<artifactId>spring-boot-starter-web</artifactId>
<version>${spring.boot.version}</version>
<scope>provided</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-tomcat</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-jetty</artifactId>
+ <version>${spring.boot.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-security</artifactId>
+ <version>${spring.boot.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
*/
package org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.onap.direct.notification;
-import com.google.common.base.Splitter;
import org.onap.aai.domain.yang.v11.RelationshipList;
import org.onap.aai.domain.yang.v11.Vnfc;
import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.onap.direct.AAIRestApiProvider;
import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.spring.Conditions;
-import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.util.CbamUtils;
import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.vnfm.CbamRestApiProvider;
import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.vnfm.DriverProperties;
import org.slf4j.Logger;
super(aaiRestApiProvider, cbamRestApiProvider, driverProperties);
}
+ /**
+ * @param vnfId the identifier of the VNF
+ * @param cbamVnfcId the identifier of the VNFC in CBAM
+ * @return the URL of the VNFC
+ */
public static String buildUrl(String vnfId, String cbamVnfcId) {
return format("/vnfcs/vnfc/%s", buildId(vnfId, cbamVnfcId));
}
- public static String getCbamVnfcId(String vnfcId) {
- String vnfId = Splitter.on(CbamUtils.SEPARATOR).split(vnfcId).iterator().next();
- return vnfcId.replaceFirst(vnfId + SEPARATOR, "");
- }
-
private static String buildId(String vnfId, String cbamVnfcId) {
return vnfId + SEPARATOR + cbamVnfcId;
}
StringBuilder body = new StringBuilder();
for (Map.Entry<String, JsonElement> node : nodeTemplates) {
String type = childElement(node.getValue().getAsJsonObject(), "type").getAsString();
- switch (type) {
- case "tosca.nodes.nfv.VDU":
- body.append(buildVdu(node.getKey(), node.getValue().getAsJsonObject(), nodeTemplates));
- break;
- case "tosca.nodes.nfv.VirtualStorage":
- body.append(buildVolume(node.getKey(), node.getValue().getAsJsonObject()));
- break;
- case "tosca.nodes.nfv.VL":
- body.append(buildVl(node.getKey()));
- break;
- case "tosca.nodes.nfv.ICP":
- body.append(buildIcp(node.getKey(), node.getValue().getAsJsonObject()));
- break;
- case "tosca.nodes.nfv.ECP":
- body.append(buildEcp(node.getKey(), node.getValue(), nodeTemplates));
- break;
- default:
- logger.warn("The {} type is not converted", type);
+ if ("tosca.nodes.nfv.VDU".equals(type)) {
+ body.append(buildVdu(node.getKey(), node.getValue().getAsJsonObject(), nodeTemplates));
+ } else if ("tosca.nodes.nfv.VirtualStorage".equals(type)) {
+ body.append(buildVolume(node.getKey(), node.getValue().getAsJsonObject()));
+ } else if ("tosca.nodes.nfv.VL".equals(type)) {
+ body.append(buildVl(node.getKey()));
+ } else if ("tosca.nodes.nfv.ICP".equals(type)) {
+ body.append(buildIcp(node.getKey(), node.getValue().getAsJsonObject()));
+ } else if ("tosca.nodes.nfv.ECP".equals(type)) {
+ body.append(buildEcp(node.getKey(), node.getValue(), nodeTemplates));
+ } else {
+ logger.warn("The {} type is not converted", type);
}
}
return buildHeader(topologyTemplate) + body.toString();
--- /dev/null
+/*
+ * Copyright 2016-2017, Nokia Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.spring;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+/**
+ * Responsible for initializing the Spring security
+ */
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+
+ /**
+ * Does not configure security, but solves the https://pivotal.io/security/cve-2017-4995
+ * "The fix ensures that by default only explicitly mapped classes will be deserialized.
+ * The effect of using explicitly mapped classes is to create a whitelist which works with all
+ * supported versions of Jackson. If users explicitly opt into global default typing, the previous
+ * potentially dangerous configuration is restored."
+ *
+ * @param http the security configuration
+ */
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http
+ .authorizeRequests()
+ .anyRequest()
+ .permitAll();
+ }
+
+}
} catch (Exception e) {
throw buildFatalFailure(logger, "The trustedCertificates must be a base64 encoded collection of PEM certificates", e);
}
- if (trustedPems.size() == 0) {
+ if (trustedPems.isEmpty()) {
throw buildFatalFailure(logger, "No certificate can be extracted from " + content);
}
try {
logOperationInput(vnfId, "termination", request);
return scheduleExecution(vnfId, httpResponse, "terminate", jobInfo -> {
TerminateVnfRequest cbamRequest = new TerminateVnfRequest();
- //cbamRequest.setAdditionalParams(jobInfo);
if (request.getTerminationType() == null) {
cbamRequest.setTerminationType(TerminationType.FORCEFUL);
} else {
*/
public JobInfo scaleVnf(String vnfmId, String vnfId, VnfScaleRequest request, HttpServletResponse httpResponse) {
logOperationInput(vnfId, SCALE_OPERATION_NAME, request);
- return scheduleExecution(vnfId, httpResponse, SCALE_OPERATION_NAME, new AsynchronousExecution() {
- @Override
- public void execute(JobInfo jobInfo) {
- ScaleVnfRequest cbamRequest = new ScaleVnfRequest();
- cbamRequest.setAspectId(request.getAspectId());
- cbamRequest.setNumberOfSteps(Integer.valueOf(request.getNumberOfSteps()));
- cbamRequest.setType(convert(request.getType()));
- com.nokia.cbam.lcm.v32.model.VnfInfo vnf = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdGet(vnfId, NOKIA_LCM_API_VERSION).blockingFirst();
- JsonObject root = new Gson().toJsonTree(jobInfo).getAsJsonObject();
- com.nokia.cbam.lcm.v32.model.VnfInfo cbamVnfInfo = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdGet(vnfId, NOKIA_LCM_API_VERSION).blockingFirst();
- String vnfdContent = catalogManager.getCbamVnfdContent(vnfmId, cbamVnfInfo.getVnfdId());
- Set<Map.Entry<String, JsonElement>> acceptableOperationParameters = getAcceptableOperationParameters(vnfdContent, "Basic", SCALE_OPERATION_NAME);
- buildAdditionalParameters(request, root, acceptableOperationParameters);
- cbamRequest.setAdditionalParams(root);
- grantManager.requestGrantForScale(vnfmId, vnfId, getVimIdFromInstantiationRequest(vnfmId, vnf), getVnfdIdFromModifyableAttributes(vnf), request, jobInfo.getJobId());
- OperationExecution operationExecution = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdScalePost(vnfId, cbamRequest, NOKIA_LCM_API_VERSION).blockingFirst();
- waitForOperationToFinish(vnfmId, vnfId, operationExecution.getId());
- }
+ return scheduleExecution(vnfId, httpResponse, SCALE_OPERATION_NAME, jobInfo -> {
+ ScaleVnfRequest cbamRequest = new ScaleVnfRequest();
+ cbamRequest.setAspectId(request.getAspectId());
+ cbamRequest.setNumberOfSteps(Integer.valueOf(request.getNumberOfSteps()));
+ cbamRequest.setType(convert(request.getType()));
+ com.nokia.cbam.lcm.v32.model.VnfInfo vnf = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdGet(vnfId, NOKIA_LCM_API_VERSION).blockingFirst();
+ JsonObject root = new Gson().toJsonTree(jobInfo).getAsJsonObject();
+ com.nokia.cbam.lcm.v32.model.VnfInfo cbamVnfInfo = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdGet(vnfId, NOKIA_LCM_API_VERSION).blockingFirst();
+ String vnfdContent = catalogManager.getCbamVnfdContent(vnfmId, cbamVnfInfo.getVnfdId());
+ Set<Map.Entry<String, JsonElement>> acceptableOperationParameters = getAcceptableOperationParameters(vnfdContent, "Basic", SCALE_OPERATION_NAME);
+ buildAdditionalParameters(request, root, acceptableOperationParameters);
+ cbamRequest.setAdditionalParams(root);
+ grantManager.requestGrantForScale(vnfmId, vnfId, getVimIdFromInstantiationRequest(vnfmId, vnf), getVnfdIdFromModifyableAttributes(vnf), request, jobInfo.getJobId());
+ OperationExecution operationExecution = cbamRestApiProvider.getCbamLcmApi(vnfmId).vnfsVnfInstanceIdScalePost(vnfId, cbamRequest, NOKIA_LCM_API_VERSION).blockingFirst();
+ waitForOperationToFinish(vnfmId, vnfId, operationExecution.getId());
});
}
private void buildAdditionalParameters(VnfScaleRequest request, JsonObject root, Set<Map.Entry<String, JsonElement>> acceptableOperationParameters) {
if (request.getAdditionalParam() != null) {
for (Map.Entry<String, JsonElement> item : new Gson().toJsonTree(request.getAdditionalParam()).getAsJsonObject().entrySet()) {
- boolean found = false;
- for (Map.Entry<String, JsonElement> acceptableOperationParameter : acceptableOperationParameters) {
- if (acceptableOperationParameter.getKey().equals(item.getKey())) {
- found = true;
- }
- }
- if (found) {
+ if (isParameterAccepted(acceptableOperationParameters, item)) {
root.add(item.getKey(), item.getValue());
}
}
}
}
+ private boolean isParameterAccepted(Set<Map.Entry<String, JsonElement>> acceptableOperationParameters, Map.Entry<String, JsonElement> item) {
+ boolean found = false;
+ for (Map.Entry<String, JsonElement> acceptableOperationParameter : acceptableOperationParameters) {
+ if (acceptableOperationParameter.getKey().equals(item.getKey())) {
+ found = true;
+ }
+ }
+ return found;
+ }
+
/**
* Heal the VNF
*
import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.NokiaSvnfmApplication;
import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.onap.direct.AAIExternalSystemInfoProvider;
import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.onap.direct.notification.AAINotificationProcessor;
+import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.util.SystemFunctions;
import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.vnfm.notification.ReportedAffectedConnectionPoints;
import org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.vnfm.notification.ReportedAffectedCp;
import org.onap.vnfmdriver.model.VimInfo;
addedCp.setCpdId("cpdId");
affectedConnectionPoints.getPost().add(addedCp);
notificationProcessor.processNotification(recievedNot, null, of(affectedConnectionPoints), "Nokia_RegionOne");
- Thread.sleep(10000000 * 1000L);
+ SystemFunctions.systemFunctions().sleep(10000000 * 1000L);
}
JsonObject additionalData(String key, String value) {
assertEquals("http://1.2.3.4:1234/lead/", apiClient.getAdapterBuilder().build().baseUrl().toString());
}
+ /**
+ * the / is added to the base URL
+ */
+ @Test
+ public void testNsLcmApiMissingSlash() throws Exception {
+ when(msbApiProvider.getMicroServiceUrl(VfcRestApiProvider.NSLCM_API_SERVICE_NAME, VfcRestApiProvider.NSLCM_API_VERION)).thenReturn("http://1.2.3.4:1234/nslcm/v1/lead");
+ //when
+ org.onap.vnfmdriver.ApiClient apiClient = vfcRestApiProvider.buildNslcmApiClient();
+ //verify
+ assertEquals("http://1.2.3.4:1234/lead/", apiClient.getAdapterBuilder().build().baseUrl().toString());
+ }
+
/**
* the base URL of the Catalog API is set
*/
assertEquals("http://1.2.3.4:1234/lead/", apiClient.getAdapterBuilder().build().baseUrl().toString());
}
+ /**
+ * test / is added to the end of the base URL if missing
+ */
+ @Test
+ public void testMissingSlash() throws Exception {
+ when(msbApiProvider.getMicroServiceUrl(VfcRestApiProvider.NSCATALOG_SERVICE_NAME, VfcRestApiProvider.NSCATALOG_API_VERSION)).thenReturn("http://1.2.3.4:1234/lead");
+ //when
+ ApiClient apiClient = vfcRestApiProvider.buildCatalogApiClient();
+ //verify
+ assertEquals("http://1.2.3.4:1234/lead/", apiClient.getAdapterBuilder().build().baseUrl().toString());
+ }
+
+ /**
+ * test NS LCM API is wrapped
+ */
@Test
public void testNsLcm() {
when(msbApiProvider.getMicroServiceUrl(VfcRestApiProvider.NSLCM_API_SERVICE_NAME, VfcRestApiProvider.NSLCM_API_VERION)).thenReturn("http://1.2.3.4:1234/nslcm/v1/lead/");
assertNotNull(vfcRestApiProvider.getNsLcmApi());
}
+ /**
+ * test NS catalog API is wrapped
+ */
@Test
public void testNsCatalog() {
when(msbApiProvider.getMicroServiceUrl(VfcRestApiProvider.NSCATALOG_SERVICE_NAME, VfcRestApiProvider.NSCATALOG_API_VERSION)).thenReturn("http://1.2.3.4:1234/lead/");
--- /dev/null
+/*
+ * Copyright 2016-2017, Nokia Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onap.vfc.nfvo.driver.vnfm.svnfm.nokia.spring;
+
+import org.junit.Test;
+import org.mockito.Mockito;
+import org.springframework.security.config.annotation.ObjectPostProcessor;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
+import org.springframework.security.web.util.matcher.AnyRequestMatcher;
+import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.test.util.ReflectionTestUtils;
+
+import java.util.HashMap;
+import java.util.List;
+
+import static junit.framework.TestCase.assertTrue;
+
+public class TestSecurityConfig {
+
+ /**
+ * verify that not authentication is performed
+ * this can only fully be tested from CT by starting the web service
+ */
+ @Test
+ public void testSpringBootApplicationInit() throws Exception {
+ HttpSecurity http = new HttpSecurity(Mockito.mock(ObjectPostProcessor.class), Mockito.mock(AuthenticationManagerBuilder.class), new HashMap<>());
+ //when
+ new SecurityConfig().configure(http);
+ //verify
+ ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl authorizedUrl = http.authorizeRequests().anyRequest();
+ List<? extends RequestMatcher> requestMatchers = (List<? extends RequestMatcher>) ReflectionTestUtils.getField(authorizedUrl, "requestMatchers");
+ assertTrue(AnyRequestMatcher.class.isAssignableFrom(requestMatchers.get(0).getClass()));
+ }
+
+}
startServer();
}
+ //the server starts up asynchronously there is no other way to wait for the server to be up and running
+ @SuppressWarnings("squid:S2925")
private void startServer() throws Exception {
requests.clear();
codes.clear();
@Test
public void testInstantiationV2WithSsl() throws Exception {
VnfInstantiateRequest instantiationRequest = prepareInstantiationRequest(VimInfo.VimInfoTypeEnum.OPENSTACK_V2_INFO);
-
+ when(logger.isInfoEnabled()).thenReturn(false);
when(vnfApi.vnfsPost(createRequest.capture(), eq(NOKIA_LCM_API_VERSION))).thenReturn(buildObservable(vnfInfo));
additionalParam.setInstantiationLevel(INSTANTIATION_LEVEL);
when(vfcGrantManager.requestGrantForInstantiate(VNFM_ID, VNF_ID, VIM_ID, ONAP_CSAR_ID, INSTANTIATION_LEVEL, cbamVnfdContent, JOB_ID)).thenReturn(grantResponse);
assertTrue(!actualVim.getInterfaceInfo().isSkipCertificateVerification());
assertTrue(!actualVim.getInterfaceInfo().isSkipCertificateHostnameCheck());
verify(logger).warn("No additional parameters were specified for the operation");
+ verify(logger, never()).info(eq("Starting {} operation on VNF with {} identifier with {} parameter"), anyString(), anyString(), anyString());
}
/**
}
/**
- * if unable to send LCN to VF-C the error is propagated
+ * if unable to query all operation executions from CBAM the error is propagated
*/
@Test
- public void testUnableToQueryCurrentOperation() throws Exception {
+ public void testUnableToQueryCurrentOperations() throws Exception {
recievedLcn.setOperation(OperationType.TERMINATE);
recievedLcn.setStatus(OperationStatus.FINISHED);
RuntimeException expectedException = new RuntimeException();
}
}
+ /**
+ * if unable to query the given operation execution from CBAM the error is propagated
+ */
+ @Test
+ public void testUnableToQueryCurrentOperation() throws Exception {
+ recievedLcn.setOperation(OperationType.TERMINATE);
+ recievedLcn.setStatus(OperationStatus.FINISHED);
+ RuntimeException expectedException = new RuntimeException();
+ when(operationExecutionApi.operationExecutionsOperationExecutionIdGet(recievedLcn.getLifecycleOperationOccurrenceId(), NOKIA_LCM_API_VERSION)).thenThrow(expectedException);
+ //when
+ try {
+ lifecycleChangeNotificationManager.handleLcn(recievedLcn);
+ fail();
+ } catch (Exception e) {
+ //verify
+ assertEquals(expectedException, e.getCause());
+ verify(logger).error("Unable to retrieve the operation execution with instantiationOperationExecutionId identifier", e.getCause());
+ }
+ }
+
/**
* test that waitForTerminationToBeProcessed outwaits the successfull processing of the termination notification
*/
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>${spring.boot.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-tomcat</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.springframework.boot</groupId>
+ <version>${spring.boot.version}</version>
+ <artifactId>spring-boot-starter-jetty</artifactId>
</dependency>
</dependencies>
<build>
</properties>
<build>
<plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>unpack</id>
+ <phase>pre</phase>
+ <goals>
+ <goal>unpack</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>org.onap.aai.aai-common</groupId>
+ <artifactId>aai-schema</artifactId>
+ <version>1.2.0</version>
+ <type>jar</type>
+ <destFileName>aai.json</destFileName>
+ <includes>**/aai_swagger_v11.yaml</includes>
+ </artifactItem>
+ </artifactItems>
+ <outputDirectory>${project.basedir}/src/main/resources</outputDirectory>
+ <overWriteReleases>true</overWriteReleases>
+ <overWriteSnapshots>true</overWriteSnapshots>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
<plugin>
<groupId>io.swagger</groupId>
<artifactId>swagger-codegen-maven-plugin</artifactId>
</configOptions>
</configuration>
</execution>
-<!--
+ <!--
<execution>
- <id>soadapter</id>
+ <id>aai</id>
<goals>
<goal>generate</goal>
</goals>
<configuration>
- <inputSpec>${basedir}/src/main/resources/so.vnfm.json</inputSpec>
+ <inputSpec>${basedir}/src/main/resources/aai_swagger_yaml/aai_swagger_v11.yaml</inputSpec>
<language>java</language>
<library>retrofit2</library>
- <output>${project.build.directory}/generated-sources/soadapter</output>
- <apiPackage>org.onap.soadapter.api</apiPackage>
- <modelPackage>org.onap.soadapter.model</modelPackage>
+ <output>${project.build.directory}/generated-sources/aai</output>
+ <apiPackage>org.onap.aai.api</apiPackage>
+ <modelPackage>org.onap.aai.model</modelPackage>
<configOptions>
<generateSupportingFiles>false</generateSupportingFiles>
<sourceFolder>src/gen/java/main</sourceFolder>
<jacoco.version>0.8.0</jacoco.version>
<spring.boot.version>2.0.0.RELEASE</spring.boot.version>
</properties>
- <!--
+<!-- used to test dependency convergence locally
<build>
<plugins>
<plugin>
<rules>
<DependencyConvergence/>
</rules>
- <fail>false</fail>
+ <fail>true</fail>
</configuration>
<goals>
<goal>enforce</goal>