Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

The goal of this document is to investigate about removal of deprecated code such as Camel


Instruction

To be able to remove the legacy deprecated code the first rule is to isolate it, and after the successfull isolation is to go to the chopping board and do the hard code removal.

Camel

Camel utilizes two types of XML configurations, one such as REST endpoints and the other is the Routes.

  • The Rest endpoints configuration accepts a specific url such as getUser and getToscaTemplate.  As you can see that the getUser redirects the request to the AuthorizationController, and the getToscaTemplate redirects the request to an actual URL Rest endpoint by using a to uri tag direct:get-service-template
  • Then the receiving routes XML configuration which each router has a unique id get-service-template which nested inside of the tag has a from uri direct:-get-service-template, header configurations as the paramater names and finally it redirects it to a specific REST endpoint url onap/policy/clamp/acm/v2/commission/toscaservicetemplate


<get uri="/v1/user/getUser" produces="text/plain">
	<to uri="bean:org.onap.policy.clamp.authorization.UserService?method=getUser()" />
</get>
<get uri="/v2/acm/getToscaTemplate" outType="java.lang.String" bindingMode="off"
produces="application/json">
<route>
<removeHeaders pattern="*"
excludePattern="name|version|instanceName"/>
<doTry>
<to
uri="bean:org.onap.policy.clamp.flow.log.FlowLogOperation?method=startLog(*, 'GET Tosca Service Template ')"/>
<to
uri="bean:org.onap.policy.clamp.authorization.AuthorizationController?method=authorize(*,'cl','','read')"/>
<setHeader name="Content-Type">
<constant>application/json</constant>
</setHeader>
<setProperty name="raiseHttpExceptionFlag">
<simple resultType="java.lang.Boolean">false</simple>
</setProperty>
<to uri="direct:get-service-template"/>
<to
uri="bean:org.onap.policy.clamp.flow.log.FlowLogOperation?method=endLog()"/>
<doCatch>
<exception>java.lang.Exception</exception>
<handled>
<constant>true</constant>
</handled>
<to
uri="bean:org.onap.policy.clamp.flow.log.FlowLogOperation?method=errorLog()"/>
<log loggingLevel="ERROR"
message="GET Tosca Service Template JSON request failed: ${exception.stacktrace}"/>
<setHeader name="CamelHttpResponseCode">
<constant>500</constant>
</setHeader>
<setBody>
<simple>GET Tosca Service Template JSON FAILED</simple>
</setBody>
</doCatch>
</doTry>
</route>
</get>


<route id="get-service-template">
        <from uri="direct:get-service-template"/>
        <doTry>
            <log loggingLevel="INFO"
                 message="Getting the tosca service template"/>
            <to
                    uri="bean:org.onap.policy.clamp.flow.log.FlowLogOperation?method=invokeLog('AutomationComposition', 'Getting the tosca service template')"/>
            <setHeader name="CamelHttpMethod">
                <constant>GET</constant>
            </setHeader>
            <setHeader name="Content-Type">
                <constant>application/json</constant>
            </setHeader>
            <setProperty name="name">
                <simple>${header.name}</simple>
            </setProperty>
            <setProperty name="version">
                <simple>${header.version}</simple>
            </setProperty>
            <setProperty name="instanceName">
                <simple>${header.instanceName}</simple>
            </setProperty>
            <log loggingLevel="INFO"
                 message="Endpoint to get Tosca Service Template: {{clamp.config.acm.runtime.url}}/onap/policy/clamp/acm/v2/commission/toscaservicetemplate"></log>
            <toD uri="{{clamp.config.acm.runtime.url}}/onap/policy/clamp/acm/v2/commission/toscaservicetemplate?name=${exchangeProperty[name]}&version=${exchangeProperty[version]}&instanceName=${exchangeProperty[instanceName]}&bridgeEndpoint=true&useSystemProperties=true&throwExceptionOnFailure=${exchangeProperty[raiseHttpExceptionFlag]}&authMethod=Basic&authUsername={{clamp.config.acm.runtime.userName}}&authPassword={{clamp.config.acm.runtime.password}}&authenticationPreemptive=true&connectionClose=true"/>
            <convertBodyTo type="java.lang.String"/>
            <doFinally>
                <to uri="direct:reset-raise-http-exception-flag"/>
                <to
                        uri="bean:org.onap.policy.clamp.flow.log.FlowLogOperation?method=invokeReturnLog()"/>
            </doFinally>
        </doTry>
    </route>

How to solve it

Create a new REST endpoint controller by applying the same principals as the ACM Endpoints by encompassing all the clamp url and by upgrading the version to V3 which implies that all client connection has to create a new contract with the server side.  This new Rest controller can be utilized in conjunction with Open Api related task.  By having a new Rest Controller where the Camel URL would redirect to a service class, the Rest Controller can replace all of the Camel Configuration XML files.

/*
 * ============LICENSE_START=======================================================
 *  Copyright (C) 2022 Nordix Foundation.
 *  ================================================================================
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 *  SPDX-License-Identifier: Apache-2.0
 *  ============LICENSE_END=========================================================
 */

package org.onap.policy.clamp.authorization.rest;

import javax.ws.rs.core.MediaType;
import org.springframework.web.bind.annotation.RequestMapping;

/**
 * Abstract Rest Controller for runtime clamp to inherit from.
 */
@RequestMapping(value = "/onap/policy/clamp/clds/v3", produces = {MediaType.TEXT_PLAIN, MediaType.APPLICATION_JSON})
public abstract class AbstractRestController {
}

/*
 * ============LICENSE_START=======================================================
 *  Copyright (C) 2022 Nordix Foundation.
 *  ================================================================================
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 *  SPDX-License-Identifier: Apache-2.0
 *  ============LICENSE_END=========================================================
 */

package org.onap.policy.clamp.authorization.rest;

import org.onap.policy.clamp.authorization.AuthorizationController;
import org.onap.policy.clamp.clds.model.ClampInformation;
import org.onap.policy.clamp.clds.model.CldsHealthCheck;
import org.onap.policy.clamp.clds.service.CldsHealthcheckService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.ws.rs.core.MediaType;

/**
 * Rest clamp controller.
 */
@RestController
public class ClampController extends AbstractRestController implements ClampApi {

    private AuthorizationController authorizationController;

    private CldsHealthcheckService healthcheckService;


    /**
     * Constructor for ClampController with autowires other bean classes.
     *
     * @param authorizationController controller for security purposes
     * @param healthcheckService service for healthcheck on all rest endpoints
     */
    @Autowired
    public ClampController(
            AuthorizationController authorizationController,
            CldsHealthcheckService healthcheckService) {

        this.authorizationController = authorizationController;
        this.healthcheckService = healthcheckService;
    }

    @GetMapping(value = "/clampInformation", produces = MediaType.APPLICATION_JSON)
    public ClampInformation getClampInfo() {
        return this.authorizationController.getClampInformation();
    }

    @GetMapping(value = "/user/getUser", produces = MediaType.TEXT_PLAIN)
    public String getUser() {
        return AuthorizationController.getPrincipalName(SecurityContextHolder.getContext());
    }

    @GetMapping(value = "/healthcheck", produces = MediaType.APPLICATION_JSON)
    public CldsHealthCheck getHealthCheck() {
        return this.healthcheckService.gethealthcheck();
    }
}

CORS and Preflight

To Solve Cors and Preflight issue there has to have a new Cors Configuration File to allow Spring Security allow the Preflight checks.

Server Side

/*
 * ============LICENSE_START=======================================================
 *  Copyright (C) 2022 Nordix Foundation.
 *  ================================================================================
 *  Licensed under the Apache License, Version 2.0 (the "License");
 *  you may not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
 *  SPDX-License-Identifier: Apache-2.0
 *  ============LICENSE_END=========================================================
 */

package org.onap.policy.clamp.acm.runtime.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

import java.util.Arrays;
import java.util.List;

@Configuration
public class CorsWebConfiguration {

    @Bean
    public CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.setAllowedOrigins(List.of("*"));
        configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "PATCH", "DELETE", "OPTIONAL"));
        configuration.setAllowCredentials(true);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);

        return source;
    }
}  

Client Side

const response = await fetch('http://localhost:6969/onap/policy/clamp/acm/v2/instantiation',  {
      method: 'GET',
      mode: 'no-cors',
      credentials: "include",
      headers: {
        "Content-Type": "application/json",
        Authorization: "Basic " + btoa('runtimeUser:zb!XztG34')
      }
    });

    return response


Implementation of TLS and SSL

To implement SSL and TLS on the ACM rest endpoint need to generate a pem file as well as apply specific configuration in the application.yaml file.

server
	ssl
		key-store: classpath:/clds/aaf/org.onap.clamp.p12
		key-store-password: enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
		key-password: enc:WWCxchk4WGBNSvuzLq3MLjMs5ObRybJtts5AI0XD1Vc
		key-store-type: PKCS12
		key-alias: clamptest
		
		client-auth: want
		trust-store: classpath:/clds/aaf/truststoreONAPall.jks
		trust-store-password: enc:iDnPBBLq_EMidXlMa1FEuBR8TZzYxrCg66vq_XfLHdJ

Login Screen

Distributed Network

  • No labels