Fix decryption handling in deploy and update calls

Refactor supervision to fix sync issue

Issue-ID: POLICY-5308
Signed-off-by: rameshiyer27 <ramesh.murugan.iyer@est.tech>
Change-Id: Ia13cba1350680b6d10b130827622ec70f9b097d1

diff --git a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/instantiation/AutomationCompositionInstantiationProvider.java b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/instantiation/AutomationCompositionInstantiationProvider.java
index eacd07f..0966ab3 100644 (file)
--- a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/instantiation/AutomationCompositionInstantiationProvider.java
+++ b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/instantiation/AutomationCompositionInstantiationProvider.java
@@ -33,10 +33,12 @@ import org.onap.policy.clamp.acm.runtime.main.utils.EncryptionUtils;
 import org.onap.policy.clamp.acm.runtime.supervision.SupervisionAcHandler;
 import org.onap.policy.clamp.models.acm.concepts.AcTypeState;
 import org.onap.policy.clamp.models.acm.concepts.AutomationComposition;
+import org.onap.policy.clamp.models.acm.concepts.AutomationCompositionDefinition;
 import org.onap.policy.clamp.models.acm.concepts.AutomationCompositions;
 import org.onap.policy.clamp.models.acm.concepts.DeployState;
 import org.onap.policy.clamp.models.acm.concepts.LockState;
 import org.onap.policy.clamp.models.acm.concepts.NodeTemplateState;
+import org.onap.policy.clamp.models.acm.concepts.ParticipantUtils;
 import org.onap.policy.clamp.models.acm.concepts.StateChangeResult;
 import org.onap.policy.clamp.models.acm.concepts.SubState;
 import org.onap.policy.clamp.models.acm.messages.rest.instantiation.AcInstanceStateUpdate;
@@ -201,12 +203,15 @@ public class AutomationCompositionInstantiationProvider {
         if (!validationResult.isValid()) {
             throw new PfModelRuntimeException(Status.BAD_REQUEST, validationResult.getResult());
         }
-        // Publish property update event to the participants
-        supervisionAcHandler.update(acToBeUpdated);
+        updateAcForProperties(acToBeUpdated);
+
+        var acToPublish = new AutomationComposition(acToBeUpdated);
 
         encryptInstanceProperties(acToBeUpdated, acToBeUpdated.getCompositionId());
 
         automationComposition = automationCompositionProvider.updateAutomationComposition(acToBeUpdated);
+        // Publish property update event to the participants
+        supervisionAcHandler.update(acToPublish);
         return createInstantiationResponse(automationComposition);
     }
 
@@ -245,16 +250,34 @@ public class AutomationCompositionInstantiationProvider {
         }
         acToBeUpdated.setCompositionTargetId(automationComposition.getCompositionTargetId());
         var acDefinition = acDefinitionProvider.getAcDefinition(automationComposition.getCompositionTargetId());
-        // Publish migrate event to the participants
-        supervisionAcHandler.migrate(acToBeUpdated, acDefinition.getServiceTemplate());
+
+        updateAcForMigration(acToBeUpdated, acDefinition);
+
+        var acToPublish = new AutomationComposition(acToBeUpdated);
 
         encryptInstanceProperties(acToBeUpdated, acToBeUpdated.getCompositionTargetId());
 
         var ac = automationCompositionProvider.updateAutomationComposition(acToBeUpdated);
         elementsRemoved.forEach(automationCompositionProvider::deleteAutomationCompositionElement);
+
+        // Publish migrate event to the participants
+        supervisionAcHandler.migrate(acToPublish);
         return createInstantiationResponse(ac);
     }
 
+    private void updateAcForMigration(AutomationComposition acToBeUpdated,
+                                      AutomationCompositionDefinition acDefinition) {
+        AcmUtils.setCascadedState(acToBeUpdated, DeployState.MIGRATING, LockState.LOCKED);
+        acToBeUpdated.setStateChangeResult(StateChangeResult.NO_ERROR);
+        var stage = ParticipantUtils.getFirstStage(acToBeUpdated, acDefinition.getServiceTemplate());
+        acToBeUpdated.setPhase(stage);
+    }
+
+    private void updateAcForProperties(AutomationComposition acToBeUpdated) {
+        AcmUtils.setCascadedState(acToBeUpdated, DeployState.UPDATING, acToBeUpdated.getLockState());
+        acToBeUpdated.setStateChangeResult(StateChangeResult.NO_ERROR);
+    }
+
     private List<UUID> getElementRemoved(AutomationComposition acFromDb, AutomationComposition acFromMigration) {
         return acFromDb.getElements().keySet().stream()
                 .filter(id -> acFromMigration.getElements().get(id) == null).toList();

diff --git a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/main/utils/EncryptionUtils.java b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/main/utils/EncryptionUtils.java
index f7988ea..a0226e8 100644 (file)
--- a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/main/utils/EncryptionUtils.java
+++ b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/main/utils/EncryptionUtils.java
@@ -35,9 +35,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 import java.util.UUID;
-import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
-import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactory;
@@ -133,13 +131,13 @@ public class EncryptionUtils {
                         var encryptedVal = encrypt(sensitiveStr);
                         elementProperties.put(property.getName(), encryptedVal);
                         LOGGER.debug("Property {} is successfully encrypted", property.getName());
+
                     }
                 }
             }
 
         } catch (Exception e) {
-            throw new AutomationCompositionRuntimeException(Response.Status.fromStatusCode(500),
-                    "Failed to encrypt instance field ", e);
+            LOGGER.error("Failed to encrypt instance parameter with error {}", e.getMessage());
         }
     }
 
@@ -149,28 +147,21 @@ public class EncryptionUtils {
      * @param automationComposition acInstance
      */
     public void findAndDecryptSensitiveData(AutomationComposition automationComposition) {
-        try {
-            for (var acInstanceElement: automationComposition.getElements().values()) {
-                for (var property : acInstanceElement.getProperties().entrySet()) {
-                    var propertyVal = property.getValue();
-                    if (propertyVal instanceof String propertyValStr && propertyValStr.startsWith(MARKER)) {
-                        var decryptedVal = decrypt(propertyValStr);
-                        acInstanceElement.getProperties().put(property.getKey(), decryptedVal);
-                        LOGGER.debug("Property {} is successfully decrypted", property.getKey());
-                    } else {
-                        decryptNested(propertyVal);
-                    }
+        for (var acInstanceElement: automationComposition.getElements().values()) {
+            for (var property : acInstanceElement.getProperties().entrySet()) {
+                var propertyVal = property.getValue();
+                if (propertyVal instanceof String propertyValStr && propertyValStr.startsWith(MARKER)) {
+                    var decryptedVal = decrypt(propertyValStr);
+                    acInstanceElement.getProperties().put(property.getKey(), decryptedVal);
+                    LOGGER.debug("Property {} is successfully decrypted", property.getKey());
+                } else {
+                    decryptNested(propertyVal);
                 }
             }
-        } catch (Exception e) {
-            throw new AutomationCompositionRuntimeException(Response.Status.fromStatusCode(500),
-                    "Failed to decrypt instance field ", e);
         }
     }
 
-    private void decryptNested(Object propertyVal) throws InvalidAlgorithmParameterException, IllegalBlockSizeException,
-            NoSuchPaddingException, BadPaddingException, NoSuchAlgorithmException, InvalidKeySpecException,
-            InvalidKeyException {
+    private void decryptNested(Object propertyVal) {
         if (propertyVal instanceof List<?> listVal) {
             for (var listEntry : listVal) {
                 if (listEntry instanceof Map<?, ?> tempMap) {
@@ -182,9 +173,7 @@ public class EncryptionUtils {
         }
     }
 
-    private void decryptNestedMap(Map<?, ?> tempMap) throws InvalidAlgorithmParameterException,
-            IllegalBlockSizeException, NoSuchPaddingException, BadPaddingException, NoSuchAlgorithmException,
-            InvalidKeySpecException, InvalidKeyException {
+    private void decryptNestedMap(Map<?, ?> tempMap) {
         @SuppressWarnings("unchecked")
         var nestedMap = (Map<Object, Object>) tempMap;
         for (var prop : nestedMap.entrySet()) {
@@ -196,9 +185,7 @@ public class EncryptionUtils {
         }
     }
 
-    private void encryptNested(ToscaProperty property, Map<?, ?> properties)
-            throws InvalidAlgorithmParameterException, IllegalBlockSizeException, NoSuchPaddingException,
-            BadPaddingException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException {
+    private void encryptNested(ToscaProperty property, Map<?, ?> properties) {
         // Iterate over nested maps to check if the property exists inside them
         for (var mapEntry : properties.entrySet()) {
             if (mapEntry.getValue() instanceof List<?> listVal) {
@@ -214,9 +201,7 @@ public class EncryptionUtils {
 
     }
 
-    private void encryptNestedMaps(ToscaProperty property, Map<?, ?> tempMap) throws InvalidAlgorithmParameterException,
-            IllegalBlockSizeException, NoSuchPaddingException, BadPaddingException, NoSuchAlgorithmException,
-            InvalidKeySpecException, InvalidKeyException {
+    private void encryptNestedMaps(ToscaProperty property, Map<?, ?> tempMap) {
         @SuppressWarnings("unchecked")
         var nestedMap = (Map<Object, Object>) tempMap;
         var nestedValue = nestedMap.get(property.getName());
@@ -283,32 +268,45 @@ public class EncryptionUtils {
         return new SecretKeySpec(factory.generateSecret(spec).getEncoded(), "AES");
     }
 
-    private String encrypt(String input) throws IllegalBlockSizeException, BadPaddingException,
-            NoSuchAlgorithmException, InvalidKeySpecException, InvalidAlgorithmParameterException, InvalidKeyException,
-            NoSuchPaddingException {
-        var iv = generateIV();
+    private String encrypt(String input) {
+        try {
+            var iv = generateIV();
+            var cipher = getCipher(iv, Cipher.ENCRYPT_MODE);
+            var cipherText = cipher.doFinal(input.getBytes());
+            var cipherByte = ByteBuffer.allocate(iv.length + cipherText.length).put(iv).put(cipherText).array();
+            return MARKER + Base64.getEncoder().encodeToString(cipherByte);
+
+        } catch (Exception e) {
+            LOGGER.error("Failed to encrypt instance field with error {}", e.getMessage());
+        }
+        return input;
+    }
+
+    protected Cipher getCipher(byte[] iv, int mode) throws NoSuchPaddingException, NoSuchAlgorithmException,
+            InvalidKeySpecException, InvalidAlgorithmParameterException, InvalidKeyException {
         var parameterSpec = new GCMParameterSpec(GCM_TAG, iv);
         var cipher = Cipher.getInstance(ALGORITHM);
-        cipher.init(Cipher.ENCRYPT_MODE, getSecretKey(), parameterSpec);
-        var cipherText = cipher.doFinal(input.getBytes());
-        var cipherByte = ByteBuffer.allocate(iv.length + cipherText.length).put(iv).put(cipherText).array();
-        return MARKER + Base64.getEncoder().encodeToString(cipherByte);
+        cipher.init(mode, getSecretKey(), parameterSpec);
+        return cipher;
     }
 
-    private String decrypt(String cipherText) throws IllegalBlockSizeException, BadPaddingException,
-            NoSuchAlgorithmException, InvalidKeySpecException,
-            InvalidAlgorithmParameterException, InvalidKeyException, NoSuchPaddingException {
-        var decodedText = Base64.getDecoder().decode(cipherText.substring(MARKER.length()).getBytes());
-        var byteBuffer = ByteBuffer.wrap(decodedText);
-        var iv = new byte[IV_LENGTH];
-        byteBuffer.get(iv);
-        var encryptedByte = new byte[byteBuffer.remaining()];
-        byteBuffer.get(encryptedByte);
+    private String decrypt(String cipherText) {
+        try {
+            var decodedText = Base64.getDecoder().decode(cipherText.substring(MARKER.length()).getBytes());
+            var byteBuffer = ByteBuffer.wrap(decodedText);
+            var iv = new byte[IV_LENGTH];
+            byteBuffer.get(iv);
+            var encryptedByte = new byte[byteBuffer.remaining()];
+            byteBuffer.get(encryptedByte);
+
+            var cipher = getCipher(iv, Cipher.DECRYPT_MODE);
+            var plainText = cipher.doFinal(encryptedByte);
+            return new String(plainText);
+
+        } catch (Exception e) {
+            throw new AutomationCompositionRuntimeException(Response.Status.fromStatusCode(500),
+                    "Failed to decrypt instance field ", e);
+        }
 
-        var parameterSpec = new GCMParameterSpec(GCM_TAG, iv);
-        var cipher = Cipher.getInstance(ALGORITHM);
-        cipher.init(Cipher.DECRYPT_MODE, getSecretKey(), parameterSpec);
-        var plainText = cipher.doFinal(encryptedByte);
-        return new String(plainText);
     }
 }

diff --git a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/supervision/SupervisionAcHandler.java b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/supervision/SupervisionAcHandler.java
index 126ffaf..f436eb2 100644 (file)
--- a/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/supervision/SupervisionAcHandler.java
+++ b/runtime-acm/src/main/java/org/onap/policy/clamp/acm/runtime/supervision/SupervisionAcHandler.java
@@ -27,6 +27,7 @@ import java.util.Map;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import lombok.AllArgsConstructor;
+import org.onap.policy.clamp.acm.runtime.main.utils.EncryptionUtils;
 import org.onap.policy.clamp.acm.runtime.supervision.comm.AcElementPropertiesPublisher;
 import org.onap.policy.clamp.acm.runtime.supervision.comm.AcPreparePublisher;
 import org.onap.policy.clamp.acm.runtime.supervision.comm.AutomationCompositionDeployPublisher;
@@ -44,7 +45,6 @@ import org.onap.policy.clamp.models.acm.messages.kafka.participant.AutomationCom
 import org.onap.policy.clamp.models.acm.persistence.provider.AutomationCompositionProvider;
 import org.onap.policy.clamp.models.acm.persistence.provider.MessageProvider;
 import org.onap.policy.clamp.models.acm.utils.AcmUtils;
-import org.onap.policy.models.tosca.authorative.concepts.ToscaServiceTemplate;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;
@@ -67,6 +67,7 @@ public class SupervisionAcHandler {
     private final AutomationCompositionMigrationPublisher acCompositionMigrationPublisher;
     private final AcPreparePublisher acPreparePublisher;
     private final MessageProvider messageProvider;
+    private final EncryptionUtils encryptionUtils;
 
     private final ExecutorService executor = Context.taskWrapping(Executors.newFixedThreadPool(1));
 
@@ -93,7 +94,11 @@ public class SupervisionAcHandler {
         automationComposition.setPhase(startPhase);
         automationCompositionProvider.updateAutomationComposition(automationComposition);
         executor.execute(
-            () -> automationCompositionDeployPublisher.send(automationComposition, startPhase, true));
+            () -> {
+                var acToSend = new AutomationComposition(automationComposition);
+                decryptInstanceProperties(acToSend);
+                automationCompositionDeployPublisher.send(acToSend, startPhase, true);
+            });
     }
 
     /**
@@ -156,7 +161,11 @@ public class SupervisionAcHandler {
         AcmUtils.setCascadedState(automationComposition, DeployState.UNDEPLOYED, LockState.NONE, SubState.PREPARING);
         automationComposition.setStateChangeResult(StateChangeResult.NO_ERROR);
         automationCompositionProvider.updateAutomationComposition(automationComposition);
-        executor.execute(() -> acPreparePublisher.sendPrepare(automationComposition));
+        executor.execute(() -> {
+            var acToSend = new AutomationComposition(automationComposition);
+            decryptInstanceProperties(acToSend);
+            acPreparePublisher.sendPrepare(acToSend);
+        });
     }
 
     /**
@@ -202,10 +211,11 @@ public class SupervisionAcHandler {
      * @param automationComposition the AutomationComposition
      */
     public void update(AutomationComposition automationComposition) {
-        AcmUtils.setCascadedState(automationComposition, DeployState.UPDATING, automationComposition.getLockState());
-        automationComposition.setStateChangeResult(StateChangeResult.NO_ERROR);
         executor.execute(
-            () -> acElementPropertiesPublisher.send(automationComposition));
+            () -> {
+                decryptInstanceProperties(automationComposition);
+                acElementPropertiesPublisher.send(automationComposition);
+            });
     }
 
     /**
@@ -318,14 +328,12 @@ public class SupervisionAcHandler {
      * Handle Migration of an AutomationComposition instance to other ACM Definition.
      *
      * @param automationComposition the AutomationComposition
-     * @param serviceTemplate the ServiceTemplate
      */
-    public void migrate(AutomationComposition automationComposition, ToscaServiceTemplate serviceTemplate) {
-        AcmUtils.setCascadedState(automationComposition, DeployState.MIGRATING, LockState.LOCKED);
-        var stage = ParticipantUtils.getFirstStage(automationComposition, serviceTemplate);
-        automationComposition.setStateChangeResult(StateChangeResult.NO_ERROR);
-        automationComposition.setPhase(stage);
-        executor.execute(() -> acCompositionMigrationPublisher.send(automationComposition, stage));
+    public void migrate(AutomationComposition automationComposition) {
+        executor.execute(() -> {
+            decryptInstanceProperties(automationComposition);
+            acCompositionMigrationPublisher.send(automationComposition, automationComposition.getPhase());
+        });
     }
 
     /**
@@ -336,4 +344,10 @@ public class SupervisionAcHandler {
     public void migratePrecheck(AutomationComposition automationComposition) {
         executor.execute(() -> acCompositionMigrationPublisher.send(automationComposition, 0));
     }
+
+    private void decryptInstanceProperties(AutomationComposition automationComposition) {
+        if (encryptionUtils.encryptionEnabled()) {
+            encryptionUtils.findAndDecryptSensitiveData(automationComposition);
+        }
+    }
 }

diff --git a/runtime-acm/src/test/java/org/onap/policy/clamp/acm/runtime/instantiation/AutomationCompositionInstantiationProviderTest.java b/runtime-acm/src/test/java/org/onap/policy/clamp/acm/runtime/instantiation/AutomationCompositionInstantiationProviderTest.java
index d53f700..a3d11b5 100644 (file)
--- a/runtime-acm/src/test/java/org/onap/policy/clamp/acm/runtime/instantiation/AutomationCompositionInstantiationProviderTest.java
+++ b/runtime-acm/src/test/java/org/onap/policy/clamp/acm/runtime/instantiation/AutomationCompositionInstantiationProviderTest.java
@@ -187,6 +187,7 @@ class AutomationCompositionInstantiationProviderTest {
         var instantiationProvider = new AutomationCompositionInstantiationProvider(acProvider, acDefinitionProvider,
                 new AcInstanceStateResolver(), supervisionAcHandler, participantProvider,
                 CommonTestData.getTestParamaterGroup(), encryptionUtils);
+
         var instantiationResponse = instantiationProvider.updateAutomationComposition(
                 automationCompositionUpdate.getCompositionId(), automationCompositionUpdate);
 
@@ -200,9 +201,12 @@ class AutomationCompositionInstantiationProviderTest {
             element.setId(UUID.randomUUID());
             automationCompositionUpdate.getElements().put(element.getId(), element);
         }
+        acmFromDb.getElements().values().forEach(element -> element.setDeployState(DeployState.DEPLOYED));
+        acmFromDb.setDeployState(DeployState.DEPLOYED);
         assertThatThrownBy(
-            () -> instantiationProvider.updateAutomationComposition(compositionId, automationCompositionUpdate))
-            .hasMessageStartingWith("Element id not present ");
+                () -> instantiationProvider.updateAutomationComposition(compositionId, automationCompositionUpdate))
+                .hasMessageStartingWith("Element id not present ");
+
     }
 
     @Test
@@ -302,7 +306,7 @@ class AutomationCompositionInstantiationProviderTest {
         var instantiationResponse = instantiationProvider.updateAutomationComposition(compositionId,
                         automationCompositionTarget);
 
-        verify(supervisionAcHandler).migrate(any(), any());
+        verify(supervisionAcHandler).migrate(any());
         InstantiationUtils.assertInstantiationResponse(instantiationResponse, automationCompositionTarget);
 
     }
@@ -373,7 +377,7 @@ class AutomationCompositionInstantiationProviderTest {
         var instantiationResponse = instantiationProvider
                 .updateAutomationComposition(automationComposition.getCompositionId(), automationComposition);
 
-        verify(supervisionAcHandler).migrate(any(), any());
+        verify(supervisionAcHandler).migrate(any());
         verify(acProvider).updateAutomationComposition(automationComposition);
         InstantiationUtils.assertInstantiationResponse(instantiationResponse, automationComposition);
     }

diff --git a/runtime-acm/src/test/java/org/onap/policy/clamp/acm/runtime/main/utils/EncryptionUtilTest.java b/runtime-acm/src/test/java/org/onap/policy/clamp/acm/runtime/main/utils/EncryptionUtilTest.java
index 7ad8b71..f4fffdb 100644 (file)
--- a/runtime-acm/src/test/java/org/onap/policy/clamp/acm/runtime/main/utils/EncryptionUtilTest.java
+++ b/runtime-acm/src/test/java/org/onap/policy/clamp/acm/runtime/main/utils/EncryptionUtilTest.java
@@ -21,12 +21,17 @@
 package org.onap.policy.clamp.acm.runtime.main.utils;
 
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
+import java.security.InvalidAlgorithmParameterException;
+import javax.crypto.Cipher;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 import org.onap.policy.clamp.acm.runtime.instantiation.InstantiationUtils;
 import org.onap.policy.clamp.acm.runtime.util.CommonTestData;
+import org.onap.policy.clamp.common.acm.exception.AutomationCompositionRuntimeException;
 import org.onap.policy.clamp.models.acm.concepts.AcTypeState;
 import org.onap.policy.clamp.models.acm.concepts.AutomationCompositionDefinition;
 import org.onap.policy.clamp.models.acm.persistence.provider.ProviderUtils;
@@ -61,11 +66,41 @@ class EncryptionUtilTest {
             encryptionUtils.findAndEncryptSensitiveData(acDefinition, automationComposition);
         });
 
+        assert automationComposition != null;
+        automationComposition.getElements().values().forEach(element -> {
+            assertTrue(element.getProperties().get("secret").toString().startsWith("ENCRYPTED:"));
+            assertTrue(element.getProperties().get("password").toString().startsWith("ENCRYPTED:"));
+        });
+
         var encryptionUtil2 = new EncryptionUtils(CommonTestData.getEncryptionParameterGroup());
         assertDoesNotThrow(() -> {
-            assert automationComposition != null;
             encryptionUtil2.findAndDecryptSensitiveData(automationComposition);
         });
+        automationComposition.getElements().values().forEach(element -> {
+            assertEquals("mysecret", element.getProperties().get("secret").toString());
+            assertEquals("mypass", element.getProperties().get("password").toString());
+        });
+    }
+
+    @Test
+    void testErrorScenario() {
+        var encryptionUtils = new EncryptionUtils(CommonTestData.getEncryptionParameterGroup()) {
+            @Override
+            protected Cipher getCipher(byte[] iv, int mode) throws InvalidAlgorithmParameterException {
+                throw new InvalidAlgorithmParameterException();
+            }
+        };
+        var automationComposition =
+                InstantiationUtils.getAutomationCompositionFromResource(INSTANTIATE_JSON, "Crud");
+        assertDoesNotThrow(() -> encryptionUtils.findAndEncryptSensitiveData(acDefinition, null));
+
+        var encryptionUtils2 = new EncryptionUtils(CommonTestData.getEncryptionParameterGroup());
+        encryptionUtils2.findAndEncryptSensitiveData(acDefinition, automationComposition);
+
+        assert automationComposition != null;
+        assertThrows(AutomationCompositionRuntimeException.class,
+                () -> encryptionUtils.findAndDecryptSensitiveData(automationComposition));
+
     }
 
 }

diff --git a/runtime-acm/src/test/java/org/onap/policy/clamp/acm/runtime/supervision/SupervisionAcHandlerTest.java b/runtime-acm/src/test/java/org/onap/policy/clamp/acm/runtime/supervision/SupervisionAcHandlerTest.java
index 448a96b..e3baa6f 100644 (file)
--- a/runtime-acm/src/test/java/org/onap/policy/clamp/acm/runtime/supervision/SupervisionAcHandlerTest.java
+++ b/runtime-acm/src/test/java/org/onap/policy/clamp/acm/runtime/supervision/SupervisionAcHandlerTest.java
@@ -35,6 +35,7 @@ import java.util.Optional;
 import java.util.UUID;
 import org.junit.jupiter.api.Test;
 import org.onap.policy.clamp.acm.runtime.instantiation.InstantiationUtils;
+import org.onap.policy.clamp.acm.runtime.main.utils.EncryptionUtils;
 import org.onap.policy.clamp.acm.runtime.supervision.comm.AcElementPropertiesPublisher;
 import org.onap.policy.clamp.acm.runtime.supervision.comm.AcPreparePublisher;
 import org.onap.policy.clamp.acm.runtime.supervision.comm.AutomationCompositionDeployPublisher;
@@ -63,7 +64,7 @@ class SupervisionAcHandlerTest {
         var handler = new SupervisionAcHandler(automationCompositionProvider,
                 mock(AutomationCompositionDeployPublisher.class), mock(AutomationCompositionStateChangePublisher.class),
                 mock(AcElementPropertiesPublisher.class), mock(AutomationCompositionMigrationPublisher.class),
-                mock(AcPreparePublisher.class), messageProvider);
+                mock(AcPreparePublisher.class), messageProvider, mock(EncryptionUtils.class));
 
         var automationComposition =
                 InstantiationUtils.getAutomationCompositionFromResource(AC_INSTANTIATION_CREATE_JSON, "Crud");
@@ -111,7 +112,7 @@ class SupervisionAcHandlerTest {
         var handler = new SupervisionAcHandler(automationCompositionProvider,
                 mock(AutomationCompositionDeployPublisher.class), mock(AutomationCompositionStateChangePublisher.class),
                 mock(AcElementPropertiesPublisher.class), mock(AutomationCompositionMigrationPublisher.class),
-                mock(AcPreparePublisher.class), messageProvider);
+                mock(AcPreparePublisher.class), messageProvider, mock(EncryptionUtils.class));
 
         var automationCompositionAckMessage =
                 getAutomationCompositionDeployAck(ParticipantMessageType.AUTOMATION_COMPOSITION_STATECHANGE_ACK,
@@ -135,7 +136,7 @@ class SupervisionAcHandlerTest {
         var handler = new SupervisionAcHandler(automationCompositionProvider,
                 mock(AutomationCompositionDeployPublisher.class), mock(AutomationCompositionStateChangePublisher.class),
                 mock(AcElementPropertiesPublisher.class), mock(AutomationCompositionMigrationPublisher.class),
-                mock(AcPreparePublisher.class), messageProvider);
+                mock(AcPreparePublisher.class), messageProvider, mock(EncryptionUtils.class));
 
         var automationCompositionAckMessage =
                 getAutomationCompositionDeployAck(ParticipantMessageType.AUTOMATION_COMPOSITION_STATECHANGE_ACK,
@@ -177,7 +178,7 @@ class SupervisionAcHandlerTest {
         var handler = new SupervisionAcHandler(automationCompositionProvider,
                 mock(AutomationCompositionDeployPublisher.class), mock(AutomationCompositionStateChangePublisher.class),
                 mock(AcElementPropertiesPublisher.class), mock(AutomationCompositionMigrationPublisher.class),
-                mock(AcPreparePublisher.class), messageProvider);
+                mock(AcPreparePublisher.class), messageProvider, mock(EncryptionUtils.class));
 
         handler.handleAutomationCompositionUpdateAckMessage(automationCompositionAckMessage);
 
@@ -216,7 +217,7 @@ class SupervisionAcHandlerTest {
         var handler = new SupervisionAcHandler(automationCompositionProvider,
                 mock(AutomationCompositionDeployPublisher.class), automationCompositionStateChangePublisher,
                 mock(AcElementPropertiesPublisher.class), mock(AutomationCompositionMigrationPublisher.class),
-                mock(AcPreparePublisher.class), messageProvider);
+                mock(AcPreparePublisher.class), messageProvider, mock(EncryptionUtils.class));
 
         handler.handleAutomationCompositionUpdateAckMessage(automationCompositionAckMessage);
 
@@ -230,7 +231,7 @@ class SupervisionAcHandlerTest {
         var handler = new SupervisionAcHandler(automationCompositionProvider,
                 automationCompositionDeployPublisher, mock(AutomationCompositionStateChangePublisher.class),
                 mock(AcElementPropertiesPublisher.class), mock(AutomationCompositionMigrationPublisher.class),
-                mock(AcPreparePublisher.class), mock(MessageProvider.class));
+                mock(AcPreparePublisher.class), mock(MessageProvider.class), mock(EncryptionUtils.class));
 
         var serviceTemplate = InstantiationUtils.getToscaServiceTemplate(TOSCA_SERVICE_TEMPLATE_YAML);
         var acDefinition = CommonTestData.createAcDefinition(serviceTemplate, AcTypeState.PRIMED);
@@ -249,7 +250,7 @@ class SupervisionAcHandlerTest {
         var handler = new SupervisionAcHandler(automationCompositionProvider,
                 mock(AutomationCompositionDeployPublisher.class), acStateChangePublisher,
                 mock(AcElementPropertiesPublisher.class), mock(AutomationCompositionMigrationPublisher.class),
-                mock(AcPreparePublisher.class), mock(MessageProvider.class));
+                mock(AcPreparePublisher.class), mock(MessageProvider.class), mock(EncryptionUtils.class));
         var serviceTemplate = InstantiationUtils.getToscaServiceTemplate(TOSCA_SERVICE_TEMPLATE_YAML);
         var acDefinition = CommonTestData.createAcDefinition(serviceTemplate, AcTypeState.PRIMED);
         var automationComposition =
@@ -267,7 +268,7 @@ class SupervisionAcHandlerTest {
         var handler = new SupervisionAcHandler(automationCompositionProvider,
                 mock(AutomationCompositionDeployPublisher.class), acStateChangePublisher,
                 mock(AcElementPropertiesPublisher.class), mock(AutomationCompositionMigrationPublisher.class),
-                mock(AcPreparePublisher.class), mock(MessageProvider.class));
+                mock(AcPreparePublisher.class), mock(MessageProvider.class), mock(EncryptionUtils.class));
 
         var serviceTemplate = InstantiationUtils.getToscaServiceTemplate(TOSCA_SERVICE_TEMPLATE_YAML);
         var acDefinition = CommonTestData.createAcDefinition(serviceTemplate, AcTypeState.PRIMED);
@@ -288,7 +289,7 @@ class SupervisionAcHandlerTest {
         var handler = new SupervisionAcHandler(automationCompositionProvider,
                 mock(AutomationCompositionDeployPublisher.class), acStateChangePublisher,
                 mock(AcElementPropertiesPublisher.class), mock(AutomationCompositionMigrationPublisher.class),
-                mock(AcPreparePublisher.class), mock(MessageProvider.class));
+                mock(AcPreparePublisher.class), mock(MessageProvider.class), mock(EncryptionUtils.class));
         var serviceTemplate = InstantiationUtils.getToscaServiceTemplate(TOSCA_SERVICE_TEMPLATE_YAML);
         var acDefinition = CommonTestData.createAcDefinition(serviceTemplate, AcTypeState.PRIMED);
         var automationComposition =
@@ -306,7 +307,7 @@ class SupervisionAcHandlerTest {
         var handler = new SupervisionAcHandler(automationCompositionProvider,
                 mock(AutomationCompositionDeployPublisher.class), acStateChangePublisher,
                 mock(AcElementPropertiesPublisher.class), mock(AutomationCompositionMigrationPublisher.class),
-                mock(AcPreparePublisher.class), mock(MessageProvider.class));
+                mock(AcPreparePublisher.class), mock(MessageProvider.class), mock(EncryptionUtils.class));
         var serviceTemplate = InstantiationUtils.getToscaServiceTemplate(TOSCA_SERVICE_TEMPLATE_YAML);
         var acDefinition = CommonTestData.createAcDefinition(serviceTemplate, AcTypeState.PRIMED);
         var automationComposition =
@@ -326,7 +327,7 @@ class SupervisionAcHandlerTest {
         var handler = new SupervisionAcHandler(automationCompositionProvider,
                 mock(AutomationCompositionDeployPublisher.class), acStateChangePublisher,
                 mock(AcElementPropertiesPublisher.class), mock(AutomationCompositionMigrationPublisher.class),
-                mock(AcPreparePublisher.class), mock(MessageProvider.class));
+                mock(AcPreparePublisher.class), mock(MessageProvider.class), mock(EncryptionUtils.class));
         var serviceTemplate = InstantiationUtils.getToscaServiceTemplate(TOSCA_SERVICE_TEMPLATE_YAML);
         var acDefinition = CommonTestData.createAcDefinition(serviceTemplate, AcTypeState.PRIMED);
         var automationComposition =
@@ -344,7 +345,7 @@ class SupervisionAcHandlerTest {
         var handler = new SupervisionAcHandler(automationCompositionProvider,
                 mock(AutomationCompositionDeployPublisher.class), acStateChangePublisher,
                 mock(AcElementPropertiesPublisher.class), mock(AutomationCompositionMigrationPublisher.class),
-                mock(AcPreparePublisher.class), mock(MessageProvider.class));
+                mock(AcPreparePublisher.class), mock(MessageProvider.class), mock(EncryptionUtils.class));
         var serviceTemplate = InstantiationUtils.getToscaServiceTemplate(TOSCA_SERVICE_TEMPLATE_YAML);
         var acDefinition = CommonTestData.createAcDefinition(serviceTemplate, AcTypeState.PRIMED);
         var automationComposition =
@@ -377,7 +378,7 @@ class SupervisionAcHandlerTest {
         var handler = new SupervisionAcHandler(automationCompositionProvider,
                 mock(AutomationCompositionDeployPublisher.class), mock(AutomationCompositionStateChangePublisher.class),
                 mock(AcElementPropertiesPublisher.class), mock(AutomationCompositionMigrationPublisher.class),
-                mock(AcPreparePublisher.class), messageProvider);
+                mock(AcPreparePublisher.class), messageProvider, mock(EncryptionUtils.class));
 
         handler.handleAutomationCompositionUpdateAckMessage(automationCompositionAckMessage);
 
@@ -391,7 +392,7 @@ class SupervisionAcHandlerTest {
                 mock(AutomationCompositionDeployPublisher.class),
                 mock(AutomationCompositionStateChangePublisher.class), acElementPropertiesPublisher,
                 mock(AutomationCompositionMigrationPublisher.class),
-                mock(AcPreparePublisher.class), mock(MessageProvider.class));
+                mock(AcPreparePublisher.class), mock(MessageProvider.class), mock(EncryptionUtils.class));
         var automationComposition =
                 InstantiationUtils.getAutomationCompositionFromResource(AC_INSTANTIATION_CREATE_JSON, "Lock");
         handler.update(automationComposition);
@@ -405,11 +406,12 @@ class SupervisionAcHandlerTest {
         var handler = new SupervisionAcHandler(automationCompositionProvider,
                 mock(AutomationCompositionDeployPublisher.class), mock(AutomationCompositionStateChangePublisher.class),
                 mock(AcElementPropertiesPublisher.class), acCompositionMigrationPublisher,
-                mock(AcPreparePublisher.class), mock(MessageProvider.class));
+                mock(AcPreparePublisher.class), mock(MessageProvider.class), mock(EncryptionUtils.class));
         var automationComposition =
                 InstantiationUtils.getAutomationCompositionFromResource(AC_INSTANTIATION_CREATE_JSON, "Migrate");
-        var serviceTemplate = InstantiationUtils.getToscaServiceTemplate(TOSCA_SERVICE_TEMPLATE_YAML);
-        handler.migrate(automationComposition, serviceTemplate);
+        assert automationComposition != null;
+        automationComposition.setPhase(0);
+        handler.migrate(automationComposition);
         verify(acCompositionMigrationPublisher, timeout(1000)).send(any(AutomationComposition.class), anyInt());
     }
 
@@ -420,7 +422,7 @@ class SupervisionAcHandlerTest {
         var handler = new SupervisionAcHandler(automationCompositionProvider,
                 mock(AutomationCompositionDeployPublisher.class), mock(AutomationCompositionStateChangePublisher.class),
                 mock(AcElementPropertiesPublisher.class), acCompositionMigrationPublisher,
-                mock(AcPreparePublisher.class), mock(MessageProvider.class));
+                mock(AcPreparePublisher.class), mock(MessageProvider.class), mock(EncryptionUtils.class));
         var automationComposition =
                 InstantiationUtils.getAutomationCompositionFromResource(AC_INSTANTIATION_CREATE_JSON, "Migrate");
         handler.migratePrecheck(automationComposition);
@@ -434,7 +436,7 @@ class SupervisionAcHandlerTest {
         var handler = new SupervisionAcHandler(automationCompositionProvider,
                 mock(AutomationCompositionDeployPublisher.class), mock(AutomationCompositionStateChangePublisher.class),
                 mock(AcElementPropertiesPublisher.class), mock(AutomationCompositionMigrationPublisher.class),
-                acPreparePublisher, mock(MessageProvider.class));
+                acPreparePublisher, mock(MessageProvider.class), mock(EncryptionUtils.class));
         var automationComposition =
                 InstantiationUtils.getAutomationCompositionFromResource(AC_INSTANTIATION_CREATE_JSON, "Migrate");
         handler.prepare(automationComposition);
@@ -448,7 +450,7 @@ class SupervisionAcHandlerTest {
         var handler = new SupervisionAcHandler(automationCompositionProvider,
                 mock(AutomationCompositionDeployPublisher.class), mock(AutomationCompositionStateChangePublisher.class),
                 mock(AcElementPropertiesPublisher.class), mock(AutomationCompositionMigrationPublisher.class),
-                acPreparePublisher, mock(MessageProvider.class));
+                acPreparePublisher, mock(MessageProvider.class), mock(EncryptionUtils.class));
         var automationComposition =
                 InstantiationUtils.getAutomationCompositionFromResource(AC_INSTANTIATION_CREATE_JSON, "Migrate");
         handler.review(automationComposition);

diff --git a/runtime-acm/src/test/resources/providers/AcInstantiateEncryptTest.json b/runtime-acm/src/test/resources/providers/AcInstantiateEncryptTest.json
index 896a8b6..4a0de52 100644 (file)
--- a/runtime-acm/src/test/resources/providers/AcInstantiateEncryptTest.json
+++ b/runtime-acm/src/test/resources/providers/AcInstantiateEncryptTest.json
@@ -12,8 +12,8 @@
       },
       "description": "Starter Automation Composition Element for the Demo",
       "properties": {
-        "secret": "mysecret1",
-        "password": "mypass1",
+        "secret": "mysecret",
+        "password": "mypass",
         "baseUrl": "http://address:30800",
         "httpHeaders": {
           "Content-Type": "application/json",
@@ -57,8 +57,8 @@
       "description": "Bridge Automation Composition Element for the Demo",
       "properties": {
         "baseUrl": "http://address:30801",
-        "password": "mypass2",
-        "secret": "secret2",
+        "password": "mypass",
+        "secret": "mysecret",
         "httpHeaders": {
           "Content-Type": "application/json",
           "Authorization": "Basic YWNtVXNlcjp6YiFYenRHMzQ="