aboutsummaryrefslogtreecommitdiffstats
path: root/adapters
diff options
context:
space:
mode:
Diffstat (limited to 'adapters')
-rw-r--r--adapters/mso-catalog-db-adapter/src/main/java/db/migration/R__CloudConfigMigration.java30
-rw-r--r--adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/audit/AuditStackService.java31
-rw-r--r--adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterAsyncImpl.java8
-rw-r--r--adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterImpl.java17
-rw-r--r--adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/NetworkAdapterRest.java17
-rw-r--r--adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfCloudifyAdapterImpl.java2
-rw-r--r--adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfPluginAdapterImpl.java2
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt128
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java14
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmHelper.java2
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java39
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/VnfmAdapterControllerTest.java2
12 files changed, 218 insertions, 74 deletions
diff --git a/adapters/mso-catalog-db-adapter/src/main/java/db/migration/R__CloudConfigMigration.java b/adapters/mso-catalog-db-adapter/src/main/java/db/migration/R__CloudConfigMigration.java
index 469a7ad7e4..354c3d07f7 100644
--- a/adapters/mso-catalog-db-adapter/src/main/java/db/migration/R__CloudConfigMigration.java
+++ b/adapters/mso-catalog-db-adapter/src/main/java/db/migration/R__CloudConfigMigration.java
@@ -9,9 +9,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -67,35 +67,35 @@ public class R__CloudConfigMigration implements JdbcMigration, MigrationInfoProv
public void migrate(Connection connection) throws Exception {
logger.debug("Starting migration for CloudConfig");
- CloudConfig cloudConfig = null;
+ CloudConfig cloudConfiguration = null;
// Try the override file
String configLocation = System.getProperty("spring.config.additional-location");
if (configLocation != null) {
try (InputStream stream = new FileInputStream(Paths.get(configLocation).normalize().toString())) {
- cloudConfig = loadCloudConfig(stream);
+ cloudConfiguration = loadCloudConfig(stream);
} catch (Exception e) {
logger.warn("Error Loading override.yaml", e);
}
}
- if (cloudConfig == null) {
+ if (cloudConfiguration == null) {
logger.debug("No CloudConfig defined in {}", configLocation);
// Try the application.yaml file
try (InputStream stream = R__CloudConfigMigration.class.getResourceAsStream(getApplicationYamlName())) {
- cloudConfig = loadCloudConfig(stream);
+ cloudConfiguration = loadCloudConfig(stream);
}
- if (cloudConfig == null) {
+ if (cloudConfiguration == null) {
logger.debug("No CloudConfig defined in {}", getApplicationYamlName());
}
}
- if (cloudConfig != null) {
- migrateCloudIdentity(cloudConfig.getIdentityServices().values(), connection);
- migrateCloudSite(cloudConfig.getCloudSites().values(), connection);
- migrateCloudifyManagers(cloudConfig.getCloudifyManagers().values(), connection);
+ if (cloudConfiguration != null) {
+ migrateCloudIdentity(cloudConfiguration.getIdentityServices().values(), connection);
+ migrateCloudSite(cloudConfiguration.getCloudSites().values(), connection);
+ migrateCloudifyManagers(cloudConfiguration.getCloudifyManagers().values(), connection);
}
}
@@ -110,13 +110,13 @@ public class R__CloudConfigMigration implements JdbcMigration, MigrationInfoProv
private CloudConfig loadCloudConfig(InputStream stream) throws IOException {
ObjectMapper mapper = new ObjectMapper(new YAMLFactory());
R__CloudConfigMigration cloudConfigMigration = mapper.readValue(stream, R__CloudConfigMigration.class);
- CloudConfig cloudConfig = cloudConfigMigration.getCloudConfig();
+ CloudConfig cloudConfiguration = cloudConfigMigration.getCloudConfig();
- if (cloudConfig != null) {
- cloudConfig.populateId();
+ if (cloudConfiguration != null) {
+ cloudConfiguration.populateId();
}
- return cloudConfig;
+ return cloudConfiguration;
}
private String getApplicationYamlName() {
diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/audit/AuditStackService.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/audit/AuditStackService.java
index 999d27335b..6a42456715 100644
--- a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/audit/AuditStackService.java
+++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/audit/AuditStackService.java
@@ -40,6 +40,10 @@ public class AuditStackService {
private static final Logger logger = LoggerFactory.getLogger(AuditStackService.class);
+ private static final String DEFAULT_AUDIT_LOCK_TIME = "60000";
+
+ private static final String DEFAULT_MAX_CLIENTS_FOR_TOPIC = "10";
+
@Autowired
public Environment env;
@@ -53,41 +57,40 @@ public class AuditStackService {
private AuditQueryStackService auditQueryStack;
@PostConstruct
- public void auditAddAAIInventory() throws Exception {
+ public void auditAddAAIInventory() {
for (int i = 0; i < getMaxClients(); i++) {
ExternalTaskClient client = createExternalTaskClient();
client.subscribe("InventoryAddAudit")
- .lockDuration(Long.parseLong(env.getProperty("mso.audit.lock-time", "60000")))
+ .lockDuration(Long.parseLong(env.getProperty("mso.audit.lock-time", DEFAULT_AUDIT_LOCK_TIME)))
.handler(auditCreateStack::executeExternalTask).open();
}
}
@PostConstruct
- public void auditDeleteAAIInventory() throws Exception {
+ public void auditDeleteAAIInventory() {
for (int i = 0; i < getMaxClients(); i++) {
ExternalTaskClient client = createExternalTaskClient();
client.subscribe("InventoryDeleteAudit")
- .lockDuration(Long.parseLong(env.getProperty("mso.audit.lock-time", "60000")))
+ .lockDuration(Long.parseLong(env.getProperty("mso.audit.lock-time", DEFAULT_AUDIT_LOCK_TIME)))
.handler(auditDeleteStack::executeExternalTask).open();
}
}
@PostConstruct
- public void auditQueryInventory() throws Exception {
+ public void auditQueryInventory() {
for (int i = 0; i < getMaxClients(); i++) {
ExternalTaskClient client = createExternalTaskClient();
client.subscribe("InventoryQueryAudit")
- .lockDuration(Long.parseLong(env.getProperty("mso.audit.lock-time", "60000")))
+ .lockDuration(Long.parseLong(env.getProperty("mso.audit.lock-time", DEFAULT_AUDIT_LOCK_TIME)))
.handler(auditQueryStack::executeExternalTask).open();
}
}
- protected ExternalTaskClient createExternalTaskClient() throws Exception {
+ protected ExternalTaskClient createExternalTaskClient() {
ClientRequestInterceptor interceptor = createClientRequestInterceptor();
- ExternalTaskClient client = ExternalTaskClient.create()
- .baseUrl(env.getRequiredProperty("mso.workflow.endpoint")).maxTasks(1).addInterceptor(interceptor)
- .asyncResponseTimeout(120000).backoffStrategy(new ExponentialBackoffStrategy(0, 0, 0)).build();
- return client;
+ return ExternalTaskClient.create().baseUrl(env.getRequiredProperty("mso.workflow.endpoint")).maxTasks(1)
+ .addInterceptor(interceptor).asyncResponseTimeout(120000)
+ .backoffStrategy(new ExponentialBackoffStrategy(0, 0, 0)).build();
}
protected ClientRequestInterceptor createClientRequestInterceptor() {
@@ -97,13 +100,11 @@ public class AuditStackService {
} catch (IllegalStateException | GeneralSecurityException e) {
logger.error("Error Decrypting Password", e);
}
- ClientRequestInterceptor interceptor =
- new BasicAuthProvider(env.getRequiredProperty("mso.config.cadi.aafId"), auth);
- return interceptor;
+ return new BasicAuthProvider(env.getRequiredProperty("mso.config.cadi.aafId"), auth);
}
protected int getMaxClients() {
- return Integer.parseInt(env.getProperty("workflow.topics.maxClients", "10"));
+ return Integer.parseInt(env.getProperty("workflow.topics.maxClients", DEFAULT_MAX_CLIENTS_FOR_TOPIC));
}
diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterAsyncImpl.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterAsyncImpl.java
index a9af3683f5..e95e9a3a83 100644
--- a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterAsyncImpl.java
+++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterAsyncImpl.java
@@ -11,9 +11,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -370,8 +370,8 @@ public class MsoNetworkAdapterAsyncImpl implements MsoNetworkAdapterAsync {
NetworkAdapterNotify notifyPort = getNotifyEP(notificationUrl);
notifyPort.deleteNetworkNotification(messageId, false, exCat, eMsg, null);
} catch (Exception e1) {
- logger.error("{} {} Error sending createNetwork notification {} ",
- MessageEnum.RA_CREATE_NETWORK_NOTIF_EXC, ErrorCode.DataError.getValue(), e1.getMessage(), e1);
+ logger.error(CREATE_NETWORK_ERROR_LOGMSG, MessageEnum.RA_CREATE_NETWORK_NOTIF_EXC,
+ ErrorCode.DataError.getValue(), e1.getMessage(), e1);
}
return;
diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterImpl.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterImpl.java
index c934291246..4c115271f0 100644
--- a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterImpl.java
+++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/MsoNetworkAdapterImpl.java
@@ -90,6 +90,7 @@ public class MsoNetworkAdapterImpl implements MsoNetworkAdapter {
private static final String NETWORK_FQDN = "network_fqdn";
private static final String CREATE_NETWORK_CONTEXT = "CreateNetwork";
private static final String NEUTRON_MODE = "NEUTRON";
+ private static final String CLOUD_OWNER = "CloudOwner";
private static final Logger logger = LoggerFactory.getLogger(MsoNetworkAdapterImpl.class);
@@ -310,7 +311,7 @@ public class MsoNetworkAdapterImpl implements MsoNetworkAdapter {
StackInfo heatStack = null;
long queryNetworkStarttime = System.currentTimeMillis();
try {
- heatStack = heat.queryStack(cloudSiteId, "CloudOwner", tenantId, networkName);
+ heatStack = heat.queryStack(cloudSiteId, CLOUD_OWNER, tenantId, networkName);
} catch (MsoException me) {
me.addContext(CREATE_NETWORK_CONTEXT);
logger.error("{} {} Create Network (heat): query network {} in {}/{}: ",
@@ -424,7 +425,7 @@ public class MsoNetworkAdapterImpl implements MsoNetworkAdapter {
try {
if (backout == null)
backout = true;
- heatStack = heat.createStack(cloudSiteId, "CloudOwner", tenantId, networkName, null, template,
+ heatStack = heat.createStack(cloudSiteId, CLOUD_OWNER, tenantId, networkName, null, template,
stackParams, true, heatTemplate.getTimeoutMinutes(), null, null, null, backout.booleanValue());
} catch (MsoException me) {
me.addContext(CREATE_NETWORK_CONTEXT);
@@ -607,7 +608,7 @@ public class MsoNetworkAdapterImpl implements MsoNetworkAdapter {
StackInfo heatStack = null;
long queryStackStarttime = System.currentTimeMillis();
try {
- heatStack = heat.queryStack(cloudSiteId, "CloudOwner", tenantId, networkName);
+ heatStack = heat.queryStack(cloudSiteId, CLOUD_OWNER, tenantId, networkName);
} catch (MsoException me) {
me.addContext(UPDATE_NETWORK_CONTEXT);
logger.error("{} {} Exception - QueryStack query {} in {}/{} ", MessageEnum.RA_QUERY_NETWORK_EXC,
@@ -727,7 +728,7 @@ public class MsoNetworkAdapterImpl implements MsoNetworkAdapter {
// Ignore MsoStackNotFound exception because we already checked.
long updateStackStarttime = System.currentTimeMillis();
try {
- heatStack = heatWithUpdate.updateStack(cloudSiteId, "CloudOwner", tenantId, networkId, template,
+ heatStack = heatWithUpdate.updateStack(cloudSiteId, CLOUD_OWNER, tenantId, networkId, template,
stackParams, true, heatTemplate.getTimeoutMinutes());
} catch (MsoException me) {
me.addContext(UPDATE_NETWORK_CONTEXT);
@@ -919,7 +920,7 @@ public class MsoNetworkAdapterImpl implements MsoNetworkAdapter {
StackInfo heatStack = null;
long queryStackStarttime = System.currentTimeMillis();
try {
- heatStack = heat.queryStack(cloudSiteId, "CloudOwner", tenantId, networkNameOrId);
+ heatStack = heat.queryStack(cloudSiteId, CLOUD_OWNER, tenantId, networkNameOrId);
} catch (MsoException me) {
me.addContext("QueryNetwork");
logger.error("{} {} Exception - Query Network (heat): {} in {}/{} ", MessageEnum.RA_QUERY_NETWORK_EXC,
@@ -1072,9 +1073,9 @@ public class MsoNetworkAdapterImpl implements MsoNetworkAdapter {
// was deleted.
// So query first to report back if stack WAS deleted or just NOTOFUND
StackInfo heatStack = null;
- heatStack = heat.queryStack(cloudSiteId, "CloudOwner", tenantId, networkId);
+ heatStack = heat.queryStack(cloudSiteId, CLOUD_OWNER, tenantId, networkId);
if (heatStack != null && heatStack.getStatus() != HeatStatus.NOTFOUND) {
- heat.deleteStack(tenantId, "CloudOwner", cloudSiteId, networkId, true);
+ heat.deleteStack(tenantId, CLOUD_OWNER, cloudSiteId, networkId, true);
networkDeleted.value = true;
} else {
networkDeleted.value = false;
@@ -1157,7 +1158,7 @@ public class MsoNetworkAdapterImpl implements MsoNetworkAdapter {
try {
// The deleteStack function in MsoHeatUtils returns success if the stack
// was not found. So don't bother to query first.
- heat.deleteStack(tenantId, "CloudOwner", cloudSiteId, networkId, true);
+ heat.deleteStack(tenantId, CLOUD_OWNER, cloudSiteId, networkId, true);
} catch (MsoException me) {
me.addContext("RollbackNetwork");
logger.error("{} {} Exception - Rollback Network (heat): {} in {}/{} ",
diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/NetworkAdapterRest.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/NetworkAdapterRest.java
index df2c3a2973..4eb5d5637f 100644
--- a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/NetworkAdapterRest.java
+++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/network/NetworkAdapterRest.java
@@ -90,6 +90,7 @@ public class NetworkAdapterRest {
private static final String TESTING_KEYWORD = "___TESTING___";
private String exceptionMsg = "Exception:";
private static final String SHARED = "shared";
+ private static final String EXTERNAL = "external";
@Autowired
private MsoNetworkAdapterImpl adapter;
@@ -207,8 +208,8 @@ public class NetworkAdapterRest {
shared = ctn.getShared();
}
}
- if (params.containsKey("external")) {
- external = params.get("external");
+ if (params.containsKey(EXTERNAL)) {
+ external = params.get(EXTERNAL);
} else {
if (ctn.getExternal() != null) {
external = ctn.getExternal();
@@ -228,8 +229,8 @@ public class NetworkAdapterRest {
}
if (params.containsKey(SHARED))
shared = params.get(SHARED);
- if (params.containsKey("external"))
- external = params.get("external");
+ if (params.containsKey(EXTERNAL))
+ external = params.get(EXTERNAL);
adapter.createNetwork(req.getCloudSiteId(), req.getTenantId(), req.getNetworkType(),
req.getModelCustomizationUuid(), req.getNetworkName(),
req.getProviderVlanNetwork().getPhysicalNetworkName(),
@@ -603,8 +604,8 @@ public class NetworkAdapterRest {
shared = ctn.getShared();
}
}
- if (params.containsKey("external")) {
- external = params.get("external");
+ if (params.containsKey(EXTERNAL)) {
+ external = params.get(EXTERNAL);
} else {
if (ctn.getExternal() != null) {
external = ctn.getExternal();
@@ -624,8 +625,8 @@ public class NetworkAdapterRest {
if (params.containsKey(SHARED)) {
shared = params.get(SHARED);
}
- if (params.containsKey("external")) {
- external = params.get("external");
+ if (params.containsKey(EXTERNAL)) {
+ external = params.get(EXTERNAL);
}
adapter.updateNetwork(req.getCloudSiteId(), req.getTenantId(), req.getNetworkType(),
req.getModelCustomizationUuid(), req.getNetworkStackId(), req.getNetworkName(),
diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfCloudifyAdapterImpl.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfCloudifyAdapterImpl.java
index 96e5db7ce7..f09fa34cb9 100644
--- a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfCloudifyAdapterImpl.java
+++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfCloudifyAdapterImpl.java
@@ -854,7 +854,7 @@ public class MsoVnfCloudifyAdapterImpl implements MsoVnfAdapter {
// Include aliases.
String alias = htp.getParamAlias();
- if (alias != null && !alias.equals("") && !params.containsKey(alias)) {
+ if (alias != null && !"".equals(alias) && !params.containsKey(alias)) {
params.put(alias, htp);
}
}
diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfPluginAdapterImpl.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfPluginAdapterImpl.java
index d5fe285274..41bcc8c481 100644
--- a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfPluginAdapterImpl.java
+++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/vnf/MsoVnfPluginAdapterImpl.java
@@ -323,7 +323,7 @@ public class MsoVnfPluginAdapterImpl implements MsoVnfAdapter {
String type = templateParam.getParamType();
logger.debug("Parameter: {} is of type ", templateParam.getParamName(), type);
- if (type.equalsIgnoreCase("number")) {
+ if ("number".equalsIgnoreCase(type)) {
try {
return Integer.valueOf(inputValue.toString());
} catch (Exception e) {
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt
new file mode 100644
index 0000000000..66876311db
--- /dev/null
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/Readme.txt
@@ -0,0 +1,128 @@
+The following describes how to configure authentication for the VNFM adapter.
+
+
+==========================================
+To confgure TLS
+==========================================
+
+---------------
+VNFM Adapter
+---------------
+The following parameters can be set to configure the certificate for the VNFM adapter
+server:
+ ssl:
+ key-alias: so@so.onap.org
+ key--store-password: 'I,re7WWEJR$e]x370wRgx?qE'
+ key-store: classpath:org.onap.so.p12
+ key-store-type: PKCS12
+The values shown above relate to the certificate included in the VNFM adapter jar which has been generated from AAF. If a different certificate is to be used then these values should be changed accordingly.
+
+The following paramters can be set to configure the trust store for the VNFM adapter:
+http:
+ client:
+ ssl:
+ trust-store: org.onap.so.trust.jks
+ trust-store-password: NyRD](z:EJJNIt?},QgM3o7H
+The values shown above relate to the trust store included in the VNFM adapter jar which has been generated from AAI. If a different trust store is to be used then these values should be changed accordingly.
+
+Ensure the value for the below parameter uses https instead of http
+vnfmadapter:
+ endpoint: http://so-vnfm-adapter.onap:9092
+
+---------------
+bpmn-infra
+---------------
+For bpmn-infra, ensure the value for the below parameter uses https instead of http
+so:
+ vnfm:
+ adapter:
+ url: https://so-vnfm-adapter.onap:9092/so/vnfm-adapter/v1/
+
+
+==========================================
+To use two way TLS
+==========================================
+
+Ensure the value for username and password are empty in the AAI entry for the VNFM (The VNFM adapter will use oauth instead of two way TLS if the username/password is set).
+Ensure TLS has been configuered as detailed above.
+
+---------------
+VNFM adapter
+---------------
+Set the following parameter for the VNFM adapter:
+server:
+ ssl:
+ client-auth: need
+
+---------------
+bpmn-infra:
+---------------
+Set the following paramters for bpmn-infra:
+rest:
+ http:
+ client:
+ configuration:
+ ssl:
+ keyStore: classpath:org.onap.so.p12
+ keyStorePassword: 'RLe5ExMWW;Kd6GTSt0WQz;.Y'
+ trustStore: classpath:org.onap.so.trust.jks
+ trustStorePassword: '6V%8oSU$,%WbYp3IUe;^mWt4'
+Ensure the value for the below parameter uses https instead of http
+so:
+ vnfm:
+ adapter:
+ url: https://so-vnfm-adapter.onap:9092/so/vnfm-adapter/v1/
+
+---------------
+VNFM simulator:
+---------------
+Set the following parameters for the VNFM simulator (if used):
+server:
+ ssl:
+ client-auth: need
+ request:
+ grant:
+ auth: twowaytls
+
+==========================================
+To use oauth token base authentication
+==========================================
+
+---------------
+VNFM adapter:
+---------------
+Ensure the value for username and password set set in the AAI entry for the VNFM. The VNFM adapter will use this username/password as the client credentials in the request for a token for the VNFM. The token endpoint
+for the VNFM will by default will be derived from the service url for the VNFM in AAI as follows: <base of service url>/oauth/token, e.g. if the service url is https://so-vnfm-simulator.onap/vnflcm/v1 then the token url will
+be taken to be https://so-vnfm-simulator.onap/oauth/token. This can be overriden using the following parameter for the VNFM adapter:
+vnfmadapter:
+ temp:
+ vnfm:
+ oauth:
+ endpoint:
+
+The VNFM adapter exposes a token point at url: https://<hostname>:<port>/oauth/token e.g. https://so-vnfm-adapter.onap:9092/oauth/token. The VNFM can request a token from this endpoint for use in grant requests and notifications
+to the VNFM adapter. The username/password to be used in the token request are passed to the VNFM in a subscription request. The username/password sent by the VNFM adpater in the subscription request can be configuered using the
+following parameter:
+vnfmadapter:
+ auth: <encoded value>
+where <encoded value> is '<username>:<password>' encoded using org.onap.so.utils.CryptoUtils with the key set by the paramter:
+mso:
+ key: <key>
+The default username:password is vnfm-adapter:123456 when vnfm-adapter.auth is not set.
+
+---------------
+VNFM simulator:
+---------------
+Set the following parameters for the simulator:
+spring:
+ profiles:
+ active: oauth-authentication
+server:
+ request:
+ grant:
+ auth: oauth
+
+==========================================
+To use basic auth for notifications
+==========================================
+The same username/password is used as for oauth token requests as describe above and passed to the VNFM in the subscription request. \ No newline at end of file
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java
index 2b33e8b11d..f45d5a0219 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java
@@ -22,6 +22,7 @@ package org.onap.so.adapters.vnfmadapter;
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -34,11 +35,18 @@ import org.springframework.util.StringUtils;
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
+ @Value("${server.ssl.client-auth:none}")
+ private String clientAuth;
+
@Override
protected void configure(final HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
+ if (clientAuth.equalsIgnoreCase("need")) {
+ http.csrf().disable().authorizeRequests().anyRequest().permitAll();
+ } else {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
+ .httpBasic();
+ }
}
@Override
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmHelper.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmHelper.java
index b4355efc20..7c22020287 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmHelper.java
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmHelper.java
@@ -212,6 +212,8 @@ public class VnfmHelper {
basicAuthParams.setPassword(decrypedAuth[1]);
authentication.addAuthTypeItem(AuthTypeEnum.BASIC);
authentication.paramsBasic(basicAuthParams);
+
+ authentication.addAuthTypeItem(AuthTypeEnum.TLS_CERT);
return authentication;
}
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java
index a604f9a6b9..93312cfa64 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/vnfm/VnfmServiceProviderConfiguration.java
@@ -24,11 +24,12 @@ import static org.onap.so.client.RestTemplateConfig.CONFIGURABLE_REST_TEMPLATE;
import com.google.gson.Gson;
import java.io.IOException;
import java.security.KeyManagementException;
+import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Iterator;
-import java.util.ListIterator;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
@@ -42,7 +43,6 @@ import org.onap.aai.domain.yang.EsrSystemInfo;
import org.onap.aai.domain.yang.EsrVnfm;
import org.onap.so.adapters.vnfmadapter.extclients.vnfm.lcn.JSON;
import org.onap.so.configuration.rest.BasicHttpHeadersProvider;
-import org.onap.so.logging.jaxrs.filter.SpringClientFilter;
import org.onap.so.rest.service.HttpRestServiceProvider;
import org.onap.so.rest.service.HttpRestServiceProviderImpl;
import org.slf4j.Logger;
@@ -52,7 +52,7 @@ import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
-import org.springframework.http.client.ClientHttpRequestInterceptor;
+import org.springframework.http.client.BufferingClientHttpRequestFactory;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.converter.json.GsonHttpMessageConverter;
@@ -73,7 +73,12 @@ public class VnfmServiceProviderConfiguration {
@Value("${http.client.ssl.trust-store:#{null}}")
private Resource trustStore;
@Value("${http.client.ssl.trust-store-password:#{null}}")
- private String trustPassword;
+ private String trustStorePassword;
+
+ @Value("${server.ssl.key-store:#{null}}")
+ private Resource keyStoreResource;
+ @Value("${server.ssl.key--store-password:#{null}}")
+ private String keyStorePassword;
/**
* This property is only intended to be temporary until the AAI schema is updated to support setting the endpoint
@@ -98,7 +103,6 @@ public class VnfmServiceProviderConfiguration {
if (trustStore != null) {
setTrustStore(restTemplate);
}
- removeSpringClientFilter(restTemplate);
return new HttpRestServiceProviderImpl(restTemplate, new BasicHttpHeadersProvider());
}
@@ -141,27 +145,26 @@ public class VnfmServiceProviderConfiguration {
private void setTrustStore(final RestTemplate restTemplate) {
SSLContext sslContext;
try {
- sslContext =
- new SSLContextBuilder().loadTrustMaterial(trustStore.getURL(), trustPassword.toCharArray()).build();
+ if (keyStoreResource != null) {
+ KeyStore keystore = KeyStore.getInstance("pkcs12");
+ keystore.load(keyStoreResource.getInputStream(), keyStorePassword.toCharArray());
+ sslContext =
+ new SSLContextBuilder().loadTrustMaterial(trustStore.getURL(), trustStorePassword.toCharArray())
+ .loadKeyMaterial(keystore, keyStorePassword.toCharArray()).build();
+ } else {
+ sslContext = new SSLContextBuilder()
+ .loadTrustMaterial(trustStore.getURL(), trustStorePassword.toCharArray()).build();
+ }
logger.info("Setting truststore: {}", trustStore.getURL());
final SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(sslContext);
final HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
final HttpComponentsClientHttpRequestFactory factory =
new HttpComponentsClientHttpRequestFactory(httpClient);
- restTemplate.setRequestFactory(factory);
+ restTemplate.setRequestFactory(new BufferingClientHttpRequestFactory(factory));
} catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | CertificateException
- | IOException exception) {
+ | IOException | UnrecoverableKeyException exception) {
logger.error("Error reading truststore, TLS connection to VNFM will fail.", exception);
}
}
- private void removeSpringClientFilter(final RestTemplate restTemplate) {
- ListIterator<ClientHttpRequestInterceptor> interceptorIterator = restTemplate.getInterceptors().listIterator();
- while (interceptorIterator.hasNext()) {
- if (interceptorIterator.next() instanceof SpringClientFilter) {
- interceptorIterator.remove();
- }
- }
- }
-
}
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/VnfmAdapterControllerTest.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/VnfmAdapterControllerTest.java
index 6cdabb9374..fe55907420 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/VnfmAdapterControllerTest.java
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/VnfmAdapterControllerTest.java
@@ -133,7 +133,7 @@ public class VnfmAdapterControllerTest {
setUpVimInMockAai();
final String expectedsubscriptionRequest =
- "{\"filter\":{\"vnfInstanceSubscriptionFilter\":{\"vnfInstanceIds\":[\"vnfId\"]},\"notificationTypes\":[\"VnfLcmOperationOccurrenceNotification\"]},\"callbackUri\":\"https://so-vnfm-adapter.onap:30406/so/vnfm-adapter/v1/lcn/VnfLcmOperationOccurrenceNotification\",\"authentication\":{\"authType\":[\"OAUTH2_CLIENT_CREDENTIALS\", \"BASIC\"],\"paramsOauth2ClientCredentials\":{\"clientId\":\"vnfm\",\"clientPassword\":\"password1$\",\"tokenEndpoint\":\"https://so-vnfm-adapter.onap:30406/oauth/token\"},\"paramsBasic\":{\"userName\":\"vnfm\",\"password\":\"password1$\"}}}";
+ "{\"filter\":{\"vnfInstanceSubscriptionFilter\":{\"vnfInstanceIds\":[\"vnfId\"]},\"notificationTypes\":[\"VnfLcmOperationOccurrenceNotification\"]},\"callbackUri\":\"https://so-vnfm-adapter.onap:30406/so/vnfm-adapter/v1/lcn/VnfLcmOperationOccurrenceNotification\",\"authentication\":{\"authType\":[\"OAUTH2_CLIENT_CREDENTIALS\", \"BASIC\", \"TLS_CERT\"],\"paramsOauth2ClientCredentials\":{\"clientId\":\"vnfm\",\"clientPassword\":\"password1$\",\"tokenEndpoint\":\"https://so-vnfm-adapter.onap:30406/oauth/token\"},\"paramsBasic\":{\"userName\":\"vnfm\",\"password\":\"password1$\"}}}";
final InlineResponse2001 subscriptionResponse = new InlineResponse2001();
final InlineResponse201 createResponse = createCreateResponse();