PROPS="${PROPS} -DCONFIG_HOME=${CONFIG_HOME}"
PROPS="${PROPS} -Dtosca.mappings.config=${CONFIG_HOME}/tosca-mappings.json"
PROPS="${PROPS} -DKEY_STORE_PASSWORD=${KEY_STORE_PASSWORD}"
+if [ ! -z "$REQUIRE_CLIENT_AUTH" ]; then
+ PROPS="$PROPS -Dserver.ssl.client-auth=${REQUIRE_CLIENT_AUTH}"
+fi
+
JVM_MAX_HEAP=${MAX_HEAP:-1024}
exec java -Xmx${JVM_MAX_HEAP}m ${PROPS} -jar ${APP_HOME}/babel.jar
if (policyAuthFileName == null) {
throw new AAIAuthException("Auth policy file could not be found");
}
+
AAIMicroServiceAuthCore.reloadUsers();
- TimerTask task = new FileWatcher(new File(policyAuthFileName)) {
- @Override
- protected void onChange(File file) {
- // here we implement the onChange
- applicationLogger.debug("File " + file.getName() + " has been changed!");
- try {
- AAIMicroServiceAuthCore.reloadUsers();
- } catch (AAIAuthException e) {
- applicationLogger.error(ApplicationMsgs.PROCESS_REQUEST_ERROR, e);
- }
- applicationLogger.debug("File " + file.getName() + " has been reloaded!");
- }
- };
+ TimerTask task = new AuthFileWatcher(new File(policyAuthFileName));
if (!timerSet) {
timerSet = true;
* <li>If this fails, try resolving the path relative to the configuration home location (either
* <code>$CONFIG_HOME</code> or <code>$APP_HOME/appconfig</code>).</li>
* <li>If this fails try resolving relative to the <code>auth</code> folder under configuration home.</li>
- *
+ *
* @param authPolicyFile
* filename or path
* @return the Optional canonical path to the located policy file
--- /dev/null
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aai
+ * ================================================================================
+ * Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (c) 2017-2019 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aai.auth;
+
+import java.io.File;
+import org.onap.aai.babel.logging.ApplicationMsgs;
+import org.onap.aai.babel.logging.LogHelper;
+
+public class AuthFileWatcher extends FileWatcher {
+
+ private static LogHelper applicationLogger = LogHelper.INSTANCE;
+
+ public AuthFileWatcher(File file) {
+ super(file);
+ }
+
+ @Override
+ protected void onChange(File file) {
+ applicationLogger.debug("File " + file.getName() + " has been changed!");
+ try {
+ AAIMicroServiceAuthCore.reloadUsers();
+ } catch (AAIAuthException e) {
+ applicationLogger.error(ApplicationMsgs.PROCESS_REQUEST_ERROR, e);
+ }
+ applicationLogger.debug("File " + file.getName() + " has been reloaded!");
+ }
+}
package org.onap.aai.babel;
-import java.util.HashMap;
+import com.google.common.collect.ImmutableMap;
import org.eclipse.jetty.util.security.Password;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
/**
* Spring Boot Initialization.
- *
+ *
* @param args
- * main args
+ * main args (expected to be null)
*/
public static void main(String[] args) {
String keyStorePassword = System.getProperty("KEY_STORE_PASSWORD");
if (keyStorePassword == null || keyStorePassword.isEmpty()) {
- throw new IllegalArgumentException("Env property KEY_STORE_PASSWORD not set");
+ throw new IllegalArgumentException("Mandatory property KEY_STORE_PASSWORD not set");
}
- HashMap<String, Object> props = new HashMap<>();
- String decryptedValue = keyStorePassword.startsWith(Password.__OBFUSCATE) ? //
- Password.deobfuscate(keyStorePassword) : keyStorePassword;
- props.put("server.ssl.key-store-password", decryptedValue);
+ ImmutableMap<String, Object> defaults =
+ ImmutableMap.of("server.ssl.key-store-password", new Password(keyStorePassword).toString());
- String requireClientAuth = System.getenv("REQUIRE_CLIENT_AUTH");
- props.put("server.ssl.client-auth",
- Boolean.FALSE.toString().equalsIgnoreCase(requireClientAuth) ? "want" : "need");
-
- context = new BabelApplication()
- .configure(new SpringApplicationBuilder(BabelApplication.class).properties(props)).run(args);
+ context = new BabelApplication() //
+ .configure(new SpringApplicationBuilder(BabelApplication.class).properties(defaults)) //
+ .run(args);
}
public static void exit() {
try {
return createVendorImageConfigurations(serviceVfList, vnfConfigurationNode);
} catch (IllegalArgumentException e) {
+ applicationLogger.error(ApplicationMsgs.INVALID_CSAR_FILE, e);
throw new ToscaToCatalogException(e.getMessage());
}
}
* ============LICENSE_START=======================================================
* org.onap.aai
* ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * Copyright © 2017-2018 European Software Marketing Ltd.
+ * Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (c) 2017-2019 European Software Marketing Ltd.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* limitations under the License.
* ============LICENSE_END=========================================================
*/
+
package org.onap.aai.babel.request;
import java.util.Optional;
* If the correlation ID contains the symbol : then this character and any trailing characters are removed. This
* allows for an incrementing numeric sequence where there are multiple HTTP requests for a single transaction.
*
- * @return the normalsed UUID used for correlating transactions across components, or else null (if no ID is set)
+ * @return the normalized UUID used for correlating transactions across components, or else null (if no ID is set)
*/
public String getCorrelationId() {
// If the request ID is missing, use the transaction ID (if present)
* ============LICENSE_START=======================================================
* org.onap.aai
* ================================================================================
- * Copyright © 2017-2019 AT&T Intellectual Property. All rights reserved.
- * Copyright © 2017-2019 European Software Marketing Ltd.
+ * Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (c) 2017-2019 European Software Marketing Ltd.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.UriInfo;
import org.apache.commons.lang3.time.StopWatch;
+import org.onap.aai.auth.AAIAuthException;
import org.onap.aai.auth.AAIMicroServiceAuth;
import org.onap.aai.auth.AAIMicroServiceAuthCore;
import org.onap.aai.babel.csar.CsarConverterException;
import org.onap.aai.babel.util.RequestValidator;
import org.springframework.stereotype.Service;
-/** Generate SDC Artifacts by passing in a CSAR payload, Artifact Name and Artifact version */
+/**
+ * Generate SDC Artifacts by passing in a CSAR payload, Artifact Name and Artifact version.
+ *
+ */
@Service
public class GenerateArtifactsServiceImpl implements GenerateArtifactsService {
private static final LogHelper applicationLogger = LogHelper.INSTANCE;
/**
* @param authorization
+ * the auth module
*/
@Inject
public GenerateArtifactsServiceImpl(final AAIMicroServiceAuth authorization) {
response = authorized ? generateArtifacts(requestBody)
: buildResponse(Status.UNAUTHORIZED, "User not authorized to perform the operation.");
- } catch (Exception e) {
+ } catch (AAIAuthException e) {
applicationLogger.error(ApplicationMsgs.PROCESS_REQUEST_ERROR, e);
applicationLogger.logAuditError(e);
return buildResponse(Status.INTERNAL_SERVER_ERROR,
- "Error while processing request. Please check the babel service logs for more details.\n");
+ "Error while processing request. Please check the Babel service logs for more details.\n");
}
StatusCode statusDescription;
/**
* Generate XML model artifacts from request body.
*
- * @param requestBody the request body in JSON format
+ * @param requestBody
+ * the request body in JSON format
* @return response object containing the generated XML models
*/
protected Response generateArtifacts(String requestBody) {
response = processError(ApplicationMsgs.PROCESSING_VNF_CATALOG_ERROR, Status.INTERNAL_SERVER_ERROR, e,
"Error converting CSAR artifact to VNF catalog.");
} catch (RequestValidationException e) {
- response =
- processError(ApplicationMsgs.PROCESS_REQUEST_ERROR, Status.BAD_REQUEST, e, e.getLocalizedMessage());
- } catch (Exception e) {
- response = processError(ApplicationMsgs.PROCESS_REQUEST_ERROR, Status.INTERNAL_SERVER_ERROR, e,
- "Error while processing request. Please check the babel service logs for more details.\n");
+ response = processError(ApplicationMsgs.PROCESS_REQUEST_ERROR, Status.BAD_REQUEST, //
+ e, e.getLocalizedMessage());
} finally {
applicationLogger.logMetrics(stopwatch, LogHelper.getCallerMethodName(0));
}
/**
* Helper method to create a REST response object.
*
- * @param status response status code
- * @param entity response payload
+ * @param status
+ * response status code
+ * @param entity
+ * response payload
* @return
*/
private Response buildResponse(Status status, String entity) {
- // @formatter:off
- return Response.status(status).entity(entity).type(MediaType.TEXT_PLAIN).build();
- // @formatter:on
+ return Response.status(status).entity(entity).type(MediaType.TEXT_PLAIN).build();
}
}
server.port=9516
server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore
+server.ssl.client-auth=need
server.contextPath=/services/babel-service
BabelApplication.main(new String[] {});
}
+ /**
+ * This test asserts that if the KEY_STORE_PASSWORD System Property is set (and is not empty) then the value is
+ * passed to Jetty, debobfuscated, and used to open the key store, even if the resulting password value is actually
+ * an empty string.
+ */
+ @Test
+ public void testApplicationWithBlankObfuscatedKeyStorePassword() {
+ // Note that "OBF:" is correctly deobfuscated and results in an empty string.
+ System.setProperty("KEY_STORE_PASSWORD", "OBF:");
+ final CauseMatcher expectedCause = new CauseMatcher(IOException.class, "password was incorrect");
+ expectedEx.expectCause(expectedCause);
+ BabelApplication.main(new String[] {});
+ }
+
private static class CauseMatcher extends TypeSafeMatcher<Throwable> {
private final Class<? extends Throwable> type;
--- /dev/null
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aai
+ * ================================================================================
+ * Copyright (c) 2017-2019 AT&T Intellectual Property. All rights reserved.
+ * Copyright (c) 2017-2019 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.aai.babel;
+
+import static org.hamcrest.CoreMatchers.containsString;
+import static org.junit.Assert.assertThat;
+
+import java.io.File;
+import java.io.IOException;
+import java.util.TimerTask;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+import org.onap.aai.auth.AAIAuthException;
+import org.onap.aai.auth.AAIMicroServiceAuth;
+import org.onap.aai.auth.AAIMicroServiceAuthCore;
+import org.onap.aai.auth.AuthFileWatcher;
+import org.onap.aai.babel.config.BabelAuthConfig;
+
+/**
+ * Tests {@link AuthFileWatcher}.
+ */
+
+public class TestAuthFileWatcher {
+
+ private TimerTask task;
+ private File mockFile = Mockito.mock(File.class);
+
+ @Before
+ public void createTask() {
+ task = new AuthFileWatcher(mockFile);
+ }
+
+ @Test
+ public void testOnChangeDoesNotRun() {
+ task.run();
+ }
+
+ @Test
+ public void testOnChangeDoesRun() throws IOException, AAIAuthException {
+ System.setProperty("CONFIG_HOME", "src/test/resources");
+ BabelAuthConfig babelServiceAuthConfig = new BabelAuthConfig();
+ babelServiceAuthConfig.setAuthPolicyFile("auth_policy.json");
+ new AAIMicroServiceAuth(babelServiceAuthConfig);
+
+ Mockito.when(mockFile.lastModified()).thenReturn(1000L);
+ task.run();
+ }
+
+ @Test
+ public void testOnChangeRunAfterFailure() throws IOException {
+ File file = File.createTempFile("auth-policy", "json");
+ try {
+ AAIMicroServiceAuthCore.init(file.getAbsolutePath());
+ } catch (AAIAuthException e) {
+ assertThat(e.getMessage(), containsString("Error processing Auth policy file"));
+ }
+ file.deleteOnExit();
+ Mockito.when(mockFile.lastModified()).thenReturn(1000L);
+ task.run();
+ }
+
+}
VnfVendorImageExtractor extractor = new VnfVendorImageExtractor();
SdcToscaHelper helper = new SdcToscaHelper();
- List<String> versions;
- versions = extractor.extractSoftwareVersions(helper.buildMappings().getNodeTemplates());
+ List<String> versions = extractor.extractSoftwareVersions(helper.buildMappings().getNodeTemplates());
assertThat(versions.size(), is(0));
helper.addNodeTemplate();
package org.onap.aai.babel.service;
+import static org.hamcrest.CoreMatchers.containsString;
import static org.hamcrest.Matchers.is;
import static org.junit.Assert.assertThat;
import java.util.Collections;
import java.util.List;
import java.util.Map.Entry;
+import java.util.Optional;
import javax.inject.Inject;
import javax.security.auth.x500.X500Principal;
import javax.ws.rs.core.HttpHeaders;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mockito;
+import org.onap.aai.auth.AAIAuthException;
import org.onap.aai.auth.AAIMicroServiceAuth;
import org.onap.aai.babel.service.data.BabelRequest;
import org.onap.aai.babel.testdata.CsarTest;
new ArtifactTestUtils().setGeneratorSystemProperties();
}
+ /**
+ * Test with a valid request (and valid CSAR content) by calling the Service implementation directly using a mocked
+ * HTTPS request.
+ *
+ * @throws URISyntaxException
+ * if the URI cannot be created
+ * @throws IOException
+ * if the resource cannot be loaded
+ */
@Test
- public void testGenerateArtifacts() throws Exception {
- Response response = processJsonRequest(CsarTest.VNF_VENDOR_CSAR);
+ public void testGenerateArtifacts() throws URISyntaxException, IOException {
+ Response response = processJsonRequest(CsarTest.VNF_VENDOR_CSAR, auth);
assertThat(response.toString(), response.getStatus(), is(Response.Status.OK.getStatusCode()));
assertThat(response.getEntity(), is(getResponseJson("response.json")));
}
/**
- * No VNF Configuration exists.
- *
+ * Test with a valid request that has no Transaction ID header value.
+ *
+ * @throws URISyntaxException
+ * if the URI cannot be created
+ * @throws IOException
+ * if the resource cannot be loaded
+ */
+ @Test
+ public void testGenerateArtifactsWithoutRequestId() throws URISyntaxException, IOException {
+ Response response = invokeService(CsarTest.VNF_VENDOR_CSAR.getJsonRequest(), Optional.empty(), auth);
+ assertThat(response.toString(), response.getStatus(), is(Response.Status.OK.getStatusCode()));
+ assertThat(response.getEntity(), is(getResponseJson("response.json")));
+ }
+
+ /**
+ * Test with a valid request, using a CSAR file that has no VNF configuration present.
+ *
* @throws URISyntaxException
* if the URI cannot be created
* @throws IOException
*/
@Test
public void testGenerateArtifactsWithoutVnfConfiguration() throws IOException, URISyntaxException {
- Response response = processJsonRequest(CsarTest.NO_VNF_CONFIG_CSAR);
+ Response response = processJsonRequest(CsarTest.NO_VNF_CONFIG_CSAR, auth);
assertThat(response.getStatus(), is(Response.Status.OK.getStatusCode()));
assertThat(response.getEntity(), is(getResponseJson("validNoVnfConfigurationResponse.json")));
}
+ /**
+ * Test for a valid request with invalid CSAR file content.
+ *
+ * @throws URISyntaxException
+ * if the URI cannot be created
+ * @throws IOException
+ * if the resource cannot be loaded
+ */
+ @Test
+ public void testGenerateArtifactsInvalidCsar() throws IOException, URISyntaxException {
+ Response response = processJsonRequest(CsarTest.MULTIPLE_VNF_CSAR, auth);
+ assertThat(response.getStatus(), is(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()));
+ assertThat(response.getEntity().toString(), containsString("VNF catalog"));
+ }
+
+ @Test
+ public void testUninitializedService() throws IOException, URISyntaxException, AAIAuthException {
+ AAIMicroServiceAuth uninitializedAuth = Mockito.mock(AAIMicroServiceAuth.class);
+ Mockito.when(uninitializedAuth.validateRequest(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any()))
+ .thenThrow(new AAIAuthException("test"));
+ Response response = processJsonRequest(CsarTest.NO_VNF_CONFIG_CSAR, uninitializedAuth);
+ assertThat(response.getStatus(), is(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode()));
+ assertThat(response.getEntity().toString(), containsString("check the Babel service logs"));
+ }
+
+ @Test
+ public void testUnauthorizedRequest() throws IOException, URISyntaxException, AAIAuthException {
+ AAIMicroServiceAuth uninitializedAuth = Mockito.mock(AAIMicroServiceAuth.class);
+ Mockito.when(uninitializedAuth.validateRequest(Mockito.any(), Mockito.any(), Mockito.any(), Mockito.any()))
+ .thenReturn(false);
+ Response response = processJsonRequest(CsarTest.NO_VNF_CONFIG_CSAR, uninitializedAuth);
+ assertThat(response.getStatus(), is(Response.Status.UNAUTHORIZED.getStatusCode()));
+ assertThat(response.getEntity().toString(), containsString("User not authorized"));
+ }
+
@Test
public void testInvalidCsarFile() throws URISyntaxException, IOException {
BabelRequest request = new BabelRequest();
*
* @param csar
* test CSAR file
+ * @param auth
+ * the auth module
* @return the Response from the HTTP API
* @throws URISyntaxException
* if the URI cannot be created
* @throws IOException
* if the resource cannot be loaded
*/
- private Response processJsonRequest(CsarTest csar) throws IOException, URISyntaxException {
- return invokeService(csar.getJsonRequest());
+ private Response processJsonRequest(CsarTest csar, AAIMicroServiceAuth auth)
+ throws URISyntaxException, IOException {
+ return invokeService(csar.getJsonRequest(), Optional.of("transaction-id"), auth);
}
/**
* @throws URISyntaxException
* if the URI cannot be created
*/
- private Response invokeService(String jsonString) throws URISyntaxException {
+ private Response invokeService(String jsonRequest) throws URISyntaxException {
+ return invokeService(jsonRequest, Optional.of("transaction-id"), auth);
+ }
+
+ /**
+ * Create a (mocked) HTTPS request and invoke the Babel generate artifacts API.
+ *
+ * @param jsonString
+ * the JSON request
+ * @param transactionId
+ * optional X-TransactionId value for the HTTP request
+ * @param auth
+ * the auth module
+ * @return the Response from the HTTP API
+ * @throws URISyntaxException
+ * if the URI cannot be created
+ */
+ private Response invokeService(String jsonString, Optional<String> transactionId, AAIMicroServiceAuth auth)
+ throws URISyntaxException {
UriInfo mockUriInfo = Mockito.mock(UriInfo.class);
Mockito.when(mockUriInfo.getRequestUri()).thenReturn(new URI("/validate")); // NOSONAR (mocked)
Mockito.when(mockUriInfo.getPath(false)).thenReturn("validate"); // URI prefix is stripped by AJSC routing
// Create mocked request headers map
MultivaluedHashMap<String, String> headersMap = new MultivaluedHashMap<>();
- headersMap.put("X-TransactionId", createSingletonList("transaction-id"));
+ if (transactionId.isPresent()) {
+ headersMap.put("X-TransactionId", createSingletonList(transactionId.get()));
+ }
headersMap.put("X-FromAppId", createSingletonList("app-id"));
headersMap.put("Host", createSingletonList("hostname"));
HttpHeaders headers = Mockito.mock(HttpHeaders.class);
for (Entry<String, List<String>> entry : headersMap.entrySet()) {
Mockito.when(headers.getRequestHeader(entry.getKey())).thenReturn(entry.getValue());
+ Mockito.when(headers.getHeaderString(entry.getKey())).thenReturn(entry.getValue().get(0));
}
Mockito.when(headers.getRequestHeaders()).thenReturn(headersMap);
Code Review / aai / babel.git / commitdiff