diff options
Diffstat (limited to 'nokiav2/driver/src/main/java/org/onap/vfc/nfvo')
5 files changed, 92 insertions, 52 deletions
diff --git a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/onap/direct/notification/VnfcManager.java b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/onap/direct/notification/VnfcManager.java index 8a4dbdd1..e1d1197b 100644 --- a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/onap/direct/notification/VnfcManager.java +++ b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/onap/direct/notification/VnfcManager.java @@ -15,12 +15,10 @@ */ package org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.onap.direct.notification; -import com.google.common.base.Splitter; import org.onap.aai.domain.yang.v11.RelationshipList; import org.onap.aai.domain.yang.v11.Vnfc; import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.onap.direct.AAIRestApiProvider; import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.spring.Conditions; -import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.util.CbamUtils; import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.vnfm.CbamRestApiProvider; import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.vnfm.DriverProperties; import org.slf4j.Logger; @@ -45,15 +43,15 @@ public class VnfcManager extends AbstractManager { super(aaiRestApiProvider, cbamRestApiProvider, driverProperties); } + /** + * @param vnfId the identifier of the VNF + * @param cbamVnfcId the identifier of the VNFC in CBAM + * @return the URL of the VNFC + */ public static String buildUrl(String vnfId, String cbamVnfcId) { return format("/vnfcs/vnfc/%s", buildId(vnfId, cbamVnfcId)); } - public static String getCbamVnfcId(String vnfcId) { - String vnfId = Splitter.on(CbamUtils.SEPARATOR).split(vnfcId).iterator().next(); - return vnfcId.replaceFirst(vnfId + SEPARATOR, ""); - } - private static String buildId(String vnfId, String cbamVnfcId) { return vnfId + SEPARATOR + cbamVnfcId; } diff --git a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/packagetransformer/OnapVnfdBuilder.java b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/packagetransformer/OnapVnfdBuilder.java index 8d658310..701b42eb 100644 --- a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/packagetransformer/OnapVnfdBuilder.java +++ b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/packagetransformer/OnapVnfdBuilder.java @@ -64,24 +64,18 @@ public class OnapVnfdBuilder { StringBuilder body = new StringBuilder(); for (Map.Entry<String, JsonElement> node : nodeTemplates) { String type = childElement(node.getValue().getAsJsonObject(), "type").getAsString(); - switch (type) { - case "tosca.nodes.nfv.VDU": - body.append(buildVdu(node.getKey(), node.getValue().getAsJsonObject(), nodeTemplates)); - break; - case "tosca.nodes.nfv.VirtualStorage": - body.append(buildVolume(node.getKey(), node.getValue().getAsJsonObject())); - break; - case "tosca.nodes.nfv.VL": - body.append(buildVl(node.getKey())); - break; - case "tosca.nodes.nfv.ICP": - body.append(buildIcp(node.getKey(), node.getValue().getAsJsonObject())); - break; - case "tosca.nodes.nfv.ECP": - body.append(buildEcp(node.getKey(), node.getValue(), nodeTemplates)); - break; - default: - logger.warn("The {} type is not converted", type); + if ("tosca.nodes.nfv.VDU".equals(type)) { + body.append(buildVdu(node.getKey(), node.getValue().getAsJsonObject(), nodeTemplates)); + } else if ("tosca.nodes.nfv.VirtualStorage".equals(type)) { + body.append(buildVolume(node.getKey(), node.getValue().getAsJsonObject())); + } else if ("tosca.nodes.nfv.VL".equals(type)) { + body.append(buildVl(node.getKey())); + } else if ("tosca.nodes.nfv.ICP".equals(type)) { + body.append(buildIcp(node.getKey(), node.getValue().getAsJsonObject())); + } else if ("tosca.nodes.nfv.ECP".equals(type)) { + body.append(buildEcp(node.getKey(), node.getValue(), nodeTemplates)); + } else { + logger.warn("The {} type is not converted", type); } } return buildHeader(topologyTemplate) + body.toString(); diff --git a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/spring/SecurityConfig.java b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/spring/SecurityConfig.java new file mode 100644 index 00000000..e3dd0714 --- /dev/null +++ b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/spring/SecurityConfig.java @@ -0,0 +1,48 @@ +/* + * Copyright 2016-2017, Nokia Corporation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.spring; + +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +/** + * Responsible for initializing the Spring security + */ +@Configuration +@EnableWebSecurity +public class SecurityConfig extends WebSecurityConfigurerAdapter { + + /** + * Does not configure security, but solves the https://pivotal.io/security/cve-2017-4995 + * "The fix ensures that by default only explicitly mapped classes will be deserialized. + * The effect of using explicitly mapped classes is to create a whitelist which works with all + * supported versions of Jackson. If users explicitly opt into global default typing, the previous + * potentially dangerous configuration is restored." + * + * @param http the security configuration + */ + @Override + protected void configure(HttpSecurity http) throws Exception { + http + .authorizeRequests() + .anyRequest() + .permitAll(); + } + +} diff --git a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/CbamSecurityProvider.java b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/CbamSecurityProvider.java index c2358cf1..6c70c26d 100644 --- a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/CbamSecurityProvider.java +++ b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/CbamSecurityProvider.java @@ -83,7 +83,7 @@ public class CbamSecurityProvider { } catch (Exception e) { throw buildFatalFailure(logger, "The trustedCertificates must be a base64 encoded collection of PEM certificates", e); } - if (trustedPems.size() == 0) { + if (trustedPems.isEmpty()) { throw buildFatalFailure(logger, "No certificate can be extracted from " + content); } try { diff --git a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/LifecycleManager.java b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/LifecycleManager.java index d543f3ce..36df12a6 100644 --- a/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/LifecycleManager.java +++ b/nokiav2/driver/src/main/java/org/onap/vfc/nfvo/driver/vnfm/svnfm/nokia/vnfm/LifecycleManager.java @@ -427,7 +427,6 @@ public class LifecycleManager { logOperationInput(vnfId, "termination", request); return scheduleExecution(vnfId, httpResponse, "terminate", jobInfo -> { TerminateVnfRequest cbamRequest = new TerminateVnfRequest(); - //cbamRequest.setAdditionalParams(jobInfo); if (request.getTerminationType() == null) { cbamRequest.setTerminationType(TerminationType.FORCEFUL); } else { @@ -518,37 +517,28 @@ public class LifecycleManager { */ public JobInfo scaleVnf(String vnfmId, String vnfId, VnfScaleRequest request, HttpServletResponse httpResponse) { logOperationInput(vnfId, SCALE_OPERATION_NAME, request); - return scheduleExecution(vnfId, httpResponse, SCALE_OPERATION_NAME, new AsynchronousExecution() { - @Override - public void execute(JobInfo jobInfo) { - ScaleVnfRequest cbamRequest = new ScaleVnfRequest(); - cbamRequest.setAspectId(request.getAspectId()); - cbamRequest.setNumberOfSteps(Integer.valueOf(request.getNumberOfSteps())); - cbamRequest.setType(convert(request.getType())); - com.nokia.cbam.lcm.v32.model.VnfInfo vnf = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdGet(vnfId, NOKIA_LCM_API_VERSION).blockingFirst(); - JsonObject root = new Gson().toJsonTree(jobInfo).getAsJsonObject(); - com.nokia.cbam.lcm.v32.model.VnfInfo cbamVnfInfo = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdGet(vnfId, NOKIA_LCM_API_VERSION).blockingFirst(); - String vnfdContent = catalogManager.getCbamVnfdContent(vnfmId, cbamVnfInfo.getVnfdId()); - Set<Map.Entry<String, JsonElement>> acceptableOperationParameters = getAcceptableOperationParameters(vnfdContent, "Basic", SCALE_OPERATION_NAME); - buildAdditionalParameters(request, root, acceptableOperationParameters); - cbamRequest.setAdditionalParams(root); - grantManager.requestGrantForScale(vnfmId, vnfId, getVimIdFromInstantiationRequest(vnfmId, vnf), getVnfdIdFromModifyableAttributes(vnf), request, jobInfo.getJobId()); - OperationExecution operationExecution = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdScalePost(vnfId, cbamRequest, NOKIA_LCM_API_VERSION).blockingFirst(); - waitForOperationToFinish(vnfmId, vnfId, operationExecution.getId()); - } + return scheduleExecution(vnfId, httpResponse, SCALE_OPERATION_NAME, jobInfo -> { + ScaleVnfRequest cbamRequest = new ScaleVnfRequest(); + cbamRequest.setAspectId(request.getAspectId()); + cbamRequest.setNumberOfSteps(Integer.valueOf(request.getNumberOfSteps())); + cbamRequest.setType(convert(request.getType())); + com.nokia.cbam.lcm.v32.model.VnfInfo vnf = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdGet(vnfId, NOKIA_LCM_API_VERSION).blockingFirst(); + JsonObject root = new Gson().toJsonTree(jobInfo).getAsJsonObject(); + com.nokia.cbam.lcm.v32.model.VnfInfo cbamVnfInfo = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdGet(vnfId, NOKIA_LCM_API_VERSION).blockingFirst(); + String vnfdContent = catalogManager.getCbamVnfdContent(vnfmId, cbamVnfInfo.getVnfdId()); + Set<Map.Entry<String, JsonElement>> acceptableOperationParameters = getAcceptableOperationParameters(vnfdContent, "Basic", SCALE_OPERATION_NAME); + buildAdditionalParameters(request, root, acceptableOperationParameters); + cbamRequest.setAdditionalParams(root); + grantManager.requestGrantForScale(vnfmId, vnfId, getVimIdFromInstantiationRequest(vnfmId, vnf), getVnfdIdFromModifyableAttributes(vnf), request, jobInfo.getJobId()); + OperationExecution operationExecution = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdScalePost(vnfId, cbamRequest, NOKIA_LCM_API_VERSION).blockingFirst(); + waitForOperationToFinish(vnfmId, vnfId, operationExecution.getId()); }); } private void buildAdditionalParameters(VnfScaleRequest request, JsonObject root, Set<Map.Entry<String, JsonElement>> acceptableOperationParameters) { if (request.getAdditionalParam() != null) { for (Map.Entry<String, JsonElement> item : new Gson().toJsonTree(request.getAdditionalParam()).getAsJsonObject().entrySet()) { - boolean found = false; - for (Map.Entry<String, JsonElement> acceptableOperationParameter : acceptableOperationParameters) { - if (acceptableOperationParameter.getKey().equals(item.getKey())) { - found = true; - } - } - if (found) { + if (isParameterAccepted(acceptableOperationParameters, item)) { root.add(item.getKey(), item.getValue()); } } @@ -557,6 +547,16 @@ public class LifecycleManager { } } + private boolean isParameterAccepted(Set<Map.Entry<String, JsonElement>> acceptableOperationParameters, Map.Entry<String, JsonElement> item) { + boolean found = false; + for (Map.Entry<String, JsonElement> acceptableOperationParameter : acceptableOperationParameters) { + if (acceptableOperationParameter.getKey().equals(item.getKey())) { + found = true; + } + } + return found; + } + /** * Heal the VNF * |