[appc.git] /

/*-\r
 * ============LICENSE_START=======================================================\r
 * ONAP : APPC\r
 * ================================================================================\r
 * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.\r
 * ================================================================================\r
 * Copyright (C) 2017 Amdocs\r
 * =============================================================================\r
 * Licensed under the Apache License, Version 2.0 (the "License");\r
 * you may not use this file except in compliance with the License.\r
 * You may obtain a copy of the License at\r
 *\r
 *      http://www.apache.org/licenses/LICENSE-2.0\r
 *\r
 * Unless required by applicable law or agreed to in writing, software\r
 * distributed under the License is distributed on an "AS IS" BASIS,\r
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 * See the License for the specific language governing permissions and\r
 * limitations under the License.\r
 *\r
 * ============LICENSE_END=========================================================\r
 */\r
\r
package org.onap.appc.adapter.iaas.impl;\r
\r
import java.util.ArrayList;\r
import java.util.Calendar;\r
import java.util.Date;\r
import java.util.HashMap;\r
import java.util.HashSet;\r
import java.util.List;\r
import java.util.Map;\r
import java.util.Properties;\r
import java.util.Set;\r
import java.util.concurrent.locks.Lock;\r
import java.util.concurrent.locks.ReentrantReadWriteLock;\r
import java.util.regex.Matcher;\r
import java.util.regex.Pattern;\r
import com.att.cdp.exceptions.ContextConnectionException;\r
import com.att.cdp.exceptions.ZoneException;\r
import com.att.cdp.openstack.util.ExceptionMapper;\r
import com.att.cdp.pal.util.Time;\r
import com.att.cdp.zones.ContextFactory;\r
import com.att.cdp.zones.spi.RequestState;\r
import com.woorea.openstack.base.client.OpenStackBaseException;\r
import com.woorea.openstack.base.client.OpenStackClientConnector;\r
import com.woorea.openstack.base.client.OpenStackSimpleTokenProvider;\r
import com.woorea.openstack.keystone.v3.Keystone;\r
import com.woorea.openstack.keystone.v3.api.TokensResource;\r
import com.woorea.openstack.keystone.v3.model.Authentication;\r
import com.woorea.openstack.keystone.v3.model.Authentication.Identity;\r
import com.woorea.openstack.keystone.v3.model.Authentication.Scope;\r
import com.woorea.openstack.keystone.v3.model.Token;\r
import com.woorea.openstack.keystone.v3.model.Token.Project;\r
import com.woorea.openstack.keystone.v3.model.Token.Service;\r
import com.woorea.openstack.keystone.v3.model.Token.Service.Endpoint;\r
\r
/**\r
 * This class is used to capture and cache the service catalog for a specific OpenStack provider.\r
 * <p>\r
 * This is needed because the way the servers are represented in the ECOMP product is as their fully qualified URL's.\r
 * This is very problematic, because we cant identify their region from the URL, URL's change, and we cant identify the\r
 * versions of the service implementations. In otherwords, the URL does not provide us enough information.\r
 * </p>\r
 * <p>\r
 * The zone abstraction layer is designed to detect the versions of the services dynamically, and step up or down to\r
 * match those reported versions. In order to do that, we need to know before hand what region we are accessing (since\r
 * the supported versions may be different by regions). We will need to authenticate to the identity service in order to\r
 * do this, plus we have to duplicate the code supporting proxies and trusted hosts that exists in the abstraction\r
 * layer, but that cant be helped.\r
 * </p>\r
 * <p>\r
 * What we do to circumvent this is connect to the provider using the lowest supported identity api, and read the entire\r
 * service catalog into this object. Then, we parse the vm URL to extract the host and port and match that to the\r
 * compute services defined in the catalog. When we find a compute service that has the same host name and port,\r
 * whatever region that service is supporting is the region for that server.\r
 * </p>\r
 * <p>\r
 * While we really only need to do this for compute nodes, there is no telling what other situations may arise where the\r
 * full service catalog may be needed. Also, there is very little additional cost (additional RAM) associated with\r
 * caching the full service catalog since there is no way to list only a portion of it.\r
 * </p>\r
 */\r
public class ServiceCatalogV3 extends ServiceCatalog {\r
\r
    /**\r
     * The project that we are accessing\r
     */\r
    private Project project;\r
\r
    /**\r
     * A map of endpoints for each service organized by service type\r
     */\r
    private Map<String /* Service Type */, List<Service.Endpoint>> serviceEndpoints;\r
\r
    /**\r
     * A map of service types that are published\r
     */\r
    private Map<String /* Service Type */, Service> serviceTypes;\r
\r
    /**\r
     * The Openstack Access object that manages the authenticated token and access control\r
     */\r
    private Token token;\r
\r
    /**\r
     * A "token provider" that manages the authentication token that we obtain when logging in\r
     */\r
    private OpenStackSimpleTokenProvider tokenProvider;\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    public ServiceCatalogV3(String identityURL, String projectIdentifier, String principal, String credential,\r
        String domain, Properties properties) {\r
        super(identityURL, projectIdentifier, principal, credential, domain, properties);\r
    }\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    @Override\r
    public void init() throws ZoneException {\r
        rwLock = new ReentrantReadWriteLock();\r
        serviceTypes = new HashMap<>();\r
        serviceEndpoints = new HashMap<>();\r
        regions = new HashSet<>();\r
        Class<?> connectorClass;\r
        OpenStackClientConnector connector;\r
        try {\r
            connectorClass = Class.forName(CLIENT_CONNECTOR_CLASS);\r
            connector = (OpenStackClientConnector) connectorClass.newInstance();\r
        } catch (ClassNotFoundException | InstantiationException | IllegalAccessException e) {\r
            logger.error("An error occurred when initializing ServiceCatalogV3", e);\r
            return;\r
        }\r
        Keystone keystone = new Keystone(identityURL, connector);\r
\r
        String proxyHost = properties.getProperty(ContextFactory.PROPERTY_PROXY_HOST);\r
        String proxyPort = properties.getProperty(ContextFactory.PROPERTY_PROXY_PORT);\r
        String trustedHosts = properties.getProperty(ContextFactory.PROPERTY_TRUSTED_HOSTS, ""); //$NON-NLS-1$\r
        if (proxyHost != null && proxyHost.length() > 0) {\r
            keystone.getProperties().setProperty(com.woorea.openstack.common.client.Constants.PROXY_HOST, proxyHost);\r
            keystone.getProperties().setProperty(com.woorea.openstack.common.client.Constants.PROXY_PORT, proxyPort);\r
        }\r
        if (trustedHosts != null) {\r
            keystone.getProperties().setProperty(com.woorea.openstack.common.client.Constants.TRUST_HOST_LIST,\r
                trustedHosts);\r
        }\r
\r
        // create identity\r
        Identity identity = Identity.password(domain, principal, credential);\r
\r
        // create scope\r
        Scope scope = initScope();\r
\r
        Authentication authentication = new Authentication();\r
        authentication.setIdentity(identity);\r
        authentication.setScope(scope);\r
\r
        TokensResource tokens = keystone.tokens();\r
        TokensResource.Authenticate authenticate = tokens.authenticate(authentication);\r
\r
        /*\r
         * We have to set up the TrackRequest TLS collection for the ExceptionMapper\r
         */\r
        trackRequest();\r
        RequestState.put(RequestState.PROVIDER, "OpenStackProvider");\r
        RequestState.put(RequestState.TENANT, projectIdentifier);\r
        RequestState.put(RequestState.PRINCIPAL, principal);\r
\r
        try {\r
            token = authenticate.execute();\r
            expiresLocal = getLocalExpiration(token);\r
            project = token.getProject();\r
            tokenProvider = new OpenStackSimpleTokenProvider(token.getId());\r
            keystone.setTokenProvider(tokenProvider);\r
            parseServiceCatalog(token.getCatalog());\r
        } catch (OpenStackBaseException e) {\r
            ExceptionMapper.mapException(e);\r
        } catch (Exception e) {\r
            throw new ContextConnectionException(e);\r
        }\r
    }\r
\r
    private Scope initScope() {\r
        if (projectIdentifier.length() == 32 && projectIdentifier.matches("[0-9a-fA-F]+")) { //$NON-NLS-1$\r
            return Scope.project(projectIdentifier);\r
        } else {\r
            return Scope.project(domain, projectIdentifier);\r
        }\r
    }\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    @Override\r
    public List<Service.Endpoint> getEndpoints(String serviceType) {\r
        Lock readLock = rwLock.readLock();\r
        readLock.lock();\r
        try {\r
            return serviceEndpoints.get(serviceType);\r
        } finally {\r
            readLock.unlock();\r
        }\r
    }\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    @Override\r
    public String getProjectId() {\r
        Lock readLock = rwLock.readLock();\r
        readLock.lock();\r
        try {\r
            return project.getId();\r
        } finally {\r
            readLock.unlock();\r
        }\r
    }\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    @Override\r
    public String getProjectName() {\r
        return getProject().getName();\r
    }\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    @Override\r
    public Set<String> getRegions() {\r
        Lock readLock = rwLock.readLock();\r
        readLock.lock();\r
        try {\r
            return regions;\r
        } finally {\r
            readLock.unlock();\r
        }\r
    }\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    @Override\r
    public List<String> getServiceTypes() {\r
        Lock readLock = rwLock.readLock();\r
        readLock.lock();\r
        try {\r
            ArrayList<String> result = new ArrayList<>();\r
            result.addAll(serviceTypes.keySet());\r
            return result;\r
        } finally {\r
            readLock.unlock();\r
        }\r
    }\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    @Override\r
    public String getVMRegion(VMURL url) {\r
        String region = null;\r
        Pattern urlPattern = Pattern.compile("[^:]+://([^:/]+)(?::([0-9]+)).*");\r
\r
        if (url != null) {\r
            for (Endpoint endpoint : getEndpoints(ServiceCatalog.COMPUTE_SERVICE)) {\r
                String endpointUrl = endpoint.getUrl();\r
                Matcher matcher = urlPattern.matcher(endpointUrl);\r
                if (validateUrl(url, matcher)) {\r
                    region = endpoint.getRegion();\r
                    break;\r
                }\r
            }\r
        }\r
        return region;\r
    }\r
\r
    private boolean validateUrl(VMURL url, Matcher matcher) {\r
        return matcher.matches()\r
            && url.getHost().equals(matcher.group(1))\r
            && (url.getPort() == null || url.getPort().equals(matcher.group(2)));\r
    }\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    @Override\r
    public boolean isServicePublished(String serviceType) {\r
        Lock readLock = rwLock.readLock();\r
        readLock.lock();\r
        try {\r
            return serviceTypes.containsKey(serviceType);\r
        } finally {\r
            readLock.unlock();\r
        }\r
    }\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    @Override\r
    public String toString() {\r
\r
        StringBuilder builder = new StringBuilder();\r
        Lock lock = rwLock.readLock();\r
        lock.lock();\r
        try {\r
            builder.append(String.format("Service Catalog: tenant %s, id[%s]%n", project.getName(), //$NON-NLS-1$\r
                project.getId()));\r
            if (regions != null && !regions.isEmpty()) {\r
                builder.append(String.format("%d regions:%n", regions.size())); //$NON-NLS-1$\r
                for (String region : regions) {\r
                    //$NON-NLS-1$ //$NON-NLS-2$\r
                    builder\r
                        .append("\t")\r
                        .append(region)\r
                        .append("%n");\r
                }\r
            }\r
            builder.append(String.format("%d services:%n", serviceEndpoints.size())); //$NON-NLS-1$\r
\r
            for (Map.Entry<String, List<Service.Endpoint>> entry : serviceEndpoints.entrySet()) {\r
                Service service = serviceTypes.get(entry.getKey());\r
\r
                builder.append(String.format("\t%s - %d endpoints%n", service.getType(), //$NON-NLS-1$\r
                    entry.getValue().size()));\r
\r
                for (Service.Endpoint endpoint : entry.getValue()) {\r
                    builder\r
                        .append(String.format("\t\tRegion [%s], public URL [%s]%n", endpoint.getRegion(), //$NON-NLS-1$\r
                            endpoint.getUrl()));\r
                }\r
            }\r
        } finally {\r
            lock.unlock();\r
        }\r
\r
        return builder.toString();\r
    }\r
\r
    /**\r
     * Parses the service catalog and caches the results\r
     *\r
     * @param services The list of services published by this provider\r
     */\r
    private void parseServiceCatalog(List<Service> services) {\r
        Lock lock = rwLock.writeLock();\r
        lock.lock();\r
        try {\r
            serviceTypes.clear();\r
            serviceEndpoints.clear();\r
            regions.clear();\r
\r
            for (Service service : services) {\r
                String type = service.getType();\r
                serviceTypes.put(type, service);\r
                addRegions(service, type);\r
            }\r
        } finally {\r
            lock.unlock();\r
        }\r
    }\r
\r
    private void addRegions(Service service, String type) {\r
        List<Endpoint> endpoints = service.getEndpoints();\r
        for (Endpoint endpoint : endpoints) {\r
            serviceEndpoints.computeIfAbsent(type, val -> new ArrayList<>());\r
            serviceEndpoints.get(type).add(endpoint);\r
\r
            String region = endpoint.getRegion();\r
            if (!regions.contains(region)) {\r
                regions.add(region);\r
            }\r
        }\r
    }\r
\r
    /**\r
     * Computes the local time when the access token will expire, after which we will need to re-login to access the\r
     * provider.\r
     *\r
     * @param accessKey The access key used to access the provider\r
     * @return The local time the key expires\r
     */\r
    private static long getLocalExpiration(Token accessToken) {\r
        Date now = Time.getCurrentUTCDate();\r
        if (accessToken != null) {\r
            Calendar issued = accessToken.getIssuedAt();\r
            Calendar expires = accessToken.getExpiresAt();\r
            if (issued != null && expires != null) {\r
                long tokenLife = expires.getTimeInMillis() - issued.getTimeInMillis();\r
                return now.getTime() + tokenLife;\r
            }\r
        }\r
        return now.getTime();\r
    }\r
    \r
    public Project getProject() {\r
        Lock readLock = rwLock.readLock();\r
        readLock.lock();\r
        try {\r
            return project;\r
        } finally {\r
            readLock.unlock();\r
        }\r
    }\r
}