diff options
author | Liam Fallon <liam.fallon@est.tech> | 2023-03-01 09:38:05 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2023-03-01 09:38:05 +0000 |
commit | fde3ffa6e508ae30945c8f2fefbf941bf6d42074 (patch) | |
tree | 5995ce302d5ccbbf9740aef5d829bad6def57906 | |
parent | 0800c95d2398b6b53517184c2e5f46546274f558 (diff) | |
parent | 93fd9983e1eb8438d0836625d7061302e054d04c (diff) |
Merge "Add helm charts for drools,xacml pdps"
33 files changed, 2067 insertions, 154 deletions
diff --git a/csit/run-k8s-csit.sh b/csit/run-k8s-csit.sh index 22a67f9c..082ab036 100755 --- a/csit/run-k8s-csit.sh +++ b/csit/run-k8s-csit.sh @@ -1,7 +1,7 @@ #!/bin/bash # # ============LICENSE_START==================================================== -# Copyright (C) 2022 Nordix Foundation. +# Copyright (C) 2022-2023 Nordix Foundation. # ============================================================================= # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -33,6 +33,8 @@ POLICY_API_CONTAINER="policy-api" POLICY_PAP_CONTAINER="policy-pap" POLICY_CLAMP_CONTAINER="policy-clamp-runtime-acm" POLICY_APEX_CONTAINER="policy-apex-pdp" +POLICY_DROOLS_CONTAINER="policy-drools-pdp" +POLICY_XACML_CONTAINER="policy-xacml-pdp" export PROJECT="" export ROBOT_FILE="" @@ -153,10 +155,12 @@ function get_robot_file () { xacml-pdp | policy-xacml-pdp) export ROBOT_FILE=($POLICY_XACML_PDP_ROBOT) + export READINESS_CONTAINERS=($POLICY_XACML_CONTAINER) ;; drools-pdp | policy-drools-pdp) export ROBOT_FILE=($POLICY_DROOLS_PDP_ROBOT) + export READINESS_CONTAINERS=($POLICY_DROOLS_CONTAINER) ;; *) diff --git a/helm/policy/Chart.yaml b/helm/policy/Chart.yaml index 3ad91554..4f88647e 100755 --- a/helm/policy/Chart.yaml +++ b/helm/policy/Chart.yaml @@ -1,4 +1,4 @@ -# Copyright © 2022 Nordix Foundation +# Copyright © 2022-2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -49,3 +49,11 @@ dependencies: version: ~11.x-0 repository: 'file://components/policy-clamp-ac-pf-ppnt' condition: policy-clamp-ac-pf-ppnt.enabled + - name: policy-drools-pdp + version: ~11.x-0 + repository: 'file://components/policy-drools-pdp' + condition: policy-drools-pdp.enabled + - name: policy-xacml-pdp + version: ~11.x-0 + repository: 'file://components/policy-xacml-pdp' + condition: policy-xacml-pdp.enabled diff --git a/helm/policy/components/policy-drools-pdp/Chart.yaml b/helm/policy/components/policy-drools-pdp/Chart.yaml new file mode 100755 index 00000000..3d10546d --- /dev/null +++ b/helm/policy/components/policy-drools-pdp/Chart.yaml @@ -0,0 +1,23 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Drools Policy Engine (PDP-D) +name: policy-drools-pdp +version: 11.0.0 + diff --git a/helm/policy/components/policy-drools-pdp/resources/configmaps/base.conf b/helm/policy/components/policy-drools-pdp/resources/configmaps/base.conf new file mode 100755 index 00000000..93ae32a4 --- /dev/null +++ b/helm/policy/components/policy-drools-pdp/resources/configmaps/base.conf @@ -0,0 +1,129 @@ +{{/* +# Copyright © 2023 Nordix Foundation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +# JVM options + +JVM_OPTIONS={{.Values.server.jvmOpts}} + +# SYSTEM software configuration + +POLICY_HOME=/opt/app/policy +POLICY_LOGS=/var/log/onap/policy/pdpd + +# Telemetry credentials + +TELEMETRY_PORT=9696 +TELEMETRY_HOST=0.0.0.0 + +# nexus repository + +SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots +SNAPSHOT_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/ +RELEASE_REPOSITORY_ID=policy-nexus-releases +RELEASE_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/ +REPOSITORY_OFFLINE={{.Values.nexus.offline}} + +# Relational (SQL) DB access + +SQL_HOST={{ .Values.db.name }} +SQL_PORT=3306 +JDBC_URL=jdbc:mariadb://{{ .Values.db.name }}:3306/ +JDBC_OPTS= +MYSQL_CMD= + +# Liveness +LIVENESS_CONTROLLERS=* + +# AAF + +AAF={{.Values.aaf.enabled}} +AAF_NAMESPACE=org.onap.policy +AAF_HOST=aaf-locate.{{.Release.Namespace}} + +# HTTP Servers + +HTTP_SERVER_HTTPS=false +PROMETHEUS=true + +# PDP-D DMaaP configuration channel + +PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION +PDPD_CONFIGURATION_SERVERS=message-router +PDPD_CONFIGURATION_CONSUMER_GROUP= +PDPD_CONFIGURATION_CONSUMER_INSTANCE= +PDPD_CONFIGURATION_PARTITION_KEY= + +# PAP-PDP configuration channel + +POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP +POLICY_PDP_PAP_GROUP=defaultGroup +POLICY_PDP_PAP_POLICYTYPES=onap.policies.controlloop.operational.common.Drools + +# Symmetric Key for encoded sensitive data + +SYMM_KEY= + +# PAP + +PAP_HOST=policy-pap + +# PDP-X + +PDP_HOST=policy-xacml-pdp +PDP_PORT=6969 +PDP_CONTEXT_URI=policy/pdpx/v1/ +GUARD_DISABLED=false + +# DCAE DMaaP + +DCAE_TOPIC=unauthenticated.DCAE_CL_OUTPUT +DCAE_SERVERS=message-router +DCAE_CONSUMER_GROUP=dcae.policy.shared + +# Open DMaaP + +DMAAP_SERVERS=message-router +DMAAP_HTTPS="false" + +# AAI + +AAI_HOST=aai.{{.Release.Namespace}} +AAI_PORT=8080 +AAI_CONTEXT_URI= + +# MSO + +SO_HOST=so.{{.Release.Namespace}} +SO_PORT=8080 +SO_CONTEXT_URI=onap/so/infra/ +SO_URL=https://so.{{.Release.Namespace}}:8080/onap/so/infra + +# VFC + +VFC_HOST= +VFC_PORT= +VFC_CONTEXT_URI=api/nslcm/v1/ + +# SDNC + +SDNC_HOST=sdnc.{{.Release.Namespace}} +SDNC_PORT=8282 +SDNC_CONTEXT_URI=restconf/operations/ + +# CDS + +CDS_GRPC_HOST={{.Values.cds.grpc.svcName}} +CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}} diff --git a/helm/policy/components/policy-drools-pdp/resources/configmaps/engine-system.properties b/helm/policy/components/policy-drools-pdp/resources/configmaps/engine-system.properties new file mode 100644 index 00000000..0a720ef5 --- /dev/null +++ b/helm/policy/components/policy-drools-pdp/resources/configmaps/engine-system.properties @@ -0,0 +1,37 @@ +# +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# + +# system properties set within the application + +java.net.preferIPv4Stack=true + +# jmx + +com.sun.management.jmxremote.port=9991 +com.sun.management.jmxremote.authenticate=false +com.sun.management.jmxremote.ssl=false + +# kie + +kie.maven.offline.force=${envd:REPOSITORY_OFFLINE:false} + +# symmetric key for sensitive configuration data + +engine.symm.key=${envd:SYMM_KEY} diff --git a/helm/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf b/helm/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf new file mode 100755 index 00000000..09a9c7b4 --- /dev/null +++ b/helm/policy/components/policy-drools-pdp/resources/configmaps/feature-pooling-dmaap.conf @@ -0,0 +1,17 @@ +{{/* +# Copyright 2023 Nordix Foundation. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +POOLING_TOPIC=POOLING diff --git a/helm/policy/components/policy-drools-pdp/resources/configmaps/logback.xml b/helm/policy/components/policy-drools-pdp/resources/configmaps/logback.xml new file mode 100755 index 00000000..c58fe94e --- /dev/null +++ b/helm/policy/components/policy-drools-pdp/resources/configmaps/logback.xml @@ -0,0 +1,165 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2023 Nordix Foundation. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/network.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="MetricOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/metric.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/metric.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncMetricOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="MetricOut" /> + </appender> + + <appender name="TransactionOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpd/audit.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpd/audit.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncTransactionOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="TransactionOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncMetricStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="MetricStdOut" /> + </appender> + + <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender"> + <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" /> + <encoder> + <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncTransactionStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="TransactionStdOut" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <appender name="PromLogback" class="io.prometheus.client.logback.InstrumentedAppender"/> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncMetricOut" /> + <appender-ref ref="AsyncTransactionOut" /> + <appender-ref ref="AsyncStdOut" /> + <appender-ref ref="AsyncMetricStdOut" /> + <appender-ref ref="AsyncTransactionStdOut" /> + <appender-ref ref="PromLogback" /> + </root> + +</configuration> diff --git a/helm/policy/components/policy-drools-pdp/resources/configmaps/noop.pre.sh b/helm/policy/components/policy-drools-pdp/resources/configmaps/noop.pre.sh new file mode 100755 index 00000000..acccc8af --- /dev/null +++ b/helm/policy/components/policy-drools-pdp/resources/configmaps/noop.pre.sh @@ -0,0 +1,22 @@ +#!/bin/bash -x +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +sed -i "s/^dmaap/noop/g" \ + ${POLICY_HOME}/config/engine.properties \ + ${POLICY_HOME}/config/feature-lifecycle.properties + +chmod 644 ${POLICY_HOME}/config/engine.properties ${POLICY_HOME}/config/feature-lifecycle.properties diff --git a/helm/policy/components/policy-drools-pdp/resources/configmaps/settings.xml b/helm/policy/components/policy-drools-pdp/resources/configmaps/settings.xml new file mode 100755 index 00000000..335f2b9d --- /dev/null +++ b/helm/policy/components/policy-drools-pdp/resources/configmaps/settings.xml @@ -0,0 +1,151 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ============LICENSE_START======================================================= + ONAP + ================================================================================ + Copyright (C) 2023 Nordix Foundation. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= +--> + + +<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> + + <offline>{{.Values.nexus.offline}}</offline> + + <profiles> + + <profile> + <id>policy-local</id> + + <repositories> + <repository> + <id>file-repository</id> + <url>file:${user.home}/.m2/file-repository</url> + <releases> + <enabled>true</enabled> + <updatePolicy>always</updatePolicy> + </releases> + <snapshots> + <enabled>true</enabled> + <updatePolicy>always</updatePolicy> + </snapshots> + </repository> + </repositories> + + </profile> + + <profile> + <id>policy-releases</id> + + <repositories> + <repository> + <id>${env.RELEASE_REPOSITORY_ID}</id> + <url>${env.RELEASE_REPOSITORY_URL}</url> + <releases> + <enabled>true</enabled> + <updatePolicy>always</updatePolicy> + </releases> + <snapshots> + <enabled>false</enabled> + </snapshots> + </repository> + </repositories> + + </profile> + + <profile> + <id>policy-snapshots</id> + + <repositories> + <repository> + <id>${env.SNAPSHOT_REPOSITORY_ID}</id> + <url>${env.SNAPSHOT_REPOSITORY_URL}</url> + <releases> + <enabled>false</enabled> + </releases> + <snapshots> + <enabled>true</enabled> + <updatePolicy>always</updatePolicy> + </snapshots> + </repository> + </repositories> + + </profile> + + <profile> + <id>onap-releases</id> + + <repositories> + <repository> + <id>onap-releases</id> + <name>onap-releases</name> + <url>https://nexus.onap.org/content/repositories/releases/</url> + <releases> + <enabled>true</enabled> + </releases> + <snapshots> + <enabled>false</enabled> + </snapshots> + </repository> + </repositories> + + </profile> + + <profile> + + <id>onap-snapshots</id> + + <repositories> + <repository> + <id>onap-snapshots</id> + <name>onap-snapshots</name> + <url>https://nexus.onap.org/content/repositories/snapshots/</url> + <releases> + <enabled>false</enabled> + </releases> + <snapshots> + <enabled>true</enabled> + </snapshots> + </repository> + </repositories> + + </profile> + + </profiles> + + <activeProfiles> + <activeProfile>policy-local</activeProfile> + <activeProfile>policy-releases</activeProfile> + <activeProfile>policy-snapshots</activeProfile> + <activeProfile>onap-releases</activeProfile> + <activeProfile>onap-snapshots</activeProfile> + </activeProfiles> + + <servers> + <server> + <id>${env.SNAPSHOT_REPOSITORY_ID}</id> + <username>${env.REPOSITORY_USERNAME}</username> + <password>${env.REPOSITORY_PASSWORD}</password> + </server> + <server> + <id>${env.RELEASE_REPOSITORY_ID}</id> + <username>${env.REPOSITORY_USERNAME}</username> + <password>${env.REPOSITORY_PASSWORD}</password> + </server> + </servers> + +</settings> diff --git a/helm/policy/components/policy-drools-pdp/resources/secrets/credentials.conf b/helm/policy/components/policy-drools-pdp/resources/secrets/credentials.conf new file mode 100755 index 00000000..0aeaa8b2 --- /dev/null +++ b/helm/policy/components/policy-drools-pdp/resources/secrets/credentials.conf @@ -0,0 +1,61 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +TELEMETRY_USER={{.Values.telemetry.user}} +TELEMETRY_PASSWORD={{.Values.telemetry.password}} + +REPOSITORY_USERNAME={{.Values.nexus.user}} +REPOSITORY_PASSWORD={{.Values.nexus.password}} + +PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}} +PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}} + +POLICY_PDP_PAP_API_KEY={{.Values.dmaap.pap.key}} +POLICY_PDP_PAP_API_SECRET={{.Values.dmaap.pap.secret}} + +PAP_USERNAME={{.Values.pap.user}} +PAP_PASSWORD={{.Values.pap.password}} + +PAP_LEGACY_USERNAME={{.Values.papl.user}} +PAP_LEGACY_PASSWORD={{.Values.papl.password}} + +PDP_USERNAME={{.Values.pdp.user}} +PDP_PASSWORD={{.Values.pdp.password}} + +PDP_LEGACY_USERNAME={{.Values.pdpl.user}} +PDP_LEGACY_PASSWORD={{.Values.pdpl.password}} + +AAI_USERNAME={{.Values.aai.user}} +AAI_PASSWORD={{.Values.aai.password}} + +SO_USERNAME={{.Values.so.user}} +SO_PASSWORD={{.Values.so.password}} + +VFC_USERNAME={{.Values.vfc.user}} +VFC_PASSWORD={{.Values.vfc.password}} + +SDNC_USERNAME={{.Values.sdnc.user}} +SDNC_PASSWORD={{.Values.sdnc.password}} + +HEALTHCHECK_USER={{.Values.telemetry.user}} +HEALTHCHECK_PASSWORD={{.Values.telemetry.password}} + +CDS_GRPC_USERNAME={{.Values.cds.grpc.user}} +CDS_GRPC_PASSWORD={{.Values.cds.grpc.password}} diff --git a/helm/policy/components/policy-drools-pdp/templates/configmap.yaml b/helm/policy/components/policy-drools-pdp/templates/configmap.yaml new file mode 100644 index 00000000..1456b907 --- /dev/null +++ b/helm/policy/components/policy-drools-pdp/templates/configmap.yaml @@ -0,0 +1,39 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +{{- with .Files.Glob "resources/configmaps/*{.zip,store}" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{ tpl (.Files.Glob "resources/configmaps/*.{conf,sh,properties,xml,keyfile}").AsConfig . | indent 2 }}
\ No newline at end of file diff --git a/helm/policy/components/policy-drools-pdp/templates/role-binding.yaml b/helm/policy/components/policy-drools-pdp/templates/role-binding.yaml new file mode 100644 index 00000000..64598900 --- /dev/null +++ b/helm/policy/components/policy-drools-pdp/templates/role-binding.yaml @@ -0,0 +1,32 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-read + namespace: default +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }}-read +roleRef: + kind: Role + name: read + apiGroup: rbac.authorization.k8s.io diff --git a/helm/policy/components/policy-drools-pdp/templates/secrets.yaml b/helm/policy/components/policy-drools-pdp/templates/secrets.yaml new file mode 100644 index 00000000..893b1264 --- /dev/null +++ b/helm/policy/components/policy-drools-pdp/templates/secrets.yaml @@ -0,0 +1,52 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-db-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.db.user }} + password: {{ .Values.db.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +data: +{{- range $path, $bytes := .Files.Glob "resources/secrets/*" }} + {{ base $path }}: {{ tpl ($.Files.Get $path) $ | b64enc | quote }} +{{- end }} diff --git a/helm/policy/components/policy-drools-pdp/templates/service-account.yaml b/helm/policy/components/policy-drools-pdp/templates/service-account.yaml new file mode 100644 index 00000000..310cab47 --- /dev/null +++ b/helm/policy/components/policy-drools-pdp/templates/service-account.yaml @@ -0,0 +1,25 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-read + diff --git a/helm/policy/components/policy-drools-pdp/templates/service.yaml b/helm/policy/components/policy-drools-pdp/templates/service.yaml new file mode 100644 index 00000000..c60aec0e --- /dev/null +++ b/helm/policy/components/policy-drools-pdp/templates/service.yaml @@ -0,0 +1,42 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.internalPort }} + targetPort: {{ .Values.service.internalPort }} + name: https-6969 + - port: {{ .Values.service.internalPort2 }} + targetPort: {{ .Values.service.internalPort }} + name: https-9696 + selector: + app: {{ .Chart.Name }} + release: release diff --git a/helm/policy/components/policy-drools-pdp/templates/statefulset.yaml b/helm/policy/components/policy-drools-pdp/templates/statefulset.yaml new file mode 100644 index 00000000..e2121fa8 --- /dev/null +++ b/helm/policy/components/policy-drools-pdp/templates/statefulset.yaml @@ -0,0 +1,156 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +spec: + serviceName: {{ .Chart.Name }} + replicas: 1 + selector: + matchLabels: + app: {{ .Chart.Name }} + template: + metadata: + labels: + app: {{ .Chart.Name }} + release: release + spec: + initContainers: + - command: + - /app/ready.py + args: + - --job-name + - policy-galera-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: nexus3.onap.org:10001/onap/oom/readiness:3.0.1 + imagePullPolicy: Always + name: {{ .Chart.Name }}-db-readiness + + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image }} + imagePullPolicy: Always + command: ["sh","-c"] + args: ["/opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"] + ports: + - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} + livenessProbe: + httpGet: + path: /healthcheck/controllers + port: 6968 + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.liveness.timeoutSeconds }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: REPLICAS + value: "1" + - name: SQL_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-db-secret + key: login + - name: SQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-db-secret + key: password + volumeMounts: + + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /tmp/policy-install/config/credentials.conf + name: drools-secret + subPath: credentials.conf + - mountPath: /tmp/policy-install/config/base.conf + name: drools-config + subPath: base.conf + - mountPath: /tmp/policy-install/config/engine-system.properties + name: drools-config + subPath: engine-system.properties + - mountPath: /tmp/policy-install/config/feature-pooling-dmaap.conf + name: drools-config + subPath: feature-pooling-dmaap.conf + - mountPath: /tmp/policy-install/config/logback.xml + name: drools-config + subPath: logback.xml + - mountPath: /tmp/policy-install/config/settings.xml + name: drools-config + subPath: settings.xml + - mountPath: /tmp/policy-install/config/noop.pre.sh + name: drools-config + subPath: noop.pre.sh + resources: +{{ toYaml .Values.resources.small | indent 12 }} + serviceAccountName: {{ .Chart.Name }}-read + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: drools-config + configMap: + name: {{ .Chart.Name }}-configmap + items: + - key: base.conf + path: base.conf + mode: 0755 + - key: engine-system.properties + path: engine-system.properties + mode: 0755 + - key: feature-pooling-dmaap.conf + path: feature-pooling-dmaap.conf + mode: 0755 + - key: logback.xml + path: logback.xml + mode: 0755 + - key: settings.xml + path: settings.xml + mode: 0755 + - key: noop.pre.sh + path: noop.pre.sh + mode: 0755 + - name: drools-secret + secret: + secretName: {{ .Chart.Name }}-secret + items: + - key: credentials.conf + path: credentials.conf + mode: 0644 + imagePullSecrets: + - name: "default-docker-registry-key" diff --git a/helm/policy/components/policy-drools-pdp/values.yaml b/helm/policy/components/policy-drools-pdp/values.yaml new file mode 100644 index 00000000..088a2dda --- /dev/null +++ b/helm/policy/components/policy-drools-pdp/values.yaml @@ -0,0 +1,195 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + nodePortPrefix: 302 + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + - uid: telemetry-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.telemetry.credsExternalSecret) . }}' + login: '{{ .Values.telemetry.user }}' + password: '{{ .Values.telemetry.password }}' + passwordPolicy: required + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: nexus3.onap.org:10001/onap/policy-pdpd-cl:1.12-SNAPSHOT-latest +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 180 + periodSeconds: 60 + timeoutSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 60 + periodSeconds: 10 + +service: + type: ClusterIP + name: policy-drools-pdp + portName: http + internalPort: 6969 + externalPort: 6969 + nodePort: 17 + internalPort2: 9696 + externalPort2: 9696 + nodePort2: 21 + +ingress: + enabled: false + +# Default installation values to be overridden + +server: + jvmOpts: -server -XshowSettings:vm + +aaf: + enabled: "false" + +telemetry: + user: demo@people.osaaf.org + password: demo123456! + +nexus: + name: policy-nexus + port: 8081 + user: admin + password: admin123 + offline: true + +db: + name: mariadb-galera + user: policy-user + password: policy-user + +pap: + user: policyadmin + password: zb!XztG34 + +pdp: + user: healthcheck + password: zb!XztG34 + +papl: + user: testpap + password: alpha123 + +pdpl: + user: testpdp + password: alpha123 + +aai: + user: policy@policy.onap.org + password: demo123456! + +so: + user: InfraPortalClient + password: password1$ + +vfc: + user: + password: + +sdnc: + user: admin + password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U + +dmaap: + brmsgw: + key: + password: + pap: + key: + password: + +cds: + grpc: + user: ccsdkapps + password: ccsdkapps + svcName: cds-blueprints-processor-grpc + svcPort: 9111 + +# Resource Limit flavor -By Default using small +# Segregation for Different environment (small, large, or unlimited) +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-drools-pdp + roles: + - read + +metrics: + serviceMonitor: + # Override the labels based on the Prometheus config parameter: serviceMonitorSelector. + # The default operator for prometheus enforces the below label. + labels: + release: prometheus + enabled: true + port: policy-drools-pdp-9696 + interval: 60s + isHttps: true + basicAuth: + enabled: true + externalSecretNameSuffix: policy-drools-pdp-telemetry-creds + externalSecretUserKey: login + externalSecretPasswordKey: password + selector: + app: '{{ include "common.name" . }}' + chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}' + release: '{{ include "common.release" . }}' + heritage: '{{ .Release.Service }}' diff --git a/helm/policy/components/policy-xacml-pdp/Chart.yaml b/helm/policy/components/policy-xacml-pdp/Chart.yaml new file mode 100644 index 00000000..a42fd303 --- /dev/null +++ b/helm/policy/components/policy-xacml-pdp/Chart.yaml @@ -0,0 +1,22 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +apiVersion: v2 +description: ONAP Policy XACML PDP (PDP-X) +name: policy-xacml-pdp +version: 11.0.0 diff --git a/helm/policy/components/policy-xacml-pdp/resources/config/config.json b/helm/policy/components/policy-xacml-pdp/resources/config/config.json new file mode 100755 index 00000000..af0970c2 --- /dev/null +++ b/helm/policy/components/policy-xacml-pdp/resources/config/config.json @@ -0,0 +1,60 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +{ + "name": "XacmlPdpParameters", + "pdpGroup": "defaultGroup", + "pdpType": "xacml", + "restServerParameters": { + "host": "0.0.0.0", + "port": 6969, + "userName": "${RESTSERVER_USER}", + "password": "${RESTSERVER_PASSWORD}", + "https": false, + "aaf": false, + "prometheus": true + }, + "policyApiParameters": { + "hostname": "policy-api", + "port": 6969, + "userName": "${API_USER}", + "password": "${API_PASSWORD}", + "useHttps": false, + "aaf": false + }, + "applicationParameters": { + "applicationPath": "/opt/app/policy/pdpx/apps" + }, + "topicParameterGroup": { + "topicSources" : [{ + "topic" : "POLICY-PDP-PAP", + "servers" : [ "message-router" ], + "useHttps" : false, + "fetchTimeout" : 15000, + "topicCommInfrastructure" : "dmaap" + }], + "topicSinks" : [{ + "topic" : "POLICY-PDP-PAP", + "servers" : [ "message-router" ], + "useHttps" : false, + "topicCommInfrastructure" : "dmaap" + }] + } +} diff --git a/helm/policy/components/policy-xacml-pdp/resources/config/groups.json b/helm/policy/components/policy-xacml-pdp/resources/config/groups.json new file mode 100644 index 00000000..0a7e5fe3 --- /dev/null +++ b/helm/policy/components/policy-xacml-pdp/resources/config/groups.json @@ -0,0 +1,101 @@ +{ + "groups": [ + { + "name": "defaultGroup", + "version": "1.0.0", + "description": "The default group that registers all supported policy types and pdps.", + "pdpGroupState": "ACTIVE", + "pdpSubgroups": [ + { + "pdpType": "xacml", + "supportedPolicyTypes": [ + { + "name": "onap.policies.controlloop.guard.common.FrequencyLimiter", + "version": "1.0.0" + }, + { + "name": "onap.policies.controlloop.guard.common.MinMax", + "version": "1.0.0" + }, + { + "name": "onap.policies.controlloop.guard.common.Blacklist", + "version": "1.0.0" + }, + { + "name": "onap.policies.controlloop.guard.common.Filter", + "version": "1.0.0" + }, + { + "name": "onap.policies.controlloop.guard.coordination.FirstBlocksSecond", + "version": "1.0.0" + }, + { + "name": "onap.policies.monitoring.*", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.*", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.resource.AffinityPolicy", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.resource.DistancePolicy", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.resource.HpaPolicy", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.resource.OptimizationPolicy", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.resource.PciPolicy", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.service.QueryPolicy", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.service.SubscriberPolicy", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.resource.Vim_fit", + "version": "1.0.0" + }, + { + "name": "onap.policies.optimization.resource.VnfPolicy", + "version": "1.0.0" + }, + { + "name": "onap.policies.native.Xacml", + "version": "1.0.0" + }, + { + "name": "onap.policies.Naming", + "version": "1.0.0" + }, + { + "name": "onap.policies.match.*", + "version": "1.0.0" + } + ], + "currentInstanceCount": 0, + "desiredInstanceCount": 1, + "policies": [ + { + "name": "SDNC_Policy.ONAP_NF_NAMING_TIMESTAMP", + "version": "1.0.0" + } + ] + } + ] + } + ] +} diff --git a/helm/policy/components/policy-xacml-pdp/resources/config/logback.xml b/helm/policy/components/policy-xacml-pdp/resources/config/logback.xml new file mode 100755 index 00000000..d7623c13 --- /dev/null +++ b/helm/policy/components/policy-xacml-pdp/resources/config/logback.xml @@ -0,0 +1,107 @@ +<!-- + ============LICENSE_START======================================================= + Copyright (C) 2023 Nordix Foundation. All rights reserved. + + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + SPDX-License-Identifier: Apache-2.0 + ============LICENSE_END========================================================= +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpx/error.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpx/error.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpx/debug.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpx/debug.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/onap/policy/pdpx/network.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy"> + <fileNamePattern>/var/log/onap/policy/pdpx/network.%d{yyyy-MM-dd}.%i.log.zip + </fileNamePattern> + <maxFileSize>50MB</maxFileSize> + <maxHistory>30</maxHistory> + <totalSizeCap>10GB</totalSizeCap> + </rollingPolicy> + <encoder> + <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> + <encoder> + <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern> + </encoder> + </appender> + + <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="STDOUT" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + <appender-ref ref="AsyncStdOut" /> + </logger> + + <appender name="PromLogback" class="io.prometheus.client.logback.InstrumentedAppender"/> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + <appender-ref ref="AsyncStdOut" /> + <appender-ref ref="PromLogback" /> + </root> + +</configuration> diff --git a/helm/policy/components/policy-xacml-pdp/resources/config/xacml.properties b/helm/policy/components/policy-xacml-pdp/resources/config/xacml.properties new file mode 100755 index 00000000..d2e9c62e --- /dev/null +++ b/helm/policy/components/policy-xacml-pdp/resources/config/xacml.properties @@ -0,0 +1,56 @@ +{{/* +# +# Properties that the embedded PDP engine uses to configure and load +# +# Standard API Factories +# +*/}} +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +# +# ONAP PDP Implementation Factories +# +xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory + +# +# Use a root combining algorithm +# +xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides + +# +# PIP Engine Definitions +# +count-recent-operations.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.CountRecentOperationsPip +count-recent-operations.issuer=urn:org:onap:xacml:guard:count-recent-operations +count-recent-operations.name=CountRecentOperations +count-recent-operations.description=Returns operation counts based on time window +count-recent-operations.persistenceunit=OperationsHistoryPU + +get-operation-outcome.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.GetOperationOutcomePip +get-operation-outcome.issuer=urn:org:onap:xacml:guard:get-operation-outcome +get-operation-outcome.name=GetOperationOutcome +get-operation-outcome.description=Returns operation outcome +get-operation-outcome.persistenceunit=OperationsHistoryPU + +# +# Make pips available to finder +# +xacml.pip.engines=count-recent-operations,get-operation-outcome + +# +# JPA Properties +# +eclipselink.target-database=MySQL +javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver +javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory +javax.persistence.jdbc.user=${SQL_USER} +javax.persistence.jdbc.password=${SQL_PASSWORD} diff --git a/helm/policy/components/policy-xacml-pdp/templates/configmap.yaml b/helm/policy/components/policy-xacml-pdp/templates/configmap.yaml new file mode 100755 index 00000000..a6298018 --- /dev/null +++ b/helm/policy/components/policy-xacml-pdp/templates/configmap.yaml @@ -0,0 +1,38 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Chart.Name }}-configmap + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +{{- with .Files.Glob "resources/config/*store" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{ tpl (.Files.Glob "resources/config/*.{sql,json,properties,xml}").AsConfig . | indent 2 }} diff --git a/helm/policy/components/policy-xacml-pdp/templates/deployment.yaml b/helm/policy/components/policy-xacml-pdp/templates/deployment.yaml new file mode 100755 index 00000000..bdc0a985 --- /dev/null +++ b/helm/policy/components/policy-xacml-pdp/templates/deployment.yaml @@ -0,0 +1,152 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +spec: + selector: + matchLabels: + app: {{ .Chart.Name }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ .Chart.Name }} + release: release + spec: + initContainers: + - command: + - /app/ready.py + args: + - --job-name + - policy-galera-config + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: nexus3.onap.org:10001/onap/oom/readiness:3.0.1 + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ .Chart.Name }}-readiness + - command: + - sh + args: + - -c + - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done" + env: + - name: RESTSERVER_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-creds + key: login + - name: RESTSERVER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-restserver-creds + key: password + - name: API_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-api-creds + key: login + - name: API_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-api-creds + key: password + - name: SQL_USER + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-db-secret + key: login + - name: SQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Chart.Name }}-db-secret + key: password + volumeMounts: + - mountPath: /config-input + name: pdpxconfig + - mountPath: /config + name: pdpxconfig-processed + image: docker.io/dibi/envsubst:1 + imagePullPolicy: {{ .Values.pullPolicy }} + name: {{ .Chart.Name }}-update-config + containers: + - name: {{ .Chart.Name }} + image: {{ .Values.image }} + imagePullPolicy: {{ .Values.pullPolicy }} + command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"] + args: ["/opt/app/policy/pdpx/etc/mounted/config.json"] + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/policy/pdpx/etc/mounted + name: pdpxconfig-processed + resources: +{{ toYaml .Values.resources.small | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 10 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 10 }} + {{- end }} + serviceAccountName: {{ .Chart.Name }}-read + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: pdpxconfig + configMap: + name: {{ .Chart.Name }}-configmap + defaultMode: 0755 + - name: pdpxconfig-processed + emptyDir: + medium: Memory + imagePullSecrets: + - name: "default-docker-registry-key" diff --git a/helm/policy/components/policy-xacml-pdp/templates/role-binding.yaml b/helm/policy/components/policy-xacml-pdp/templates/role-binding.yaml new file mode 100644 index 00000000..5dd6906f --- /dev/null +++ b/helm/policy/components/policy-xacml-pdp/templates/role-binding.yaml @@ -0,0 +1,32 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: rbac.authorization.k8s.io/v1 +# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace. +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-read + namespace: default +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }}-read +roleRef: + kind: Role + name: read + apiGroup: rbac.authorization.k8s.io
\ No newline at end of file diff --git a/helm/policy/components/policy-xacml-pdp/templates/secrets.yaml b/helm/policy/components/policy-xacml-pdp/templates/secrets.yaml new file mode 100755 index 00000000..93cdee74 --- /dev/null +++ b/helm/policy/components/policy-xacml-pdp/templates/secrets.yaml @@ -0,0 +1,65 @@ +{{/* +# Copyright © 2023 Nordix Foundation. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-db-secret + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.db.user }} + password: {{ .Values.db.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-restserver-creds + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.restServer.user }} + password: {{ .Values.restServer.password }} + +--- + +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Chart.Name }}-api-creds + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +type: Opaque +stringData: + login: {{ .Values.apiServer.user }} + password: {{ .Values.apiServer.password }} + diff --git a/helm/policy/components/policy-xacml-pdp/templates/service-account.yaml b/helm/policy/components/policy-xacml-pdp/templates/service-account.yaml new file mode 100644 index 00000000..d75d9a91 --- /dev/null +++ b/helm/policy/components/policy-xacml-pdp/templates/service-account.yaml @@ -0,0 +1,24 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }}-read
\ No newline at end of file diff --git a/helm/policy/components/policy-xacml-pdp/templates/service.yaml b/helm/policy/components/policy-xacml-pdp/templates/service.yaml new file mode 100755 index 00000000..e4316a22 --- /dev/null +++ b/helm/policy/components/policy-xacml-pdp/templates/service.yaml @@ -0,0 +1,39 @@ +{{/* +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= +*/}} + +apiVersion: v1 +kind: Service +metadata: + name: {{ .Chart.Name }} + namespace: default + labels: + app: {{ .Chart.Name }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: release + heritage: Helm +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + selector: + app: {{ .Chart.Name }} + release: release diff --git a/helm/policy/components/policy-xacml-pdp/values.yaml b/helm/policy/components/policy-xacml-pdp/values.yaml new file mode 100644 index 00000000..44845835 --- /dev/null +++ b/helm/policy/components/policy-xacml-pdp/values.yaml @@ -0,0 +1,121 @@ +# ============LICENSE_START======================================================= +# Copyright (C) 2023 Nordix Foundation. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +################################################################# +# Global configuration defaults. +################################################################# +global: + persistence: {} + aafEnabled: false + +################################################################# +# Secrets metaconfig +################################################################# +secrets: + - uid: db-secret + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}' + login: '{{ .Values.db.user }}' + password: '{{ .Values.db.password }}' + passwordPolicy: required + - uid: restserver-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}' + login: '{{ .Values.restServer.user }}' + password: '{{ .Values.restServer.password }}' + passwordPolicy: required + - uid: api-creds + type: basicAuth + externalSecret: '{{ tpl (default "" .Values.apiServer.credsExternalSecret) . }}' + login: '{{ .Values.apiServer.user }}' + password: '{{ .Values.apiServer.password }}' + passwordPolicy: required + + +################################################################# +# Application configuration defaults. +################################################################# +# application image +image: nexus3.onap.org:10001/onap/policy-xacml-pdp:2.8-SNAPSHOT-latest +pullPolicy: Always + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration + +db: + user: policy-user + password: policy-user + service: + name: mariadb-galera + internalPort: 3306 + +restServer: + user: policyadmin + password: zb!XztG34 + +apiServer: + user: policyadmin + password: zb!XztG34 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 20 + periodSeconds: 10 + +service: + type: ClusterIP + name: policy-xacml-pdp + portName: http + externalPort: 6969 + internalPort: 6969 + +ingress: + enabled: false + +flavor: small +resources: + small: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 100m + memory: 1Gi + unlimited: {} + +#Pods Service Account +serviceAccount: + nameOverride: policy-xacml-pdp + roles: + - read diff --git a/helm/policy/values.yaml b/helm/policy/values.yaml index 6dfced08..4e8b30f0 100755 --- a/helm/policy/values.yaml +++ b/helm/policy/values.yaml @@ -1,4 +1,4 @@ -# Copyright © 2022 Nordix Foundation +# Copyright © 2022-2023 Nordix Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -45,6 +45,10 @@ policy-apex-pdp: enabled: true policy-clamp-ac-pf-ppnt: enabled: true +policy-drools-pdp: + enabled: true +policy-xacml-pdp: + enabled: true ################################################################# diff --git a/helm/run-test.sh b/helm/run-test.sh index d40bb585..9dde50df 100755 --- a/helm/run-test.sh +++ b/helm/run-test.sh @@ -30,14 +30,21 @@ export POLICY_PAP_IP=policy-pap export APEX_IP=policy-apex-pdp export DMAAP_IP=message-router export SIM_IP=message-router +export POLICY_PDPX_IP=policy-xacml-pdp +export POLICY_PDPX_PORT=6969 export ROBOT_VARIABLES= ROBOT_VARIABLES="-v DATA:$DATA -v NODETEMPLATES:$NODETEMPLATES -v POLICY_RUNTIME_ACM_IP:$POLICY_RUNTIME_ACM_IP -v POLICY_API_IP:$POLICY_API_IP --v POLICY_PAP_IP:$POLICY_PAP_IP -v APEX_IP:$APEX_IP -v DMAAP_IP:$DMAAP_IP -v SIM_IP:$SIM_IP" +-v POLICY_PAP_IP:$POLICY_PAP_IP -v APEX_IP:$APEX_IP -v DMAAP_IP:$DMAAP_IP -v SIM_IP:$SIM_IP -v POLICY_PDPX_IP:$POLICY_PDPX_IP" echo "Run Robot test" echo ROBOT_VARIABLES="${ROBOT_VARIABLES}" echo "Starting Robot test suites ..." + +if [ $1 == "xacml-pdp-test.robot" ]; then + echo "Waiting for Xacml application to start" + ./data/wait_for_rest.sh policy-xacml-pdp "${POLICY_PDPX_PORT}" +fi python3 -m robot.run -d /tmp/ $ROBOT_VARIABLES $1 RESULT=$? echo "RESULT: ${RESULT}" diff --git a/helm/tests/data/wait_for_rest.sh b/helm/tests/data/wait_for_rest.sh new file mode 100755 index 00000000..a64c3063 --- /dev/null +++ b/helm/tests/data/wait_for_rest.sh @@ -0,0 +1,77 @@ +#!/bin/sh +# ============LICENSE_START==================================================== +# Copyright (C) 2023 Nordix Foundation. +# ============================================================================= +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END====================================================== +usage() { + echo args: [-t timeout] [-c command] hostname1 port1 hostname2 port2 ... >&2 + exit 1 +} +tmout=300 +cmd= +while getopts c:t: opt +do + case "$opt" in + c) + cmd="$OPTARG" + ;; + t) + tmout="$OPTARG" + ;; + *) + usage + ;; + esac +done +nargs=$((OPTIND-1)) +shift "$nargs" +even_args=$(($#%2)) +if [ $# -lt 2 ] || [ "$even_args" -ne 0 ] +then + usage +fi +while [ $# -ge 2 ] +do + export host="$1" + export port="$2" + shift + shift + echo "Waiting for REST to come up on $host port $port..." + while [ "$tmout" -gt 0 ] + do + if command -v docker > /dev/null 2>&1 + then + docker ps --format "table {{ .Names }}\t{{ .Status }}" + fi + curl "http://$host:$port" > /dev/null 2>&1 + rc=$? + if [ $rc -eq 0 ] + then + break + else + tmout=$((tmout-1)) + sleep 1 + fi + done + if [ $rc -ne 0 ] + then + echo "$host port $port REST cannot be detected" + exit $rc + fi +done +$cmd +exit 0 + diff --git a/helm/tests/xacml-pdp-test.robot b/helm/tests/xacml-pdp-test.robot deleted file mode 100644 index 2ae52a7e..00000000 --- a/helm/tests/xacml-pdp-test.robot +++ /dev/null @@ -1,150 +0,0 @@ -*** Settings *** -Library Collections -Library RequestsLibrary -Library OperatingSystem -Library Process -Library json -Resource common-library.robot - -*** Test Cases *** -Healthcheck - [Documentation] Verify policy xacml-pdp health check - ${resp}= PdpxGetReq /policy/pdpx/v1/healthcheck - Should Be Equal As Strings ${resp.json()['code']} 200 - -Statistics - [Documentation] Verify policy xacml-pdp statistics - ${resp}= PdpxGetReq /policy/pdpx/v1/statistics - Should Be Equal As Strings ${resp.json()['code']} 200 - -Metrics - [Documentation] Verify policy-xacml-pdp is exporting prometheus metrics - ${resp}= PdpxGetReq /metrics - Should Contain ${resp.text} jvm_threads_current - -MakeTopics - [Documentation] Creates the Policy topics - ${result}= Run Process ${SCR_DMAAP}/make_topic.sh POLICY-PDP-PAP - Should Be Equal As Integers ${result.rc} 0 - -ExecuteXacmlPolicy - CreateMonitorPolicy - CreateOptimizationPolicy - Wait Until Keyword Succeeds 1 min 15 sec GetDefaultDecision - DeployPolicies - Wait Until Keyword Succeeds 1 min 15 sec GetStatisticsAfterDeployed - Wait Until Keyword Succeeds 1 min 15 sec GetAbbreviatedDecisionResult - Wait Until Keyword Succeeds 1 min 15 sec GetMonitoringDecision - Wait Until Keyword Succeeds 1 min 15 sec GetNamingDecision - Wait Until Keyword Succeeds 1 min 15 sec GetOptimizationDecision - Wait Until Keyword Succeeds 1 min 15 sec GetStatisticsAfterDecision - UndeployMonitorPolicy - Wait Until Keyword Succeeds 1 min 15 sec GetStatisticsAfterUndeploy - -*** Keywords *** - -CreateMonitorPolicy - [Documentation] Create a Monitoring policy - ${postjson}= Get file ${DATA2}/vCPE.policy.monitoring.input.tosca.json - CreatePolicy /policy/api/v1/policytypes/onap.policies.monitoring.tcagen2/versions/1.0.0/policies 200 ${postjson} onap.restart.tca 1.0.0 - -CreateOptimizationPolicy - [Documentation] Create an Optimization policy - ${postjson}= Get file ${DATA2}/vCPE.policies.optimization.input.tosca.json - CreatePolicy /policy/api/v1/policytypes/onap.policies.optimization.resource.AffinityPolicy/versions/1.0.0/policies 200 ${postjson} OSDF_CASABLANCA.Affinity_Default 1.0.0 - -GetDefaultDecision - [Documentation] Get Default Decision with no policies in Xacml PDP - ${postjson}= Get file ${CURDIR}/data/onap.policy.guard.decision.request.json - ${resp}= DecisionPostReq ${postjson} abbrev=true - ${status}= Get From Dictionary ${resp.json()} status - Should Be Equal As Strings ${status} Permit - -DeployPolicies - [Documentation] Runs Policy PAP to deploy a policy - ${postjson}= Get file ${CURDIR}/data/vCPE.policy.input.tosca.deploy.json - ${policyadmin}= PolicyAdminAuth - PerformPostRequest ${POLICY_PAP_IP} /policy/pap/v1/pdps/policies 202 ${postjson} null ${policyadmin} - ${result}= Run Process ${SCR_DMAAP}/wait_topic.sh POLICY-PDP-PAP - ... responseTo xacml ACTIVE onap.restart.tca - Should Be Equal As Integers ${result.rc} 0 - -GetStatisticsAfterDeployed - [Documentation] Verify policy xacml-pdp statistics after policy is deployed - ${resp}= PdpxGetReq /policy/pdpx/v1/statistics - Should Be Equal As Strings ${resp.json()['code']} 200 - Should Be Equal As Strings ${resp.json()['totalPoliciesCount']} 3 - -GetAbbreviatedDecisionResult - [Documentation] Get Decision with abbreviated results from Policy Xacml PDP - ${postjson}= Get file ${CURDIR}/data/onap.policy.monitoring.decision.request.json - ${resp}= DecisionPostReq ${postjson} abbrev=true - ${policy}= Get From Dictionary ${resp.json()['policies']} onap.restart.tca - Dictionary Should Contain Key ${policy} type - Dictionary Should Contain Key ${policy} metadata - Dictionary Should Not Contain Key ${policy} type_version - Dictionary Should Not Contain Key ${policy} properties - Dictionary Should Not Contain Key ${policy} name - Dictionary Should Not Contain Key ${policy} version - -GetMonitoringDecision - [Documentation] Get Decision from Monitoring Policy Xacml PDP - ${postjson}= Get file ${CURDIR}/data/onap.policy.monitoring.decision.request.json - ${resp}= DecisionPostReq ${postjson} null - ${policy}= Get From Dictionary ${resp.json()['policies']} onap.restart.tca - Dictionary Should Contain Key ${policy} type - Dictionary Should Contain Key ${policy} metadata - Dictionary Should Contain Key ${policy} type_version - Dictionary Should Contain Key ${policy} properties - Dictionary Should Contain Key ${policy} name - Dictionary Should Contain Key ${policy} version - -GetNamingDecision - [Documentation] Get Decision from Naming Policy Xacml PDP - ${postjson}= Get file ${CURDIR}/data/onap.policy.naming.decision.request.json - ${resp}= DecisionPostReq ${postjson} null - ${policy}= Get From Dictionary ${resp.json()['policies']} SDNC_Policy.ONAP_NF_NAMING_TIMESTAMP - Dictionary Should Contain Key ${policy} type - Dictionary Should Contain Key ${policy} type_version - Dictionary Should Contain Key ${policy} properties - Dictionary Should Contain Key ${policy} name - -GetOptimizationDecision - [Documentation] Get Decision from Optimization Policy Xacml PDP - ${postjson}= Get file ${CURDIR}/data/onap.policy.optimization.decision.request.json - ${resp}= DecisionPostReq ${postjson} null - ${policy}= Get From Dictionary ${resp.json()['policies']} OSDF_CASABLANCA.Affinity_Default - Dictionary Should Contain Key ${policy} type - Dictionary Should Contain Key ${policy} type_version - Dictionary Should Contain Key ${policy} properties - Dictionary Should Contain Key ${policy} name - -GetStatisticsAfterDecision - [Documentation] Runs Policy Xacml PDP Statistics after Decision request - ${resp}= PdpxGetReq /policy/pdpx/v1/statistics - Should Be Equal As Strings ${resp.json()['code']} 200 - Should Be Equal As Strings ${resp.json()['permitDecisionsCount']} 4 - Should Be Equal As Strings ${resp.json()['notApplicableDecisionsCount']} 1 - -UndeployMonitorPolicy - [Documentation] Runs Policy PAP to undeploy a policy - ${policyadmin}= PolicyAdminAuth - PerformDeleteRequest ${POLICY_PAP_IP} /policy/pap/v1/pdps/policies/onap.restart.tca 202 ${policyadmin} - -GetStatisticsAfterUndeploy - [Documentation] Runs Policy Xacml PDP Statistics after policy is undeployed - ${resp}= PdpxGetReq /policy/pdpx/v1/statistics - Should Be Equal As Strings ${resp.json()['code']} 200 - Should Be Equal As Strings ${resp.json()['totalPoliciesCount']} 2 - -PdpxGetReq - [Arguments] ${url} - ${hcauth}= HealthCheckAuth - ${resp}= PerformGetRequest ${POLICY_PDPX_IP} ${url} 200 null ${hcauth} - [return] ${resp} - -DecisionPostReq - [Arguments] ${postjson} ${abbr} - ${hcauth}= HealthCheckAuth - ${resp}= PerformPostRequest ${POLICY_PDPX_IP} /policy/pdpx/v1/decision 200 ${postjson} ${abbr} ${hcauth} - [return] ${resp} |