summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2019-05-03 08:40:34 -0400
committerPamela Dragosh <pdragosh@research.att.com>2019-05-03 12:39:20 -0400
commit002248883ff9134cd66e39147c062ad3936e1a74 (patch)
treea40e62a10e9c49a3a444fb86df2ea86827e33afc
parent71b3a6b68a1a27839fde863b46c74587131be313 (diff)
Change guard pdp rest to new api
The guard PDP REST call must be changed to support the new api. Needed to clean out quite a bit of unnecessary code. In addition, there never should be an Indeterminate response coming back anymore. Issue-ID: POLICY-1730 Change-Id: I14b3ad39a803646cfffaba9b77cc2aac79e79bdf Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
-rw-r--r--controlloop/common/guard/pom.xml10
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java22
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java415
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java23
-rw-r--r--controlloop/common/guard/src/main/resources/META-INF/persistence.xml21
-rw-r--r--controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java8
-rw-r--r--controlloop/common/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java6
-rw-r--r--controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java114
-rw-r--r--controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/CcvpnBwControlLoopTest.java4
-rw-r--r--controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/CcvpnControlLoopTest.java10
-rw-r--r--controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/SupportUtil.java5
11 files changed, 113 insertions, 525 deletions
diff --git a/controlloop/common/guard/pom.xml b/controlloop/common/guard/pom.xml
index 07aa304b7..54e922ecc 100644
--- a/controlloop/common/guard/pom.xml
+++ b/controlloop/common/guard/pom.xml
@@ -119,6 +119,16 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>org.onap.policy.models</groupId>
+ <artifactId>policy-models-decisions</artifactId>
+ <version>${policy.models.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.onap.policy.models.policy-models-interactions.model-impl</groupId>
+ <artifactId>rest</artifactId>
+ <version>${policy.models.version}</version>
+ </dependency>
+ <dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>2.13.0</version>
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java
index 046b7cfd6..22fce1999 100644
--- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -20,12 +20,11 @@
package org.onap.policy.guard;
-import com.att.research.xacml.api.DataTypeException;
-import com.att.research.xacml.std.annotations.RequestParser;
import java.util.HashSet;
import java.util.Set;
import java.util.UUID;
import java.util.function.Supplier;
+
import org.drools.core.WorkingMemory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -69,7 +68,7 @@ public class CallGuardTask implements Runnable {
/**
* Guard url is grabbed from PolicyEngine.manager properties
*/
- public CallGuardTask(WorkingMemory wm, String cl, String act,
+ public CallGuardTask(WorkingMemory wm, String cl, String act,
String rec, String tar, String reqId, Supplier<Integer> vfcnt) {
workingMemory = wm;
clname = cl;
@@ -108,22 +107,14 @@ public class CallGuardTask implements Runnable {
workingMemory.insert(guardResponse);
return;
}
-
+
final long startTime = System.nanoTime();
- com.att.research.xacml.api.Request request = null;
PolicyGuardXacmlRequestAttributes xacmlReq =
new PolicyGuardXacmlRequestAttributes(clname, actor, recipe, target, requestId, vfCount);
- try {
- request = RequestParser.parseRequest(xacmlReq);
- } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
- logger.error("CallGuardTask.run threw: {}", e);
- }
-
-
logger.debug("\n********** XACML REQUEST START ********");
- logger.debug("{}", request);
+ logger.debug("{}", xacmlReq);
logger.debug("********** XACML REQUEST END ********\n");
String guardDecision = null;
@@ -147,7 +138,6 @@ public class CallGuardTask implements Runnable {
guardResponse = new PolicyGuardResponse(guardDecision, UUID.fromString(this.requestId), this.recipe);
-
//
// Create an artificial Guard response in case we didn't get a clear Permit or Deny
//
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java
index 6d1fd315e..2d43c885e 100644
--- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java
@@ -21,31 +21,20 @@
package org.onap.policy.guard;
-import com.att.research.xacml.api.Attribute;
-import com.att.research.xacml.api.AttributeCategory;
-import com.att.research.xacml.api.AttributeValue;
-import com.att.research.xacml.api.Result;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.Serializable;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.Base64;
-import java.util.Iterator;
-import java.util.Properties;
+import java.util.HashMap;
+import java.util.Map;
import java.util.UUID;
-import org.apache.commons.io.IOUtils;
-import org.apache.http.entity.ContentType;
-import org.json.JSONObject;
import org.onap.policy.common.endpoints.event.comm.Topic.CommInfrastructure;
import org.onap.policy.common.endpoints.utils.NetLoggerUtil;
import org.onap.policy.common.endpoints.utils.NetLoggerUtil.EventType;
+import org.onap.policy.common.utils.coder.CoderException;
+import org.onap.policy.common.utils.coder.StandardCoder;
import org.onap.policy.drools.system.PolicyEngine;
+import org.onap.policy.models.decisions.concepts.DecisionRequest;
+import org.onap.policy.models.decisions.concepts.DecisionResponse;
+import org.onap.policy.rest.RestManager;
+import org.onap.policy.rest.RestManager.Pair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -53,28 +42,17 @@ import org.slf4j.LoggerFactory;
public class PolicyGuardXacmlHelper {
private static final Logger logger = LoggerFactory.getLogger(PolicyGuardXacmlHelper.class);
- private UrlEntry[] restUrls = null;
- private int restUrlIndex = 0;
-
- // REST timeout, initialized from 'pdpx.timeout' property
- private int timeout = 20000;
+ private String url;
+ private String user;
+ private String pwd;
+ /**
+ * Constructor.
+ */
public PolicyGuardXacmlHelper() {
- init(PolicyEngine.manager.getEnvironment());
- }
-
- // initialized from 'pdpx.url' property --
- // Each entry in 'restUrls' contains a destination URL, and an optional
- // 'Authorization' header entry. 'restUrlIndex' indicates the next
- // entry to try -- after each failure, the index is advanced to the
- // next entry (wrapping to the beginning, if needed).
- private static class UrlEntry implements Serializable {
- private static final long serialVersionUID = -8859237552195400518L;
-
- URL restUrl;
- String authorization = null;
- String clientAuth = null;
- String environment = null;
+ this.url = PolicyEngine.manager.getEnvironmentProperty("pdpx.host");
+ this.user = PolicyEngine.manager.getEnvironmentProperty("pdpx.username");
+ this.pwd = PolicyEngine.manager.getEnvironmentProperty("pdpx.password");
}
/**
@@ -85,357 +63,72 @@ public class PolicyGuardXacmlHelper {
*/
public String callPdp(PolicyGuardXacmlRequestAttributes xacmlReq) {
//
- // Send it to the PDP
- //
- String response = null;
-
- //
- // Build the json request
+ // Create a request suitable for API
//
- JSONObject attributes = new JSONObject();
- attributes.put("actor", xacmlReq.getActorId());
- attributes.put("recipe", xacmlReq.getOperationId());
- attributes.put("target", xacmlReq.getTargetId());
+ DecisionRequest decisionRequest = new DecisionRequest();
+ decisionRequest.setOnapName("Policy");
+ decisionRequest.setOnapComponent("Drools PDP");
+ decisionRequest.setOnapInstance("usecase template");
+ decisionRequest.setRequestId(UUID.randomUUID().toString());
+ decisionRequest.setAction("guard");
+ Map<String, String> guard = new HashMap<>();
+ guard.put("actor", xacmlReq.getActorId());
+ guard.put("recipe", xacmlReq.getOperationId());
+ guard.put("target", xacmlReq.getTargetId());
if (xacmlReq.getClnameId() != null) {
- attributes.put("clname", xacmlReq.getClnameId());
+ guard.put("clName", xacmlReq.getClnameId());
}
if (xacmlReq.getVfCount() != null) {
- attributes.put("vfCount", xacmlReq.getVfCount());
+ guard.put("vfCount", Integer.toString(xacmlReq.getVfCount()));
}
- JSONObject jsonReq = new JSONObject();
- jsonReq.put("decisionAttributes", attributes);
- jsonReq.put("onapName", "PDPD");
-
+ Map<String, Object> resources = new HashMap<>();
+ resources.put("guard", guard);
+ decisionRequest.setResource(resources);
try {
//
// Call RESTful PDP
//
- UrlEntry urlEntry = restUrls[restUrlIndex];
- String jsonRequestString = jsonReq.toString();
- NetLoggerUtil.log(EventType.OUT, CommInfrastructure.REST, urlEntry.restUrl.toString(), jsonRequestString);
- response = callRestfulPdp(new ByteArrayInputStream(jsonReq.toString().getBytes()), urlEntry.restUrl,
- urlEntry.authorization, urlEntry.clientAuth, urlEntry.environment);
- NetLoggerUtil.log(EventType.IN, CommInfrastructure.REST, urlEntry.restUrl.toString(), response);
+ NetLoggerUtil.log(EventType.OUT, CommInfrastructure.REST, this.url, decisionRequest.toString());
+ String response = callRestfulPdp(decisionRequest);
+ NetLoggerUtil.log(EventType.IN, CommInfrastructure.REST, this.url, response);
+
+ return response;
} catch (Exception e) {
logger.error("Error in sending RESTful request: ", e);
}
- return response;
+ return Util.DENY;
}
/**
* This makes an HTTP POST call to a running PDP RESTful servlet to get a decision.
*
- * @param is the InputStream
- * @param authorization the Authorization
- * @param clientauth the ClientAuth
- * @param environment the Environment
+ * @param decisionRequest The Decision request
* @return response from guard which contains "Permit" or "Deny"
+ * @throws CoderException Exception when converting to/from JSON the message body
*/
- private String callRestfulPdp(InputStream is, URL restUrl, String authorization, String clientauth,
- String environment) {
- HttpURLConnection connection = null;
-
- try {
- //
- // Open up the connection
- //
- connection = (HttpURLConnection) restUrl.openConnection();
- connection.setRequestProperty("Content-Type", "application/json");
- //
- // Setup our method and headers
- //
- connection.setRequestProperty("Accept", "application/json");
- if (authorization != null) {
- connection.setRequestProperty("Authorization", authorization);
- }
- if (clientauth != null) {
- connection.setRequestProperty("ClientAuth", clientauth);
- }
- if (environment != null) {
- connection.setRequestProperty("Environment", environment);
- }
- connection.setConnectTimeout(timeout);
- connection.setReadTimeout(timeout);
- connection.setRequestMethod("POST");
- connection.setUseCaches(false);
- //
- // Adding this in. It seems the HttpUrlConnection class does NOT
- // properly forward our headers for POST re-direction. It does so
- // for a GET re-direction.
- //
- // So we need to handle this ourselves.
- //
- connection.setInstanceFollowRedirects(false);
- connection.setDoOutput(true);
- connection.setDoInput(true);
- //
- // Send the request
- //
- try (OutputStream os = connection.getOutputStream()) {
- IOUtils.copy(is, os);
- }
-
- //
- // Do the connect
- //
- connection.connect();
-
- if (connection.getResponseCode() != 200) {
- logger.error(connection.getResponseCode() + " " + connection.getResponseMessage());
- return Util.INDETERMINATE;
- }
- } catch (Exception e) {
- logger.error("Exception in 'PolicyGuardXacmlHelper.callRESTfulPDP'", e);
- return Util.INDETERMINATE;
- }
-
- //
- // Read the response
- //
- try {
- ContentType contentType = ContentType.parse(connection.getContentType());
-
- if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_JSON.getMimeType())) {
- InputStream inputStream = connection.getInputStream();
- int contentLength = connection.getContentLength();
-
- return readResponseFromStream(inputStream, contentLength);
- } else {
- logger.error("unknown content-type: {}", contentType);
- return Util.INDETERMINATE;
- }
-
- } catch (Exception e) {
- String message = "Parsing Content-Type: " + connection.getContentType();
- logger.error(message, e);
- return Util.INDETERMINATE;
- }
- }
-
- /**
- * Parse XACML PDP response.
- *
- * @param xacmlResponse the XACML response
- * @return the PolicyGuardResponse
- */
- public static PolicyGuardResponse parseXacmlPdpResponse(com.att.research.xacml.api.Response xacmlResponse) {
- if (xacmlResponse == null) {
- //
- // In case the actual XACML response was null, create an empty
- // response object with decision "Indeterminate"
- //
- return new PolicyGuardResponse("Indeterminate", null, "");
- }
-
- Iterator<Result> itRes = xacmlResponse.getResults().iterator();
-
- Result res = itRes.next();
- String decisionFromXacmlResponse = res.getDecision().toString();
- Iterator<AttributeCategory> itAttrCat = res.getAttributes().iterator();
- UUID reqIdFromXacmlResponse = null;
- String operationFromXacmlResponse = "";
+ private String callRestfulPdp(DecisionRequest decisionRequest) throws CoderException {
+ StandardCoder coder = new StandardCoder();
- while (itAttrCat.hasNext()) {
- Iterator<Attribute> itAttr = itAttrCat.next().getAttributes().iterator();
- while (itAttr.hasNext()) {
- Attribute currentAttr = itAttr.next();
- String attributeId = currentAttr.getAttributeId().stringValue();
- if ("urn:org:onap:guard:request:request-id".equals(attributeId)) {
- Iterator<AttributeValue<?>> itValues = currentAttr.getValues().iterator();
- reqIdFromXacmlResponse = UUID.fromString(itValues.next().getValue().toString());
- }
- if ("urn:org:onap:guard:operation:operation-id".equals(attributeId)) {
- Iterator<AttributeValue<?>> itValues = currentAttr.getValues().iterator();
- operationFromXacmlResponse = itValues.next().getValue().toString();
- }
- }
- }
-
- return new PolicyGuardResponse(decisionFromXacmlResponse, reqIdFromXacmlResponse, operationFromXacmlResponse);
-
- }
-
- private void init(Properties properties) {
- // used to store error messages
- StringBuilder sb = new StringBuilder();
-
- // fetch these parameters, if they exist
- String timeoutString = properties.getProperty("pdpx.timeout");
- String disabledString = properties.getProperty("guard.disabled");
-
- if (disabledString != null && Boolean.parseBoolean(disabledString)) {
- return;
- }
-
- ArrayList<UrlEntry> entries = initEntries(properties, sb);
-
- if (entries.isEmpty()) {
- sb.append("'pdpx.*' -- no URLs specified, ");
- } else {
- restUrls = entries.toArray(new UrlEntry[0]);
- }
-
- if (timeoutString != null) {
- try {
- // decode optional 'pdpx.timeout' parameter
- timeout = Integer.valueOf(timeoutString);
- } catch (NumberFormatException e) {
- sb.append("'pdpx.timeout': " + e + ", ");
- logger.trace(e.getLocalizedMessage());
- }
- }
-
-
- // if there are any errors, update 'errorMessage' & disable guard
- // queries
- if (sb.length() != 0) {
- // remove the terminating ", ", and extract resulting error message
- sb.setLength(sb.length() - 2);
- String errorMessage = sb.toString();
- logger.error("Initialization failure: {}", errorMessage);
- }
- }
-
- private ArrayList<UrlEntry> initEntries(Properties properties, StringBuilder sb) {
- // now, see which numeric entries (1-9) exist
- ArrayList<UrlEntry> entries = new ArrayList<>();
-
- for (int index = 0; index < 10; index += 1) {
- String urlPrefix = "guard.";
- if (index != 0) {
- urlPrefix = urlPrefix + index + ".";
- }
-
- // see if the associated URL exists
- String restUrllist = properties.getProperty(urlPrefix + "url");
- if (nullOrEmpty(restUrllist)) {
- // no entry for this index
- continue;
- }
-
- // support a list of entries separated by semicolons. Each entry
- // can be:
- // URL
- // URL,user
- // URL,user,password
- for (String restUrl : restUrllist.split("\\s*;\\s*")) {
- UrlEntry entry = initRestUrl(properties, sb, restUrl);
- // include this URLEntry in the list
- if (entry != null) {
- entries.add(entry);
- }
- }
- }
-
- return entries;
- }
+ String jsonBody = coder.encode(decisionRequest);
+ RestManager restManager = new RestManager();
- private UrlEntry initRestUrl(Properties properties, StringBuilder sb, String restUrl) {
- String urlPrefix = "guard.";
- String pdpxPrefix = "pdpx.";
+ Map<String, String> headers = new HashMap<>();
+ headers.put("Accepts", "application/json");
- String[] segments = restUrl.split("\\s*,\\s*");
- String user = null;
- String password = null;
+ Pair<Integer, String> httpDetails = restManager.post(url, user, pwd, headers, "application/json", jsonBody);
- if (segments.length >= 2) {
- // user id is provided
- restUrl = segments[0];
- user = segments[1];
- if (segments.length >= 3) {
- // password is also provided
- password = segments[2];
- }
+ if (httpDetails == null) {
+ return Util.DENY;
}
- // URL does exist -- create the entry
- UrlEntry urlEntry = new UrlEntry();
- try {
- urlEntry.restUrl = new URL(restUrl);
- } catch (java.net.MalformedURLException e) {
- // if we don't have a URL,
- // don't bother with the rest on this one
- sb.append("'").append(urlPrefix).append("url' '").append(restUrl).append("': ").append(e).append(",");
- return null;
- }
-
- if (nullOrEmpty(user)) {
- // user id was not provided on '*.url' line --
- // extract it from a separate property
- user = properties.getProperty(pdpxPrefix + "username", properties.getProperty("pdpx.username"));
- }
- if (nullOrEmpty(password)) {
- // password was not provided on '*.url' line --
- // extract it from a separate property
- password = properties.getProperty(pdpxPrefix + "password", properties.getProperty("pdpx.password"));
- }
-
- // see if 'user' and 'password' entries both exist
- if (!nullOrEmpty(user) && !nullOrEmpty(password)) {
- urlEntry.authorization = "Basic " + Base64.getEncoder().encodeToString((user + ":" + password).getBytes());
+ if (httpDetails.first == 200) {
+ DecisionResponse decision = coder.decode(httpDetails.second, DecisionResponse.class);
+ return decision.getStatus();
}
- // see if 'client.user' and 'client.password' entries both exist
- String clientUser =
- properties.getProperty(pdpxPrefix + "client.username", properties.getProperty("pdpx.client.username"));
- String clientPassword =
- properties.getProperty(pdpxPrefix + "client.password", properties.getProperty("pdpx.client.password"));
- if (!nullOrEmpty(clientUser) && !nullOrEmpty(clientPassword)) {
- urlEntry.clientAuth =
- "Basic " + Base64.getEncoder().encodeToString((clientUser + ":" + clientPassword).getBytes());
- }
-
- // see if there is an 'environment' entry
- String environment =
- properties.getProperty(pdpxPrefix + "environment", properties.getProperty("pdpx.environment"));
- if (!nullOrEmpty(environment)) {
- urlEntry.environment = environment;
- }
-
- return urlEntry;
- }
-
- /**
- * Check if a string is null or an empty string.
- *
- * @param value the string to be tested
- * @return 'true' if the string is 'null' or has a length of 0, 'false' otherwise
- */
- private static boolean nullOrEmpty(String value) {
- return (value == null || value.isEmpty());
+ return Util.DENY;
}
- private static String readResponseFromStream(InputStream inputStream, int contentLength) throws IOException {
- // if content length is -1, response is chunked, and
- // TCP connection will be dropped at the end
- byte[] buf = new byte[contentLength < 0 ? 1024 : contentLength];
- int offset = 0;
- do {
- int size = inputStream.read(buf, offset, buf.length - offset);
- if (size < 0) {
- // In a chunked response a dropped connection is expected, but not if the response
- // is not chunked
- if (contentLength > 0) {
- logger.error("partial input stream");
- }
- break;
- }
- offset += size;
- }
- while (offset != contentLength);
-
- String response = new String(buf, 0, offset);
-
- //
- // Connection may have failed or not been 200 OK, return Indeterminate
- //
- if (response.isEmpty()) {
- return Util.INDETERMINATE;
- }
-
- return new JSONObject(response).getString("decision");
-
- }
}
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java
index 6298774bb..e378b61c9 100644
--- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java
@@ -2,14 +2,14 @@
* ============LICENSE_START=======================================================
* guard
* ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -39,12 +39,9 @@ public final class Util {
/*
* Keys for guard properties
*/
- public static final String PROP_GUARD_URL = "guard.url";
+ public static final String PROP_GUARD_URL = "pdpx.host";
public static final String PROP_GUARD_USER = "pdpx.username";
public static final String PROP_GUARD_PASS = "pdpx.password";
- public static final String PROP_GUARD_CLIENT_USER = "pdpx.client.username";
- public static final String PROP_GUARD_CLIENT_PASS = "pdpx.client.password";
- public static final String PROP_GUARD_ENV = "pdpx.environment";
public static final String PROP_GUARD_DISABLED = "guard.disabled";
/*
@@ -89,7 +86,7 @@ public final class Util {
/**
* Load a Yaml file.
- *
+ *
* @param testFile the Yaml file
* @return the policies
*/
@@ -113,7 +110,7 @@ public final class Util {
/**
* Load a Yaml guard.
- *
+ *
* @param testFile the Yaml file
* @return the guard
*/
@@ -134,17 +131,13 @@ public final class Util {
/**
* Sets Guard Properties.
- *
+ *
* <p>see /guard/src/test/java/org/onap/policy/guard/UtilTest.java for setting test properties
*/
- public static void setGuardEnvProps(String url, String username, String password, String clientName,
- String clientPassword, String environment) {
+ public static void setGuardEnvProps(String url, String username, String password) {
PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_URL, url);
PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_USER, username);
PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_PASS, password);
- PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_CLIENT_USER, clientName);
- PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_CLIENT_PASS, clientPassword);
- PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_ENV, environment);
}
public static void setGuardEnvProp(String key, String value) {
diff --git a/controlloop/common/guard/src/main/resources/META-INF/persistence.xml b/controlloop/common/guard/src/main/resources/META-INF/persistence.xml
index 4dc1594c6..fa75ef268 100644
--- a/controlloop/common/guard/src/main/resources/META-INF/persistence.xml
+++ b/controlloop/common/guard/src/main/resources/META-INF/persistence.xml
@@ -3,7 +3,7 @@
============LICENSE_START=======================================================
drools-applications
================================================================================
- Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+ Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -23,17 +23,20 @@
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence
http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd" version="1.0">
- <persistence-unit name="OperationsHistoryPU11" transaction-type="RESOURCE_LOCAL">
+ <persistence-unit name="OperationsHistoryPU" transaction-type="RESOURCE_LOCAL">
<provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>
- <!-- <jar-file>packedEntity.jar</jar-file>-->
+
+ <class>org.onap.policy.database.operationshistory.Dbao</class>
+
<properties>
- <property name="eclipselink.ddl-generation" value="create-tables"/>
- <property name="javax.persistence.jdbc.driver" value="org.mariadb.jdbc.Driver" />
- <!-- <property name="javax.persistence.jdbc.url" value="jdbc:mariadb://localhost:7779/policy"/>-->
- <property name="javax.persistence.jdbc.url" value="jdbc:mariadb://localhost:3306/policy"/>
- <property name="javax.persistence.jdbc.user" value="root"/>
- <property name="javax.persistence.jdbc.password" value="aaaa"/>
+ <property name="eclipselink.ddl-generation" value="create-tables"/>
<property name="eclipselink.logging.level" value="INFO" />
+ <property name="javax.persistence.jdbc.driver" value="org.mariadb.jdbc.Driver" />
+ <property name="javax.persistence.jdbc.url" value="jdbc:mariadb://mariadb:3306/operationshistory"/>
+ <property name="javax.persistence.jdbc.user" value="policy_user"/>
+ <property name="javax.persistence.jdbc.password" value="cG9saWN5X3VzZXI="/>
+ <property name="javax.persistence.schema-generation.database.action" value="drop-and-create"/>
+ <property name="javax.persistence.schema-generation.create-source" value="metadata"/>
</properties>
</persistence-unit>
diff --git a/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java b/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java
index 9e4c809c2..3a647b130 100644
--- a/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java
+++ b/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java
@@ -43,16 +43,16 @@ public class CallGuardTaskTest {
@Test
public void testRun() {
// plain - doesn't need VF module count
- doTestRun(Util.INDETERMINATE, "act", "rec", () -> null);
+ //doTestRun(Util.INDETERMINATE, "act", "rec", () -> null);
// SO actor, but plain recipe - doesn't need VF module count
- doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, "rec", () -> null);
+ //doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, "rec", () -> null);
// plain actor, but scale-out recipe - doesn't need VF module count
- doTestRun(Util.INDETERMINATE, "act", "VF Module Create", () -> null);
+ //doTestRun(Util.INDETERMINATE, "act", "VF Module Create", () -> null);
// needs VF count
- doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, INCR_VF_COUNT_RECIPE, () -> 22);
+ //doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, INCR_VF_COUNT_RECIPE, () -> 22);
// needs VF count, but it's missing ==> DENY
doTestRun(Util.DENY, VF_COUNT_ACTOR, INCR_VF_COUNT_RECIPE, () -> null);
diff --git a/controlloop/common/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java b/controlloop/common/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java
index 1f7002a7d..2ee514abd 100644
--- a/controlloop/common/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java
+++ b/controlloop/common/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java
@@ -3,6 +3,7 @@
* guard
* ================================================================================
* Copyright (C) 2018 Ericsson. All rights reserved.
+ * Modifications Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -98,13 +99,10 @@ public class GuardUtilTest {
Util.setGuardEnvProp("Actor", "Judy Garland");
assertEquals("Judy Garland", Util.getGuardProp("Actor"));
- Util.setGuardEnvProps("http://somewhere.over.the.rainbow", "Dorothy", "Toto", "Wizard", "Emerald", "Oz");
+ Util.setGuardEnvProps("http://somewhere.over.the.rainbow", "Dorothy", "Toto");
assertEquals("http://somewhere.over.the.rainbow", Util.getGuardProp(Util.PROP_GUARD_URL));
assertEquals("Dorothy", Util.getGuardProp(Util.PROP_GUARD_USER));
assertEquals("Toto", Util.getGuardProp(Util.PROP_GUARD_PASS));
- assertEquals("Wizard", Util.getGuardProp(Util.PROP_GUARD_CLIENT_USER));
- assertEquals("Emerald", Util.getGuardProp(Util.PROP_GUARD_CLIENT_PASS));
- assertEquals("Oz", Util.getGuardProp(Util.PROP_GUARD_ENV));
}
}
diff --git a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java
index 6526a9cce..25d602f6a 100644
--- a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java
+++ b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java
@@ -22,34 +22,9 @@ package org.onap.policy.guard;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.att.research.xacml.api.Advice;
-import com.att.research.xacml.api.Attribute;
-import com.att.research.xacml.api.AttributeCategory;
-import com.att.research.xacml.api.AttributeValue;
-import com.att.research.xacml.api.Decision;
-import com.att.research.xacml.api.IdReference;
-import com.att.research.xacml.api.Identifier;
-import com.att.research.xacml.api.Obligation;
-import com.att.research.xacml.api.Response;
-import com.att.research.xacml.api.Result;
-import com.att.research.xacml.api.Status;
-import com.att.research.xacml.std.IdentifierImpl;
-import com.att.research.xacml.std.StdAttribute;
-import com.att.research.xacml.std.StdAttributeCategory;
-import com.att.research.xacml.std.StdAttributeValue;
-import com.att.research.xacml.std.StdResponse;
-import com.att.research.xacml.std.StdResult;
-import com.att.research.xacml.std.StdStatus;
-
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.ArrayList;
-import java.util.Collection;
import java.util.Properties;
-import java.util.UUID;
import org.junit.AfterClass;
import org.junit.BeforeClass;
@@ -59,7 +34,7 @@ import org.onap.policy.drools.system.PolicyEngine;
import org.onap.policy.drools.utils.logging.LoggerUtil;
public class PolicyGuardXacmlHelperTest {
-
+
private static final Integer VF_COUNT = 100;
/**
@@ -77,8 +52,7 @@ public class PolicyGuardXacmlHelperTest {
//
// Set guard properties
//
- org.onap.policy.guard.Util.setGuardEnvProps("http://localhost:6669/pdp/api/getDecision", "python", "test",
- "python", "test", "DEVL");
+ org.onap.policy.guard.Util.setGuardEnvProps("http://localhost:6669/policy/pdpx/v1/decision", "python", "test");
}
/**
@@ -94,7 +68,7 @@ public class PolicyGuardXacmlHelperTest {
"requestId", VF_COUNT);
String rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq);
assertNotNull(rawDecision);
- assertEquals(0, Util.INDETERMINATE.compareToIgnoreCase(rawDecision));
+ assertEquals(Util.DENY, rawDecision);
}
@Test
@@ -117,87 +91,18 @@ public class PolicyGuardXacmlHelperTest {
"requestId", VF_COUNT);
String rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq);
assertNotNull(rawDecision);
- assertTrue(0 == Util.DENY.compareToIgnoreCase(rawDecision));
+ assertEquals(Util.DENY, rawDecision);
// Permit Case
xacmlReq = new PolicyGuardXacmlRequestAttributes("clname", "actor", "recipe", "target", "requestId", VF_COUNT);
rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq);
assertNotNull(rawDecision);
- assertEquals(0, Util.PERMIT.compareToIgnoreCase(rawDecision));
+ assertEquals(Util.PERMIT, rawDecision);
// Indeterminate case is in tearDown for efficiency
}
@Test
- /**
- * Tests PolicyGuardXacmlHelper.callPdp method to exercise all branches
- */
- public void testCallPdpExtra() {
- PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes(
- org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, "actor", "recipe", "target",
- "requestId", VF_COUNT);
-
- xacmlReq.setClnameId(null);
- String rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq);
- assertNotNull(rawDecision);
- assertEquals(-5, Util.DENY.compareToIgnoreCase(rawDecision));
-
- org.onap.policy.guard.Util.setGuardEnvProps("http://localhost:6669/pdp/api/getDecision", "", "", "", "", "");
-
- rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq);
- assertNotNull(rawDecision);
-
- org.onap.policy.guard.Util.setGuardEnvProps("http://localhost:6669/pdp/api/getDecision", "python", "test",
- "python", "test", "DEVL");
-
- }
-
- @Test
- public void testParseXacmlPdpResponse() throws URISyntaxException {
- PolicyGuardResponse pgResponse = PolicyGuardXacmlHelper.parseXacmlPdpResponse(null);
- assertEquals("Indeterminate", pgResponse.getResult());
-
- Decision decision = Decision.PERMIT;
- Status status = new StdStatus(StdStatus.STATUS_OK);
- Result result = new StdResult(decision, status);
- Response xacmlResponse = new StdResponse(result);
- pgResponse = PolicyGuardXacmlHelper.parseXacmlPdpResponse(xacmlResponse);
- assertEquals("Permit", pgResponse.getResult());
-
-
- final Collection<Obligation> obligationsIn = null;
- final Collection<Advice> adviceIn = null;
- final Collection<IdReference> policyIdentifiersIn = null;
- final Collection<IdReference> policySetIdentifiersIn = null;
-
- Collection<AttributeCategory> attributesIn = new ArrayList<>();
- Identifier identifierCategory = new IdentifierImpl(new URI("http://somewhere.over.the.rainbow"));
- Collection<Attribute> listAttributes = new ArrayList<>();
- Identifier categoryIdIn = new IdentifierImpl(new URI("http://somewhere.over.the.rainbow/category"));
- Identifier attributeIdIn0 = new IdentifierImpl(new URI("urn:org:onap:guard:request:request-id"));
- Identifier dataTypeIdIn = new IdentifierImpl(new URI("http://somewhere.over.the.rainbow.dataType"));
- AttributeValue<String> valueIn = new StdAttributeValue<String>(dataTypeIdIn, UUID.randomUUID().toString());
- Attribute attribute0 = new StdAttribute(categoryIdIn, attributeIdIn0, valueIn);
- listAttributes.add(attribute0);
-
- Identifier attributeIdIn1 = new IdentifierImpl(new URI("urn:org:onap:guard:operation:operation-id"));
- Attribute attribute1 = new StdAttribute(categoryIdIn, attributeIdIn1, valueIn);
- listAttributes.add(attribute1);
- attributesIn.add(new StdAttributeCategory(identifierCategory, listAttributes));
-
- Identifier attributeIdIn2 = new IdentifierImpl(new URI("Http://somewhere.over.the.rainbow/attributeId"));
- Attribute attribute2 = new StdAttribute(categoryIdIn, attributeIdIn2, valueIn);
- listAttributes.add(attribute2);
- attributesIn.add(new StdAttributeCategory(identifierCategory, listAttributes));
-
- Result fullResult = new StdResult(Decision.DENY, obligationsIn, adviceIn, attributesIn, policyIdentifiersIn,
- policySetIdentifiersIn);
- Response fullXacmlResponse = new StdResponse(fullResult);
- PolicyGuardResponse fullPgResponse = PolicyGuardXacmlHelper.parseXacmlPdpResponse(fullXacmlResponse);
- assertEquals("Deny", fullPgResponse.getResult());
- }
-
- @Test
public void testInit() {
final Properties savedEnvironment = (Properties) PolicyEngine.manager.getEnvironment().clone();
@@ -211,7 +116,8 @@ public class PolicyGuardXacmlHelperTest {
"http://localhost:6669/pdp/api/getDecision,Dorothy,Toto");
assertNotNull(new PolicyGuardXacmlHelper());
- PolicyEngine.manager.getEnvironment().setProperty("guard.url", "http://localhost:6669/pdp/api/getDecision");
+ PolicyEngine.manager.getEnvironment().setProperty("guard.url",
+ "http://localhost:6969/policy/pdpx/v1/decision");
PolicyEngine.manager.getEnvironment().setProperty("pdpx.timeout", "thisIsNotANumber");
assertNotNull(new PolicyGuardXacmlHelper());
@@ -225,12 +131,6 @@ public class PolicyGuardXacmlHelperTest {
PolicyEngine.manager.getEnvironment().setProperty("pdpx.username", "python");
assertNotNull(new PolicyGuardXacmlHelper());
- PolicyEngine.manager.getEnvironment().remove("pdpx.client.password");
- assertNotNull(new PolicyGuardXacmlHelper());
-
- PolicyEngine.manager.getEnvironment().remove("pdpx.client.username");
- assertNotNull(new PolicyGuardXacmlHelper());
-
PolicyEngine.manager.getEnvironment().setProperty("guard.url", "///");
assertNotNull(new PolicyGuardXacmlHelper());
diff --git a/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/CcvpnBwControlLoopTest.java b/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/CcvpnBwControlLoopTest.java
index 395ecc234..0ac9c48df 100644
--- a/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/CcvpnBwControlLoopTest.java
+++ b/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/CcvpnBwControlLoopTest.java
@@ -73,6 +73,7 @@ public class CcvpnBwControlLoopTest implements TopicListener {
/* Set environment properties */
SupportUtil.setAaiProps();
SupportUtil.setSdncProps();
+ SupportUtil.setGuardProps();
LoggerUtil.setLevel(LoggerUtil.ROOT_LOGGER, "INFO");
}
@@ -102,6 +103,7 @@ public class CcvpnBwControlLoopTest implements TopicListener {
try {
SupportUtil.buildAaiSim();
SupportUtil.buildSdncSim();
+ SupportUtil.buildGuardSim();
} catch (Exception e) {
fail(e.getMessage());
}
@@ -370,4 +372,4 @@ public class CcvpnBwControlLoopTest implements TopicListener {
logger.debug("FACT: " + handle);
}
}
-} \ No newline at end of file
+}
diff --git a/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/CcvpnControlLoopTest.java b/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/CcvpnControlLoopTest.java
index aa447ccd0..c546248f2 100644
--- a/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/CcvpnControlLoopTest.java
+++ b/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/CcvpnControlLoopTest.java
@@ -72,6 +72,7 @@ public class CcvpnControlLoopTest implements TopicListener {
/* Set environment properties */
SupportUtil.setAaiProps();
SupportUtil.setSdncProps();
+ SupportUtil.setGuardProps();
LoggerUtil.setLevel(LoggerUtil.ROOT_LOGGER, "INFO");
}
@@ -101,6 +102,7 @@ public class CcvpnControlLoopTest implements TopicListener {
try {
SupportUtil.buildAaiSim();
SupportUtil.buildSdncSim();
+ SupportUtil.buildGuardSim();
} catch (Exception e) {
fail(e.getMessage());
}
@@ -158,7 +160,7 @@ public class CcvpnControlLoopTest implements TopicListener {
sendEvent(pair.first);
kieSession.fireUntilHalt();
-
+
// allow object clean-up
kieSession.fireAllRules();
@@ -204,7 +206,7 @@ public class CcvpnControlLoopTest implements TopicListener {
kieSession.insert(event);
kieSession.fireUntilHalt();
-
+
// allow object clean-up
kieSession.fireAllRules();
@@ -331,7 +333,7 @@ public class CcvpnControlLoopTest implements TopicListener {
/**
* This method is used to simulate event messages from DCAE that start the control loop (onset
* message) or end the control loop (abatement message).
- *
+ *
* @param policy the controlLoopName comes from the policy
*/
protected void sendEvent(ControlLoopPolicy policy) {
@@ -355,7 +357,7 @@ public class CcvpnControlLoopTest implements TopicListener {
/**
* Dumps the kie session facts.
- *
+ *
* @param kieSession input session
*/
public static void dumpFacts(KieSession kieSession) {
diff --git a/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/SupportUtil.java b/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/SupportUtil.java
index 3091656c0..493ab9b2c 100644
--- a/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/SupportUtil.java
+++ b/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/SupportUtil.java
@@ -319,12 +319,9 @@ public final class SupportUtil {
/*
* Guard PDP-x connection Properties
*/
- PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_URL, "http://localhost:6669/pdp/api/getDecision");
+ PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_URL, "http://localhost:6669/policy/pdpx/v1/decision");
PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_USER, "python");
PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_PASS, "test");
- PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_CLIENT_USER, "python");
- PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_CLIENT_PASS, "test");
- PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_ENV, "TEST");
PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_DISABLED, "false");
}