Remove legacy certificate handling
[sdc.git] / catalog-be / src / main / java / org / openecomp / sdc / be / servlets / ServiceServlet.java
index 3c2b72b..2ff1288 100644 (file)
@@ -37,6 +37,7 @@ import io.swagger.v3.oas.annotations.tags.Tag;
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
+import java.io.InputStream;
 import java.lang.reflect.Type;
 import java.util.ArrayList;
 import java.util.List;
@@ -45,6 +46,7 @@ import java.util.Set;
 import javax.inject.Inject;
 import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;
+import javax.validation.constraints.NotNull;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
 import javax.ws.rs.GET;
@@ -61,13 +63,13 @@ import javax.ws.rs.core.Response;
 import org.apache.http.HttpStatus;
 import org.glassfish.jersey.media.multipart.FormDataContentDisposition;
 import org.glassfish.jersey.media.multipart.FormDataParam;
+import org.keycloak.representations.AccessToken;
 import org.openecomp.sdc.be.components.impl.ComponentInstanceBusinessLogic;
 import org.openecomp.sdc.be.components.impl.ElementBusinessLogic;
 import org.openecomp.sdc.be.components.impl.ResourceBusinessLogic;
 import org.openecomp.sdc.be.components.impl.ResourceImportManager;
 import org.openecomp.sdc.be.components.impl.ServiceBusinessLogic;
-import org.openecomp.sdc.be.components.impl.aaf.AafPermission;
-import org.openecomp.sdc.be.components.impl.aaf.PermissionAllowed;
+import org.openecomp.sdc.be.components.impl.ServiceImportBusinessLogic;
 import org.openecomp.sdc.be.components.impl.exceptions.ByResponseFormatComponentException;
 import org.openecomp.sdc.be.config.BeEcompErrorManager;
 import org.openecomp.sdc.be.dao.api.ActionStatus;
@@ -87,6 +89,7 @@ import org.openecomp.sdc.be.resources.data.auditing.AuditingActionEnum;
 import org.openecomp.sdc.be.resources.data.auditing.model.DistributionData;
 import org.openecomp.sdc.be.resources.data.auditing.model.ResourceCommonInfo;
 import org.openecomp.sdc.be.servlets.ServiceUploadServlet.ServiceAuthorityTypeEnum;
+import org.openecomp.sdc.be.user.UserBusinessLogic;
 import org.openecomp.sdc.common.api.Constants;
 import org.openecomp.sdc.common.datastructure.Wrapper;
 import org.openecomp.sdc.common.log.elements.LoggerSupportability;
@@ -97,7 +100,7 @@ import org.openecomp.sdc.common.util.Multitenancy;
 import org.openecomp.sdc.common.zip.exception.ZipException;
 import org.openecomp.sdc.exception.ResponseFormat;
 import org.springframework.stereotype.Controller;
-import org.keycloak.representations.AccessToken;
+
 @Loggable(prepend = true, value = Loggable.DEBUG, trim = false)
 @Path("/v1/catalog")
 @Server(url = "/sdc2/rest")
@@ -110,14 +113,16 @@ public class ServiceServlet extends AbstractValidationsServlet {
     private static final String MODIFIER_ID_IS = "modifier id is {}";
     private final ElementBusinessLogic elementBusinessLogic;
     private final ServiceBusinessLogic serviceBusinessLogic;
+    private final UserBusinessLogic userBusinessLogic;
 
     @Inject
     public ServiceServlet(ComponentInstanceBusinessLogic componentInstanceBL, ComponentsUtils componentsUtils,
                           ServletUtils servletUtils, ResourceImportManager resourceImportManager, ServiceBusinessLogic serviceBusinessLogic,
-                          ResourceBusinessLogic resourceBusinessLogic, ElementBusinessLogic elementBusinessLogic) {
+                          ResourceBusinessLogic resourceBusinessLogic, ElementBusinessLogic elementBusinessLogic, UserBusinessLogic userBusinessLogic) {
         super(componentInstanceBL, componentsUtils, servletUtils, resourceImportManager);
         this.serviceBusinessLogic = serviceBusinessLogic;
         this.elementBusinessLogic = elementBusinessLogic;
+        this.userBusinessLogic = userBusinessLogic;
     }
 
     @POST
@@ -126,12 +131,11 @@ public class ServiceServlet extends AbstractValidationsServlet {
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(description = "Create Service", method = "POST", summary = "Returns created service", responses = {
-        @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Service.class)))),
-        @ApiResponse(responseCode = "201", description = "Service created"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
-        @ApiResponse(responseCode = "400", description = "Invalid content / Missing content"),
-        @ApiResponse(responseCode = "409", description = "Service already exist"),
+            @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Service.class)))),
+            @ApiResponse(responseCode = "201", description = "Service created"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
+            @ApiResponse(responseCode = "400", description = "Invalid content / Missing content"),
+            @ApiResponse(responseCode = "409", description = "Service already exist"),
             @ApiResponse(responseCode = "401", description = "Unauthorized Tenant")})
-    @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
     public Response createService(@Parameter(description = "Service object to be created", required = true) String data,
                                   @Context final HttpServletRequest request, @HeaderParam(value = Constants.USER_ID_HEADER) String userId) {
         String url = request.getMethod() + " " + request.getRequestURI();
@@ -177,7 +181,7 @@ public class ServiceServlet extends AbstractValidationsServlet {
 
     public Either<Service, ResponseFormat> parseToService(String serviceJson, User user) {
         return getComponentsUtils()
-            .convertJsonToObjectUsingObjectMapper(serviceJson, user, Service.class, AuditingActionEnum.CREATE_RESOURCE, ComponentTypeEnum.SERVICE);
+                .convertJsonToObjectUsingObjectMapper(serviceJson, user, Service.class, AuditingActionEnum.CREATE_SERVICE, ComponentTypeEnum.SERVICE);
     }
 
     @GET
@@ -186,9 +190,8 @@ public class ServiceServlet extends AbstractValidationsServlet {
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(description = "validate service name", method = "GET", summary = "checks if the chosen service name is available ", responses = {
-        @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Response.class)))),
-        @ApiResponse(responseCode = "200", description = "Service found"), @ApiResponse(responseCode = "403", description = "Restricted operation")})
-    @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
+            @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Response.class)))),
+            @ApiResponse(responseCode = "200", description = "Service found"), @ApiResponse(responseCode = "403", description = "Restricted operation")})
     public Response validateServiceName(@PathParam("serviceName") final String serviceName, @Context final HttpServletRequest request,
                                         @HeaderParam(value = Constants.USER_ID_HEADER) String userId) {
         String url = request.getMethod() + " " + request.getRequestURI();
@@ -214,9 +217,8 @@ public class ServiceServlet extends AbstractValidationsServlet {
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(description = "get component audit records", method = "GET", summary = "get audit records for a service or a resource", responses = {
-        @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Response.class)))),
-        @ApiResponse(responseCode = "200", description = "Service found"), @ApiResponse(responseCode = "403", description = "Restricted operation")})
-    @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
+            @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Response.class)))),
+            @ApiResponse(responseCode = "200", description = "Service found"), @ApiResponse(responseCode = "403", description = "Restricted operation")})
     public Response getComponentAuditRecords(@PathParam("componentType") final String componentType,
                                              @PathParam("componentUniqueId") final String componentUniqueId,
                                              @Context final HttpServletRequest request,
@@ -234,11 +236,11 @@ public class ServiceServlet extends AbstractValidationsServlet {
             validateUserExist(responseWrapper, userWrapper, userId);
             if (responseWrapper.isEmpty()) {
                 fillUUIDAndVersion(responseWrapper, uuidWrapper, versionWrapper, userWrapper.getInnerElement(), validateComponentType(componentType),
-                    componentUniqueId, context);
+                        componentUniqueId, context);
             }
             if (responseWrapper.isEmpty()) {
                 Either<List<Map<String, Object>>, ResponseFormat> eitherServiceAudit = serviceBusinessLogic
-                    .getComponentAuditRecords(versionWrapper.getInnerElement(), uuidWrapper.getInnerElement(), userId);
+                        .getComponentAuditRecords(versionWrapper.getInnerElement(), uuidWrapper.getInnerElement(), userId);
                 if (eitherServiceAudit.isRight()) {
                     Response errorResponse = buildErrorResponse(eitherServiceAudit.right().value());
                     responseWrapper.setInnerElement(errorResponse);
@@ -281,15 +283,14 @@ public class ServiceServlet extends AbstractValidationsServlet {
     @Path("/services/{serviceId}")
     @Tag(name = "SDCE-2 APIs")
     @Operation(description = "Delete Service", method = "DELETE", summary = "Return no content", responses = {
-        @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Service.class)))),
-        @ApiResponse(responseCode = "204", description = "Service deleted"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
-        @ApiResponse(responseCode = "400", description = "Invalid content / Missing content"),
-        @ApiResponse(responseCode = "404", description = "Service not found")})
-    @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
+            @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Service.class)))),
+            @ApiResponse(responseCode = "204", description = "Service deleted"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
+            @ApiResponse(responseCode = "400", description = "Invalid content / Missing content"),
+            @ApiResponse(responseCode = "404", description = "Service not found")})
     public Response deleteService(@PathParam("serviceId") final String serviceId,
                                   @Parameter(description = "Optional parameter to determine the delete action: " +
-                                      "DELETE, which will permanently delete theService from the system or " +
-                                      "MARK_AS_DELETE, which will logically mark the service as deleted. Default action is to MARK_AS_DELETE")
+                                          "DELETE, which will permanently delete theService from the system or " +
+                                          "MARK_AS_DELETE, which will logically mark the service as deleted. Default action is to MARK_AS_DELETE")
                                   @QueryParam("deleteAction") final Action deleteAction,
                                   @Context final HttpServletRequest request) {
         ServletContext context = request.getSession().getServletContext();
@@ -302,8 +303,8 @@ public class ServiceServlet extends AbstractValidationsServlet {
         try {
             String serviceIdLower = serviceId.toLowerCase();
             loggerSupportability
-                .log(LoggerSupportabilityActions.DELETE_SERVICE, StatusCode.STARTED, "Starting to delete service {} by user {} ", serviceIdLower,
-                    userId);
+                    .log(LoggerSupportabilityActions.DELETE_SERVICE, StatusCode.STARTED, "Starting to delete service {} by user {} ", serviceIdLower,
+                            userId);
             ServiceBusinessLogic businessLogic = getServiceBL(context);
             ResponseFormat actionResponse;
             if (Action.DELETE.equals(deleteAction)) {
@@ -317,7 +318,7 @@ public class ServiceServlet extends AbstractValidationsServlet {
                 return buildErrorResponse(actionResponse);
             }
             loggerSupportability
-                .log(LoggerSupportabilityActions.DELETE_SERVICE, StatusCode.COMPLETE, "Ended deleting service {} by user {}", serviceIdLower, userId);
+                    .log(LoggerSupportabilityActions.DELETE_SERVICE, StatusCode.COMPLETE, "Ended deleting service {} by user {}", serviceIdLower, userId);
             return buildOkResponse(getComponentsUtils().getResponseFormat(ActionStatus.NO_CONTENT), null);
         } catch (Exception e) {
             BeEcompErrorManager.getInstance().logBeRestApiGeneralError("Delete Service");
@@ -330,11 +331,10 @@ public class ServiceServlet extends AbstractValidationsServlet {
     @Path("/services/{serviceName}/{version}")
     @Tag(name = "SDCE-2 APIs")
     @Operation(description = "Delete Service By Name And Version", method = "DELETE", summary = "Returns no content", responses = {
-        @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Resource.class)))),
-        @ApiResponse(responseCode = "204", description = "Service deleted"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
-        @ApiResponse(responseCode = "400", description = "Invalid content / Missing content"),
-        @ApiResponse(responseCode = "404", description = "Service not found")})
-    @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
+            @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Resource.class)))),
+            @ApiResponse(responseCode = "204", description = "Service deleted"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
+            @ApiResponse(responseCode = "400", description = "Invalid content / Missing content"),
+            @ApiResponse(responseCode = "404", description = "Service not found")})
     public Response deleteServiceByNameAndVersion(@PathParam("serviceName") final String serviceName, @PathParam("version") final String version,
                                                   @Context final HttpServletRequest request) {
         User modifier = getUser(request);
@@ -357,9 +357,8 @@ public class ServiceServlet extends AbstractValidationsServlet {
         log.debug(START_HANDLE_REQUEST_OF, url);
         // get modifier id
         String userId = request.getHeader(Constants.USER_ID_HEADER);
-        User modifier = new User(userId);
         log.debug(MODIFIER_ID_IS, userId);
-        return modifier;
+        return userBusinessLogic.getUser(userId);
     }
 
     @PUT
@@ -368,14 +367,13 @@ public class ServiceServlet extends AbstractValidationsServlet {
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(description = "Update Service Metadata", method = "PUT", summary = "Returns updated service", responses = {
-        @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Service.class)))),
-        @ApiResponse(responseCode = "200", description = "Service Updated"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
-        @ApiResponse(responseCode = "400", description = "Invalid content / Missing content")})
-    @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
+            @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Service.class)))),
+            @ApiResponse(responseCode = "200", description = "Service Updated"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
+            @ApiResponse(responseCode = "400", description = "Invalid content / Missing content")})
     public Response updateServiceMetadata(@PathParam("serviceId") final String serviceId,
                                           @Parameter(description = "Service object to be Updated", required = true) String data,
                                           @Context final HttpServletRequest request, @HeaderParam(value = Constants.USER_ID_HEADER) String userId)
-        throws IOException {
+            throws IOException {
         String url = request.getMethod() + " " + request.getRequestURI();
         log.debug(START_HANDLE_REQUEST_OF, url);
         User modifier = new User(userId);
@@ -421,11 +419,10 @@ public class ServiceServlet extends AbstractValidationsServlet {
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(description = "Update Group Instance Property Values", method = "PUT", summary = "Returns updated group instance", responses = {
-        @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Service.class)))),
-        @ApiResponse(responseCode = "200", description = "Group Instance Property Values Updated"),
-        @ApiResponse(responseCode = "403", description = "Restricted operation"),
-        @ApiResponse(responseCode = "400", description = "Invalid content / Missing content")})
-    @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
+            @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Service.class)))),
+            @ApiResponse(responseCode = "200", description = "Group Instance Property Values Updated"),
+            @ApiResponse(responseCode = "403", description = "Restricted operation"),
+            @ApiResponse(responseCode = "400", description = "Invalid content / Missing content")})
     public Response updateGroupInstancePropertyValues(@PathParam("serviceId") final String serviceId,
                                                       @PathParam("componentInstanceId") final String componentInstanceId,
                                                       @PathParam("groupInstanceId") final String groupInstanceId,
@@ -448,7 +445,7 @@ public class ServiceServlet extends AbstractValidationsServlet {
             if (actionResponse == null) {
                 log.debug("Start handle update group instance property values request. Received group instance is {}", groupInstanceId);
                 actionResponse = serviceBusinessLogic
-                    .updateGroupInstancePropertyValues(modifier, serviceId, componentInstanceId, groupInstanceId, newProperties);
+                        .updateGroupInstancePropertyValues(modifier, serviceId, componentInstanceId, groupInstanceId, newProperties);
                 if (actionResponse.isRight()) {
                     actionResponse = Either.right(actionResponse.right().value());
                 }
@@ -473,10 +470,9 @@ public class ServiceServlet extends AbstractValidationsServlet {
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(description = "Retrieve Service", method = "GET", summary = "Returns service according to serviceId", responses = {
-        @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Service.class)))),
-        @ApiResponse(responseCode = "200", description = "Service found"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
-        @ApiResponse(responseCode = "404", description = "Service not found")})
-    @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
+            @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Service.class)))),
+            @ApiResponse(responseCode = "200", description = "Service found"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
+            @ApiResponse(responseCode = "404", description = "Service not found")})
     public Response getServiceById(@PathParam("serviceId") final String serviceId, @Context final HttpServletRequest request,
                                    @HeaderParam(value = Constants.USER_ID_HEADER) String userId) throws IOException {
         String url = request.getMethod() + " " + request.getRequestURI();
@@ -508,10 +504,9 @@ public class ServiceServlet extends AbstractValidationsServlet {
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(description = "Retrieve Service", method = "GET", summary = "Returns service according to name and version", responses = {
-        @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Service.class)))),
-        @ApiResponse(responseCode = "200", description = "Service found"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
-        @ApiResponse(responseCode = "404", description = "Service not found")})
-    @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
+            @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Service.class)))),
+            @ApiResponse(responseCode = "200", description = "Service found"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
+            @ApiResponse(responseCode = "404", description = "Service not found")})
     public Response getServiceByNameAndVersion(@PathParam("serviceName") final String serviceName,
                                                @PathParam("serviceVersion") final String serviceVersion, @Context final HttpServletRequest request,
                                                @HeaderParam(value = Constants.USER_ID_HEADER) String userId) throws IOException {
@@ -538,14 +533,13 @@ public class ServiceServlet extends AbstractValidationsServlet {
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(description = "Activate distribution", method = "POST", summary = "activate distribution", responses = {
-        @ApiResponse(responseCode = "200", description = "OK"),
-        @ApiResponse(responseCode = "409", description = "Service cannot be distributed due to missing deployment artifacts"),
-        @ApiResponse(responseCode = "404", description = "Requested service was not found"),
-        @ApiResponse(responseCode = "500", description = "Internal Server Error. Please try again later.")})
-    @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
+            @ApiResponse(responseCode = "200", description = "OK"),
+            @ApiResponse(responseCode = "409", description = "Service cannot be distributed due to missing deployment artifacts"),
+            @ApiResponse(responseCode = "404", description = "Requested service was not found"),
+            @ApiResponse(responseCode = "500", description = "Internal Server Error. Please try again later.")})
     public Response activateDistribution(@PathParam("serviceId") final String serviceId, @PathParam("env") final String env,
                                          @Context final HttpServletRequest request, @HeaderParam(value = Constants.USER_ID_HEADER) String userId)
-        throws IOException {
+            throws IOException {
         String url = request.getMethod() + " " + request.getRequestURI();
         log.debug(START_HANDLE_REQUEST_OF, url);
         User modifier = new User(userId);
@@ -573,13 +567,12 @@ public class ServiceServlet extends AbstractValidationsServlet {
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(description = "Mark distribution as deployed", method = "POST", summary = "relevant audit record will be created", responses = {
-        @ApiResponse(responseCode = "200", description = "Service was marked as deployed"),
-        @ApiResponse(responseCode = "409", description = "Restricted operation"),
-        @ApiResponse(responseCode = "403", description = "Service is not available"),
-        @ApiResponse(responseCode = "400", description = "Invalid content / Missing content"),
-        @ApiResponse(responseCode = "404", description = "Requested service was not found"),
-        @ApiResponse(responseCode = "500", description = "Internal Server Error. Please try again later.")})
-    @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
+            @ApiResponse(responseCode = "200", description = "Service was marked as deployed"),
+            @ApiResponse(responseCode = "409", description = "Restricted operation"),
+            @ApiResponse(responseCode = "403", description = "Service is not available"),
+            @ApiResponse(responseCode = "400", description = "Invalid content / Missing content"),
+            @ApiResponse(responseCode = "404", description = "Requested service was not found"),
+            @ApiResponse(responseCode = "500", description = "Internal Server Error. Please try again later.")})
     public Response markDistributionAsDeployed(@PathParam("serviceId") final String serviceId, @PathParam("did") final String did,
                                                @Context final HttpServletRequest request,
                                                @HeaderParam(value = Constants.USER_ID_HEADER) String userId) throws IOException {
@@ -609,8 +602,7 @@ public class ServiceServlet extends AbstractValidationsServlet {
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(responses = {@ApiResponse(responseCode = "200", description = "OK"),
-        @ApiResponse(responseCode = "500", description = "Internal Server Error. Please try again later.")})
-    @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
+            @ApiResponse(responseCode = "500", description = "Internal Server Error. Please try again later.")})
     public Response tempUrlToBeDeleted(@PathParam("serviceId") final String serviceId, @Context final HttpServletRequest request,
                                        @HeaderParam(value = Constants.USER_ID_HEADER) String userId) {
         String url = request.getMethod() + " " + request.getRequestURI();
@@ -620,7 +612,7 @@ public class ServiceServlet extends AbstractValidationsServlet {
         try {
             Service service = (serviceBusinessLogic.getService(serviceId, modifier)).left().value();
             Either<Service, ResponseFormat> res = serviceBusinessLogic
-                .updateDistributionStatusForActivation(service, modifier, DistributionStatusEnum.DISTRIBUTED);
+                    .updateDistributionStatusForActivation(service, modifier, DistributionStatusEnum.DISTRIBUTED);
             if (res.isRight()) {
                 buildErrorResponse(getComponentsUtils().getResponseFormat(ActionStatus.GENERAL_ERROR));
             }
@@ -638,10 +630,9 @@ public class ServiceServlet extends AbstractValidationsServlet {
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(description = "Retrieve Service component relations map", method = "GET", summary = "Returns service components relations", responses = {
-        @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = ServiceRelations.class)))),
-        @ApiResponse(responseCode = "200", description = "Service found"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
-        @ApiResponse(responseCode = "404", description = "Service not found")})
-    @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
+            @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = ServiceRelations.class)))),
+            @ApiResponse(responseCode = "200", description = "Service found"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
+            @ApiResponse(responseCode = "404", description = "Service not found")})
     public Response getServiceComponentRelationMap(@PathParam("serviceId") final String serviceId, @Context final HttpServletRequest request,
                                                    @HeaderParam(value = Constants.USER_ID_HEADER) String userId) throws IOException {
         String url = request.getMethod() + " " + request.getRequestURI();
@@ -673,9 +664,9 @@ public class ServiceServlet extends AbstractValidationsServlet {
     @Consumes(MediaType.APPLICATION_JSON)
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(description = "Import Service", method = "POST", summary = "Returns imported service", responses = {
-        @ApiResponse(responseCode = "201", description = "Service created"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
-        @ApiResponse(responseCode = "400", description = "Invalid content / Missing content"),
-        @ApiResponse(responseCode = "409", description = "Service already exist")})
+            @ApiResponse(responseCode = "201", description = "Service created"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
+            @ApiResponse(responseCode = "400", description = "Invalid content / Missing content"),
+            @ApiResponse(responseCode = "409", description = "Service already exist")})
     public Response importNsService(@Parameter(description = "Service object to be imported", required = true) String data,
                                     @Context final HttpServletRequest request, @HeaderParam(value = Constants.USER_ID_HEADER) String userId) {
         userId = (userId != null) ? userId : request.getHeader(Constants.USER_ID_HEADER);
@@ -702,7 +693,7 @@ public class ServiceServlet extends AbstractValidationsServlet {
         ServiceAuthorityTypeEnum serviceAuthorityTypeEnum = ServiceAuthorityTypeEnum.USER_TYPE_UI;
         commonServiceGeneralValidations(responseWrapper, userWrapper, uploadServiceInfoWrapper, serviceAuthorityTypeEnum, userId, data);
         specificServiceAuthorityValidations(responseWrapper, uploadServiceInfoWrapper, yamlStringWrapper, request,
-            data, serviceAuthorityTypeEnum);
+                data, serviceAuthorityTypeEnum);
         if (responseWrapper.isEmpty()) {
             handleImportService(responseWrapper, userWrapper.getInnerElement(), uploadServiceInfoWrapper.getInnerElement());
         }
@@ -729,20 +720,19 @@ public class ServiceServlet extends AbstractValidationsServlet {
     @Tag(name = "SDCE-2 APIs")
     @Produces(MediaType.APPLICATION_JSON)
     @Operation(description = "Import Service", method = "POST", summary = "Returns imported service", responses = {
-        @ApiResponse(responseCode = "201", description = "Service created"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
-        @ApiResponse(responseCode = "400", description = "Invalid content / Missing content"),
-        @ApiResponse(responseCode = "409", description = "Service already exist")})
-    @PermissionAllowed(AafPermission.PermNames.INTERNAL_ALL_VALUE)
+            @ApiResponse(responseCode = "201", description = "Service created"), @ApiResponse(responseCode = "403", description = "Restricted operation"),
+            @ApiResponse(responseCode = "400", description = "Invalid content / Missing content"),
+            @ApiResponse(responseCode = "409", description = "Service already exist")})
     public Response importReplaceService(
-        @Parameter(description = "The user id", required = true) @HeaderParam(value = Constants.USER_ID_HEADER) String userId,
-        @Parameter(description = "X-ECOMP-RequestID header", required = false) @HeaderParam(value = Constants.X_ECOMP_REQUEST_ID_HEADER) String requestId,
-        @Parameter(description = "X-ECOMP-InstanceID header", required = true) @HeaderParam(value = Constants.X_ECOMP_INSTANCE_ID_HEADER) final String instanceIdHeader,
-        @Parameter(description = "Determines the format of the body of the response", required = false) @HeaderParam(value = Constants.ACCEPT_HEADER) String accept,
-        @Parameter(description = "The username and password", required = true) @HeaderParam(value = Constants.AUTHORIZATION_HEADER) String authorization,
-        @Context final HttpServletRequest request, @Parameter(description = "FileInputStream") @FormDataParam("serviceZip") File file,
-        @Parameter(description = "ContentDisposition") @FormDataParam("serviceZip") FormDataContentDisposition contentDispositionHeader,
-        @Parameter(description = "serviceMetadata") @FormDataParam("serviceZipMetadata") String serviceInfoJsonString,
-        @Parameter(description = "The requested asset uuid", required = true) @PathParam("uuid") final String uuid) {
+            @Parameter(description = "The user id", required = true) @HeaderParam(value = Constants.USER_ID_HEADER) String userId,
+            @Parameter(description = "X-ECOMP-RequestID header", required = false) @HeaderParam(value = Constants.X_ECOMP_REQUEST_ID_HEADER) String requestId,
+            @Parameter(description = "X-ECOMP-InstanceID header", required = true) @HeaderParam(value = Constants.X_ECOMP_INSTANCE_ID_HEADER) final String instanceIdHeader,
+            @Parameter(description = "Determines the format of the body of the response", required = false) @HeaderParam(value = Constants.ACCEPT_HEADER) String accept,
+            @Parameter(description = "The username and password", required = true) @HeaderParam(value = Constants.AUTHORIZATION_HEADER) String authorization,
+            @Context final HttpServletRequest request, @Parameter(description = "FileInputStream") @FormDataParam("serviceZip") File file,
+            @Parameter(description = "ContentDisposition") @FormDataParam("serviceZip") FormDataContentDisposition contentDispositionHeader,
+            @Parameter(description = "serviceMetadata") @FormDataParam("serviceZipMetadata") String serviceInfoJsonString,
+            @Parameter(description = "The requested asset uuid", required = true) @PathParam("uuid") final String uuid) {
         initSpringFromContext();
         String requestURI = request.getRequestURI();
         String url = request.getMethod() + " " + requestURI;
@@ -755,7 +745,7 @@ public class ServiceServlet extends AbstractValidationsServlet {
         AuditingActionEnum auditingActionEnum = AuditingActionEnum.Import_Replace_Service;
         String assetType = "services";
         Either<List<? extends Component>, ResponseFormat> assetTypeData = elementBusinessLogic
-            .getCatalogComponentsByUuidAndAssetType(assetType, uuid);
+                .getCatalogComponentsByUuidAndAssetType(assetType, uuid);
         if (assetTypeData.isRight() || assetTypeData.left().value().size() != 1) {
             log.debug("getServiceAbstractStatus: Service Fetching Failed");
             throw new ByResponseFormatComponentException(assetTypeData.right().value());
@@ -781,14 +771,14 @@ public class ServiceServlet extends AbstractValidationsServlet {
             ServiceUploadServlet.ServiceAuthorityTypeEnum serviceAuthorityEnum = ServiceUploadServlet.ServiceAuthorityTypeEnum.CSAR_TYPE_BE;
             // PayLoad Validations
             commonServiceGeneralValidations(responseWrapper, userWrapper, uploadServiceInfoWrapper, serviceAuthorityEnum, userId,
-                serviceInfoJsonString);
+                    serviceInfoJsonString);
             fillServicePayload(responseWrapper, uploadServiceInfoWrapper, yamlStringWrapper, modifier, serviceInfoJsonString, serviceAuthorityEnum,
-                file);
+                    file);
             specificServiceAuthorityValidations(responseWrapper, uploadServiceInfoWrapper, yamlStringWrapper, request,
-                serviceInfoJsonString, serviceAuthorityEnum);
+                    serviceInfoJsonString, serviceAuthorityEnum);
             log.debug("importReplaceService:get payload:{}", uploadServiceInfoWrapper.getInnerElement().getPayloadData());
             ServiceMetadataDataDefinition serviceMetadataDataDefinition = (ServiceMetadataDataDefinition) oldService.getComponentMetadataDefinition()
-                .getMetadataDataDefinition();
+                    .getMetadataDataDefinition();
             uploadServiceInfoWrapper.getInnerElement().setServiceVendorModelNumber(serviceMetadataDataDefinition.getServiceVendorModelNumber());
             uploadServiceInfoWrapper.getInnerElement().setDescription(oldService.getDescription());
             uploadServiceInfoWrapper.getInnerElement().setCategories(oldService.getCategories());
@@ -806,5 +796,62 @@ public class ServiceServlet extends AbstractValidationsServlet {
         }
     }
 
+
+    @PUT
+    @Path("/services/{serviceId}/toscaTemplate")
+    @Tag(name = "SDCE-2 APIs")
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Operation(description = "Update service by tosca template import", method = "PUT", summary = "Returns updated service",
+            responses = {
+                    @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Service.class)))),
+                    @ApiResponse(responseCode = "200", description = "Service Updated"),
+                    @ApiResponse(responseCode = "403", description = "Restricted operation"),
+                    @ApiResponse(responseCode = "400", description = "Invalid content / Missing content")})
+    public Response importToscaTemplate(@PathParam("serviceId") final String serviceId,
+                                        @Parameter(description = "Service object to be Updated", required = true) final String data,
+                                        @Context final HttpServletRequest request,
+                                        @HeaderParam(value = Constants.USER_ID_HEADER) final String userId) throws IOException {
+        initSpringFromContext();
+        final User modifier = getUser(request);
+        try {
+            final ServiceImportBusinessLogic serviceImportBusinessLogic = serviceImportManager.getServiceImportBusinessLogic();
+            final Service updatedService = serviceImportBusinessLogic.updateServiceFromToscaTemplate(serviceId, modifier, data);
+            return buildOkResponse(getComponentsUtils().getResponseFormat(ActionStatus.OK), RepresentationUtils.toRepresentation(updatedService));
+        } catch (Exception e) {
+            BeEcompErrorManager.getInstance().logBeRestApiGeneralError("Update Service Metadata");
+            log.error("update service metadata failed with exception", e);
+            throw e;
+        }
+    }
+
+    @PUT
+    @Path("/services/{serviceId}/toscaModel")
+    @Tag(name = "SDCE-2 APIs")
+    @Consumes(MediaType.MULTIPART_FORM_DATA)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Operation(description = "Update service by tosca template model", method = "PUT", summary = "Returns updated service",
+            responses = {
+                    @ApiResponse(content = @Content(array = @ArraySchema(schema = @Schema(implementation = Service.class)))),
+                    @ApiResponse(responseCode = "200", description = "Service Updated"),
+                    @ApiResponse(responseCode = "403", description = "Restricted operation"),
+                    @ApiResponse(responseCode = "400", description = "Invalid content / Missing content")})
+    public Response importToscaModel(@PathParam("serviceId") final String serviceId,
+                                     @NotNull @FormDataParam("upload") final InputStream fileToUpload,
+                                     @Context final HttpServletRequest request,
+                                     @HeaderParam(value = Constants.USER_ID_HEADER) final String userId) throws IOException {
+        initSpringFromContext();
+        final User modifier = getUser(request);
+        try {
+            final ServiceImportBusinessLogic serviceImportBusinessLogic = serviceImportManager.getServiceImportBusinessLogic();
+            final Service updatedService = serviceImportBusinessLogic.updateServiceFromToscaModel(serviceId, modifier, fileToUpload);
+            return buildOkResponse(getComponentsUtils().getResponseFormat(ActionStatus.OK), RepresentationUtils.toRepresentation(updatedService));
+        } catch (Exception e) {
+            BeEcompErrorManager.getInstance().logBeRestApiGeneralError("Update Service Metadata");
+            log.error("update service metadata failed with exception", e);
+            throw e;
+        }
+    }
+
     public enum Action {DELETE, MARK_AS_DELETE}
 }