diff options
Diffstat (limited to 'common')
12 files changed, 546 insertions, 14 deletions
diff --git a/common/pom.xml b/common/pom.xml index 94b28e91bd..cdd5df950a 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -16,6 +16,7 @@ <protobuf.version>3.6.1</protobuf.version> <grpc.netty.version>4.1.30.Final</grpc.netty.version> <ccsdk.version>0.4.2</ccsdk.version> + <appc.client.version>1.6.0-SNAPSHOT</appc.client.version> </properties> <dependencies> @@ -202,6 +203,66 @@ <artifactId>camunda-external-task-client</artifactId> <version>1.1.1</version> </dependency> + <dependency> + <groupId>org.onap.appc.client</groupId> + <artifactId>client-lib</artifactId> + <version>${appc.client.version}</version> + <exclusions> + <exclusion> + <groupId>org.mockito</groupId> + <artifactId>mockito-core</artifactId> + </exclusion> + <exclusion> + <groupId>org.powermock</groupId> + <artifactId>powermock-module-junit4</artifactId> + </exclusion> + <exclusion> + <groupId>org.powermock</groupId> + <artifactId>powermock-api-mockito</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.onap.appc.client</groupId> + <artifactId>client-kit</artifactId> + <version>${appc.client.version}</version> + <exclusions> + <exclusion> + <groupId>org.mockito</groupId> + <artifactId>mockito-core</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.onap.appc.client</groupId> + <artifactId>client-lib</artifactId> + <version>${appc.client.version}</version> + <exclusions> + <exclusion> + <groupId>org.mockito</groupId> + <artifactId>mockito-core</artifactId> + </exclusion> + <exclusion> + <groupId>org.powermock</groupId> + <artifactId>powermock-module-junit4</artifactId> + </exclusion> + <exclusion> + <groupId>org.powermock</groupId> + <artifactId>powermock-api-mockito</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.onap.appc.client</groupId> + <artifactId>client-kit</artifactId> + <version>${appc.client.version}</version> + <exclusions> + <exclusion> + <groupId>org.mockito</groupId> + <artifactId>mockito-core</artifactId> + </exclusion> + </exclusions> + </dependency> </dependencies> <dependencyManagement> <dependencies> diff --git a/common/src/main/java/org/onap/so/appc/orchestrator/service/beans/ApplicationControllerTaskRequest.java b/common/src/main/java/org/onap/so/appc/orchestrator/service/beans/ApplicationControllerTaskRequest.java new file mode 100644 index 0000000000..3811b52551 --- /dev/null +++ b/common/src/main/java/org/onap/so/appc/orchestrator/service/beans/ApplicationControllerTaskRequest.java @@ -0,0 +1,104 @@ +package org.onap.so.appc.orchestrator.service.beans; + +import java.io.Serializable; +import org.onap.appc.client.lcm.model.Action; +import org.onap.so.appc.orchestrator.service.beans.ApplicationControllerVnf; + +public class ApplicationControllerTaskRequest implements Serializable { + + private static final long serialVersionUID = -3150320542857627682L; + + private Action action; + private String controllerType; + private String identityUrl; + private String operationsTimeout; + private String bookName; + private String nodeList; + private String fileParameters; + private String existingSoftwareVersion; + private String newSoftwareVersion; + private ApplicationControllerVnf applicationControllerVnf; + + public Action getAction() { + return action; + } + + public void setAction(Action action) { + this.action = action; + } + + public String getControllerType() { + return controllerType; + } + + public void setControllerType(String controllerType) { + this.controllerType = controllerType; + } + + public ApplicationControllerVnf getApplicationControllerVnf() { + return applicationControllerVnf; + } + + public void setApplicationControllerVnf(ApplicationControllerVnf applicationControllerVnf) { + this.applicationControllerVnf = applicationControllerVnf; + } + + public String getIdentityUrl() { + return identityUrl; + } + + public void setIdentityUrl(String identityUrl) { + this.identityUrl = identityUrl; + } + + public String getOperationsTimeout() { + return operationsTimeout; + } + + public void setOperationsTimeout(String operationsTimeout) { + this.operationsTimeout = operationsTimeout; + } + + public String getBookName() { + return bookName; + } + + public void setBookName(String bookName) { + this.bookName = bookName; + } + + public String getNodeList() { + return nodeList; + } + + public void setNodeList(String nodeList) { + this.nodeList = nodeList; + } + + public String getFileParameters() { + return fileParameters; + } + + public void setFileParameters(String fileParameters) { + this.fileParameters = fileParameters; + } + + public String getExistingSoftwareVersion() { + return existingSoftwareVersion; + } + + public void setExistingSoftwareVersion(String existingSoftwareVersion) { + this.existingSoftwareVersion = existingSoftwareVersion; + } + + public String getNewSoftwareVersion() { + return newSoftwareVersion; + } + + public void setNewSoftwareVersion(String newSoftwareVersion) { + this.newSoftwareVersion = newSoftwareVersion; + } + + + +} diff --git a/common/src/main/java/org/onap/so/appc/orchestrator/service/beans/ApplicationControllerVm.java b/common/src/main/java/org/onap/so/appc/orchestrator/service/beans/ApplicationControllerVm.java new file mode 100644 index 0000000000..75e2053077 --- /dev/null +++ b/common/src/main/java/org/onap/so/appc/orchestrator/service/beans/ApplicationControllerVm.java @@ -0,0 +1,30 @@ +package org.onap.so.appc.orchestrator.service.beans; + +import java.io.Serializable; +import java.util.List; + +public class ApplicationControllerVm implements Serializable { + + private static final long serialVersionUID = 2786675508024214638L; + + private String vserverId; + private String vmId; + + public String getVserverId() { + return vserverId; + } + + public void setVserverId(String vserverId) { + this.vserverId = vserverId; + } + + public String getVmId() { + return vmId; + } + + public void setVmId(String vmId) { + this.vmId = vmId; + } + + +} diff --git a/common/src/main/java/org/onap/so/appc/orchestrator/service/beans/ApplicationControllerVnf.java b/common/src/main/java/org/onap/so/appc/orchestrator/service/beans/ApplicationControllerVnf.java new file mode 100644 index 0000000000..526941dc39 --- /dev/null +++ b/common/src/main/java/org/onap/so/appc/orchestrator/service/beans/ApplicationControllerVnf.java @@ -0,0 +1,49 @@ +package org.onap.so.appc.orchestrator.service.beans; + +import java.io.Serializable; +import java.util.List; + +public class ApplicationControllerVnf implements Serializable { + + private static final long serialVersionUID = 2786675508024214637L; + + private String vnfId; + private String vnfName; + private String vnfHostIpAddress; + private ApplicationControllerVm applicationControllerVm; + + public String getVnfId() { + return vnfId; + } + + public void setVnfId(String vnfId) { + this.vnfId = vnfId; + } + + public String getVnfName() { + return vnfName; + } + + public void setVnfName(String vnfName) { + this.vnfName = vnfName; + } + + public String getVnfHostIpAddress() { + return vnfHostIpAddress; + } + + public void setVnfHostIpAddress(String vnfHostIpAddress) { + this.vnfHostIpAddress = vnfHostIpAddress; + } + + public ApplicationControllerVm getApplicationControllerVm() { + return applicationControllerVm; + } + + public void setApplicationControllerVm(ApplicationControllerVm applicationControllerVm) { + this.applicationControllerVm = applicationControllerVm; + } + + + +} diff --git a/common/src/main/java/org/onap/so/security/SecurityFilters.java b/common/src/main/java/org/onap/so/security/SecurityFilters.java new file mode 100644 index 0000000000..7ad0fd05df --- /dev/null +++ b/common/src/main/java/org/onap/so/security/SecurityFilters.java @@ -0,0 +1,41 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP - SO + * ================================================================================ + * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.so.security; + +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.core.Ordered; + +@Configuration +@Profile("!test & aaf") +public class SecurityFilters { + + @Bean + public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() { + FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>(); + filterRegistrationBean.setFilter(new SoCadiFilter()); + filterRegistrationBean.setName("cadiFilter"); + filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE); + return filterRegistrationBean; + } +} diff --git a/common/src/main/java/org/onap/so/security/SoBasicWebSecurityConfigurerAdapter.java b/common/src/main/java/org/onap/so/security/SoBasicWebSecurityConfigurerAdapter.java new file mode 100644 index 0000000000..c778dde9af --- /dev/null +++ b/common/src/main/java/org/onap/so/security/SoBasicWebSecurityConfigurerAdapter.java @@ -0,0 +1,68 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2020 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.onap.so.security; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.core.annotation.Order; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.firewall.StrictHttpFirewall; +import org.springframework.util.StringUtils; + +/** + * @author Waqas Ikram (waqas.ikram@est.tech) + * + */ +@EnableWebSecurity +@Configuration +@Order(1) +@Profile({"basic"}) +public class SoBasicWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { + + @Autowired + private SoUserCredentialConfiguration soUserCredentialConfiguration; + + @Override + protected void configure(final HttpSecurity http) throws Exception { + http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() + .antMatchers("/**") + .hasAnyRole(StringUtils.collectionToDelimitedString(soUserCredentialConfiguration.getRoles(), ",")) + .and().httpBasic(); + } + + @Override + public void configure(final WebSecurity web) throws Exception { + super.configure(web); + final StrictHttpFirewall firewall = new MSOSpringFirewall(); + web.httpFirewall(firewall); + } + + @Override + protected void configure(final AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(soUserCredentialConfiguration.userDetailsService()) + .passwordEncoder(soUserCredentialConfiguration.passwordEncoder()); + } + +} diff --git a/common/src/main/java/org/onap/so/security/SoCadiFilter.java b/common/src/main/java/org/onap/so/security/SoCadiFilter.java new file mode 100644 index 0000000000..2763d6ee15 --- /dev/null +++ b/common/src/main/java/org/onap/so/security/SoCadiFilter.java @@ -0,0 +1,118 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP SO + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ +package org.onap.so.security; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.filter.CadiFilter; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Component; + +@Component +@Profile("!test & aaf") +public class SoCadiFilter extends CadiFilter { + + protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class); + + @Value("${mso.config.cadi.cadiLoglevel:#{null}}") + private String cadiLoglevel; + + @Value("${mso.config.cadi.cadiKeyFile:#{null}}") + private String cadiKeyFile; + + @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}") + private String cadiTrustStorePassword; + + @Value("${mso.config.cadi.cadiTrustStore:#{null}}") + private String cadiTrustStore; + + @Value("${mso.config.cadi.cadiLatitude:#{null}}") + private String cadiLatitude; + + @Value("${mso.config.cadi.cadiLongitude:#{null}}") + private String cadiLongitude; + + @Value("${mso.config.cadi.aafEnv:#{null}}") + private String aafEnv; + + @Value("${mso.config.cadi.aafApiVersion:#{null}}") + private String aafApiVersion; + + @Value("${mso.config.cadi.aafRootNs:#{null}}") + private String aafRootNs; + + @Value("${mso.config.cadi.aafId:#{null}}") + private String aafMechId; + + @Value("${mso.config.cadi.aafPassword:#{null}}") + private String aafMechIdPassword; + + @Value("${mso.config.cadi.aafLocateUrl:#{null}}") + private String aafLocateUrl; + + @Value("${mso.config.cadi.aafUrl:#{null}}") + private String aafUrl; + + @Value("${mso.config.cadi.apiEnforcement:#{null}}") + private String apiEnforcement; + + @Value("${mso.config.cadi.userExpires:#{null}}") + private String userExpires; + + private void checkIfNullProperty(String key, String value) { + /* + * When value is null, it is not defined in application.yaml set nothing in System properties + */ + if (value != null) { + System.setProperty(key, value); + } + } + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel); + checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile); + checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore); + checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword); + checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude); + checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude); + checkIfNullProperty(Config.AAF_ENV, aafEnv); + checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion); + checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs); + checkIfNullProperty(Config.AAF_APPID, aafMechId); + checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword); + checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl); + checkIfNullProperty(Config.AAF_URL, aafUrl); + checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement); + checkIfNullProperty(Config.AAF_USER_EXPIRES, userExpires); + // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv); + logger.debug(" *** init Filter Config *** "); + super.init(filterConfig); + } + + +} diff --git a/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java b/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java new file mode 100644 index 0000000000..b3e4842bbd --- /dev/null +++ b/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java @@ -0,0 +1,45 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2020 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.onap.so.security; + +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.core.annotation.Order; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.firewall.StrictHttpFirewall; + +/** + * @author Waqas Ikram (waqas.ikram@est.tech) + * + */ +@EnableWebSecurity +@Configuration +@Order(2) +@Profile({"aaf", "test"}) +public class SoNoAuthWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { + @Override + public void configure(final WebSecurity web) throws Exception { + web.ignoring().antMatchers("/**"); + final StrictHttpFirewall firewall = new MSOSpringFirewall(); + web.httpFirewall(firewall); + } +} diff --git a/common/src/main/java/org/onap/so/security/WebSecurityConfig.java b/common/src/main/java/org/onap/so/security/SoUserCredentialConfiguration.java index 44ac62d14f..ee680511b9 100644 --- a/common/src/main/java/org/onap/so/security/WebSecurityConfig.java +++ b/common/src/main/java/org/onap/so/security/SoUserCredentialConfiguration.java @@ -1,8 +1,6 @@ /*- * ============LICENSE_START======================================================= - * ONAP - SO - * ================================================================================ - * Copyright (C) 2017 - 2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2020 Nordix Foundation. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,9 +13,10 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 * ============LICENSE_END========================================================= */ - package org.onap.so.security; import java.util.ArrayList; @@ -25,17 +24,20 @@ import java.util.List; import javax.annotation.PostConstruct; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.Bean; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.stereotype.Component; - +/** + * @author Waqas Ikram (waqas.ikram@est.tech) + * + */ +@Component @ConfigurationProperties(prefix = "spring.security") -public class WebSecurityConfig { +public class SoUserCredentialConfiguration { - private List<UserCredentials> credentials; - private List<String> roles = new ArrayList<>(); + private List<UserCredentials> credentials = new ArrayList<>(); + private final List<String> roles = new ArrayList<>(); public List<String> getRoles() { return roles; @@ -52,8 +54,10 @@ public class WebSecurityConfig { return credentials; } - public void setUsercredentials(List<UserCredentials> usercredentials) { - this.credentials = usercredentials; + public void setUsercredentials(final List<UserCredentials> usercredentials) { + if (usercredentials != null) { + this.credentials = usercredentials; + } } @Bean diff --git a/common/src/main/java/org/onap/so/serviceinstancebeans/Vnfs.java b/common/src/main/java/org/onap/so/serviceinstancebeans/Vnfs.java index a2eb35464b..ca67f566b1 100644 --- a/common/src/main/java/org/onap/so/serviceinstancebeans/Vnfs.java +++ b/common/src/main/java/org/onap/so/serviceinstancebeans/Vnfs.java @@ -51,7 +51,8 @@ public class Vnfs implements Serializable { private List<Map<String, String>> instanceParams = new ArrayList<>(); @JsonProperty("vfModules") private List<VfModules> vfModules = new ArrayList<>(); - + @JsonProperty("applicationId") + protected String applicationId; public ModelInfo getModelInfo() { return modelInfo; @@ -117,12 +118,20 @@ public class Vnfs implements Serializable { this.vfModules = vfModules; } + public String getApplicationId() { + return applicationId; + } + + public void setApplicationId(String applicationId) { + this.applicationId = applicationId; + } + @Override public String toString() { return "Vnfs [modelInfo=" + modelInfo + ", cloudConfiguration=" + cloudConfiguration + ", instanceName=" + instanceName + ", platform=" + platform + ", " + "lineOfBusiness=" + lineOfBusiness + ", productFamilyId=" + productFamilyId + ", instanceParams=" + instanceParams + ", vfModules=" - + vfModules + "]"; + + vfModules + ", applicaionId=" + applicationId + " ]"; } } diff --git a/common/src/main/java/org/onap/so/utils/CryptoUtils.java b/common/src/main/java/org/onap/so/utils/CryptoUtils.java index ff69e3e4b1..1c38dfb774 100644 --- a/common/src/main/java/org/onap/so/utils/CryptoUtils.java +++ b/common/src/main/java/org/onap/so/utils/CryptoUtils.java @@ -76,6 +76,8 @@ public final class CryptoUtils { * @throws GeneralSecurityException */ public static String decrypt(String message, String keyString) throws GeneralSecurityException { + if (message.equals(System.getenv("PLAINTEXTPASSWORD"))) + return message; SecretKeySpec sks = getSecretKeySpec(keyString); byte[] cipherText = hexStringToByteArray(message); Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING); diff --git a/common/src/test/java/org/onap/so/BeansTest.java b/common/src/test/java/org/onap/so/BeansTest.java index 8bde3c4eb7..9e8a0184ab 100644 --- a/common/src/test/java/org/onap/so/BeansTest.java +++ b/common/src/test/java/org/onap/so/BeansTest.java @@ -60,6 +60,7 @@ public class BeansTest { @Test public void pojoStructure() { + test("org.onap.so.appc.orchestrator.service.beans"); test("org.onap.so.client.policy.entities"); test("org.onap.so.client.grm.beans"); test("org.onap.so.client.ruby.beans"); |