From eca412c5285bb65bd82a8236e0fec8426a2c605e Mon Sep 17 00:00:00 2001 From: "M.Hosnidokht" Date: Thu, 3 Dec 2020 11:11:16 -0500 Subject: [PATCH] Use data owner attribute instead of owning entity for OwnerCheck Issue-ID: AAI-3226 Signed-off-by: Mohammad Hosnidokht Change-Id: I8222546e7264e99ca3e53fe1212a45008c1064e6 --- aai-aaf-auth/pom.xml | 2 +- aai-annotations/pom.xml | 2 +- aai-auth/pom.xml | 2 +- aai-common-docker/aai-common-images/pom.xml | 4 +- aai-common-docker/aai-haproxy-image/pom.xml | 2 +- aai-common-docker/pom.xml | 2 +- aai-core/pom.xml | 10 +-- .../aai/introspection/sideeffect/OwnerCheck.java | 37 ++++------ .../onap/aai/serialization/db/DBSerializer.java | 22 +++--- .../introspection/sideeffect/OwnerCheckTest.java | 81 +++++++++++++++++----- .../test/resources/onap/oxm/v14/aai_oxm_v14.xml | 5 ++ aai-els-onap-logging/pom.xml | 2 +- aai-failover/pom.xml | 4 +- aai-parent/pom.xml | 2 +- aai-rest/pom.xml | 2 +- aai-schema-abstraction/pom.xml | 2 +- aai-schema-ingest/pom.xml | 2 +- aai-utils/pom.xml | 2 +- pom.xml | 2 +- version.properties | 2 +- 20 files changed, 119 insertions(+), 70 deletions(-) diff --git a/aai-aaf-auth/pom.xml b/aai-aaf-auth/pom.xml index b49dc054..2a36f286 100644 --- a/aai-aaf-auth/pom.xml +++ b/aai-aaf-auth/pom.xml @@ -6,7 +6,7 @@ org.onap.aai.aai-common aai-parent - 1.8.0-SNAPSHOT + 1.8.1-SNAPSHOT ../aai-parent/pom.xml aai-aaf-auth diff --git a/aai-annotations/pom.xml b/aai-annotations/pom.xml index 0dce6eb3..0f2d0762 100644 --- a/aai-annotations/pom.xml +++ b/aai-annotations/pom.xml @@ -27,7 +27,7 @@ org.onap.aai.aai-common aai-parent - 1.8.0-SNAPSHOT + 1.8.1-SNAPSHOT ../aai-parent/pom.xml aai-annotations diff --git a/aai-auth/pom.xml b/aai-auth/pom.xml index a6dc1070..8b039ca0 100644 --- a/aai-auth/pom.xml +++ b/aai-auth/pom.xml @@ -27,7 +27,7 @@ org.onap.aai.aai-common aai-parent - 1.8.0-SNAPSHOT + 1.8.1-SNAPSHOT ../aai-parent/pom.xml aai-auth diff --git a/aai-common-docker/aai-common-images/pom.xml b/aai-common-docker/aai-common-images/pom.xml index 93af8df7..e4fd46d1 100644 --- a/aai-common-docker/aai-common-images/pom.xml +++ b/aai-common-docker/aai-common-images/pom.xml @@ -25,11 +25,11 @@ org.onap.aai.aai-common aai-common-docker - 1.8.0-SNAPSHOT + 1.8.1-SNAPSHOT aai-common-images - 1.8.0-SNAPSHOT + 1.8.1-SNAPSHOT pom aai-aai-common-images Contains dockerfiles for aai-common images (alpine and ubuntu based). diff --git a/aai-common-docker/aai-haproxy-image/pom.xml b/aai-common-docker/aai-haproxy-image/pom.xml index 518fe7c6..cf57e6ef 100644 --- a/aai-common-docker/aai-haproxy-image/pom.xml +++ b/aai-common-docker/aai-haproxy-image/pom.xml @@ -25,7 +25,7 @@ org.onap.aai.aai-common aai-common-docker - 1.8.0-SNAPSHOT + 1.8.1-SNAPSHOT aai-haproxy-image diff --git a/aai-common-docker/pom.xml b/aai-common-docker/pom.xml index 53313cf0..01175e3b 100644 --- a/aai-common-docker/pom.xml +++ b/aai-common-docker/pom.xml @@ -26,7 +26,7 @@ org.onap.aai.aai-common aai-parent - 1.8.0-SNAPSHOT + 1.8.1-SNAPSHOT ../aai-parent/pom.xml diff --git a/aai-core/pom.xml b/aai-core/pom.xml index 8f03d5d8..56183fe8 100644 --- a/aai-core/pom.xml +++ b/aai-core/pom.xml @@ -8,9 +8,9 @@ Copyright © 2019 AT&T Intellectual Property. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - + http://www.apache.org/licenses/LICENSE-2.0 - + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -26,7 +26,7 @@ limitations under the License. org.onap.aai.aai-common aai-parent - 1.8.0-SNAPSHOT + 1.8.1-SNAPSHOT ../aai-parent/pom.xml aai-core @@ -96,7 +96,7 @@ limitations under the License. 2.8 - org.apache.maven.plugins maven-deploy-plugin @@ -133,7 +133,7 @@ limitations under the License. com.att.eelf eelf-core - org.powermock diff --git a/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java b/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java index 4ece3771..c383f0c5 100644 --- a/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java +++ b/aai-core/src/main/java/org/onap/aai/introspection/sideeffect/OwnerCheck.java @@ -20,24 +20,23 @@ package org.onap.aai.introspection.sideeffect; -import java.io.UnsupportedEncodingException; -import java.net.URISyntaxException; - -import java.util.List; -import java.util.Map.Entry; -import java.util.Optional; +import org.apache.commons.lang3.ObjectUtils; import org.apache.tinkerpop.gremlin.structure.Vertex; -import org.apache.tinkerpop.gremlin.structure.VertexProperty; -import org.onap.aai.edges.exceptions.AmbiguousRuleChoiceException; -import org.onap.aai.edges.exceptions.EdgeRuleNotFoundException; import org.onap.aai.exceptions.AAIException; import org.onap.aai.introspection.Introspector; import org.onap.aai.schema.enums.PropertyMetadata; import org.onap.aai.serialization.db.DBSerializer; import org.onap.aai.serialization.engines.TransactionalGraphEngine; +import org.springframework.util.CollectionUtils; + +import java.util.Map.Entry; +import java.util.Optional; public class OwnerCheck extends SideEffect { + public static final String READ_ONLY_SUFFIX = "_readOnly"; + private static final String DATA_OWNER = "data-owner"; + public OwnerCheck(Introspector obj, Vertex self, TransactionalGraphEngine dbEngine, DBSerializer serializer) { super(obj, self, dbEngine, serializer); } @@ -55,21 +54,15 @@ public class OwnerCheck extends SideEffect { } public static boolean isAuthorized(java.util.Set groups, Vertex vertex) { - if (groups != null && !groups.isEmpty()) { - List owningEntity = vertex.graph().traversal() - .V(vertex) - .bothE("org.onap.relationships.inventory.BelongsTo") - .otherV() - .has("aai-node-type", "owning-entity") - .toList(); - - if(!owningEntity.isEmpty()) { - VertexProperty owningEntityName = owningEntity.get(0).property("owning-entity-name"); - - return groups.contains(owningEntityName.orElseGet(null)); + if (!CollectionUtils.isEmpty(groups)) { + Object dataOwnerProperty = vertex.property(DATA_OWNER).orElse(null); + if (ObjectUtils.isNotEmpty(dataOwnerProperty)) { + String dataOwner = dataOwnerProperty.toString(); + String dataOwnerWithReadAccess = dataOwner + READ_ONLY_SUFFIX; + return groups.stream() + .anyMatch(group -> group.equals(dataOwner) || group.equals(dataOwnerWithReadAccess)); } } - return true; } diff --git a/aai-core/src/main/java/org/onap/aai/serialization/db/DBSerializer.java b/aai-core/src/main/java/org/onap/aai/serialization/db/DBSerializer.java index 14621e83..7ab49a13 100644 --- a/aai-core/src/main/java/org/onap/aai/serialization/db/DBSerializer.java +++ b/aai-core/src/main/java/org/onap/aai/serialization/db/DBSerializer.java @@ -115,6 +115,7 @@ public class DBSerializer { private Map>> impliedDeleteUriObjectPair = new LinkedHashMap<>(); private int notificationDepth; private boolean isDeltaEventsEnabled; + private boolean isMultiTenancyEnabled; /** * Instantiates a new DB serializer. @@ -271,6 +272,7 @@ public class DBSerializer { EdgeSerializer es = ctx.getBean(EdgeSerializer.class); setEdgeSerializer(es); isDeltaEventsEnabled = Boolean.parseBoolean(SpringContextAware.getApplicationContext().getEnvironment().getProperty("delta.events.enabled", FALSE)); + isMultiTenancyEnabled = Boolean.parseBoolean(SpringContextAware.getApplicationContext().getEnvironment().getProperty("multi.tenancy.enabled", FALSE)); } public void setEdgeSerializer(EdgeSerializer edgeSer) { @@ -2270,10 +2272,12 @@ public class DBSerializer { private void executePreSideEffects(Introspector obj, Vertex self) throws AAIException { - SideEffectRunner runner = new SideEffectRunner.Builder(this.engine, this).addSideEffect(DataCopy.class) - .addSideEffect(PrivateEdge.class).addSideEffect(OwnerCheck.class).build(); - - runner.execute(obj, self); + SideEffectRunner.Builder runnerBuilder = + new SideEffectRunner.Builder(this.engine, this).addSideEffect(DataCopy.class).addSideEffect(PrivateEdge.class); + if (isMultiTenancyEnabled) { + runnerBuilder.addSideEffect(OwnerCheck.class); + } + runnerBuilder.build().execute(obj, self); } private void executePostSideEffects(Introspector obj, Vertex self) throws AAIException { @@ -2286,11 +2290,13 @@ public class DBSerializer { private void enrichData(Introspector obj, Vertex self) throws AAIException { - SideEffectRunner runner = - new SideEffectRunner.Builder(this.engine, this).addSideEffect(DataLinkReader.class) - .addSideEffect(OwnerCheck.class).build(); + SideEffectRunner.Builder runnerBuilder = + new SideEffectRunner.Builder(this.engine, this).addSideEffect(DataLinkReader.class); - runner.execute(obj, self); + if (isMultiTenancyEnabled) { + runnerBuilder.addSideEffect(OwnerCheck.class); + } + runnerBuilder.build().execute(obj, self); } public double getDBTimeMsecs() { diff --git a/aai-core/src/test/java/org/onap/aai/introspection/sideeffect/OwnerCheckTest.java b/aai-core/src/test/java/org/onap/aai/introspection/sideeffect/OwnerCheckTest.java index 0e33f6c7..9f101965 100644 --- a/aai-core/src/test/java/org/onap/aai/introspection/sideeffect/OwnerCheckTest.java +++ b/aai-core/src/test/java/org/onap/aai/introspection/sideeffect/OwnerCheckTest.java @@ -86,16 +86,10 @@ public class OwnerCheckTest extends AAISetup { .addV("pnf") .property("aai-node-type", "pnf") .property("pnf-name", "my-pnf") + .property("data-owner", "Operator") .property(AAIProperties.AAI_URI, "/network/pnfs/pnf/my-pnf") .property("model-invariant-id", "key1") .as("v1") - .addV("owning-entity") - .property("aai-node-type", "owning-entity") - .property("owning-entity-name", "OE-Generic") - .property("owning-entity-id", "367c897c-8cec-47ba-b7f5-4b6139f06691") - .property(AAIProperties.AAI_URI,"/network/pnfs/pnf/my-pnf/business/owning-entities/owning-entity/367c897c-8cec-47ba-b7f5-4b6139f06691") - .as("oe") - .addE("org.onap.relationships.inventory.BelongsTo").to("v1").from("oe") .property(EdgeProperty.CONTAINS.toString(), true) .addV("model-ver") .property("aai-node-type", "model-ver") @@ -137,14 +131,13 @@ public class OwnerCheckTest extends AAISetup { } @Test - public void shouldFailComparisonWithDiffOwningEntity() throws Exception { + public void shouldFailIfGroupsNotContainsDataOwner() throws Exception { final Loader loader = loaderFactory.createLoaderForVersion(ModelType.MOXY, schemaVersions.getDefaultVersion()); final Introspector obj = loader.introspectorFromName("pnf"); obj.setValue("pnf-name", "my-pnf"); obj.setValue("model-invariant-id", "key1"); obj.setValue("model-version-id", "key2"); - //obj.setValue("owning-entity-id", "367c897c-8cec-47ba-b7f5-4b6139f06691"); TransactionalGraphEngine spy = spy(dbEngine); TransactionalGraphEngine.Admin adminSpy = spy(dbEngine.asAdmin()); Graph g = graph.newTransaction(); @@ -152,30 +145,29 @@ public class OwnerCheckTest extends AAISetup { when(spy.asAdmin()).thenReturn(adminSpy); when(adminSpy.getTraversalSource()).thenReturn(traversal); DBSerializer serializer = - new DBSerializer(schemaVersions.getDefaultVersion(), - spy, introspectorFactoryType, - "AAI_TEST", new HashSet<>(Arrays.asList("OE-GenericI", "OE-GenericII"))); + new DBSerializer(schemaVersions.getDefaultVersion(), + spy, introspectorFactoryType, + "AAI_TEST", new HashSet<>(Arrays.asList("OperatorI", "OperatorII"))); Vertex selfV = g.traversal().V().has("aai-node-type", "pnf").next(); OwnerCheck ownerCheck = new OwnerCheck(obj, selfV, spy, serializer); thrown.expect(AAIException.class); - thrown.expectMessage("Group(s) :[OE-GenericI, OE-GenericII] not authorized to perform function"); + thrown.expectMessage("Group(s) :[OperatorII, OperatorI] not authorized to perform function"); ownerCheck.execute(); g.tx().rollback(); } @Test - public void shouldPassIfOwningEntityEqual() throws Exception { + public void shouldPassIfGroupsContainsDataOwner() throws Exception { final Loader loader = loaderFactory.createLoaderForVersion(ModelType.MOXY, schemaVersions.getDefaultVersion()); final Introspector obj = loader.introspectorFromName("pnf"); obj.setValue("pnf-name", "my-pnf"); obj.setValue("model-invariant-id", "key1"); obj.setValue("model-version-id", "key2"); - //obj.setValue("owning-entity-id", "367c897c-8cec-47ba-b7f5-4b6139f06691"); TransactionalGraphEngine spy = spy(dbEngine); TransactionalGraphEngine.Admin adminSpy = spy(dbEngine.asAdmin()); Graph g = graph.newTransaction(); @@ -189,25 +181,78 @@ public class OwnerCheckTest extends AAISetup { DBSerializer serializer = new DBSerializer(schemaVersions.getDefaultVersion(), spy, introspectorFactoryType, - "AAI_TEST", new HashSet<>(Arrays.asList("OE-Generic", "OE-GenericII"))); + "AAI_TEST", new HashSet<>(Arrays.asList("OperatorIII", "Operator"))); + + OwnerCheck ownerCheck = new OwnerCheck(obj, selfV, spy, serializer); + + ownerCheck.execute(); + g.tx().rollback(); + } + + @Test + public void shouldPassIfGroupsIsEmpty() throws Exception { + + final Loader loader = loaderFactory.createLoaderForVersion(ModelType.MOXY, schemaVersions.getDefaultVersion()); + final Introspector obj = loader.introspectorFromName("pnf"); + obj.setValue("pnf-name", "my-pnf"); + obj.setValue("model-invariant-id", "key1"); + obj.setValue("model-version-id", "key2"); + TransactionalGraphEngine spy = spy(dbEngine); + TransactionalGraphEngine.Admin adminSpy = spy(dbEngine.asAdmin()); + Graph g = graph.newTransaction(); + GraphTraversalSource traversal = g.traversal(); + when(spy.asAdmin()).thenReturn(adminSpy); + when(adminSpy.getTraversalSource()).thenReturn(traversal); + DBSerializer serializer = + new DBSerializer(schemaVersions.getDefaultVersion(), + spy, introspectorFactoryType, + "AAI_TEST"); + + Vertex selfV = g.traversal().V().has("aai-node-type", "pnf").next(); OwnerCheck ownerCheck = new OwnerCheck(obj, selfV, spy, serializer); ownerCheck.execute(); + g.tx().rollback(); + } + + @Test + public void shouldPassIfDataOwnerIsNull() throws Exception { + + final Loader loader = loaderFactory.createLoaderForVersion(ModelType.MOXY, schemaVersions.getDefaultVersion()); + final Introspector obj = loader.introspectorFromName("pnf"); + obj.setValue("pnf-name", "my-pnf"); + obj.setValue("model-invariant-id", "key1"); + obj.setValue("model-version-id", "key2"); + obj.setValue("data-owner", null); + TransactionalGraphEngine spy = spy(dbEngine); + TransactionalGraphEngine.Admin adminSpy = spy(dbEngine.asAdmin()); + Graph g = graph.newTransaction(); + GraphTraversalSource traversal = g.traversal(); + when(spy.asAdmin()).thenReturn(adminSpy); + when(adminSpy.getTraversalSource()).thenReturn(traversal); + DBSerializer serializer = + new DBSerializer(schemaVersions.getDefaultVersion(), + spy, introspectorFactoryType, + "AAI_TEST"); + + Vertex selfV = g.traversal().V().has("aai-node-type", "pnf").next(); + OwnerCheck ownerCheck = new OwnerCheck(obj, selfV, spy, serializer); + ownerCheck.execute(); g.tx().rollback(); } @Test - public void shouldPassIfUserOwningEntityEmptyl() throws Exception { + public void shouldPassIfDataOwnerIsEmpty() throws Exception { final Loader loader = loaderFactory.createLoaderForVersion(ModelType.MOXY, schemaVersions.getDefaultVersion()); final Introspector obj = loader.introspectorFromName("pnf"); obj.setValue("pnf-name", "my-pnf"); obj.setValue("model-invariant-id", "key1"); obj.setValue("model-version-id", "key2"); - //obj.setValue("owning-entity-id", "367c897c-8cec-47ba-b7f5-4b6139f06691"); + obj.setValue("data-owner", ""); TransactionalGraphEngine spy = spy(dbEngine); TransactionalGraphEngine.Admin adminSpy = spy(dbEngine.asAdmin()); Graph g = graph.newTransaction(); diff --git a/aai-core/src/test/resources/onap/oxm/v14/aai_oxm_v14.xml b/aai-core/src/test/resources/onap/oxm/v14/aai_oxm_v14.xml index b08e4fb1..99596cde 100644 --- a/aai-core/src/test/resources/onap/oxm/v14/aai_oxm_v14.xml +++ b/aai-core/src/test/resources/onap/oxm/v14/aai_oxm_v14.xml @@ -5131,6 +5131,11 @@ + + + + + diff --git a/aai-els-onap-logging/pom.xml b/aai-els-onap-logging/pom.xml index 69241444..e9156e40 100644 --- a/aai-els-onap-logging/pom.xml +++ b/aai-els-onap-logging/pom.xml @@ -6,7 +6,7 @@ org.onap.aai.aai-common aai-parent - 1.8.0-SNAPSHOT + 1.8.1-SNAPSHOT ../aai-parent/pom.xml aai-els-onap-logging diff --git a/aai-failover/pom.xml b/aai-failover/pom.xml index dc12e468..4465a100 100644 --- a/aai-failover/pom.xml +++ b/aai-failover/pom.xml @@ -5,7 +5,7 @@ org.onap.aai.aai-common aai-parent - 1.8.0-SNAPSHOT + 1.8.1-SNAPSHOT ../aai-parent/pom.xml 4.0.0 @@ -31,6 +31,6 @@ org.aspectj aspectjrt 1.9.1 - + diff --git a/aai-parent/pom.xml b/aai-parent/pom.xml index dd4795e3..b1135b76 100644 --- a/aai-parent/pom.xml +++ b/aai-parent/pom.xml @@ -27,7 +27,7 @@ limitations under the License. org.onap.aai.aai-common aai-common - 1.8.0-SNAPSHOT + 1.8.1-SNAPSHOT aai-parent aai-parent diff --git a/aai-rest/pom.xml b/aai-rest/pom.xml index b03a7521..ece1e2df 100644 --- a/aai-rest/pom.xml +++ b/aai-rest/pom.xml @@ -29,7 +29,7 @@ org.onap.aai.aai-common aai-parent - 1.8.0-SNAPSHOT + 1.8.1-SNAPSHOT ../aai-parent/pom.xml aai-rest diff --git a/aai-schema-abstraction/pom.xml b/aai-schema-abstraction/pom.xml index a9cb0471..f55d68bf 100644 --- a/aai-schema-abstraction/pom.xml +++ b/aai-schema-abstraction/pom.xml @@ -28,7 +28,7 @@ org.onap.aai.aai-common aai-parent - 1.8.0-SNAPSHOT + 1.8.1-SNAPSHOT ../aai-parent/pom.xml diff --git a/aai-schema-ingest/pom.xml b/aai-schema-ingest/pom.xml index 67721737..8e93c1b0 100644 --- a/aai-schema-ingest/pom.xml +++ b/aai-schema-ingest/pom.xml @@ -26,7 +26,7 @@ limitations under the License. org.onap.aai.aai-common aai-parent - 1.8.0-SNAPSHOT + 1.8.1-SNAPSHOT ../aai-parent/pom.xml aai-schema-ingest diff --git a/aai-utils/pom.xml b/aai-utils/pom.xml index 5107fb7f..cb8b184d 100644 --- a/aai-utils/pom.xml +++ b/aai-utils/pom.xml @@ -29,7 +29,7 @@ org.onap.aai.aai-common aai-parent - 1.8.0-SNAPSHOT + 1.8.1-SNAPSHOT ../aai-parent/pom.xml aai-utils diff --git a/pom.xml b/pom.xml index c9d76b2d..6db20e1e 100644 --- a/pom.xml +++ b/pom.xml @@ -30,7 +30,7 @@ org.onap.aai.aai-common aai-common - 1.8.0-SNAPSHOT + 1.8.1-SNAPSHOT pom aai-aai-common Contains all of the common code for resources and traversal repos diff --git a/version.properties b/version.properties index 5403b8cd..b40cc932 100644 --- a/version.properties +++ b/version.properties @@ -5,7 +5,7 @@ major_version=1 minor_version=8 -patch_version=0 +patch_version=1 base_version=${major_version}.${minor_version}.${patch_version} -- 2.16.6