<parent>
<groupId>org.onap.aai.aai-common</groupId>
<artifactId>aai-parent</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.8.1-SNAPSHOT</version>
<relativePath>../aai-parent/pom.xml</relativePath>
</parent>
<artifactId>aai-aaf-auth</artifactId>
<parent>
<groupId>org.onap.aai.aai-common</groupId>
<artifactId>aai-parent</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.8.1-SNAPSHOT</version>
<relativePath>../aai-parent/pom.xml</relativePath>
</parent>
<artifactId>aai-annotations</artifactId>
<parent>
<groupId>org.onap.aai.aai-common</groupId>
<artifactId>aai-parent</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.8.1-SNAPSHOT</version>
<relativePath>../aai-parent/pom.xml</relativePath>
</parent>
<artifactId>aai-auth</artifactId>
<parent>
<groupId>org.onap.aai.aai-common</groupId>
<artifactId>aai-common-docker</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.8.1-SNAPSHOT</version>
</parent>
<artifactId>aai-common-images</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.8.1-SNAPSHOT</version>
<packaging>pom</packaging>
<name>aai-aai-common-images</name>
<description>Contains dockerfiles for aai-common images (alpine and ubuntu based).</description>
<parent>
<groupId>org.onap.aai.aai-common</groupId>
<artifactId>aai-common-docker</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.8.1-SNAPSHOT</version>
</parent>
<artifactId>aai-haproxy-image</artifactId>
<parent>
<groupId>org.onap.aai.aai-common</groupId>
<artifactId>aai-parent</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.8.1-SNAPSHOT</version>
<relativePath>../aai-parent/pom.xml</relativePath>
</parent>
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
-
+
http://www.apache.org/licenses/LICENSE-2.0
-
+
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
<parent>
<groupId>org.onap.aai.aai-common</groupId>
<artifactId>aai-parent</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.8.1-SNAPSHOT</version>
<relativePath>../aai-parent/pom.xml</relativePath>
</parent>
<artifactId>aai-core</artifactId>
<version>2.8</version>
</plugin>
<plugin>
- <!-- explicitly define maven-deploy-plugin after other to force exec
+ <!-- explicitly define maven-deploy-plugin after other to force exec
order -->
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-deploy-plugin</artifactId>
<dependency>
<groupId>com.att.eelf</groupId>
<artifactId>eelf-core</artifactId>
- <exclusions><!-- excluding transitive dependency coming from this artifact,
+ <exclusions><!-- excluding transitive dependency coming from this artifact,
as we would need powermock-api-mockito2 -->
<exclusion>
<groupId>org.powermock</groupId>
package org.onap.aai.introspection.sideeffect;
-import java.io.UnsupportedEncodingException;
-import java.net.URISyntaxException;
-
-import java.util.List;
-import java.util.Map.Entry;
-import java.util.Optional;
+import org.apache.commons.lang3.ObjectUtils;
import org.apache.tinkerpop.gremlin.structure.Vertex;
-import org.apache.tinkerpop.gremlin.structure.VertexProperty;
-import org.onap.aai.edges.exceptions.AmbiguousRuleChoiceException;
-import org.onap.aai.edges.exceptions.EdgeRuleNotFoundException;
import org.onap.aai.exceptions.AAIException;
import org.onap.aai.introspection.Introspector;
import org.onap.aai.schema.enums.PropertyMetadata;
import org.onap.aai.serialization.db.DBSerializer;
import org.onap.aai.serialization.engines.TransactionalGraphEngine;
+import org.springframework.util.CollectionUtils;
+
+import java.util.Map.Entry;
+import java.util.Optional;
public class OwnerCheck extends SideEffect {
+ public static final String READ_ONLY_SUFFIX = "_readOnly";
+ private static final String DATA_OWNER = "data-owner";
+
public OwnerCheck(Introspector obj, Vertex self, TransactionalGraphEngine dbEngine, DBSerializer serializer) {
super(obj, self, dbEngine, serializer);
}
}
public static boolean isAuthorized(java.util.Set<String> groups, Vertex vertex) {
- if (groups != null && !groups.isEmpty()) {
- List<Vertex> owningEntity = vertex.graph().traversal()
- .V(vertex)
- .bothE("org.onap.relationships.inventory.BelongsTo")
- .otherV()
- .has("aai-node-type", "owning-entity")
- .toList();
-
- if(!owningEntity.isEmpty()) {
- VertexProperty owningEntityName = owningEntity.get(0).property("owning-entity-name");
-
- return groups.contains(owningEntityName.orElseGet(null));
+ if (!CollectionUtils.isEmpty(groups)) {
+ Object dataOwnerProperty = vertex.property(DATA_OWNER).orElse(null);
+ if (ObjectUtils.isNotEmpty(dataOwnerProperty)) {
+ String dataOwner = dataOwnerProperty.toString();
+ String dataOwnerWithReadAccess = dataOwner + READ_ONLY_SUFFIX;
+ return groups.stream()
+ .anyMatch(group -> group.equals(dataOwner) || group.equals(dataOwnerWithReadAccess));
}
}
-
return true;
}
private Map<String, Pair<Introspector, LinkedHashMap<String, Introspector>>> impliedDeleteUriObjectPair = new LinkedHashMap<>();
private int notificationDepth;
private boolean isDeltaEventsEnabled;
+ private boolean isMultiTenancyEnabled;
/**
* Instantiates a new DB serializer.
EdgeSerializer es = ctx.getBean(EdgeSerializer.class);
setEdgeSerializer(es);
isDeltaEventsEnabled = Boolean.parseBoolean(SpringContextAware.getApplicationContext().getEnvironment().getProperty("delta.events.enabled", FALSE));
+ isMultiTenancyEnabled = Boolean.parseBoolean(SpringContextAware.getApplicationContext().getEnvironment().getProperty("multi.tenancy.enabled", FALSE));
}
public void setEdgeSerializer(EdgeSerializer edgeSer) {
private void executePreSideEffects(Introspector obj, Vertex self) throws AAIException {
- SideEffectRunner runner = new SideEffectRunner.Builder(this.engine, this).addSideEffect(DataCopy.class)
- .addSideEffect(PrivateEdge.class).addSideEffect(OwnerCheck.class).build();
-
- runner.execute(obj, self);
+ SideEffectRunner.Builder runnerBuilder =
+ new SideEffectRunner.Builder(this.engine, this).addSideEffect(DataCopy.class).addSideEffect(PrivateEdge.class);
+ if (isMultiTenancyEnabled) {
+ runnerBuilder.addSideEffect(OwnerCheck.class);
+ }
+ runnerBuilder.build().execute(obj, self);
}
private void executePostSideEffects(Introspector obj, Vertex self) throws AAIException {
private void enrichData(Introspector obj, Vertex self) throws AAIException {
- SideEffectRunner runner =
- new SideEffectRunner.Builder(this.engine, this).addSideEffect(DataLinkReader.class)
- .addSideEffect(OwnerCheck.class).build();
+ SideEffectRunner.Builder runnerBuilder =
+ new SideEffectRunner.Builder(this.engine, this).addSideEffect(DataLinkReader.class);
- runner.execute(obj, self);
+ if (isMultiTenancyEnabled) {
+ runnerBuilder.addSideEffect(OwnerCheck.class);
+ }
+ runnerBuilder.build().execute(obj, self);
}
public double getDBTimeMsecs() {
.addV("pnf")
.property("aai-node-type", "pnf")
.property("pnf-name", "my-pnf")
+ .property("data-owner", "Operator")
.property(AAIProperties.AAI_URI, "/network/pnfs/pnf/my-pnf")
.property("model-invariant-id", "key1")
.as("v1")
- .addV("owning-entity")
- .property("aai-node-type", "owning-entity")
- .property("owning-entity-name", "OE-Generic")
- .property("owning-entity-id", "367c897c-8cec-47ba-b7f5-4b6139f06691")
- .property(AAIProperties.AAI_URI,"/network/pnfs/pnf/my-pnf/business/owning-entities/owning-entity/367c897c-8cec-47ba-b7f5-4b6139f06691")
- .as("oe")
- .addE("org.onap.relationships.inventory.BelongsTo").to("v1").from("oe")
.property(EdgeProperty.CONTAINS.toString(), true)
.addV("model-ver")
.property("aai-node-type", "model-ver")
}
@Test
- public void shouldFailComparisonWithDiffOwningEntity() throws Exception {
+ public void shouldFailIfGroupsNotContainsDataOwner() throws Exception {
final Loader loader = loaderFactory.createLoaderForVersion(ModelType.MOXY, schemaVersions.getDefaultVersion());
final Introspector obj = loader.introspectorFromName("pnf");
obj.setValue("pnf-name", "my-pnf");
obj.setValue("model-invariant-id", "key1");
obj.setValue("model-version-id", "key2");
- //obj.setValue("owning-entity-id", "367c897c-8cec-47ba-b7f5-4b6139f06691");
TransactionalGraphEngine spy = spy(dbEngine);
TransactionalGraphEngine.Admin adminSpy = spy(dbEngine.asAdmin());
Graph g = graph.newTransaction();
when(spy.asAdmin()).thenReturn(adminSpy);
when(adminSpy.getTraversalSource()).thenReturn(traversal);
DBSerializer serializer =
- new DBSerializer(schemaVersions.getDefaultVersion(),
- spy, introspectorFactoryType,
- "AAI_TEST", new HashSet<>(Arrays.asList("OE-GenericI", "OE-GenericII")));
+ new DBSerializer(schemaVersions.getDefaultVersion(),
+ spy, introspectorFactoryType,
+ "AAI_TEST", new HashSet<>(Arrays.asList("OperatorI", "OperatorII")));
Vertex selfV = g.traversal().V().has("aai-node-type", "pnf").next();
OwnerCheck ownerCheck = new OwnerCheck(obj, selfV, spy, serializer);
thrown.expect(AAIException.class);
- thrown.expectMessage("Group(s) :[OE-GenericI, OE-GenericII] not authorized to perform function");
+ thrown.expectMessage("Group(s) :[OperatorII, OperatorI] not authorized to perform function");
ownerCheck.execute();
g.tx().rollback();
}
@Test
- public void shouldPassIfOwningEntityEqual() throws Exception {
+ public void shouldPassIfGroupsContainsDataOwner() throws Exception {
final Loader loader = loaderFactory.createLoaderForVersion(ModelType.MOXY, schemaVersions.getDefaultVersion());
final Introspector obj = loader.introspectorFromName("pnf");
obj.setValue("pnf-name", "my-pnf");
obj.setValue("model-invariant-id", "key1");
obj.setValue("model-version-id", "key2");
- //obj.setValue("owning-entity-id", "367c897c-8cec-47ba-b7f5-4b6139f06691");
TransactionalGraphEngine spy = spy(dbEngine);
TransactionalGraphEngine.Admin adminSpy = spy(dbEngine.asAdmin());
Graph g = graph.newTransaction();
DBSerializer serializer =
new DBSerializer(schemaVersions.getDefaultVersion(),
spy, introspectorFactoryType,
- "AAI_TEST", new HashSet<>(Arrays.asList("OE-Generic", "OE-GenericII")));
+ "AAI_TEST", new HashSet<>(Arrays.asList("OperatorIII", "Operator")));
+
+ OwnerCheck ownerCheck = new OwnerCheck(obj, selfV, spy, serializer);
+
+ ownerCheck.execute();
+ g.tx().rollback();
+ }
+
+ @Test
+ public void shouldPassIfGroupsIsEmpty() throws Exception {
+
+ final Loader loader = loaderFactory.createLoaderForVersion(ModelType.MOXY, schemaVersions.getDefaultVersion());
+ final Introspector obj = loader.introspectorFromName("pnf");
+ obj.setValue("pnf-name", "my-pnf");
+ obj.setValue("model-invariant-id", "key1");
+ obj.setValue("model-version-id", "key2");
+ TransactionalGraphEngine spy = spy(dbEngine);
+ TransactionalGraphEngine.Admin adminSpy = spy(dbEngine.asAdmin());
+ Graph g = graph.newTransaction();
+ GraphTraversalSource traversal = g.traversal();
+ when(spy.asAdmin()).thenReturn(adminSpy);
+ when(adminSpy.getTraversalSource()).thenReturn(traversal);
+ DBSerializer serializer =
+ new DBSerializer(schemaVersions.getDefaultVersion(),
+ spy, introspectorFactoryType,
+ "AAI_TEST");
+
+ Vertex selfV = g.traversal().V().has("aai-node-type", "pnf").next();
OwnerCheck ownerCheck = new OwnerCheck(obj, selfV, spy, serializer);
ownerCheck.execute();
+ g.tx().rollback();
+ }
+
+ @Test
+ public void shouldPassIfDataOwnerIsNull() throws Exception {
+
+ final Loader loader = loaderFactory.createLoaderForVersion(ModelType.MOXY, schemaVersions.getDefaultVersion());
+ final Introspector obj = loader.introspectorFromName("pnf");
+ obj.setValue("pnf-name", "my-pnf");
+ obj.setValue("model-invariant-id", "key1");
+ obj.setValue("model-version-id", "key2");
+ obj.setValue("data-owner", null);
+ TransactionalGraphEngine spy = spy(dbEngine);
+ TransactionalGraphEngine.Admin adminSpy = spy(dbEngine.asAdmin());
+ Graph g = graph.newTransaction();
+ GraphTraversalSource traversal = g.traversal();
+ when(spy.asAdmin()).thenReturn(adminSpy);
+ when(adminSpy.getTraversalSource()).thenReturn(traversal);
+ DBSerializer serializer =
+ new DBSerializer(schemaVersions.getDefaultVersion(),
+ spy, introspectorFactoryType,
+ "AAI_TEST");
+
+ Vertex selfV = g.traversal().V().has("aai-node-type", "pnf").next();
+ OwnerCheck ownerCheck = new OwnerCheck(obj, selfV, spy, serializer);
+ ownerCheck.execute();
g.tx().rollback();
}
@Test
- public void shouldPassIfUserOwningEntityEmptyl() throws Exception {
+ public void shouldPassIfDataOwnerIsEmpty() throws Exception {
final Loader loader = loaderFactory.createLoaderForVersion(ModelType.MOXY, schemaVersions.getDefaultVersion());
final Introspector obj = loader.introspectorFromName("pnf");
obj.setValue("pnf-name", "my-pnf");
obj.setValue("model-invariant-id", "key1");
obj.setValue("model-version-id", "key2");
- //obj.setValue("owning-entity-id", "367c897c-8cec-47ba-b7f5-4b6139f06691");
+ obj.setValue("data-owner", "");
TransactionalGraphEngine spy = spy(dbEngine);
TransactionalGraphEngine.Admin adminSpy = spy(dbEngine.asAdmin());
Graph g = graph.newTransaction();
<xml-property name="ownerCheck" value="N/A"/>
</xml-properties>
</xml-element>
+ <xml-element java-attribute="dataOwner" name="data-owner" type="java.lang.String">
+ <xml-properties>
+ <xml-property name="description" value="Resource owner"/>
+ </xml-properties>
+ </xml-element>
<xml-element java-attribute="pnfName2" name="pnf-name2" type="java.lang.String">
<xml-properties>
<xml-property name="description" value="name of Physical Network Function."/>
<parent>
<groupId>org.onap.aai.aai-common</groupId>
<artifactId>aai-parent</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.8.1-SNAPSHOT</version>
<relativePath>../aai-parent/pom.xml</relativePath>
</parent>
<artifactId>aai-els-onap-logging</artifactId>
<parent>
<groupId>org.onap.aai.aai-common</groupId>
<artifactId>aai-parent</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.8.1-SNAPSHOT</version>
<relativePath>../aai-parent/pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>org.aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<version>1.9.1</version>
- </dependency>
+ </dependency>
</dependencies>
</project>
<parent>
<groupId>org.onap.aai.aai-common</groupId>
<artifactId>aai-common</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.8.1-SNAPSHOT</version>
</parent>
<artifactId>aai-parent</artifactId>
<name>aai-parent</name>
<parent>
<groupId>org.onap.aai.aai-common</groupId>
<artifactId>aai-parent</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.8.1-SNAPSHOT</version>
<relativePath>../aai-parent/pom.xml</relativePath>
</parent>
<artifactId>aai-rest</artifactId>
<parent>
<groupId>org.onap.aai.aai-common</groupId>
<artifactId>aai-parent</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.8.1-SNAPSHOT</version>
<relativePath>../aai-parent/pom.xml</relativePath>
</parent>
<parent>
<groupId>org.onap.aai.aai-common</groupId>
<artifactId>aai-parent</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.8.1-SNAPSHOT</version>
<relativePath>../aai-parent/pom.xml</relativePath>
</parent>
<artifactId>aai-schema-ingest</artifactId>
<parent>
<groupId>org.onap.aai.aai-common</groupId>
<artifactId>aai-parent</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.8.1-SNAPSHOT</version>
<relativePath>../aai-parent/pom.xml</relativePath>
</parent>
<artifactId>aai-utils</artifactId>
<groupId>org.onap.aai.aai-common</groupId>
<artifactId>aai-common</artifactId>
- <version>1.8.0-SNAPSHOT</version>
+ <version>1.8.1-SNAPSHOT</version>
<packaging>pom</packaging>
<name>aai-aai-common</name>
<description>Contains all of the common code for resources and traversal repos</description>
major_version=1
minor_version=8
-patch_version=0
+patch_version=1
base_version=${major_version}.${minor_version}.${patch_version}