package org.onap.vid.controller;
+import static org.onap.vid.utils.Logging.getMethodName;
+
import com.fasterxml.jackson.databind.ObjectMapper;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+import java.util.stream.Collectors;
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
import org.apache.commons.lang3.tuple.ImmutablePair;
import org.apache.commons.lang3.tuple.Pair;
import org.onap.portalsdk.core.controller.RestrictedBaseController;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.HandlerMapping;
import org.springframework.web.servlet.ModelAndView;
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Response;
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.UUID;
-import java.util.stream.Collectors;
-
-import static org.onap.vid.utils.Logging.getMethodName;
-
/**
* Controller to handle a&ai requests.
*/
*/
@RequestMapping(value = "/aai_get_services", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<String> doGetServices(HttpServletRequest request) throws IOException {
- RoleValidator roleValidator = new RoleValidator(roleProvider.getUserRoles(request));
+ RoleValidator roleValidator = RoleValidator.by(roleProvider.getUserRoles(request));
AaiResponse subscriberList = aaiService.getServices(roleValidator);
return aaiResponseToResponseEntity(subscriberList);
public ResponseEntity<String> getFullSubscriberList(HttpServletRequest request) throws IOException {
ObjectMapper objectMapper = new ObjectMapper();
ResponseEntity<String> responseEntity;
- RoleValidator roleValidator = new RoleValidator(roleProvider.getUserRoles(request));
+ RoleValidator roleValidator = RoleValidator.by(roleProvider.getUserRoles(request));
SubscriberFilteredResults subscriberList = aaiService.getFullSubscriberList(roleValidator);
if (subscriberList.getHttpCode() == 200) {
responseEntity = new ResponseEntity<>(objectMapper.writeValueAsString(subscriberList.getSubscriberList()), HttpStatus.OK);
ObjectMapper objectMapper = new ObjectMapper();
ResponseEntity responseEntity;
List<Role> roles = roleProvider.getUserRoles(request);
- RoleValidator roleValidator = new RoleValidator(roles);
+ RoleValidator roleValidator = RoleValidator.by(roles);
AaiResponse subscriberData = aaiService.getSubscriberData(subscriberId, roleValidator);
String httpMessage = subscriberData.getT() != null ?
objectMapper.writeValueAsString(subscriberData.getT()) :
ResponseEntity responseEntity;
List<Role> roles = roleProvider.getUserRoles(request);
- RoleValidator roleValidator = new RoleValidator(roles);
+ RoleValidator roleValidator = RoleValidator.by(roles);
AaiResponse<ServiceInstancesSearchResults> searchResult = aaiService.getServiceInstanceSearchResults(subscriberId, instanceIdentifier, roleValidator, owningEntities, projects);
try {
ObjectMapper objectMapper = new ObjectMapper();
List<Role> roles = roleProvider.getUserRoles(request);
- RoleValidator roleValidator = new RoleValidator(roles);
+ RoleValidator roleValidator = RoleValidator.by(roles);
AaiResponse<GetTenantsResponse[]> response = aaiService.getTenants(globalCustomerId, serviceType, roleValidator);
if (response.getHttpCode() == 200) {
responseEntity = new ResponseEntity<String>(objectMapper.writeValueAsString(response.getT()), HttpStatus.OK);
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * VID
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.vid.roles;
+
+public class AlwaysValidRoleValidator implements RoleValidator {
+
+ AlwaysValidRoleValidator() {
+ // package visibility, only for RoleValidator's factory
+ }
+
+ @Override
+ public boolean isSubscriberPermitted(String subscriberName) {
+ return true;
+ }
+
+ @Override
+ public boolean isServicePermitted(String subscriberName, String serviceType) {
+ return true;
+ }
+
+ @Override
+ public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) {
+ return true;
+ }
+}
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.joshworks.restclient.http.HttpResponse;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+import javax.servlet.http.HttpServletRequest;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.onap.portalsdk.core.web.support.UserUtils;
import org.onap.vid.aai.exceptions.RoleParsingException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
-import javax.servlet.http.HttpServletRequest;
-import java.util.*;
-import java.util.function.Function;
-import java.util.stream.Collectors;
-
/**
* Created by Oren on 7/1/17.
}
public RoleValidator getUserRolesValidator(HttpServletRequest request) {
- return new RoleValidator(getUserRoles(request));
+ return RoleValidator.by(getUserRoles(request));
}
}
* VID
* ================================================================================
* Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (C) 2018 - 2019 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
package org.onap.vid.roles;
import java.util.List;
-import java.util.Map;
+import org.apache.commons.lang3.StringUtils;
import org.onap.portalsdk.core.util.SystemProperties;
-import org.onap.vid.mso.rest.RequestDetails;
-/**
- * Created by Oren on 7/12/17.
- */
-public class RoleValidator {
-
- private boolean disableRoles;
- private final List<Role> userRoles;
-
- public RoleValidator(List<Role> roles) {
- this.userRoles = roles;
- disableRoles = SystemProperties.getProperty("role_management_activated").equals("false");
- }
-
- public boolean isSubscriberPermitted(String subscriberName) {
- if (this.disableRoles) {
- return true;
- }
-
- for (Role role : userRoles) {
- if (role.getSubscribeName().equals(subscriberName)) {
- return true;
- }
- }
- return false;
- }
-
- public boolean isServicePermitted(String subscriberName, String serviceType) {
- if (this.disableRoles) {
- return true;
- }
-
- for (Role role : userRoles) {
- if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType)) {
- return true;
- }
- }
- return false;
- }
+public interface RoleValidator {
- boolean isMsoRequestValid(RequestDetails msoRequest) {
- if (this.disableRoles) {
- return true;
- }
+ static RoleValidator by(List<Role> roles) {
+ boolean disableRoles =
+ StringUtils.equals(SystemProperties.getProperty("role_management_activated"), "false");
- try {
- String globalSubscriberIdRequested = (String) ((Map) ((Map) msoRequest.getAdditionalProperties()
- .get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId");
- String serviceType = (String) ((Map) ((Map) msoRequest.getAdditionalProperties().get("requestDetails"))
- .get("requestParameters")).get("subscriptionServiceType");
- return isServicePermitted(globalSubscriberIdRequested, serviceType);
- } catch (Exception e) {
- //Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso
- return true;
- }
+ return disableRoles
+ ? new AlwaysValidRoleValidator()
+ : new RoleValidatorByRoles(roles);
}
- public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) {
- if (this.disableRoles) {
- return true;
- }
+ boolean isSubscriberPermitted(String subscriberName);
- for (Role role : userRoles) {
- if (role.getSubscribeName().equals(globalCustomerId)
- && role.getServiceType().equals(serviceType)
- && (role.getTenant() == null || role.getTenant().equalsIgnoreCase(tenantName))) {
- return true;
- }
- }
- return false;
- }
+ boolean isServicePermitted(String subscriberName, String serviceType);
- void enableRoles() {
- this.disableRoles = false;
- }
+ boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName);
}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * VID
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.vid.roles;
+
+import java.util.List;
+import java.util.Map;
+import org.onap.vid.mso.rest.RequestDetails;
+
+public class RoleValidatorByRoles implements RoleValidator {
+
+ private final List<Role> userRoles;
+
+ RoleValidatorByRoles(List<Role> roles) {
+ this.userRoles = roles;
+ }
+
+ @Override
+ public boolean isSubscriberPermitted(String subscriberName) {
+ for (Role role : userRoles) {
+ if (role.getSubscribeName().equals(subscriberName)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public boolean isServicePermitted(String subscriberName, String serviceType) {
+ for (Role role : userRoles) {
+ if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) {
+ for (Role role : userRoles) {
+ if (role.getSubscribeName().equals(globalCustomerId)
+ && role.getServiceType().equals(serviceType)
+ && (role.getTenant() == null || role.getTenant().equalsIgnoreCase(tenantName))) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ boolean isMsoRequestValid(RequestDetails msoRequest) {
+ try {
+ String globalSubscriberIdRequested = (String) ((Map) ((Map) msoRequest.getAdditionalProperties()
+ .get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId");
+ String serviceType = (String) ((Map) ((Map) msoRequest.getAdditionalProperties().get("requestDetails"))
+ .get("requestParameters")).get("subscriptionServiceType");
+ return isServicePermitted(globalSubscriberIdRequested, serviceType);
+ } catch (Exception e) {
+ //Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso
+ return true;
+ }
+ }
+
+}
package org.onap.vid.aai;
import java.util.ArrayList;
-import java.util.List;
-
import org.junit.Test;
import org.onap.vid.model.SubscriberList;
import org.onap.vid.roles.EcompRole;
private SubscriberFilteredResults createTestSubject() {
ArrayList<Role> list = new ArrayList<Role>();
list.add(new Role(EcompRole.READ, "a", "a", "a"));
- RoleValidator rl=new RoleValidator(list);
+ RoleValidator rl=RoleValidator.by(list);
SubscriberList sl = new SubscriberList();
sl.customer = new ArrayList<org.onap.vid.model.Subscriber>();
sl.customer.add(new org.onap.vid.model.Subscriber());
package org.onap.vid.bl;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.arrayWithSize;
+import static org.hamcrest.Matchers.equalTo;
+import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertNotNull;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
import org.onap.vid.aai.AaiClientInterface;
import org.onap.vid.aai.AaiResponse;
-import org.onap.vid.aai.model.*;
+import org.onap.vid.aai.model.AaiGetPnfResponse;
import org.onap.vid.aai.model.AaiGetPnfs.Pnf;
import org.onap.vid.aai.model.AaiGetTenatns.GetTenantsResponse;
+import org.onap.vid.aai.model.LogicalLinkResponse;
+import org.onap.vid.aai.model.Relationship;
+import org.onap.vid.aai.model.RelationshipData;
+import org.onap.vid.aai.model.RelationshipList;
+import org.onap.vid.aai.model.ServiceRelationships;
import org.onap.vid.roles.Role;
import org.onap.vid.roles.RoleValidator;
import org.onap.vid.services.AaiServiceImpl;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-
-import static org.hamcrest.MatcherAssert.assertThat;
-import static org.hamcrest.Matchers.arrayWithSize;
-import static org.hamcrest.Matchers.equalTo;
-import static org.testng.Assert.assertEquals;
-import static org.testng.Assert.assertNotNull;
-
public class AaiServiceTest {
@InjectMocks
AaiResponse<GetTenantsResponse[]> aaiResponse = new AaiResponse<>(getTenantsResponses, null, 200);
Mockito.doReturn(aaiResponse).when(aaiClientInterface).getTenants(serviceGlobalCustomerId, serviceServiceType);
Role role = new Role(null, userGlobalCustomerId, userServiceType, userTenantName);
- RoleValidator roleValidator = new RoleValidator(Collections.singletonList(role));
+ RoleValidator roleValidator = RoleValidator.by(Collections.singletonList(role));
AaiResponse<GetTenantsResponse[]> actualTenants = aaiService.getTenants(serviceGlobalCustomerId, serviceServiceType, roleValidator);
assertThat(actualTenants.getT(), arrayWithSize(1));
package org.onap.vid.controller;
-import org.jetbrains.annotations.NotNull;
-import org.onap.vid.aai.model.Permissions;
-import org.onap.vid.roles.RoleProvider;
-import org.onap.vid.roles.RoleValidator;
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.testng.annotations.DataProvider;
-import org.testng.annotations.Test;
-
import static java.lang.Boolean.FALSE;
import static java.lang.Boolean.TRUE;
import static org.apache.commons.lang.RandomStringUtils.randomAlphanumeric;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
+import org.jetbrains.annotations.NotNull;
+import org.onap.vid.aai.model.Permissions;
+import org.onap.vid.roles.RoleProvider;
+import org.onap.vid.roles.RoleValidator;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+
public class ServicePermissionsTest {
@DataProvider
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * VID
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.vid.roles;
+
+import static org.testng.Assert.assertTrue;
+
+import org.testng.annotations.Test;
+
+public class AlwaysValidRoleValidatorTest {
+
+ @Test
+ public void testIsSubscriberPermitted() {
+ assertTrue(new AlwaysValidRoleValidator().isSubscriberPermitted("any"));
+ }
+
+ @Test
+ public void testIsServicePermitted() {
+ assertTrue(new AlwaysValidRoleValidator().isServicePermitted("any", "any"));
+ }
+
+ @Test
+ public void testIsTenantPermitted() {
+ assertTrue(new AlwaysValidRoleValidator().isTenantPermitted("any", "any", "any"));
+ }
+}
\ No newline at end of file
package org.onap.vid.roles;
+import static org.assertj.core.api.Assertions.assertThat;
+
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
+import java.util.List;
+import java.util.Map;
import org.onap.vid.mso.rest.RequestDetails;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
-import java.util.List;
-import java.util.Map;
-
-import static org.assertj.core.api.Assertions.assertThat;
-
-public class RoleValidatorTest {
+public class RoleValidatorByRolesTest {
private static final String SAMPLE_SUBSCRIBER = "sampleSubscriber";
private static final String NOT_MATCHING_SUBSCRIBER = "notMatchingSubscriber";
private Map<String, Object> requestParameters = ImmutableMap.of("subscriptionServiceType", SAMPLE_SERVICE_TYPE);
private Map<String, Object> requestDetailsProperties = ImmutableMap.of("subscriberInfo", subscriberInfo, "requestParameters", requestParameters);
private RequestDetails requestDetails;
- private RoleValidator roleValidator;
+ private RoleValidatorByRoles roleValidator;
@BeforeMethod
public void setUp() {
- roleValidator = new RoleValidator(roles);
- roleValidator.enableRoles();
+ roleValidator = new RoleValidatorByRoles(roles);
requestDetails = new RequestDetails();
}
import org.onap.vid.aai.model.AaiGetTenatns.GetTenantsResponse;
import org.onap.vid.aai.model.VnfResult;
import org.onap.vid.roles.RoleValidator;
+import org.onap.vid.roles.RoleValidatorByRoles;
public class AaiServiceImplTest {
when(response.getT()).thenReturn(new GetTenantsResponse[]{ permittedTenant, unpermittedTenant });
when(aaiClient.getTenants(globalCustomerId, serviceType)).thenReturn(response);
- RoleValidator roleValidator = mock(RoleValidator.class);
+ RoleValidator roleValidator = mock(RoleValidatorByRoles.class);
when(roleValidator.isTenantPermitted(globalCustomerId, serviceType, "permitted_tenant")).thenReturn(true);
when(roleValidator.isTenantPermitted(globalCustomerId, serviceType, "unpermitted_tenant")).thenReturn(false);
@SuppressWarnings("unchecked")
public void getServicesShouldMarkAllServicesAsPermitted() {
// given
- RoleValidator roleValidator = modelGenerator.nextObject(RoleValidator.class);
+ RoleValidator roleValidator = modelGenerator.nextObject(RoleValidatorByRoles.class);
GetServicesAAIRespone inputPayload = modelGenerator.nextObject(GetServicesAAIRespone.class);
assertThat(inputPayload.service.stream().allMatch(service -> service.isPermitted)).isFalse();