exit 0;
fi;
+ if [ ! -f "${APP_HOME}/scripts/updatePem.sh" ]; then
+ echo "Unable to find the updatePem script";
+ exit 1;
+ else
+ gosu aaiadmin ${APP_HOME}/scripts/updatePem.sh
+ fi;
fi;
mkdir -p /opt/app/aai-schema-service/logs/gc
MIN_HEAP_SIZE=${MIN_HEAP_SIZE:-512m};
MAX_HEAP_SIZE=${MAX_HEAP_SIZE:-1024m};
-MAX_PERM_SIZE=${MAX_PERM_SIZE:-512m};
-PERM_SIZE=${PERM_SIZE:-512m};
+MAX_METASPACE_SIZE=${MAX_METASPACE_SIZE:-512m};
JAVA_CMD="exec gosu aaiadmin java";
JVM_OPTS="${JVM_OPTS} -XX:+PrintGCDetails";
JVM_OPTS="${JVM_OPTS} -XX:+PrintGCTimeStamps";
-JVM_OPTS="${JVM_OPTS} -XX:MaxPermSize=${MAX_PERM_SIZE}";
-JVM_OPTS="${JVM_OPTS} -XX:PermSize=${PERM_SIZE}";
+JVM_OPTS="${JVM_OPTS} -XX:MaxMetaspaceSize=${MAX_METASPACE_SIZE}";
JVM_OPTS="${JVM_OPTS} -server";
JVM_OPTS="${JVM_OPTS} -XX:NewSize=512m";
JVM_OPTS="${JVM_OPTS} ${POST_JVM_ARGS}";
JAVA_OPTS="${PRE_JAVA_OPTS} -DAJSC_HOME=$APP_HOME";
if [ -f ${INTROSCOPE_LIB}/Agent.jar ] && [ -f ${INTROSCOPE_AGENTPROFILE} ]; then
- JAVA_OPTS="${JAVA_OPTS} -javaagent:${INTROSCOPE_LIB}/Agent.jar -noverify -Dcom.wily.introscope.agentProfile=${INTROSCOPE_AGENTPROFILE} -Dintroscope.agent.agentName=resources"
+ JAVA_OPTS="${JAVA_OPTS} -javaagent:${INTROSCOPE_LIB}/Agent.jar -noverify -Dcom.wily.introscope.agentProfile=${INTROSCOPE_AGENTPROFILE} -Dintroscope.agent.agentName=schema-service"
fi
JAVA_OPTS="${JAVA_OPTS} -Dserver.port=${SERVER_PORT}";
JAVA_OPTS="${JAVA_OPTS} -DBUNDLECONFIG_DIR=./resources";
JAVA_OPTS="${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom";
JAVA_OPTS="${JAVA_OPTS} -Dlogback.configurationFile=./resources/logback.xml";
JAVA_OPTS="${JAVA_OPTS} -Dloader.path=$APP_HOME/resources";
+JAVA_OPTS="${JAVA_OPTS} -Dgroovy.use.classvalue=true";
JAVA_OPTS="${JAVA_OPTS} ${POST_JAVA_OPTS}";
JAVA_MAIN_JAR=$(ls lib/aai-schema-service*.jar);
@PreDestroy
public void cleanup() {
+
+ LoggingContext.save();
+ LoggingContext.component("Stopped");
+ LoggingContext.partnerName("NA");
+ LoggingContext.targetEntity(APP_NAME);
+ LoggingContext.requestId(UUID.randomUUID().toString());
+ LoggingContext.serviceName(APP_NAME);
+ LoggingContext.targetServiceName("Stopped");
+ LoggingContext.statusCode(StatusCode.COMPLETE);
logger.info("SchemaService shutting down");
}
}
import org.onap.aai.schemaservice.interceptors.AAIContainerFilter;
import javax.annotation.Priority;
+import javax.print.attribute.standard.Media;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.UriInfo;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext)
throws IOException {
- if (responseContext.getStatus() == 405) {
+ String contentType = responseContext.getHeaderString("Content-Type");
+ ArrayList<String> templateVars = new ArrayList<>();
+ List<MediaType> mediaTypeList = new ArrayList<>();
+ AAIException e;
+ String message = "";
- responseContext.setStatus(400);
- AAIException e = new AAIException("AAI_3012");
- ArrayList<String> templateVars = new ArrayList<>();
+ if (responseContext.getStatus() == 405) {
- List<MediaType> mediaTypeList = new ArrayList<>();
+ // add the accept type error msg here as well.
- String contentType = responseContext.getHeaderString("Content-Type");
+ responseContext.setStatus(400);
+ e = new AAIException("AAI_3012");
if (contentType == null) {
mediaTypeList.add(MediaType.APPLICATION_XML_TYPE);
mediaTypeList.add(MediaType.valueOf(contentType));
}
- String message = ErrorLogHelper.getRESTAPIErrorResponse(mediaTypeList, e, templateVars);
+ message = ErrorLogHelper.getRESTAPIErrorResponse(mediaTypeList, e, templateVars);
responseContext.setEntity(message);
}
+ else if (responseContext.getStatus() == 406) {
+ responseContext.setStatus(406);
+ mediaTypeList.add(MediaType.valueOf(contentType));
+ if (contentType.equals(MediaType.APPLICATION_XML)) {
+ e = new AAIException("AAI_3019", MediaType.APPLICATION_XML);
+ } else if (contentType.equals(MediaType.APPLICATION_JSON)) {
+ e = new AAIException("AAI_3019", MediaType.APPLICATION_JSON);
+ } else {
+ if (contentType == null) {
+ mediaTypeList.add(MediaType.APPLICATION_XML_TYPE);
+ e = new AAIException("AAI_3019", "null");
+ } else {
+ mediaTypeList.add(MediaType.valueOf(contentType));
+ e = new AAIException("AAI_3019", contentType);
+ }
+ }
+ message = ErrorLogHelper.getRESTAPIErrorResponse(mediaTypeList, e, templateVars);
+ responseContext.setEntity(message);
+ }
}
-
}
AAI_3016=5:6:INFO:3007:400:3016:Request uri is not valid, please check the version %1
AAI_3017=5:6:INFO:3007:400:3016:Request uri is not valid, please check the uri %1
AAI_3018=5:6:INFO:3018:400:3018:Request schema version %1 is not valid, please check the schema version
+AAI_3019=5:6:WARN:3019:400:3019:Request contains invalid header accept type
AAI_3050=5:1:WARN:3002:400:3002:Invalid request, missing or empty query parameter version
AAI_3051=5:1:WARN:3002:400:3002:Invalid request, version parameter %1 passed is not conforming to the following pattern v[1-9][0-9]*
<appender-ref ref="asyncERROR"/>
<appender-ref ref="asyncMETRIC"/>
<appender-ref ref="asyncSANE"/>
- <appender-ref ref="STDOUT"/>
</logger>
<!-- Spring related loggers -->
<root level="DEBUG">
<appender-ref ref="external"/>
- <appender-ref ref="STDOUT"/>
</root>
</configuration>
--- /dev/null
+#!/bin/ksh
+#
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+
+
+# Common functions that can be used throughout multiple scripts
+# In order to call these functions, this file needs to be sourced
+
+# Checks if the user that is currently running is aaiadmin
+check_user(){
+
+ userid=$( id | cut -f2 -d"(" | cut -f1 -d")" )
+
+ if [ "${userid}" != "aaiadmin" ]; then
+ echo "You must be aaiadmin to run $0. The id used $userid."
+ exit 1
+ fi
+}
+
+# Sources the profile and sets the project home
+source_profile(){
+ . /etc/profile.d/aai.sh
+ PROJECT_HOME=/opt/app/aai-schema-service
+}
+
+# Runs the spring boot jar based on which main class
+# to execute and which logback file to use for that class
+execute_spring_jar(){
+
+ className=$1;
+ logbackFile=$2;
+
+ shift 2;
+
+ EXECUTABLE_JAR=$(ls ${PROJECT_HOME}/lib/*.jar);
+
+ JAVA_OPTS="${JAVA_PRE_OPTS} -DAJSC_HOME=$PROJECT_HOME";
+ JAVA_OPTS="$JAVA_OPTS -DBUNDLECONFIG_DIR=resources";
+ JAVA_OPTS="$JAVA_OPTS -Daai.home=$PROJECT_HOME ";
+ JAVA_OPTS="$JAVA_OPTS -Dhttps.protocols=TLSv1.1,TLSv1.2";
+ JAVA_OPTS="$JAVA_OPTS -Dloader.main=${className}";
+ JAVA_OPTS="$JAVA_OPTS -Dloader.path=${PROJECT_HOME}/resources";
+ JAVA_OPTS="$JAVA_OPTS -Dlogback.configurationFile=${logbackFile}";
+
+ export SOURCE_NAME=$(grep '^schema.source.name=' ${PROJECT_HOME}/resources/application.properties | cut -d"=" -f2-);
+ # Needed for the schema ingest library beans
+ eval $(grep '^schema\.' ${PROJECT_HOME}/resources/application.properties | \
+ sed 's/^\(.*\)$/JAVA_OPTS="$JAVA_OPTS -D\1"/g' | \
+ sed 's/${server.local.startpath}/${PROJECT_HOME}\/resources/g'| \
+ sed 's/${schema.source.name}/'${SOURCE_NAME}'/g'\
+ )
+
+ JAVA_OPTS="${JAVA_OPTS} ${JAVA_POST_OPTS}";
+
+ ${JAVA_HOME}/bin/java ${JVM_OPTS} ${JAVA_OPTS} -jar ${EXECUTABLE_JAR} "$@"
+}
+
+# Prints the start date and the script that the user called
+start_date(){
+ echo
+ echo `date` " Starting $0"
+}
+
+# Prints the end date and the script that the user called
+end_date(){
+ echo
+ echo `date` " Done $0"
+}
+
+# Inserts GEN_DB_WITH_NO_SCHEMA as a paranmter if it isn't there already
+force_GEN_DB_WITH_NO_SCHEMA () {
+ for p in "$@"
+ do
+ if [ "$p" == "GEN_DB_WITH_NO_SCHEMA" ]
+ then
+ echo "$@"
+ return
+ fi
+ done
+ echo "GEN_DB_WITH_NO_SCHEMA $@"
+ return
+}
+
--- /dev/null
+#!/bin/ksh
+
+###
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+#
+# The script is called with a resource.
+# It invokes a GET on the resource using curl
+# Uses aaiconfig.properties for authorization type and url.
+
+display_usage() {
+ cat <<EOF
+ Usage: $0 [options]
+
+ 1. Usage: getTool.sh <resource-path>
+ 2. This script needs only one argument and the argument should be resource-path.
+ 3. for example: resource-path for a particular customer is /aai/schema-service/v1/versions
+EOF
+}
+if [ $# -eq 0 ]; then
+ display_usage
+ exit 1
+fi
+
+# remove leading slash when present
+RESOURCE=$(echo $1 | sed "s,^/,,")
+
+if [ -z $RESOURCE ]; then
+ echo "resource parameter is missing"
+ echo "usage: $0 resource file [expected-failure-codes]"
+ exit 1
+fi
+echo `date` " Starting $0 for resource $RESOURCE"
+
+XFROMAPPID="AAI-TOOLS"
+XTRANSID=`uuidgen`
+
+userid=$( id | cut -f2 -d"(" | cut -f1 -d")" )
+if [ "${userid}" != "aaiadmin" ]; then
+ echo "You must be aaiadmin to run $0. The id used $userid."
+ exit 1
+fi
+
+. /etc/profile.d/aai.sh
+PROJECT_HOME=/opt/app/aai-schema-service
+prop_file=$PROJECT_HOME/resources/etc/appprops/aaiconfig.properties
+log_dir=$PROJECT_HOME/logs/misc
+today=$(date +\%Y-\%m-\%d)
+
+
+MISSING_PROP=false
+RESTURL=$(grep ^aai.server.url= $prop_file |cut -d'=' -f2 |tr -d "\015")
+if [ -z $RESTURL ]; then
+ echo "Property [aai.server.url] not found in file $prop_file"
+ MISSING_PROP=true
+fi
+USEBASICAUTH=false
+BASICENABLE=$(grep ^aai.tools.enableBasicAuth $prop_file |cut -d'=' -f2 |tr -d "\015")
+if [ -z $BASICENABLE ]; then
+ USEBASICAUTH=false
+else
+ USEBASICAUTH=true
+ CURLUSER=$(grep ^aai.tools.username $prop_file |cut -d'=' -f2 |tr -d "\015")
+ if [ -z $CURLUSER ]; then
+ echo "Property [aai.tools.username] not found in file $prop_file"
+ MISSING_PROP=true
+ fi
+ CURLPASSWORD=$(grep ^aai.tools.password $prop_file |cut -d'=' -f2 |tr -d "\015")
+ if [ -z $CURLPASSWORD ]; then
+ echo "Property [aai.tools.password] not found in file $prop_file"
+ MISSING_PROP=true
+ fi
+fi
+
+if [ $MISSING_PROP = false ]; then
+ if [ $USEBASICAUTH = false ]; then
+ AUTHSTRING="--cert $PROJECT_HOME/resources/etc/auth/aaiClientPublicCert.pem --key $PROJECT_HOME/resources/etc/auth/aaiClientPrivateKey.pem"
+ else
+ AUTHSTRING="-u $CURLUSER:$CURLPASSWORD"
+ fi
+ if [[ $RESOURCE == *"nodes"* ]]; then
+ curl --request GET -sL -k $AUTHSTRING -H "X-FromAppId: $XFROMAPPID" -H "X-TransactionId: $XTRANSID" -H "Accept: application/xml" $RESTURL$RESOURCE -d sed 's/\r//g'
+ else
+ curl --request GET -sL -k $AUTHSTRING -H "X-FromAppId: $XFROMAPPID" -H "X-TransactionId: $XTRANSID" -H "Accept: application/json" $RESTURL$RESOURCE | jq -M '.' | sed 's/\r//g'
+ fi
+ RC=$?;
+else
+ echo "usage: $0 resource"
+ RC=-1
+fi
+
+echo `date` " Done $0, returning $RC"
+exit $RC
--- /dev/null
+#!/bin/ksh
+
+###
+# ============LICENSE_START=======================================================
+# org.onap.aai
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+COMMON_ENV_PATH=$( cd "$(dirname "$0")" ; pwd -P )
+. ${COMMON_ENV_PATH}/common_functions.sh
+
+start_date;
+check_user;
+source_profile;
+
+CERTPATH=$PROJECT_HOME/resources/etc/auth/
+KEYNAME=aaiClientPrivateKey.pem
+CERTNAME=aaiClientPublicCert.pem
+
+pw=$(execute_spring_jar org.onap.aai.util.AAIConfigCommandLinePropGetter "" "aai.keystore.passwd" 2> /dev/null | tail -1)
+openssl pkcs12 -in ${CERTPATH}/aai-client-cert.p12 -out $CERTPATH$CERTNAME -clcerts -nokeys -passin pass:$pw
+openssl pkcs12 -in ${CERTPATH}/aai-client-cert.p12 -out $CERTPATH$KEYNAME -nocerts -nodes -passin pass:$pw
+end_date;
+exit 0
@TestPropertySource(locations = "classpath:application-test.properties")
@ContextConfiguration(initializers = PropertyPasswordConfiguration.class)
@Import(SchemaServiceTestConfiguration.class)
+
@RunWith(SpringRunner.class)
public class SchemaServiceTest {
headers.add("X-TransactionId", "JUNIT");
headers.add("Authorization", "Basic " + authorization);
httpEntity = new HttpEntity(headers);
- baseUrl = "https://localhost:" + randomPort;
+ baseUrl = "http://localhost:" + randomPort;
}
@Test
assertThat(responseEntity.getStatusCodeValue(), is(200));
}
+ @Test
+ public void testInvalidSchemaAndEdges(){
+
+ headers = new HttpHeaders();
+ headers.setAccept(Collections.singletonList(MediaType.APPLICATION_XML));
+ headers.setContentType(MediaType.APPLICATION_XML);
+ headers.add("Real-Time", "true");
+ headers.add("X-FromAppId", "JUNIT");
+ headers.add("X-TransactionId", "JUNIT");
+ headers.add("Authorization", "Basic " + authorization);
+ httpEntity = new HttpEntity(headers);
+
+ ResponseEntity responseEntity;
+
+ responseEntity = restTemplate.exchange(
+ baseUrl + "/aai/schema-service/v1/nodes?version=blah",
+ HttpMethod.GET,
+ httpEntity,
+ String.class
+ );
+ System.out.println(" "+responseEntity.getBody());
+ assertThat(responseEntity.getStatusCodeValue(), is(400));
+
+ headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
+ headers.setContentType(MediaType.APPLICATION_JSON);
+ httpEntity = new HttpEntity(headers);
+
+ responseEntity = restTemplate.exchange(
+ baseUrl + "/aai/schema-service/v1/edgerules?version=blah",
+ HttpMethod.GET,
+ httpEntity,
+ String.class
+ );
+
+ assertThat(responseEntity.getStatusCodeValue(), is(400));
+ }
+
+ @Test
+ public void testVersions(){
+
+ ResponseEntity responseEntity;
+
+ responseEntity = restTemplate.exchange(
+ baseUrl + "/aai/schema-service/v1/versions",
+ HttpMethod.GET,
+ httpEntity,
+ String.class
+ );
+ assertThat(responseEntity.getStatusCodeValue(), is(200));
+
+
+ }
+
@Test
public void testGetStoredQueriesSuccess(){
@Bean
RestTemplate restTemplate(RestTemplateBuilder builder) throws Exception {
- char[] trustStorePassword = env.getProperty("server.ssl.trust-store-password").toCharArray();
- char[] keyStorePassword = env.getProperty("server.ssl.key-store-password").toCharArray();
- String keyStore = env.getProperty("server.ssl.key-store");
- String trustStore = env.getProperty("server.ssl.trust-store");
- SSLContextBuilder sslContextBuilder = SSLContextBuilder.create();
+ RestTemplate restTemplate = null;
- if(env.acceptsProfiles("two-way-ssl")){
- sslContextBuilder = sslContextBuilder.loadKeyMaterial(loadPfx(keyStore, keyStorePassword), keyStorePassword);
- }
+ if(env.acceptsProfiles("one-way-ssl", "two-way-ssl")) {
+ char[] trustStorePassword = env.getProperty("server.ssl.trust-store-password").toCharArray();
+ char[] keyStorePassword = env.getProperty("server.ssl.key-store-password").toCharArray();
+
+ String keyStore = env.getProperty("server.ssl.key-store");
+ String trustStore = env.getProperty("server.ssl.trust-store");
+ SSLContextBuilder sslContextBuilder = SSLContextBuilder.create();
+
+ if (env.acceptsProfiles("two-way-ssl")) {
+ sslContextBuilder = sslContextBuilder.loadKeyMaterial(loadPfx(keyStore, keyStorePassword), keyStorePassword);
+ }
- SSLContext sslContext = sslContextBuilder
+ SSLContext sslContext = sslContextBuilder
.loadTrustMaterial(ResourceUtils.getFile(trustStore), trustStorePassword)
.build();
- HttpClient client = HttpClients.custom()
+ HttpClient client = HttpClients.custom()
.setSSLContext(sslContext)
.setSSLHostnameVerifier((s, sslSession) -> true)
.build();
- RestTemplate restTemplate = builder
+ restTemplate = builder
.requestFactory(new HttpComponentsClientHttpRequestFactory(client))
.build();
+ }else {
+ restTemplate = builder.build();
+ }
+
restTemplate.setErrorHandler(new ResponseErrorHandler() {
@Override
jetty.threadPool.minThreads=8
#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
server.tomcat.max-idle-time=60000
+
# If you get an application startup failure that the port is already taken
# If thats not it, please check if the key-store file path makes sense
server.local.startpath=src/main/resources/
server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties
server.port=8452
+security.require-ssl=false
+server.ssl.enabled=false
# Server SSL Related Attributes
-server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore
-server.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
-server.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore
-server.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
-server.ssl.client-auth=want
-server.ssl.key-store-type=JKS
+#server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
+#server.ssl.key-store=${server.local.startpath}etc/auth/aai_keystore
+#server.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
+#server.ssl.trust-store=${server.local.startpath}etc/auth/aai_keystore
+#server.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0)
+#server.ssl.client-auth=want
+#server.ssl.key-store-type=JKS
# Schema related attributes for the oxm and edges
# Any additional schema related attributes should start with prefix schema
Code Review / aai / schema-service.git / commitdiff