From 426ddc1c61efc12b95aa1013d9137411a4e46d5e Mon Sep 17 00:00:00 2001 From: Jim Hahn Date: Tue, 14 Apr 2020 15:19:53 -0400 Subject: Add CSITs for vCPE, vDNS, and vFW policies Runs xacml and drools, but does not currently run api or pap. PAP actions are simulated by injecting messages onto the dmaap topic read by xacml-pdp and drools-pdp. All other systems (e.g., dmaap, aai) are simulated using policy-models-simulators. Issue-ID: POLICY-2491 Change-Id: Ic05e3a6514e84040f5a965aa8d2cac9ed2e9abc2 Signed-off-by: Jim Hahn --- scripts/policy/drools-apps/activate.drools.json | 9 ++ scripts/policy/drools-apps/activate.xacml.json | 9 ++ .../policy/drools-apps/custom/defaultConfig.json | 37 ++++++ scripts/policy/drools-apps/custom/logback.xml | 104 ++++++++++++++++ .../policy/drools-apps/custom/ssl/policy-keystore | Bin 0 -> 4431 bytes .../drools-apps/custom/ssl/policy-truststore | Bin 0 -> 124180 bytes .../drools-apps/docker-compose-drools-apps.yml | 103 ++++++++++++++++ scripts/policy/drools-apps/make_topic.sh | 33 +++++ scripts/policy/drools-apps/manage.sh | 32 +++++ scripts/policy/drools-apps/onset.sh | 32 +++++ scripts/policy/drools-apps/passive.drools.json | 9 ++ scripts/policy/drools-apps/policies.json | 135 +++++++++++++++++++++ scripts/policy/drools-apps/vcpeOnset.json | 16 +++ scripts/policy/drools-apps/vdnsOnset.json | 16 +++ scripts/policy/drools-apps/vfwOnset.json | 17 +++ scripts/policy/drools-apps/wait_topic.sh | 61 ++++++++++ 16 files changed, 613 insertions(+) create mode 100644 scripts/policy/drools-apps/activate.drools.json create mode 100644 scripts/policy/drools-apps/activate.xacml.json create mode 100644 scripts/policy/drools-apps/custom/defaultConfig.json create mode 100644 scripts/policy/drools-apps/custom/logback.xml create mode 100644 scripts/policy/drools-apps/custom/ssl/policy-keystore create mode 100644 scripts/policy/drools-apps/custom/ssl/policy-truststore create mode 100644 scripts/policy/drools-apps/docker-compose-drools-apps.yml create mode 100755 scripts/policy/drools-apps/make_topic.sh create mode 100755 scripts/policy/drools-apps/manage.sh create mode 100755 scripts/policy/drools-apps/onset.sh create mode 100644 scripts/policy/drools-apps/passive.drools.json create mode 100644 scripts/policy/drools-apps/policies.json create mode 100644 scripts/policy/drools-apps/vcpeOnset.json create mode 100644 scripts/policy/drools-apps/vdnsOnset.json create mode 100644 scripts/policy/drools-apps/vfwOnset.json create mode 100755 scripts/policy/drools-apps/wait_topic.sh (limited to 'scripts/policy/drools-apps') diff --git a/scripts/policy/drools-apps/activate.drools.json b/scripts/policy/drools-apps/activate.drools.json new file mode 100644 index 00000000..681bf6ab --- /dev/null +++ b/scripts/policy/drools-apps/activate.drools.json @@ -0,0 +1,9 @@ +{ + "messageName": "PDP_STATE_CHANGE", + "requestId": "88891208-2a73-452c-8d71-c93b422a7e03", + "timestampMs": 1584652299629, + "name": "drools", + "pdpGroup": "defaultGroup", + "pdpSubgroup": "drools", + "state": "ACTIVE" +} diff --git a/scripts/policy/drools-apps/activate.xacml.json b/scripts/policy/drools-apps/activate.xacml.json new file mode 100644 index 00000000..1ee79c26 --- /dev/null +++ b/scripts/policy/drools-apps/activate.xacml.json @@ -0,0 +1,9 @@ +{ + "messageName": "PDP_STATE_CHANGE", + "requestId": "88891208-2a73-452c-8d71-c93b422a7e03", + "timestampMs": 1584652299629, + "name": "policy-xacml-pdp", + "pdpGroup": "defaultGroup", + "pdpSubgroup": "xacml", + "state": "ACTIVE" +} diff --git a/scripts/policy/drools-apps/custom/defaultConfig.json b/scripts/policy/drools-apps/custom/defaultConfig.json new file mode 100644 index 00000000..5a6573a3 --- /dev/null +++ b/scripts/policy/drools-apps/custom/defaultConfig.json @@ -0,0 +1,37 @@ +{ + "name": "XacmlPdpParameters", + "pdpGroup": "defaultGroup", + "restServerParameters": { + "host": "0.0.0.0", + "port": 6969, + "userName": "healthcheck", + "password": "zb!XztG34", + "https": true, + "aaf": false + }, + "policyApiParameters": { + "host": "policy-api", + "port": 6969, + "userName": "healthcheck", + "password": "zb!XztG34", + "https": true, + "aaf": false + }, + "applicationPath": "/opt/app/policy/pdpx/apps", + "topicParameterGroup": { + "topicSources" : [{ + "topic" : "POLICY-PDP-PAP", + "servers" : [ "policy.api.simpledemo.onap.org" ], + "topicCommInfrastructure" : "dmaap", + "useHttps" : true, + "allowSelfSignedCerts" : true + }], + "topicSinks" : [{ + "topic" : "POLICY-PDP-PAP", + "servers" : [ "policy.api.simpledemo.onap.org" ], + "topicCommInfrastructure" : "dmaap", + "useHttps" : true, + "allowSelfSignedCerts" : true + }] + } +} diff --git a/scripts/policy/drools-apps/custom/logback.xml b/scripts/policy/drools-apps/custom/logback.xml new file mode 100644 index 00000000..7f20cfc0 --- /dev/null +++ b/scripts/policy/drools-apps/custom/logback.xml @@ -0,0 +1,104 @@ + + + + + + + + + + + + + + + + ${logDir}/${errorLog}.log + + ${logDir}/${errorLog}.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + WARN + + + ${errorPattern} + + + + + + + + + ${logDir}/${debugLog}.log + + ${logDir}/${debugLog}.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + ${debugPattern} + + + + + + + + + ${logDir}/${networkLog}.log + + ${logDir}/${networkLog}.%d{yyyy-MM-dd}.%i.log.zip + + 50MB + 30 + 10GB + + + ${networkPattern} + + + + + + + + + + + + + + + + + + + + + + + diff --git a/scripts/policy/drools-apps/custom/ssl/policy-keystore b/scripts/policy/drools-apps/custom/ssl/policy-keystore new file mode 100644 index 00000000..389df5fe Binary files /dev/null and b/scripts/policy/drools-apps/custom/ssl/policy-keystore differ diff --git a/scripts/policy/drools-apps/custom/ssl/policy-truststore b/scripts/policy/drools-apps/custom/ssl/policy-truststore new file mode 100644 index 00000000..8834ac25 Binary files /dev/null and b/scripts/policy/drools-apps/custom/ssl/policy-truststore differ diff --git a/scripts/policy/drools-apps/docker-compose-drools-apps.yml b/scripts/policy/drools-apps/docker-compose-drools-apps.yml new file mode 100644 index 00000000..076157f4 --- /dev/null +++ b/scripts/policy/drools-apps/docker-compose-drools-apps.yml @@ -0,0 +1,103 @@ +# +# ===========LICENSE_START==================================================== +# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END===================================================== +# +version: '2' +services: + mariadb: + image: mariadb:${POLICY_MARIADB_VER} + container_name: mariadb + hostname: mariadb + command: ['--lower-case-table-names=1', '--wait_timeout=28800'] + env_file: ../config/db/db.conf + volumes: + - ../config/db:/docker-entrypoint-initdb.d:ro + expose: + - 3306 + policy.api.simpledemo.onap.org: + image: policy/simulators + container_name: policy.api.simpledemo.onap.org + hostname: policy.api.simpledemo.onap.org + volumes: + - ../config/sim-all:/opt/app/policy/simulators/etc/parameters:ro + expose: + - 6666 + - 6668 + - 6669 + - 6670 + - 3905 + policy-xacml-pdp: + image: nexus3.onap.org:10001/onap/policy-xacml-pdp:${POLICY_XACML_PDP_VERSION} + container_name: policy-xacml-pdp + depends_on: + - mariadb + - policy.api.simpledemo.onap.org + hostname: policy-xacml-pdp + expose: + - 6969 + volumes: + - ./custom:/opt/app/policy/pdpx/etc:ro + drools: + image: nexus3.onap.org:10001/onap/policy-pdpd-cl:${POLICY_DROOLS_APPS_VERSION} + container_name: drools + depends_on: + - mariadb + - policy.api.simpledemo.onap.org + hostname: drools + expose: + - 6969 + - 9696 + volumes: + - ../config/drools-apps/custom:/tmp/policy-install/config:ro + env_file: + - ../config/drools-apps/env/base.conf + - ../config/drools-apps/env/feature-healthcheck.conf + - ../config/drools-apps/env/feature-pooling-dmaap.conf + start_dependencies: + image: dadarek/wait-for-dependencies + environment: + TIMEOUT_LENGTH: 60 + container_name: policy-wait + depends_on: + - mariadb + - policy.api.simpledemo.onap.org + hostname: policy-wait + command: + mariadb:3306 + policy.api.simpledemo.onap.org:6666 + policy.api.simpledemo.onap.org:6668 + policy.api.simpledemo.onap.org:6669 + policy.api.simpledemo.onap.org:6670 + policy.api.simpledemo.onap.org:3905 + start_all: + image: dadarek/wait-for-dependencies + environment: + TIMEOUT_LENGTH: 120 + container_name: policy-wait-all + depends_on: + - mariadb + - policy.api.simpledemo.onap.org + - policy-xacml-pdp + - drools + hostname: policy-wait-all + command: + mariadb:3306 + policy.api.simpledemo.onap.org:6666 + policy.api.simpledemo.onap.org:6668 + policy.api.simpledemo.onap.org:6669 + policy.api.simpledemo.onap.org:6670 + policy.api.simpledemo.onap.org:3905 + drools:6969 diff --git a/scripts/policy/drools-apps/make_topic.sh b/scripts/policy/drools-apps/make_topic.sh new file mode 100755 index 00000000..36d43e9d --- /dev/null +++ b/scripts/policy/drools-apps/make_topic.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# +# ===========LICENSE_START==================================================== +# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END===================================================== +# + +# +# Creates a topic, which happens as a side-effect of polling it. +# + +if [ $# -ne 1 ] +then + echo "arg(s): topic-name" >&2 + exit 1 +fi + +topic="${1}" + +curl -s -k "https://${SIM_IP}:3905/events/${topic}/script/1?limit=1&timeout=0" +echo diff --git a/scripts/policy/drools-apps/manage.sh b/scripts/policy/drools-apps/manage.sh new file mode 100755 index 00000000..36352385 --- /dev/null +++ b/scripts/policy/drools-apps/manage.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# +# ===========LICENSE_START==================================================== +# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END===================================================== +# + +# +# Injects a management request on the PDP-PAP topic. +# + +if [ $# -ne 1 ] +then + echo "arg(s): json-message-file-name" >&2 + exit 1 +fi + +curl -k -H "Content-type: application/json" --data-binary @$1 \ + https://${SIM_IP}:3905/events/POLICY-PDP-PAP +echo diff --git a/scripts/policy/drools-apps/onset.sh b/scripts/policy/drools-apps/onset.sh new file mode 100755 index 00000000..f2918a68 --- /dev/null +++ b/scripts/policy/drools-apps/onset.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# +# ===========LICENSE_START==================================================== +# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END===================================================== +# + +# +# Injects an ONSET event on the DCAE_CL_OUTPUT topic. +# + +if [ $# -ne 1 ] +then + echo "arg(s): json-message-file-name" >&2 + exit 1 +fi + +curl -k -H "Content-type: application/json" --data-binary @$1 \ + https://${SIM_IP}:3905/events/unauthenticated.DCAE_CL_OUTPUT +echo diff --git a/scripts/policy/drools-apps/passive.drools.json b/scripts/policy/drools-apps/passive.drools.json new file mode 100644 index 00000000..dca16d28 --- /dev/null +++ b/scripts/policy/drools-apps/passive.drools.json @@ -0,0 +1,9 @@ +{ + "messageName": "PDP_STATE_CHANGE", + "requestId": "88891208-2a73-452c-8d71-c93b422a7e03", + "timestampMs": 1584652299629, + "name": "drools", + "pdpGroup": "defaultGroup", + "pdpSubgroup": "drools", + "state": "PASSIVE" +} diff --git a/scripts/policy/drools-apps/policies.json b/scripts/policy/drools-apps/policies.json new file mode 100644 index 00000000..b4775661 --- /dev/null +++ b/scripts/policy/drools-apps/policies.json @@ -0,0 +1,135 @@ +{ + "messageName": "PDP_UPDATE", + "requestId": "88891208-2a73-452c-8d71-c93b422a7e03", + "timestampMs": 1584652299629, + "name": "drools", + "pdpGroup": "defaultGroup", + "pdpSubgroup": "drools", + "policies": [ + { + "type": "onap.policies.controlloop.operational.common.Drools", + "type_version": "1.0.0", + "version": "1.0.0", + "name": "operational.restart", + "metadata": { + "policy-id": "operational.restart" + }, + "properties": { + "controllerName": "frankfurt", + "id": "ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e", + "timeout": 3600, + "abatement": false, + "trigger": "unique-policy-id-1-restart", + "operations": [ + { + "id": "unique-policy-id-1-restart", + "description": "Restart the VM", + "operation": { + "actor": "APPC", + "operation": "Restart", + "target": { + "targetType": "VM" + } + }, + "timeout": 1200, + "retries": 3, + "success": "final_success", + "failure": "final_failure", + "failure_timeout": "final_failure_timeout", + "failure_retries": "final_failure_retries", + "failure_exception": "final_failure_exception", + "failure_guard": "final_failure_guard" + } + ] + } + }, + { + "type": "onap.policies.controlloop.operational.common.Drools", + "type_version": "1.0.0", + "version": "1.0.0", + "name": "operational.scale.up", + "metadata": { + "policy-id": "operational.scale.up" + }, + "properties": { + "controllerName": "frankfurt", + "id": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", + "timeout": 60, + "abatement": false, + "trigger": "unique-policy-id-1-scale-up", + "operations": [ + { + "id": "unique-policy-id-1-scale-up", + "description": "Scale up", + "operation": { + "actor": "SO", + "operation": "VF Module Create", + "target": { + "targetType": "VFMODULE", + "entityIds": { + "modelInvariantId": "e6130d03-56f1-4b0a-9a1d-e1b2ebc30e0e", + "modelVersionId": "94b18b1d-cc91-4f43-911a-e6348665f292", + "modelName": "VfwclVfwsnkBbefb8ce2bde..base_vfw..module-0", + "modelVersion": 1, + "modelCustomizationId": "47958575-138f-452a-8c8d-d89b595f8164" + } + }, + "payload": { + "requestParameters": "{\"usePreload\":true,\"userParams\":[]}", + "configurationParameters": "[{\"ip-addr\":\"$.vf-module-topology.vf-module-parameters.param[9]\",\"oam-ip-addr\":\"$.vf-module-topology.vf-module-parameters.param[16]\",\"enabled\":\"$.vf-module-topology.vf-module-parameters.param[23]\"}]" + } + }, + "timeout": 30, + "retries": 0, + "success": "final_success", + "failure": "final_failure", + "failure_timeout": "final_failure_timeout", + "failure_retries": "final_failure_retries", + "failure_exception": "final_failure_exception", + "failure_guard": "final_failure_guard" + } + ] + } + }, + { + "type": "onap.policies.controlloop.operational.common.Drools", + "type_version": "1.0.0", + "name": "operational.modifyconfig", + "version": "1.0.0", + "metadata": { + "policy-id": "operational.modifyconfig" + }, + "properties": { + "controllerName": "frankfurt", + "id": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", + "timeout": 60, + "abatement": false, + "trigger": "unique-policy-id-1-modifyConfig", + "operations": [ + { + "id": "unique-policy-id-1-modifyConfig", + "description": "Modify the packet generator", + "operation": { + "actor": "APPC", + "operation": "ModifyConfig", + "target": { + "targetType": "VNF", + "entityIds": { + "resourceID": "bbb3cefd-01c8-413c-9bdd-2b92f9ca3d38" + } + } + }, + "timeout": 7, + "retries": 0, + "success": "final_success", + "failure": "final_failure", + "failure_timeout": "final_failure_timeout", + "failure_retries": "final_failure_retries", + "failure_exception": "final_failure_exception", + "failure_guard": "final_failure_guard" + } + ] + } + } + ] +} diff --git a/scripts/policy/drools-apps/vcpeOnset.json b/scripts/policy/drools-apps/vcpeOnset.json new file mode 100644 index 00000000..7dd9d5a0 --- /dev/null +++ b/scripts/policy/drools-apps/vcpeOnset.json @@ -0,0 +1,16 @@ +{ + "closedLoopControlName": "ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e", + "closedLoopAlarmStart": 1463679805324, + "closedLoopEventClient": "DCAE_INSTANCE_ID.dcae-tca", + "closedLoopEventStatus": "ONSET", + "requestID": "664be3d2-6c12-4f4b-a3e7-c349acced200", + "target_type": "VNF", + "target": "generic-vnf.vnf-id", + "AAI": { + "vserver.is-closed-loop-disabled": "false", + "vserver.prov-status": "ACTIVE", + "generic-vnf.vnf-id": "vCPE_Infrastructure_vGMUX_demo_app" + }, + "from": "DCAE", + "version": "1.0.2" +} diff --git a/scripts/policy/drools-apps/vdnsOnset.json b/scripts/policy/drools-apps/vdnsOnset.json new file mode 100644 index 00000000..13f69095 --- /dev/null +++ b/scripts/policy/drools-apps/vdnsOnset.json @@ -0,0 +1,16 @@ +{ + "closedLoopControlName": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", + "closedLoopAlarmStart": 1463679805324, + "closedLoopEventClient": "microservice.stringmatcher", + "closedLoopEventStatus": "ONSET", + "requestID": "c7c6a4aa-bb61-4a15-b831-ba1472dd4a65", + "target_type": "VNF", + "target": "vserver.vserver-name", + "AAI": { + "vserver.is-closed-loop-disabled": "false", + "vserver.prov-status": "ACTIVE", + "vserver.vserver-name": "OzVServer" + }, + "from": "DCAE", + "version": "1.0.2" +} diff --git a/scripts/policy/drools-apps/vfwOnset.json b/scripts/policy/drools-apps/vfwOnset.json new file mode 100644 index 00000000..7782867a --- /dev/null +++ b/scripts/policy/drools-apps/vfwOnset.json @@ -0,0 +1,17 @@ +{ + "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", + "closedLoopAlarmStart": 1463679805324, + "closedLoopEventClient": "microservice.stringmatcher", + "closedLoopEventStatus": "ONSET", + "requestID": "c7c6a4aa-bb61-4a15-b831-ba1472dd4a65", + "target_type": "VNF", + "target": "generic-vnf.vnf-name", + "AAI": { + "vserver.is-closed-loop-disabled": "false", + "vserver.prov-status": "ACTIVE", + "generic-vnf.vnf-name": "fw0002vm002fw002", + "vserver.vserver-name": "OzVServer" + }, + "from": "DCAE", + "version": "1.0.2" +} diff --git a/scripts/policy/drools-apps/wait_topic.sh b/scripts/policy/drools-apps/wait_topic.sh new file mode 100755 index 00000000..4271abc6 --- /dev/null +++ b/scripts/policy/drools-apps/wait_topic.sh @@ -0,0 +1,61 @@ +#!/bin/bash +# +# ===========LICENSE_START==================================================== +# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. +# ============================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END===================================================== +# + +# +# Polls a topic for a message. Additional text items can be specified, +# in which case, it discards messages that do not contain all of the +# specified text items. +# +# Exits with a non-zero status if no matching message is received on the +# topic before the timeout. +# + +if [ $# -lt 1 ] +then + echo "arg(s): topic-name [text-to-match1 [text-to-match2 ...]]" >&2 + exit 1 +fi + +topic="${1}" +shift + +matched=no + +while [ ${matched} = "no" ] +do + msg=`curl -s -k "https://${SIM_IP}:3905/events/${topic}/script/1?limit=1"` + if [ $? -ne 0 -o "${msg}" = "[]" ] + then + echo not found >&2 + exit 2 + fi + + matched=yes + for text in "$@" + do + echo "${msg}" | grep -q "${text}" + if [ $? -ne 0 ] + then + matched=no + break + fi + done +done + +echo "${msg}" -- cgit 1.2.3-korg