[appc.git] /

/*-\r
 * ============LICENSE_START=======================================================\r
 * ONAP : APPC\r
 * ================================================================================\r
 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.\r
 * ================================================================================\r
 * Copyright (C) 2017 Amdocs\r
 * =============================================================================\r
 * Licensed under the Apache License, Version 2.0 (the "License");\r
 * you may not use this file except in compliance with the License.\r
 * You may obtain a copy of the License at\r
 * \r
 *      http://www.apache.org/licenses/LICENSE-2.0\r
 * \r
 * Unless required by applicable law or agreed to in writing, software\r
 * distributed under the License is distributed on an "AS IS" BASIS,\r
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
 * See the License for the specific language governing permissions and\r
 * limitations under the License.\r
 * \r
 * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
 * ============LICENSE_END=========================================================\r
 */\r
\r
package org.onap.appc.adapter.iaas.impl;\r
\r
import com.att.cdp.exceptions.ContextConnectionException;\r
import com.att.cdp.exceptions.ZoneException;\r
import com.att.cdp.openstack.util.ExceptionMapper;\r
import com.att.cdp.pal.util.Time;\r
import com.att.cdp.zones.ContextFactory;\r
import com.att.cdp.zones.spi.RequestState;\r
import com.woorea.openstack.base.client.OpenStackBaseException;\r
import com.woorea.openstack.base.client.OpenStackClientConnector;\r
import com.woorea.openstack.base.client.OpenStackSimpleTokenProvider;\r
import com.woorea.openstack.keystone.Keystone;\r
import com.woorea.openstack.keystone.api.TokensResource;\r
import com.woorea.openstack.keystone.model.Access;\r
import com.woorea.openstack.keystone.model.Access.Service;\r
import com.woorea.openstack.keystone.model.Access.Service.Endpoint;\r
import com.woorea.openstack.keystone.model.Authentication;\r
import com.woorea.openstack.keystone.model.Tenant;\r
import com.woorea.openstack.keystone.model.authentication.UsernamePassword;\r
import org.slf4j.Logger;\r
import org.slf4j.LoggerFactory;\r
\r
import java.util.ArrayList;\r
import java.util.Calendar;\r
import java.util.Date;\r
import java.util.HashMap;\r
import java.util.List;\r
import java.util.Map;\r
import java.util.Properties;\r
import java.util.Set;\r
import java.util.concurrent.locks.Lock;\r
import java.util.regex.Matcher;\r
import java.util.regex.Pattern;\r
\r
/**\r
 * This class is used to capture and cache the service catalog for a specific OpenStack provider.\r
 * <p>\r
 * This is needed because the way the servers are represented in the ECOMP product is as their fully qualified URL's.\r
 * This is very problematic, because we cant identify their region from the URL, URL's change, and we cant identify the\r
 * versions of the service implementations. In otherwords, the URL does not provide us enough information.\r
 * </p>\r
 * <p>\r
 * The zone abstraction layer is designed to detect the versions of the services dynamically, and step up or down to\r
 * match those reported versions. In order to do that, we need to know before hand what region we are accessing (since\r
 * the supported versions may be different by regions). We will need to authenticate to the identity service in order to\r
 * do this, plus we have to duplicate the code supporting proxies and trusted hosts that exists in the abstraction\r
 * layer, but that cant be helped.\r
 * </p>\r
 * <p>\r
 * What we do to circumvent this is connect to the provider using the lowest supported identity api, and read the entire\r
 * service catalog into this object. Then, we parse the vm URL to extract the host and port and match that to the\r
 * compute services defined in the catalog. When we find a compute service that has the same host name and port,\r
 * whatever region that service is supporting is the region for that server.\r
 * </p>\r
 * <p>\r
 * While we really only need to do this for compute nodes, there is no telling what other situations may arise where the\r
 * full service catalog may be needed. Also, there is very little additional cost (additional RAM) associated with\r
 * caching the full service catalog since there is no way to list only a portion of it.\r
 * </p>\r
 */\r
public class ServiceCatalogV2 extends ServiceCatalog {\r
\r
    private final static Logger logger = LoggerFactory.getLogger(ServiceCatalogV2.class);\r
\r
    /**\r
     * The Openstack Access object that manages the authenticated token and access control\r
     */\r
    private Access access;\r
\r
    /**\r
     * A map of endpoints for each service organized by service type\r
     */\r
    private Map<String /* Service Type */, List<Service.Endpoint>> serviceEndpoints;\r
\r
    /**\r
     * A map of service types that are published\r
     */\r
    private Map<String /* Service Type */, Service> serviceTypes;\r
\r
    /**\r
     * The tenant that we are accessing\r
     */\r
    private Tenant tenant;\r
\r
    /**\r
     * A "token provider" that manages the authentication token that we obtain when logging in\r
     */\r
    private OpenStackSimpleTokenProvider tokenProvider;\r
\r
    public ServiceCatalogV2(String identityURL, String tenantIdentifier, String principal, String credential,\r
            Properties properties) {\r
        super(identityURL, tenantIdentifier, principal, credential, null, properties);\r
    }\r
\r
    @Override\r
    public void init() throws ZoneException {\r
        serviceTypes = new HashMap<>();\r
        serviceEndpoints = new HashMap<>();\r
        Class<?> connectorClass;\r
        OpenStackClientConnector connector;\r
        try {\r
            connectorClass = Class.forName(CLIENT_CONNECTOR_CLASS);\r
            connector = (OpenStackClientConnector) connectorClass.newInstance();\r
        } catch (ClassNotFoundException | InstantiationException | IllegalAccessException e) {\r
            logger.error(e.getMessage());\r
            return;\r
        }\r
        Keystone keystone = new Keystone(identityURL, connector);\r
\r
        String proxyHost = properties.getProperty(ContextFactory.PROPERTY_PROXY_HOST);\r
        String proxyPort = properties.getProperty(ContextFactory.PROPERTY_PROXY_PORT);\r
        String trustedHosts = properties.getProperty(ContextFactory.PROPERTY_TRUSTED_HOSTS, ""); //$NON-NLS-1$\r
        if (proxyHost != null && proxyHost.length() > 0) {\r
            keystone.getProperties().setProperty(com.woorea.openstack.common.client.Constants.PROXY_HOST, proxyHost);\r
            keystone.getProperties().setProperty(com.woorea.openstack.common.client.Constants.PROXY_PORT, proxyPort);\r
        }\r
        if (trustedHosts != null) {\r
            keystone.getProperties().setProperty(com.woorea.openstack.common.client.Constants.TRUST_HOST_LIST,\r
                    trustedHosts);\r
        }\r
\r
        Authentication authentication = new UsernamePassword(principal, credential);\r
        TokensResource tokens = keystone.tokens();\r
        TokensResource.Authenticate authenticate = tokens.authenticate(authentication);\r
        if (projectIdentifier.length() == 32 && projectIdentifier.matches("[0-9a-fA-F]+")) { //$NON-NLS-1$\r
            authenticate = authenticate.withTenantId(projectIdentifier);\r
        } else {\r
            authenticate = authenticate.withTenantName(projectIdentifier);\r
        }\r
\r
        /*\r
         * We have to set up the TrackRequest TLS collection for the ExceptionMapper\r
         */\r
        trackRequest();\r
        RequestState.put(RequestState.PROVIDER, "OpenStackProvider");\r
        RequestState.put(RequestState.TENANT, projectIdentifier);\r
        RequestState.put(RequestState.PRINCIPAL, principal);\r
\r
        try {\r
            access = authenticate.execute();\r
            expiresLocal = getLocalExpiration(access);\r
            tenant = access.getToken().getTenant();\r
            tokenProvider = new OpenStackSimpleTokenProvider(access.getToken().getId());\r
            keystone.setTokenProvider(tokenProvider);\r
            parseServiceCatalog(access.getServiceCatalog());\r
        } catch (OpenStackBaseException e) {\r
            ExceptionMapper.mapException(e);\r
        } catch (Exception ex) {\r
            throw new ContextConnectionException(ex.getMessage());\r
        }\r
    }\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    @Override\r
    public List<Service.Endpoint> getEndpoints(String serviceType) {\r
        Lock readLock = rwLock.readLock();\r
        readLock.lock();\r
        try {\r
            return serviceEndpoints.get(serviceType);\r
        } finally {\r
            readLock.unlock();\r
        }\r
    }\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    @Override\r
    public String getProjectId() {\r
        Lock readLock = rwLock.readLock();\r
        readLock.lock();\r
        try {\r
            return tenant.getId();\r
        } finally {\r
            readLock.unlock();\r
        }\r
    }\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    @Override\r
    public String getProjectName() {\r
        Lock readLock = rwLock.readLock();\r
        readLock.lock();\r
        try {\r
            return tenant.getName();\r
        } finally {\r
            readLock.unlock();\r
        }\r
    }\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    @Override\r
    public Set<String> getRegions() {\r
        Lock readLock = rwLock.readLock();\r
        readLock.lock();\r
        try {\r
            return regions;\r
        } finally {\r
            readLock.unlock();\r
        }\r
    }\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    @Override\r
    public List<String> getServiceTypes() {\r
        Lock readLock = rwLock.readLock();\r
        readLock.lock();\r
        try {\r
            ArrayList<String> result = new ArrayList<>();\r
            result.addAll(serviceTypes.keySet());\r
            return result;\r
        } finally {\r
            readLock.unlock();\r
        }\r
    }\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    @Override\r
    public String getVMRegion(VMURL url) {\r
        String region = null;\r
        Pattern urlPattern = Pattern.compile("[^:]+://([^:/]+)(?::([0-9]+)).*");\r
\r
        if (url != null) {\r
            for (Endpoint endpoint : getEndpoints(ServiceCatalog.COMPUTE_SERVICE)) {\r
                String endpointUrl = endpoint.getPublicURL();\r
                Matcher matcher = urlPattern.matcher(endpointUrl);\r
                if (matcher.matches()) {\r
                    if (url.getHost().equals(matcher.group(1))) {\r
                        if (url.getPort() != null) {\r
                            if (!url.getPort().equals(matcher.group(2))) {\r
                                continue;\r
                            }\r
                        }\r
\r
                        region = endpoint.getRegion();\r
                        break;\r
                    }\r
                }\r
            }\r
        }\r
        return region;\r
    }\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    @Override\r
    public boolean isServicePublished(String serviceType) {\r
        Lock readLock = rwLock.readLock();\r
        readLock.lock();\r
        try {\r
            return serviceTypes.containsKey(serviceType);\r
        } finally {\r
            readLock.unlock();\r
        }\r
    }\r
\r
    /**\r
     * {@inheritDoc}\r
     */\r
    @Override\r
    public String toString() {\r
\r
        StringBuilder builder = new StringBuilder();\r
        Lock lock = rwLock.readLock();\r
        lock.lock();\r
        try {\r
            builder.append(String.format("Service Catalog: tenant %s, id[%s], description[%s]%n", tenant.getName(), //$NON-NLS-1$\r
                    tenant.getId(), tenant.getDescription()));\r
            if (regions != null && !regions.isEmpty()) {\r
                builder.append(String.format("%d regions:%n", regions.size())); //$NON-NLS-1$\r
                for (String region : regions) {\r
                    builder.append("\t" + region + "%n"); //$NON-NLS-1$ //$NON-NLS-2$\r
                }\r
            }\r
            builder.append(String.format("%d services:%n", serviceEndpoints.size())); //$NON-NLS-1$\r
            for (String serviceType : serviceEndpoints.keySet()) {\r
                List<Service.Endpoint> endpoints = serviceEndpoints.get(serviceType);\r
                Service service = serviceTypes.get(serviceType);\r
\r
                builder.append(String.format("\t%s [%s] - %d endpoints%n", service.getType(), service.getName(), //$NON-NLS-1$\r
                        endpoints.size()));\r
                for (Service.Endpoint endpoint : endpoints) {\r
                    builder.append(String.format("\t\tRegion [%s], public URL [%s]%n", endpoint.getRegion(), //$NON-NLS-1$\r
                            endpoint.getPublicURL()));\r
                }\r
            }\r
        } finally {\r
            lock.unlock();\r
        }\r
\r
        return builder.toString();\r
    }\r
\r
    /**\r
     * Parses the service catalog and caches the results\r
     * \r
     * @param services The list of services published by this provider\r
     */\r
    private void parseServiceCatalog(List<Service> services) {\r
        Lock lock = rwLock.writeLock();\r
        lock.lock();\r
        try {\r
            serviceTypes.clear();\r
            serviceEndpoints.clear();\r
            regions.clear();\r
\r
            for (Service service : services) {\r
                String type = service.getType();\r
                serviceTypes.put(type, service);\r
\r
                List<Service.Endpoint> endpoints = service.getEndpoints();\r
                for (Service.Endpoint endpoint : endpoints) {\r
                    List<Service.Endpoint> endpointList = serviceEndpoints.get(type);\r
                    if (endpointList == null) {\r
                        endpointList = new ArrayList<>();\r
                        serviceEndpoints.put(type, endpointList);\r
                    }\r
                    endpointList.add(endpoint);\r
\r
                    String region = endpoint.getRegion();\r
                    if (!regions.contains(region)) {\r
                        regions.add(region);\r
                    }\r
                }\r
            }\r
        } finally {\r
            lock.unlock();\r
        }\r
    }\r
\r
    /**\r
     * Computes the local time when the access token will expire, after which we will need to re-login to access the\r
     * provider.\r
     * \r
     * @param accessKey The access key used to access the provider\r
     * @return The local time the key expires\r
     */\r
    private static long getLocalExpiration(Access accessKey) {\r
        Date now = Time.getCurrentUTCDate();\r
        if (accessKey != null && accessKey.getToken() != null) {\r
            Calendar issued = accessKey.getToken().getIssued_at();\r
            Calendar expires = accessKey.getToken().getExpires();\r
            if (issued != null && expires != null) {\r
                long tokenLife = expires.getTimeInMillis() - issued.getTimeInMillis();\r
                return now.getTime() + tokenLife;\r
            }\r
        }\r
        return now.getTime();\r
    }\r
}\r