summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJorge Hernandez <jh1730@att.com>2017-09-28 15:27:50 +0000
committerGerrit Code Review <gerrit@onap.org>2017-09-28 15:27:50 +0000
commit400ca9b5ebb98c42c0c497d917f3cf139b03888a (patch)
treedfd8375bbb43d97242a643527849f8af3b6b3c5f
parent6700a793821cebcafe28b124b49dcabff0eb4caa (diff)
parent1f651c480d4dd3922e1c05461f7d901c47293c4a (diff)
Merge "Add missing auth headers to guard request"
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java17
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java446
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java40
-rw-r--r--controlloop/common/simulators/pom.xml6
-rw-r--r--controlloop/common/simulators/src/test/java/org/onap/policy/simulators/GuardSimulatorTest.java16
-rw-r--r--controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl3
-rw-r--r--controlloop/templates/template.demo/src/main/resources/ControlLoop_Template_xacml_guard.drl1
-rw-r--r--controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/ControlLoopXacmlGuardTest.java3
-rw-r--r--controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/Util.java8
9 files changed, 417 insertions, 123 deletions
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java
index 87f43d701..d81aaa40c 100644
--- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java
@@ -42,9 +42,10 @@ public class CallGuardTask implements Runnable {
String target;
String requestId;
- public CallGuardTask(String guardUrl, WorkingMemory wm, String cl, String act, String rec, String tar, String reqId) {
-
- restfulPdpUrl = guardUrl;
+ /*
+ * Guard url is grabbed from PolicyEngine.manager properties
+ */
+ public CallGuardTask(WorkingMemory wm, String cl, String act, String rec, String tar, String reqId) {
workingMemory = wm;
clname = cl;
actor = act;
@@ -71,15 +72,13 @@ public class CallGuardTask implements Runnable {
logger.debug("{}", request);
logger.debug("********** XACML REQUEST END ********\n");
- String guardUrl = PolicyEngine.manager.getEnvironmentProperty("guard.url");
+ String guardUrl = PolicyEngine.manager.getEnvironmentProperty(Util.PROP_GUARD_URL);
String guardDecision = null;
//
- // Check if guard url property exists
+ // Make guard request
//
- if(guardUrl != null){
- guardDecision = PolicyGuardXacmlHelper.callPDP(guardUrl, xacmlReq);
- }
+ guardDecision = new PolicyGuardXacmlHelper().callPDP(xacmlReq);
logger.debug("\n********** XACML RESPONSE START ********");
logger.debug("{}", guardDecision);
@@ -90,7 +89,7 @@ public class CallGuardTask implements Runnable {
//
if(guardDecision == null){
logger.error("********** XACML FAILED TO CONNECT ********");
- guardDecision = "Indeterminate";
+ guardDecision = Util.INDETERMINATE;
}
PolicyGuardResponse guardResponse = new PolicyGuardResponse(guardDecision, UUID.fromString(this.requestId), this.recipe);
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java
index 826f05652..f5a93d8be 100644
--- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java
@@ -25,14 +25,19 @@ import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
+import java.io.Serializable;
import java.net.HttpURLConnection;
import java.net.URL;
+import java.util.ArrayList;
+import java.util.Base64;
import java.util.Iterator;
+import java.util.Properties;
import java.util.UUID;
import org.apache.commons.io.IOUtils;
import org.apache.http.entity.ContentType;
import org.json.JSONObject;
+import org.onap.policy.drools.system.PolicyEngine;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -43,49 +48,86 @@ import com.att.research.xacml.api.Result;
public class PolicyGuardXacmlHelper {
-
- private static final Logger logger = LoggerFactory.getLogger(PolicyGuardXacmlHelper.class);
- public static String callPDP(String restfulPdpUrl, PolicyGuardXacmlRequestAttributes xacmlReq) {
+ private static final Logger logger = LoggerFactory
+ .getLogger(PolicyGuardXacmlHelper.class);
+
+ public PolicyGuardXacmlHelper() {
+ init(PolicyEngine.manager.getEnvironment());
+ }
+
+ // initialized from 'pdpx.url' property --
+ // Each entry in 'restUrls' contains a destination URL, and an optional
+ // 'Authorization' header entry. 'restUrlIndex' indicates the next
+ // entry to try -- after each failure, the index is advanced to the
+ // next entry (wrapping to the beginning, if needed).
+ static private class URLEntry implements Serializable {
+ URL restURL;
+ String authorization = null;
+ String clientAuth = null;
+ String environment = null;
+ };
+
+ private URLEntry[] restUrls = null;
+ private int restUrlIndex = 0;
+
+ // REST timeout, initialized from 'pdpx.timeout' property
+ private int timeout = 20000;
+
+
+ // initialized from 'guard.disabled', but may also be set to 'true' if
+ // there is an initialization error
+ private boolean disabled = false;
+
+ // errors that forced 'disabled' to be set to 'true'
+ private String errorMessage = null;
+
+ public String callPDP(PolicyGuardXacmlRequestAttributes xacmlReq) {
//
// Send it to the PDP
//
-// com.att.research.xacml.api.Response response = null;
String response = null;
-
+
+ //
+ // Build the json request
+ //
JSONObject attributes = new JSONObject();
attributes.put("actor", xacmlReq.getActor_id());
attributes.put("recipe", xacmlReq.getOperation_id());
attributes.put("target", xacmlReq.getTarget_id());
- if (xacmlReq.getClname_id() != null){
+ if (xacmlReq.getClname_id() != null) {
attributes.put("clname", xacmlReq.getClname_id());
}
JSONObject jsonReq = new JSONObject();
jsonReq.put("decisionAttributes", attributes);
jsonReq.put("onapName", "PDPD");
-
+
+ URLEntry urlEntry = restUrls[restUrlIndex];
+
try {
//
// Call RESTful PDP
//
- response = callRESTfulPDP(new ByteArrayInputStream(jsonReq.toString().getBytes()), new URL(restfulPdpUrl/*"https://localhost:8443/pdp/"*/));
+ response = callRESTfulPDP(new ByteArrayInputStream(jsonReq
+ .toString().getBytes()), urlEntry.restURL,
+ urlEntry.authorization, urlEntry.clientAuth,
+ urlEntry.environment);
} catch (Exception e) {
logger.error("Error in sending RESTful request: ", e);
}
-
-
+
return response;
}
-
-
+
/**
- * This makes an HTTP POST call to a running PDP RESTful servlet to get a decision.
+ * This makes an HTTP POST call to a running PDP RESTful servlet to get a
+ * decision.
*
* @param file
* @return response from guard which contains "Permit" or "Deny"
*/
- private static String callRESTfulPDP(InputStream is, URL restURL) {
-// com.att.research.xacml.api.Response response = null;
+ private String callRESTfulPDP(InputStream is, URL restURL,
+ String authorization, String clientauth, String environment) {
String response = null;
String rawDecision = null;
HttpURLConnection connection = null;
@@ -99,16 +141,28 @@ public class PolicyGuardXacmlHelper {
//
// Setup our method and headers
//
- connection.setRequestMethod("POST");
- connection.setUseCaches(false);
- //
- // Adding this in. It seems the HttpUrlConnection class does NOT
- // properly forward our headers for POST re-direction. It does so
- // for a GET re-direction.
- //
- // So we need to handle this ourselves.
- //
- connection.setInstanceFollowRedirects(false);
+ connection.setRequestProperty("Accept", "application/json");
+ if (authorization != null) {
+ connection.setRequestProperty("Authorization", authorization);
+ }
+ if (clientauth != null) {
+ connection.setRequestProperty("ClientAuth", clientauth);
+ }
+ if (environment != null) {
+ connection.setRequestProperty("Environment", environment);
+ }
+ connection.setConnectTimeout(timeout);
+ connection.setReadTimeout(timeout);
+ connection.setRequestMethod("POST");
+ connection.setUseCaches(false);
+ //
+ // Adding this in. It seems the HttpUrlConnection class does NOT
+ // properly forward our headers for POST re-direction. It does so
+ // for a GET re-direction.
+ //
+ // So we need to handle this ourselves.
+ //
+ connection.setInstanceFollowRedirects(false);
connection.setDoOutput(true);
connection.setDoInput(true);
//
@@ -117,115 +171,291 @@ public class PolicyGuardXacmlHelper {
try (OutputStream os = connection.getOutputStream()) {
IOUtils.copy(is, os);
}
- //
- // Do the connect
- //
- connection.connect();
- if (connection.getResponseCode() == 200) {
- //
- // Read the response
- //
- ContentType contentType = null;
- try {
- contentType = ContentType.parse(connection.getContentType());
-
- if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_JSON.getMimeType())) {
- InputStream iStream = connection.getInputStream();
- int contentLength = connection.getContentLength();
-
- // if content length is -1, respose is chunked, and
- // TCP connection will be dropped at the end
- byte[] buf =
- new byte[contentLength < 0 ? 1024 : contentLength];
- int offset = 0;
- for ( ; ; )
- {
- if (offset == contentLength)
- {
- // all expected bytes have been read
- response = new String(buf);
- break;
+ //
+ // Do the connect
+ //
+ connection.connect();
+ if (connection.getResponseCode() == 200) {
+ //
+ // Read the response
+ //
+ ContentType contentType = null;
+ try {
+ contentType = ContentType
+ .parse(connection.getContentType());
+
+ if (contentType.getMimeType().equalsIgnoreCase(
+ ContentType.APPLICATION_JSON.getMimeType())) {
+ InputStream iStream = connection.getInputStream();
+ int contentLength = connection.getContentLength();
+
+ // if content length is -1, respose is chunked, and
+ // TCP connection will be dropped at the end
+ byte[] buf = new byte[contentLength < 0 ? 1024
+ : contentLength];
+ int offset = 0;
+ for (;;) {
+ if (offset == contentLength) {
+ // all expected bytes have been read
+ response = new String(buf);
+ break;
}
- int size = iStream.read(buf, offset,
- buf.length - offset);
- if (size < 0)
- {
- if (contentLength > 0)
- {
- logger.error("partial input stream");
- }
- else
- {
- // chunked response --
- // dropped connection is expected
- response = new String(buf, 0, offset);
+ int size = iStream.read(buf, offset, buf.length
+ - offset);
+ if (size < 0) {
+ if (contentLength > 0) {
+ logger.error("partial input stream");
+ } else {
+ // chunked response --
+ // dropped connection is expected
+ response = new String(buf, 0, offset);
}
- break;
+ break;
}
- offset += size;
+ offset += size;
}
- } else {
- logger.error("unknown content-type: " + contentType);
- }
+ } else {
+ logger.error("unknown content-type: " + contentType);
+ }
- } catch (Exception e) {
- String message = "Parsing Content-Type: " + connection.getContentType();
+ } catch (Exception e) {
+ String message = "Parsing Content-Type: "
+ + connection.getContentType();
logger.error(message, e);
- }
+ }
- } else {
- logger.error(connection.getResponseCode() + " " + connection.getResponseMessage());
- }
+ } else {
+ logger.error(connection.getResponseCode() + " "
+ + connection.getResponseMessage());
+ }
} catch (Exception e) {
- logger.error("Exception in 'PolicyGuardXacmlHelper.callRESTfulPDP'", e);
+ logger.error(
+ "Exception in 'PolicyGuardXacmlHelper.callRESTfulPDP'", e);
+ //
+ // Connection may have failed, return Indeterminate
+ //
+ if(response == null || "".equals(response)){
+ return Util.INDETERMINATE;
+ }
}
rawDecision = new JSONObject(response).getString("decision");
-
+
return rawDecision;
}
-
-
- public static PolicyGuardResponse ParseXacmlPdpResponse(com.att.research.xacml.api.Response xacmlResponse){
-
- if(xacmlResponse == null){
-
+
+ public static PolicyGuardResponse ParseXacmlPdpResponse(
+ com.att.research.xacml.api.Response xacmlResponse) {
+
+ if (xacmlResponse == null) {
+
//
- //In case the actual XACML response was null, create an empty response object with decision "Indeterminate"
+ // In case the actual XACML response was null, create an empty
+ // response object with decision "Indeterminate"
//
return new PolicyGuardResponse("Indeterminate", null, "");
}
-
+
Iterator<Result> it_res = xacmlResponse.getResults().iterator();
-
- Result res = it_res.next();
+
+ Result res = it_res.next();
String decision_from_xacml_response = res.getDecision().toString();
- Iterator<AttributeCategory> it_attr_cat = res.getAttributes().iterator();
+ Iterator<AttributeCategory> it_attr_cat = res.getAttributes()
+ .iterator();
UUID req_id_from_xacml_response = null;
String operation_from_xacml_response = "";
-
- while(it_attr_cat.hasNext()){
- Iterator<Attribute> it_attr = it_attr_cat.next().getAttributes().iterator();
- while(it_attr.hasNext()){
+
+ while (it_attr_cat.hasNext()) {
+ Iterator<Attribute> it_attr = it_attr_cat.next().getAttributes()
+ .iterator();
+ while (it_attr.hasNext()) {
Attribute current_attr = it_attr.next();
String s = current_attr.getAttributeId().stringValue();
- if(s.equals("urn:oasis:names:tc:xacml:1.0:request:request-id")){
- Iterator<AttributeValue<?>> it_values = current_attr.getValues().iterator();
- req_id_from_xacml_response = UUID.fromString(it_values.next().getValue().toString());
+ if ("urn:oasis:names:tc:xacml:1.0:request:request-id".equals(s)) {
+ Iterator<AttributeValue<?>> it_values = current_attr
+ .getValues().iterator();
+ req_id_from_xacml_response = UUID.fromString(it_values
+ .next().getValue().toString());
}
- if(s.equals("urn:oasis:names:tc:xacml:1.0:operation:operation-id")){
- Iterator<AttributeValue<?>> it_values = current_attr.getValues().iterator();
- operation_from_xacml_response = it_values.next().getValue().toString();
+ if ("urn:oasis:names:tc:xacml:1.0:operation:operation-id"
+ .equals(s)) {
+ Iterator<AttributeValue<?>> it_values = current_attr
+ .getValues().iterator();
+ operation_from_xacml_response = it_values.next().getValue()
+ .toString();
}
-
+
}
}
-
-
- return new PolicyGuardResponse(decision_from_xacml_response, req_id_from_xacml_response, operation_from_xacml_response);
-
+
+ return new PolicyGuardResponse(decision_from_xacml_response,
+ req_id_from_xacml_response, operation_from_xacml_response);
+
+ }
+
+ private void init(Properties properties) {
+ // used to store error messages
+ StringBuilder sb = new StringBuilder();
+
+ // fetch these parameters, if they exist
+ String timeoutString = properties.getProperty("pdpx.timeout");
+ String disabledString = properties.getProperty("guard.disabled");
+
+ if (disabledString != null) {
+ // decode optional 'guard.disabled' parameter
+ disabled = new Boolean(disabledString);
+ if (disabled) {
+ // skip everything else
+ return;
+ }
+ }
+
+ /*
+ * Decode 'pdpx.*' parameters
+ */
+
+ // first, the default parameters
+ String defaultUser = properties.getProperty("pdpx.username");
+ String defaultPassword = properties
+ .getProperty("pdpx.password");
+ String defaultClientUser = properties
+ .getProperty("pdpx.client.username");
+ String defaultClientPassword = properties
+ .getProperty("pdpx.client.password");
+ String defaultEnvironment = properties
+ .getProperty("pdpx.environment");
+
+ // now, see which numeric entries (1-9) exist
+ ArrayList<URLEntry> entries = new ArrayList<>();
+
+ for (int index = 0; index < 10; index += 1) {
+ String urlPrefix = "guard.";
+ String pdpxPrefix = "pdpx.";
+ if (index != 0) {
+ urlPrefix = urlPrefix + index + ".";
+ }
+
+ // see if the associated URL exists
+ String restURLlist = properties.getProperty(urlPrefix + "url");
+ if (nullOrEmpty(restURLlist)) {
+ // no entry for this index
+ continue;
+ }
+
+ // support a list of entries separated by semicolons. Each entry
+ // can be:
+ // URL
+ // URL,user
+ // URL,user,password
+ for (String restURL : restURLlist.split("\\s*;\\s*")) {
+ String[] segments = restURL.split("\\s*,\\s*");
+ String user = null;
+ String password = null;
+
+ if (segments.length >= 2) {
+ // user id is provided
+ restURL = segments[0];
+ user = segments[1];
+ if (segments.length >= 3) {
+ // password is also provided
+ password = segments[2];
+ }
+ }
+
+ // URL does exist -- create the entry
+ URLEntry urlEntry = new URLEntry();
+ try {
+ urlEntry.restURL = new URL(restURL);
+ } catch (java.net.MalformedURLException e) {
+ // if we don't have a URL,
+ // don't bother with the rest on this one
+ sb.append("'").append(urlPrefix).append("url' '")
+ .append(restURL).append("': ").append(e)
+ .append(",");
+ continue;
+ }
+
+ if (nullOrEmpty(user)) {
+ // user id was not provided on '*.url' line --
+ // extract it from a separate property
+ user = properties.getProperty(pdpxPrefix + "username", defaultUser);
+ }
+ if (nullOrEmpty(password)) {
+ // password was not provided on '*.url' line --
+ // extract it from a separate property
+ password = properties.getProperty(pdpxPrefix + "password",
+ defaultPassword);
+ }
+
+ // see if 'user' and 'password' entries both exist
+ if (!nullOrEmpty(user) && !nullOrEmpty(password)) {
+ urlEntry.authorization = "Basic "
+ + Base64.getEncoder().encodeToString(
+ (user + ":" + password).getBytes());
+ }
+
+ // see if 'client.user' and 'client.password' entries both exist
+ String clientUser = properties.getProperty(pdpxPrefix
+ + "client.username", defaultClientUser);
+ String clientPassword = properties.getProperty(pdpxPrefix
+ + "client.password", defaultClientPassword);
+ if (!nullOrEmpty(clientUser) && !nullOrEmpty(clientPassword)) {
+ urlEntry.clientAuth = "Basic "
+ + Base64.getEncoder().encodeToString(
+ (clientUser + ":" + clientPassword)
+ .getBytes());
+ }
+
+ // see if there is an 'environment' entry
+ String environment = properties.getProperty(pdpxPrefix
+ + "environment", defaultEnvironment);
+ if (!nullOrEmpty(environment)) {
+ urlEntry.environment = environment;
+ }
+
+ // include this URLEntry in the list
+ entries.add(urlEntry);
+ }
+ }
+
+ if (entries.size() == 0) {
+ sb.append("'pdpx.*' -- no URLs specified, ");
+ } else {
+ restUrls = entries.toArray(new URLEntry[0]);
+ }
+
+ if (timeoutString != null) {
+ try {
+ // decode optional 'pdpx.timeout' parameter
+ timeout = Integer.valueOf(timeoutString);
+ } catch (NumberFormatException e) {
+ sb.append("'pdpx.timeout': " + e + ", ");
+ logger.trace(e.getLocalizedMessage());
+ }
+ }
+
+
+ // if there are any errors, update 'errorMessage' & disable guard
+ // queries
+ if (sb.length() != 0) {
+ // remove the terminating ", ", and extract resulting error message
+ sb.setLength(sb.length() - 2);
+ errorMessage = sb.toString();
+ disabled = true;
+ logger.error("Initialization failure: " + errorMessage);
+ }
+ }
+
+ /**
+ * Check if a string is null or an empty string
+ *
+ * @param value
+ * the string to be tested
+ * @return 'true' if the string is 'null' or has a length of 0, 'false'
+ * otherwise
+ */
+ static private boolean nullOrEmpty(String value) {
+ return (value == null || value.isEmpty());
}
-
-
-
+
}
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java
index b594aff0a..f572cd7fa 100644
--- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java
@@ -31,12 +31,31 @@ import java.nio.charset.StandardCharsets;
import org.apache.commons.io.IOUtils;
import org.onap.policy.controlloop.policy.ControlLoopPolicy;
import org.onap.policy.controlloop.policy.guard.ControlLoopGuard;
+import org.onap.policy.drools.system.PolicyEngine;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.Constructor;
public final class Util {
+
+ /*
+ * Keys for guard properties
+ */
+ public static final String PROP_GUARD_URL = "guard.url";
+ public static final String PROP_GUARD_USER = "pdpx.username";
+ public static final String PROP_GUARD_PASS = "pdpx.password";
+ public static final String PROP_GUARD_CLIENT_USER = "pdpx.client.username";
+ public static final String PROP_GUARD_CLIENT_PASS = "pdpx.client.password";
+ public static final String PROP_GUARD_ENV = "pdpx.environment";
+
+ /*
+ * Guard responses
+ */
+ public static final String INDETERMINATE = "Indeterminate";
+ public static final String PERMIT = "Permit";
+ public static final String DENY = "Deny";
+
private static final Logger logger = LoggerFactory.getLogger(Util.class);
public static class Pair<A, B> {
@@ -83,5 +102,26 @@ public final class Util {
}
return null;
}
+
+ /**
+ * Sets Guard Properties.
+ *
+ * @see /guard/src/test/java/org/onap/policy/guard/UtilTest.java
+ * for setting test properties
+ */
+ public static void setGuardEnvProps(String url, String username, String password, String clientName, String clientPassword, String environment){
+ PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_URL, url);
+ PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_USER, username);
+ PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_PASS, password);
+ PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_CLIENT_USER, clientName);
+ PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_CLIENT_PASS, clientPassword);
+ PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_ENV, environment);
+ }
+ public static void setGuardEnvProp(String key, String value){
+ PolicyEngine.manager.setEnvironmentProperty(key, value);
+ }
+ public static String getGuardProp(String propName){
+ return PolicyEngine.manager.getEnvironmentProperty(propName);
+ }
}
diff --git a/controlloop/common/simulators/pom.xml b/controlloop/common/simulators/pom.xml
index 952d9b687..7ee811f0d 100644
--- a/controlloop/common/simulators/pom.xml
+++ b/controlloop/common/simulators/pom.xml
@@ -69,6 +69,12 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>org.onap.policy.drools-pdp</groupId>
+ <artifactId>policy-management</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
<version>2.5</version>
diff --git a/controlloop/common/simulators/src/test/java/org/onap/policy/simulators/GuardSimulatorTest.java b/controlloop/common/simulators/src/test/java/org/onap/policy/simulators/GuardSimulatorTest.java
index 41dc28875..696e2a60d 100644
--- a/controlloop/common/simulators/src/test/java/org/onap/policy/simulators/GuardSimulatorTest.java
+++ b/controlloop/common/simulators/src/test/java/org/onap/policy/simulators/GuardSimulatorTest.java
@@ -24,9 +24,11 @@ import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.onap.policy.drools.http.server.HttpServletServer;
+import org.onap.policy.drools.system.PolicyEngine;
import org.onap.policy.drools.utils.LoggerUtil;
import org.onap.policy.guard.PolicyGuardXacmlHelper;
import org.onap.policy.guard.PolicyGuardXacmlRequestAttributes;
+import org.onap.policy.guard.Util;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;
@@ -38,10 +40,20 @@ public class GuardSimulatorTest {
LoggerUtil.setLevel("ROOT", "INFO");
LoggerUtil.setLevel("org.eclipse.jetty", "WARN");
try {
- Util.buildGuardSim();
+ org.onap.policy.simulators.Util.buildGuardSim();
} catch (Exception e) {
fail(e.getMessage());
}
+ //
+ // Set guard properties
+ //
+ org.onap.policy.guard.Util.setGuardEnvProps("http://localhost:6669/pdp/api/getDecision",
+ "python",
+ "test",
+ "python",
+ "test",
+ "TEST");
+
}
@AfterClass
@@ -52,7 +64,7 @@ public class GuardSimulatorTest {
@Test
public void testGuard() {
PolicyGuardXacmlRequestAttributes request = new PolicyGuardXacmlRequestAttributes("clname_id", "actor_id", "operation_id", "target_id", "request_id");
- String xacmlResponse = PolicyGuardXacmlHelper.callPDP("http://localhost:6669/pdp/api/getDecision", request);
+ String xacmlResponse = new PolicyGuardXacmlHelper().callPDP(request);
assertNotNull(xacmlResponse);
}
}
diff --git a/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl b/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl
index 343221f0d..3dc984dd2 100644
--- a/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl
+++ b/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl
@@ -620,12 +620,11 @@ rule "${policyName}.EVENT.MANAGER.OPERATION.LOCKED.GUARD_NOT_YET_QUERIED"
// to the CallGuardTask() and set the first argument to null
// (instead of XacmlPdpEngine).
//
- boolean guardEnabled = true;
+ boolean guardEnabled = false;
if(guardEnabled){
Thread t = new Thread(new org.onap.policy.guard.CallGuardTask(
- PolicyEngine.manager.getEnvironmentProperty("guard.url"),
drools.getWorkingMemory(),
$event.closedLoopControlName,
$operation.policy.getActor().toString(),
diff --git a/controlloop/templates/template.demo/src/main/resources/ControlLoop_Template_xacml_guard.drl b/controlloop/templates/template.demo/src/main/resources/ControlLoop_Template_xacml_guard.drl
index 6976e9937..03a38e5dc 100644
--- a/controlloop/templates/template.demo/src/main/resources/ControlLoop_Template_xacml_guard.drl
+++ b/controlloop/templates/template.demo/src/main/resources/ControlLoop_Template_xacml_guard.drl
@@ -592,7 +592,6 @@ rule "${policyName}.EVENT.MANAGER.OPERATION.LOCKED.GUARD_NOT_YET_QUERIED"
if(guardEnabled){
Thread t = new Thread(new org.onap.policy.guard.CallGuardTask(
- "",
drools.getWorkingMemory(),
$event.closedLoopControlName,
$operation.policy.getActor().toString(),
diff --git a/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/ControlLoopXacmlGuardTest.java b/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/ControlLoopXacmlGuardTest.java
index e3b5a4fed..a6a4d3fc6 100644
--- a/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/ControlLoopXacmlGuardTest.java
+++ b/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/ControlLoopXacmlGuardTest.java
@@ -60,6 +60,7 @@ public class ControlLoopXacmlGuardTest {
public static void setUpSimulator() {
try {
Util.buildAaiSim();
+ Util.buildGuardSim();
} catch (Exception e) {
fail(e.getMessage());
}
@@ -75,7 +76,7 @@ public class ControlLoopXacmlGuardTest {
@BeforeClass
public static void setPUProp(){
System.setProperty(OPSHISTPUPROP, "TestOperationsHistoryPU");
- PolicyEngine.manager.setEnvironmentProperty("guard.url", "http://127.0.0.1:8443/pdp");
+ Util.setTestGuardProps();
}
@AfterClass
public static void restorePUProp(){
diff --git a/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/Util.java b/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/Util.java
index 8e8ac355c..df10714b9 100644
--- a/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/Util.java
+++ b/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/Util.java
@@ -280,5 +280,13 @@ public final class Util {
PolicyEngine.manager.setEnvironmentProperty("so.username", "SO");
PolicyEngine.manager.setEnvironmentProperty("so.password", "SO");
}
+ public static void setTestGuardProps(){
+ PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_URL, "http://localhost:6669/pdp/api/getDecision");
+ PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_USER, "python");
+ PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_PASS, "test");
+ PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_CLIENT_USER, "python");
+ PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_CLIENT_PASS, "test");
+ PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_ENV, "TEST");
+ }
}