Fully HTTPS support in the dcaedt-tools

Fully HTTPS support:
-Updated the onap/base_sdc-jetty docker image version
-Updated the chef script to properly used of the new docker image
-Updated jvm configuration to support call to
the SDC components using HTTPS.
-Added buildRestClient method to create the DcaeRestClient
supporting the SSL connection
-Checkstyle in the recipes adn tools.Main method
-Update the docker_run.sh:
  - Change JAVA_OPTIONS
-Update docker_run script
-Add proper dependency in the pom (waiting for solving the SDC-2554 bug)

Issue-ID: SDC-2552
Signed-off-by: Krystian Kedron <k.kedron@partner.samsung.com>
Change-Id: Ie8dd1f54619f1101c13de13ae3cbb296bba57210

diff --git a/dcaedt_tools/pom.xml b/dcaedt_tools/pom.xml
index 5e63939..d0d0976 100644 (file)
--- a/dcaedt_tools/pom.xml
+++ b/dcaedt_tools/pom.xml
@@ -74,7 +74,7 @@
                                     <goal>copy-resources</goal>
                                 </goals>
                                 <configuration>
-                                    <outputDirectory>${project.parent.basedir}/docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/files/default</outputDirectory>
+                                    <outputDirectory>${project.parent.basedir}/docker/docker_tools/chef-repo/cookbooks/Deploy-DCAE/files/default</outputDirectory>
                                     <resources>
                                         <resource>
                                             <directory>${project.basedir}/src/main/resources/conf</directory>
@@ -260,5 +260,16 @@
             <artifactId>spring-web</artifactId>
             <version>5.0.9.RELEASE</version>
         </dependency>
+<!-- TO-DO: UNCOMMENT WHEN SDC-2554 BUG WILL BE SOLVE-->
+<!--        <dependency>-->
+<!--            <groupId>org.springframework</groupId>-->
+<!--            <artifactId>spring-core</artifactId>-->
+<!--            <version>${org.springframework.version}</version>-->
+<!--        </dependency>-->
+<!--        <dependency>-->
+<!--            <groupId>org.slf4j</groupId>-->
+<!--            <artifactId>slf4j-simple</artifactId>-->
+<!--            <version>1.7.26</version>-->
+<!--        </dependency>-->
     </dependencies>
 </project>

diff --git a/dcaedt_tools/src/main/java/tools/Main.java b/dcaedt_tools/src/main/java/tools/Main.java
index 3517c35..18c1a89 100644 (file)
--- a/dcaedt_tools/src/main/java/tools/Main.java
+++ b/dcaedt_tools/src/main/java/tools/Main.java
@@ -65,22 +65,22 @@ public class Main {
         IReport report = new Report();
         try {
             ObjectMapper mapper = new ObjectMapper();
-            DeployTemplateConfig deployTemplateConfig = mapper.readValue(new File(System.getProperty(CONFIG_FILE, "conf/config.json")), DeployTemplateConfig.class);
-            Environment environment = mapper.readValue(new File(System.getProperty(ENVIRONMENT_CONFIG, "conf/environment.json")), Environment.class);
-
+            DeployTemplateConfig deployTemplateConfig =
+                mapper.readValue(new File(System.getProperty(CONFIG_FILE, "conf/config.json")),
+                    DeployTemplateConfig.class);
+            Environment environment = mapper.readValue(
+                new File(System.getProperty(ENVIRONMENT_CONFIG, "conf/environment.json")),
+                Environment.class);
             IDcaeRestClient dcaeRestClient = new DcaeRestClient(environment.getCredential());
             dcaeRestClient.init(environment);
-
             Map<String, List<Resource>> elementsByFolderNames = dcaeRestClient.getDcaeCatalog();
-
-            TemplateContainer templateContainer = new TemplateContainer(report, dcaeRestClient, deployTemplateConfig.getTemplateInfo(), elementsByFolderNames);
-            Map<TemplateInfo, JsonObject> templateInfoToJsonObjectMap = templateContainer.getCdumps();
-
+            TemplateContainer templateContainer = new TemplateContainer(report, dcaeRestClient,
+                deployTemplateConfig.getTemplateInfo(), elementsByFolderNames);
+            Map<TemplateInfo, JsonObject> templateInfoToJsonObjectMap =
+                templateContainer.getCdumps();
             DeployTemplate deployTemplate = new DeployTemplate(report, dcaeRestClient);
             deployTemplate.deploy(templateInfoToJsonObjectMap);
-
             debugLogger.log( "VFCMT template deployment completed");
-
         } catch (RuntimeException e) {
             errLogger.log("ERROR - Template deployment failed with error " + e, e);
             report.setStatusCode(2);

diff --git a/dcaedt_tools/src/main/java/utilities/DcaeRestClient.java b/dcaedt_tools/src/main/java/utilities/DcaeRestClient.java
index f786671..e550510 100644 (file)
--- a/dcaedt_tools/src/main/java/utilities/DcaeRestClient.java
+++ b/dcaedt_tools/src/main/java/utilities/DcaeRestClient.java
@@ -22,9 +22,19 @@ package utilities;
 
 import json.Credential;
 import json.Environment;
+import org.apache.http.config.Registry;
+import org.apache.http.config.RegistryBuilder;
+import org.apache.http.conn.socket.ConnectionSocketFactory;
+import org.apache.http.conn.socket.PlainConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
 import org.apache.http.message.BasicHeader;
+import org.apache.http.ssl.SSLContextBuilder;
 import org.onap.sdc.dcae.composition.restmodels.CreateVFCMTRequest;
 import org.onap.sdc.dcae.composition.restmodels.canvas.DcaeComponentCatalog;
 import org.onap.sdc.dcae.composition.restmodels.sdc.Resource;
@@ -36,6 +46,10 @@ import org.springframework.web.client.RestTemplate;
 import tools.LoggerDebug;
 
 import javax.annotation.PostConstruct;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -49,7 +63,6 @@ public class DcaeRestClient implements IDcaeRestClient {
     private static LoggerDebug debugLogger = LoggerDebug.getInstance();
     private static final String GET_RESOURCES_BY_CATEGORY = "/getResourcesByCategory";
     private static final String CREATE_VFCMT = "/createVFCMT";
-    private static final String ELEMENTS = "/elements";
        private static final String CATALOG = "/catalog";
 
 
@@ -75,11 +88,15 @@ public class DcaeRestClient implements IDcaeRestClient {
     public void init(Environment environment) {
         credential = environment.getCredential();
         debugLogger.log("Connecting to server host: " + environment.getDcaeBeHost() + ", port: " + environment.getDcaeBePort());
-        CloseableHttpClient httpClient = HttpClientBuilder.create().setDefaultHeaders(defaultHeaders(credential)).build();
-        HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
-        requestFactory.setHttpClient(httpClient);
-        client = new RestTemplate(requestFactory);
+        try {
+            HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
+            requestFactory.setHttpClient(buildRestClient());
+            client = new RestTemplate(requestFactory);
+        } catch (SSLException e) {
+            debugLogger.log("ERROR: Build rest client failed because: " + e.getMessage());
+        }
         uri = String.format("%s:%s%s", environment.getDcaeBeHost(), environment.getDcaeBePort(), environment.getApiPath());
+        debugLogger.log("end function");
     }
 
     private List<BasicHeader> defaultHeaders(Credential credential) {
@@ -176,4 +193,22 @@ public class DcaeRestClient implements IDcaeRestClient {
     public void updateResource(ResourceDetailed vfcmt) {
         // Do nothing
     }
+
+    private CloseableHttpClient buildRestClient() throws SSLException {
+        SSLContextBuilder builder = new SSLContextBuilder();
+        try {
+            builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
+            SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
+                SSLContext.getDefault(), NoopHostnameVerifier.INSTANCE);
+            Registry<ConnectionSocketFactory> registry =
+                RegistryBuilder.<ConnectionSocketFactory>create()
+                    .register("http", new PlainConnectionSocketFactory()).register("https", sslsf)
+                    .build();
+            PoolingHttpClientConnectionManager cm =
+                new PoolingHttpClientConnectionManager(registry);
+            return HttpClients.custom().setSSLSocketFactory(sslsf).setConnectionManager(cm).build();
+        } catch (NoSuchAlgorithmException | KeyStoreException e) {
+            throw new SSLException(e);
+        }
+    }
 }

diff --git a/docker/docker_tools/Dockerfile b/docker/docker_tools/Dockerfile
index 4a36f7d..d80d62b 100644 (file)
--- a/docker/docker_tools/Dockerfile
+++ b/docker/docker_tools/Dockerfile
@@ -1,20 +1,17 @@
-FROM onap/base_sdc-jetty:1.2.0-SNAPSHOT-latest
+FROM onap/base_sdc-jetty:1.4.1
 
-USER root
-
-RUN adduser -h /home/dcae -s /bin/sh  -D dcae
+COPY chef-solo /root/chef-solo/
 
-COPY target/dcaedt_tools-*.jar /var/opt/dcae-tools/app/dcaedt_tools.jar
+COPY chef-repo/cookbooks /root/chef-solo/cookbooks/
 
-COPY chef-solo /var/opt/dcae-tools/chef-solo/
+ADD --chown=jetty:jetty target/dcaedt_tools-*.jar ${JETTY_BASE}/webapps/dcaedt_tools.jar
 
-COPY startup.sh /var/opt/dcae-tools
-
-RUN chmod 775 /var/opt/dcae-tools/startup.sh
+USER root
 
-RUN chown -R dcae /var/opt/dcae-tools
+RUN apk add --no-cache python
 
-USER dcae
+COPY startup.sh /root/
 
-ENTRYPOINT [ "/var/opt/dcae-tools/startup.sh" ]
+RUN chmod 770 /root/startup.sh
 
+ENTRYPOINT [ "/root/startup.sh" ]

diff --git a/docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/README.md b/docker/docker_tools/chef-repo/cookbooks/Deploy-DCAE/README.md
similarity index 100%
rename from docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/README.md
rename to docker/docker_tools/chef-repo/cookbooks/Deploy-DCAE/README.md

diff --git a/docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/attributes/default.rb b/docker/docker_tools/chef-repo/cookbooks/Deploy-DCAE/attributes/default.rb
similarity index 67%
rename from docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/attributes/default.rb
rename to docker/docker_tools/chef-repo/cookbooks/Deploy-DCAE/attributes/default.rb
index b774969..250947e 100644 (file)
--- a/docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/attributes/default.rb
+++ b/docker/docker_tools/chef-repo/cookbooks/Deploy-DCAE/attributes/default.rb
@@ -1,7 +1,4 @@
-default['WORKSPACE_DIR'] = "/var/opt/dcae-tools/app"
-
 default['DCAE']['BE'][:http_port] = 8082
 default['DCAE']['BE'][:https_port] = 8444
 
 default['disableHttp'] = true
-

diff --git a/docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/files/default/config.json b/docker/docker_tools/chef-repo/cookbooks/Deploy-DCAE/files/default/config.json
similarity index 100%
rename from docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/files/default/config.json
rename to docker/docker_tools/chef-repo/cookbooks/Deploy-DCAE/files/default/config.json

diff --git a/docker/docker_tools/chef-repo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks b/docker/docker_tools/chef-repo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks
new file mode 100755 (executable)
index 0000000..077a7f3
Binary files /dev/null and b/docker/docker_tools/chef-repo/cookbooks/Deploy-DCAE/files/default/org.onap.sdc.trust.jks differ

diff --git a/docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/recipes/dcae_tools_setup.rb b/docker/docker_tools/chef-repo/cookbooks/Deploy-DCAE/recipes/dcae_tools_setup.rb
similarity index 57%
rename from docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/recipes/dcae_tools_setup.rb
rename to docker/docker_tools/chef-repo/cookbooks/Deploy-DCAE/recipes/dcae_tools_setup.rb
index 152def2..a989201 100644 (file)
--- a/docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/recipes/dcae_tools_setup.rb
+++ b/docker/docker_tools/chef-repo/cookbooks/Deploy-DCAE/recipes/dcae_tools_setup.rb
@@ -1,5 +1,3 @@
-workspace_dir = "#{node['WORKSPACE_DIR']}"
-
 dcae_be_host = node['DCAE_BE_VIP']
 
 if node['disableHttp']
@@ -12,11 +10,27 @@ end
 
 printf("DEBUG: [%s]:[%s] disableHttp=[%s], protocol=[%s], dcae_be_vip=[%s], dcae_be_port=[%s] !!! \n", cookbook_name, recipe_name, node['disableHttp'], protocol, dcae_be_host ,dcae_be_port )
 
+directory "Jetty_etc dir_creation" do
+  path "#{ENV['JETTY_BASE']}/etc"
+  owner 'jetty'
+  group 'jetty'
+  mode '0755'
+  action :create
+end
+
+
+cookbook_file "#{ENV['JETTY_BASE']}/etc/org.onap.sdc.trust.jks" do
+  source "org.onap.sdc.trust.jks"
+  owner "jetty"
+  group "jetty"
+  mode 0755
+end
+
 
-directory "#{workspace_dir}/conf" do
+directory "#{ENV['JETTY_BASE']}/conf" do
   mode '0755'
-  owner "dcae"
-  group "dcae"
+  owner "jetty"
+  group "jetty"
   recursive true
   action :create
 end
@@ -24,12 +38,12 @@ end
 
 template "dcae-tools-config-yaml" do
   sensitive true
-  path "/#{workspace_dir}/conf/environment.json"
+  path "/#{ENV['JETTY_BASE']}/conf/environment.json"
   source "environment.json.erb"
   mode "0755"
-  owner "dcae"
-  group "dcae"
-  variables ({
+  owner "jetty"
+  group "jetty"
+  variables({
     :dcae_be_host => dcae_be_host,
     :dcae_be_port => dcae_be_port,
     :protocol => protocol
@@ -37,11 +51,11 @@ template "dcae-tools-config-yaml" do
 end
 
 
-cookbook_file "/#{workspace_dir}/conf/config.json" do
+cookbook_file "/#{ENV['JETTY_BASE']}/conf/config.json" do
   sensitive true
   source "config.json"
-  owner "dcae"
-  group "dcae"
+  owner "jetty"
+  group "jetty"
   mode "0755"
   action :create
 end

diff --git a/docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/templates/default/environment.json.erb b/docker/docker_tools/chef-repo/cookbooks/Deploy-DCAE/templates/default/environment.json.erb
similarity index 100%
rename from docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/templates/default/environment.json.erb
rename to docker/docker_tools/chef-repo/cookbooks/Deploy-DCAE/templates/default/environment.json.erb

diff --git a/docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/.gitignore b/docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/.gitignore
deleted file mode 100644 (file)
index b31c0d3..0000000
--- a/docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/.gitignore
+++ /dev/null
@@ -1,20 +0,0 @@
-.vagrant
-Berksfile.lock
-*~
-*#
-.#*
-\#*#
-.*.sw[a-z]
-*.un~
-
-# Bundler
-Gemfile.lock
-bin/*
-.bundle/*
-
-.kitchen/
-.kitchen.local.yml
-
-######### Private
-run.me
-DCAE-CI01.json

diff --git a/docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/.kitchen.yml b/docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/.kitchen.yml
deleted file mode 100644 (file)
index 37d2844..0000000
--- a/docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/.kitchen.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-driver:
-  name: vagrant
-
-provisioner:
-  name: chef_zero
-
-platforms:
-  - name: ubuntu-16.04
-  - name: centos-7.1
-
-suites:
-  - name: default
-    run_list:
-      - recipe[Deploy-DCAE::default]
-    attributes:

diff --git a/docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/metadata.rb b/docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/metadata.rb
deleted file mode 100644 (file)
index 7935c22..0000000
--- a/docker/docker_tools/chef-solo/cookbooks/Deploy-DCAE/metadata.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-name 'Deploy-DCAE'
-maintainer 'The Authors'
-maintainer_email 'you@example.com'
-license 'all_rights'
-description 'Installs/Configures Deploy-DCAE'
-long_description 'Installs/Configures Deploy-DCAE'
-version '1.0.0'

diff --git a/docker/docker_tools/startup.sh b/docker/docker_tools/startup.sh
index a158317..b9c3ea1 100644 (file)
--- a/docker/docker_tools/startup.sh
+++ b/docker/docker_tools/startup.sh
@@ -1,8 +1,13 @@
 #!/bin/sh
-set -x 
-# Run chef-solo for configuration
-cd /var/opt/dcae-tools/chef-solo
-chef-solo -c solo.rb -E ${ENVNAME} --log_level "debug" --logfile "/tmp/Chef-Solo.log"
+
+JAVA_OPTIONS=" ${JAVA_OPTIONS} -Dconfig.home=${JETTY_BASE}/config \
+               -Dlog.home=${JETTY_BASE}/logs \
+               -Djetty.console-capture.dir=${JETTY_BASE}/logs \
+               -Djavax.net.ssl.trustStore=${JETTY_BASE}/etc/org.onap.sdc.trust.jks \
+               -Djavax.net.ssl.trustStorePassword=c+QY7@v1bQ!lo0c4ydi)))AV"
+
+cd /root/chef-solo
+chef-solo -c solo.rb -E ${ENVNAME}
 
 status=$?
 if [[ ${status} != 0 ]]; then
@@ -10,8 +15,7 @@ if [[ ${status} != 0 ]]; then
   exit 1
 fi
 
-# Execute DCAE tools
-cd /var/opt/dcae-tools/app
-java -jar dcaedt_tools.jar conf/environment.json conf/config.json
+cd ${JETTY_BASE}/webapps
+java ${JAVA_OPTIONS} -jar dcaedt_tools.jar ../conf/environment.json ../conf/config.json
 
 exec "$@";
\ No newline at end of file

diff --git a/docker/scripts/docker_run.sh b/docker/scripts/docker_run.sh
index af322bd..ceba2e4 100755 (executable)
--- a/docker/scripts/docker_run.sh
+++ b/docker/scripts/docker_run.sh
@@ -282,7 +282,7 @@ function dcae-tools {
     if [ ${LOCAL} == false ]; then
         docker pull "${PREFIX}/${DOCKER_NAME}:${RELEASE}"
     fi
-    docker run ${DOCKER_RUN_MODE_BG} --name ${DOCKER_NAME} --env HOST_IP="${IP}" --env ENVNAME="${DEP_ENV}" ${LOCAL_TIME_MOUNT_CMD}  --volume "${WORKSPACE}/data/logs/BE/:/var/lib/jetty/logs" --volume "${WORKSPACE}/data/environments:/var/opt/dcae-tools/chef-solo/environments"  "${PREFIX}/${DOCKER_NAME}:${RELEASE}"
+    docker run ${DOCKER_RUN_MODE_BG} --name ${DOCKER_NAME} --env HOST_IP="${IP}" --env ENVNAME="${DEP_ENV}" --env JAVA_OPTIONS="${JAVA_OPTIONS}" ${LOCAL_TIME_MOUNT_CMD}  --volume "${WORKSPACE}/data/logs/BE/:/var/lib/jetty/logs" --volume "${WORKSPACE}/data/environments:/root/chef-solo/environments"  "${PREFIX}/${DOCKER_NAME}:${RELEASE}"
     command_exit_status $? ${DOCKER_NAME}
     echo "please wait while ${DOCKER_NAME^^} is starting....."
     monitor_docker ${DOCKER_NAME}

diff --git a/pom.xml b/pom.xml
index c9795b7..df1bdde 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -25,6 +25,7 @@
         <nexus.proxy>https://nexus.onap.org</nexus.proxy>
         <maven-checkstyle-plugin.version>2.17</maven-checkstyle-plugin.version>
         <springboot.version>1.5.9.RELEASE</springboot.version>
+        <org.springframework.version>5.1.9.RELEASE</org.springframework.version>
         <staging.profile.id>176c31dfe190a</staging.profile.id>
         <sitePath>/content/sites/site/org/openecomp/sdc/${project.version}</sitePath>
         <sonar.branch>${project.version}</sonar.branch>