider httpRestServiceProvider( @Qualifier(CONFIGURABLE_REST_TEMPLATE) @Autowired final RestTemplate restTemplate) { @@ -52,6 +77,10 @@ public class VnfmServiceProviderConfiguration { private HttpRestServiceProvider getHttpRestServiceProvider(final RestTemplate restTemplate, final HttpHeadersProvider httpHeadersProvider) { setGsonMessageConverter(restTemplate); + if (keyStore != null) { + setTrustStore(restTemplate); + } + removeSpringClientFilter(restTemplate); return new HttpRestServiceProviderImpl(restTemplate, httpHeadersProvider); } @@ -66,4 +95,30 @@ public class VnfmServiceProviderConfiguration { restTemplate.getMessageConverters().add(new GsonHttpMessageConverter(gson)); } + private void setTrustStore(final RestTemplate restTemplate) { + SSLContext sslContext; + try { + sslContext = new SSLContextBuilder().loadTrustMaterial(keyStore.getURL(), keyStorePassword.toCharArray()) + .build(); + logger.info("Setting truststore: {}", keyStore.getURL()); + final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext); + final HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build(); + final HttpComponentsClientHttpRequestFactory factory = + new HttpComponentsClientHttpRequestFactory(httpClient); + restTemplate.setRequestFactory(factory); + } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException + | IOException exception) { + logger.error("Error reading truststore, TLS connection to VNFM will fail.", exception); + } + } + + private void removeSpringClientFilter(final RestTemplate restTemplate) { + ListIterator<ClientHttpRequestInterceptor> interceptorIterator = restTemplate.getInterceptors().listIterator(); + while (interceptorIterator.hasNext()) { + if (interceptorIterator.next() instanceof SpringClientFilter) { + interceptorIterator.remove(); + } + } + } + } diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderImpl.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderImpl.java index 0b5b09ae39..c470008d08 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderImpl.java +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderImpl.java @@ -54,7 +54,7 @@ public class VnfmServiceProviderImpl implements VnfmServiceProvider { @Override public Optional<InlineResponse201> getVnf(final String vnfSelfLink) { - return httpServiceProvider.get(vnfSelfLink.replaceAll("https", "http"), InlineResponse201.class); + return httpServiceProvider.get(vnfSelfLink, InlineResponse201.class); } @Override diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/lifecycle/LifecycleManager.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/lifecycle/LifecycleManager.java index a4f7d3206d..fa2fa30b4a 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/lifecycle/LifecycleManager.java +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/lifecycle/LifecycleManager.java @@ -114,7 +114,7 @@ public class LifecycleManager { private String getSelfLink(final InlineResponse201 vnfmResponse, final EsrVnfm vnfm) { if (vnfmResponse.getLinks() != null && vnfmResponse.getLinks().getSelf() != null && vnfmResponse.getLinks().getSelf().getHref() != null) { - return vnfmResponse.getLinks().getSelf().getHref().replaceAll("https", "http"); + return vnfmResponse.getLinks().getSelf().getHref(); } return vnfm.getEsrSystemInfoList().getEsrSystemInfo().iterator().next().getServiceUrl() + "/vnf_instances/" + vnfmResponse.getId(); diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml index 951d4a3bb9..4434d2edd9 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml @@ -23,11 +23,22 @@ spring: http: converters: preferred-json-mapper: gson + +http: + client: + ssl: + trust-store: classpath:org.onap.so.trust.jks + trust-store-password: ',sx#.C*W)]wVgJC6ccFHI#:H' server: port: 9092 tomcat: max-threads: 50 + ssl: + key-alias: so@so.onap.org + key--store-password: 'ywsqCy:EEo#j}HJHM7z^Rk[L' + key-store: classpath:so-vnfm-adapter.p12 + key-store-type: PKCS12 mso: key: 07a7159d3bf51a0e53be7a8f89699be7 @@ -44,7 +55,7 @@ sdc: endpoint: http://sdc.onap/1234A vnfmadapter: - endpoint: http://so-vnfm-adapter.onap:9092 + endpoint: https://so-vnfm-adapter.onap:9092 #Actuator management: diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/org.onap.so.trust.jks b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/org.onap.so.trust.jks Binary files differnew file mode 100644 index 0000000000..1f0d8a550a --- /dev/null +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/org.onap.so.trust.jks diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12 b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12 Binary files differnew file mode 100644 index 0000000000..ae4fddc684 --- /dev/null +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/so-vnfm-adapter.p12 diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application-test.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml index 3afc542a1b..8cf8b51b9f 100644 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application-test.yaml +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml @@ -38,3 +38,17 @@ sdc: vnfmadapter: endpoint: https://so-vnfm-adapter.onap:30406 + +#Actuator +management: + endpoints: + web: + base-path: /manage + exposure: + include: "*" + metrics: + se-global-registry: false + export: + prometheus: + enabled: true # Whether exporting of metrics to Prometheus is enabled. + step: 1m # Step size (i.e. reporting frequency) to use. |