summaryrefslogtreecommitdiffstats
path: root/controlloop/common/guard/src/main/java
diff options
context:
space:
mode:
authorMichael Borokhovich <michael@research.att.com>2017-07-20 09:53:57 -0400
committerMichael Borokhovich <michael@research.att.com>2017-07-20 12:11:23 -0400
commitfa09813ca39cbdb7a0ac6a38507d4ea96e28879f (patch)
treec9b2cc4bdf2c109ab43f79afd1af4909f813636b /controlloop/common/guard/src/main/java
parentd3c335e97b9d262588696784551e8bd02ce8331f (diff)
[POLICY-80] Adding the Policy Guard features
Two Policy Guard features added: Frequency-limiter and Blacklist. Change-Id: I48184ab0ae9760c9ea7594cd7346b456aa964d48 Signed-off-by: Michael Borokhovich <michael@research.att.com>
Diffstat (limited to 'controlloop/common/guard/src/main/java')
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java16
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/PIPEngineGetHistory.java75
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java18
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardYamlToXacml.java110
4 files changed, 145 insertions, 74 deletions
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java
index af81a3610..dbef0c433 100644
--- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java
@@ -18,7 +18,6 @@
* ============LICENSE_END=========================================================
*/
-
package org.onap.policy.guard;
import com.att.research.xacml.api.DataTypeException;
@@ -34,16 +33,18 @@ public class CallGuardTask implements Runnable {
WorkingMemory workingMemory;
PDPEngine embeddedPdpEngine;
String restfulPdpUrl;
+ String clname;
String actor;
String recipe;
String target;
String requestId;
- public CallGuardTask(PDPEngine engine, String url, WorkingMemory wm, String act, String rec, String tar, String reqId) {
+ public CallGuardTask(PDPEngine engine, String url, WorkingMemory wm, String cl, String act, String rec, String tar, String reqId) {
embeddedPdpEngine = engine;
restfulPdpUrl = url;
workingMemory = wm;
+ clname = cl;
actor = act;
recipe = rec;
requestId = reqId;
@@ -53,7 +54,7 @@ public class CallGuardTask implements Runnable {
long startTime = System.nanoTime();
com.att.research.xacml.api.Request request = null;
- PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes(actor, recipe, target, requestId);
+ PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes(clname, actor, recipe, target, requestId);
try {
request = RequestParser.parseRequest(xacmlReq);
@@ -61,14 +62,7 @@ public class CallGuardTask implements Runnable {
// TODO Auto-generated catch block
e.printStackTrace();
}
- /*
- try {
- Thread.sleep(2000);
- } catch (InterruptedException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- */
+
System.out.println("\n********** XACML REQUEST START ********");
System.out.println(request);
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PIPEngineGetHistory.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PIPEngineGetHistory.java
index 99775dc3d..87eb5170f 100644
--- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PIPEngineGetHistory.java
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PIPEngineGetHistory.java
@@ -28,6 +28,8 @@ import java.util.Properties;
import java.util.Set;
import javax.persistence.EntityManager;
+import javax.persistence.NoResultException;
+import javax.persistence.NonUniqueResultException;
import javax.persistence.Persistence;
import javax.persistence.Query;
@@ -97,9 +99,6 @@ public class PIPEngineGetHistory extends StdConfigurableEngine{
public PIPEngineGetHistory() {
super();
-
- System.out.println("HAHAHAHAHAHAHAHAHAHAHAHAHAHAHA");
-
// TODO Auto-generated constructor stub
}
@@ -108,21 +107,19 @@ public class PIPEngineGetHistory extends StdConfigurableEngine{
@Override
public Collection<PIPRequest> attributesRequired() {
// TODO Auto-generated method stub
- System.out.println("DADADADADADADADADADADADADA");
return null;
}
@Override
public Collection<PIPRequest> attributesProvided() {
// TODO Auto-generated method stub
- System.out.println("GAGAGAGAGAGAGAGAGAGAGAGAGAGAGAGAGAGAG");
return null;
}
@Override
public PIPResponse getAttributes(PIPRequest pipRequest, PIPFinder pipFinder) throws PIPException {
// TODO Auto-generated method stub
- System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - Entering FeqLimiter PIP!!!");
+ System.out.println("Entering FeqLimiter PIP");
/*
* First check to see if the issuer is set and then match it
@@ -130,14 +127,14 @@ public class PIPEngineGetHistory extends StdConfigurableEngine{
String string;
if ((string = pipRequest.getIssuer()) == null) {
this.logger.debug("No issuer in the request...");
- System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - FeqLimiter PIP - No issuer in the request!!!");
+ System.out.println("FeqLimiter PIP - No issuer in the request!");
return StdPIPResponse.PIP_RESPONSE_EMPTY;
}
else{
//Notice, we are checking here for the base issuer prefix.
if (!string.contains(this.getIssuer())) {
this.logger.debug("Requested issuer '" + string + "' does not match " + (this.getIssuer() == null ? "null" : "'" + this.getIssuer() + "'"));
- System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - FeqLimiter PIP - Issuer "+ string +" does not match with: "+this.getIssuer());
+ System.out.println("FeqLimiter PIP - Issuer "+ string +" does not match with: "+this.getIssuer());
return StdPIPResponse.PIP_RESPONSE_EMPTY;
}
}
@@ -146,9 +143,6 @@ public class PIPEngineGetHistory extends StdConfigurableEngine{
String[] s2 = s1[1].split(":");
String timeWindowVal = s2[0];// number [of minutes, hours, days...]
String timeWindowScale = s2[1];//e.g., minute, hour, day, week, month, year
-
- //System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - FeqLimiter PIP - Issuer " + string + " is OK - proceeding with the request!!!");
- //System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - FeqLimiter PIP - TimeWindow: " + timeWindowVal + " " + timeWindowScale);
String actor = getActor(pipFinder).iterator().next();
String operation = getRecipe(pipFinder).iterator().next();
@@ -159,7 +153,6 @@ public class PIPEngineGetHistory extends StdConfigurableEngine{
System.out.println("Going to query DB about: "+actor + " " + operation + " " + target + " " + timeWindow);
int countFromDB = getCountFromDB(actor, operation, target, timeWindow);
-
StdMutablePIPResponse stdPIPResponse = new StdMutablePIPResponse();
this.addIntegerAttribute(stdPIPResponse,
@@ -175,26 +168,32 @@ public class PIPEngineGetHistory extends StdConfigurableEngine{
@Override
public void configure(String id, Properties properties) throws PIPException {
super.configure(id, properties);
- //System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - Configuring FeqLimiter PIP!!!");
+
if (this.getDescription() == null) {
this.setDescription(DEFAULT_DESCRIPTION);
}
if (this.getIssuer() == null) {
this.setIssuer(DEFAULT_ISSUER);
}
- /*
- try{
- em = Persistence.createEntityManagerFactory("OperationsHistoryPU").createEntityManager();//emf.createEntityManager();
- }catch(Exception e){
- System.err.println("Freq limiter PIP got Exception " + e.getLocalizedMessage() + " Can't connect to Operations History DB.");
- return;
- }
- */
-
}
+
+ private void addStringAttribute(StdMutablePIPResponse stdPIPResponse, Identifier category, Identifier attributeId, String value) {
+ if (value != null) {
+ AttributeValue<String> attributeValue = null;
+ try {
+ attributeValue = DataTypes.DT_STRING.createAttributeValue(value);
+ } catch (Exception ex) {
+ //this.logger.error("Failed to convert " + value + " to an AttributeValue<String>", ex);
+ }
+ if (attributeValue != null) {
+ stdPIPResponse.addAttribute(new StdMutableAttribute(category, attributeId, attributeValue, this.getIssuer(), false));
+ }
+ }
+ }
+
private PIPResponse getAttribute(PIPRequest pipRequest, PIPFinder pipFinder) {
PIPResponse pipResponse = null;
@@ -305,20 +304,16 @@ public class PIPEngineGetHistory extends StdConfigurableEngine{
private static int getCountFromDB(String actor, String operation, String target, String timeWindow){
- long startTime = System.nanoTime();
+ //long startTime = System.nanoTime();
-
-
EntityManager em;
try{
- em = Persistence.createEntityManagerFactory("OperationsHistoryPU").createEntityManager();//emf.createEntityManager();
+ em = Persistence.createEntityManagerFactory("OperationsHistoryPU").createEntityManager();
}catch(Exception e){
- System.err.println("Test thread got Exception " + e.getLocalizedMessage() + " Can't write to Operations History DB.");
+ System.err.println("PIP thread got Exception " + e.getLocalizedMessage() + " Can't connect to Operations History DB.");
return -1;
}
-
- //em.getTransaction().begin();
String sql = "select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor='"
+ actor
+ "' and operation='"
@@ -332,19 +327,23 @@ public class PIPEngineGetHistory extends StdConfigurableEngine{
Query nq = em.createNativeQuery(sql);
- int ret = ((Number)nq.getSingleResult()).intValue();
-
- System.out.println("###########************** History count: " + ret);
+ int ret = -1;
+ try{
+ ret = ((Number)nq.getSingleResult()).intValue();
+ }
+ catch(NoResultException | NonUniqueResultException ex){
+ System.err.println("PIP thread got Exception " + ex.getLocalizedMessage());
+ return -1;
+ }
- //em.getTransaction().commit();
- long estimatedTime = System.nanoTime() - startTime;
- System.out.println("time took: " + (double)estimatedTime/1000/1000 + " mili sec.");
+ //System.out.println("###########************** History count: " + ret);
+
+ //long estimatedTime = System.nanoTime() - startTime;
+ //System.out.println("time took: " + (double)estimatedTime/1000/1000 + " mili sec.");
em.close();
- return ret;
-
-
+ return ret;
}
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java
index 4abb70f84..115108219 100644
--- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java
@@ -34,9 +34,10 @@ public class PolicyGuardXacmlRequestAttributes {
- public PolicyGuardXacmlRequestAttributes(String actor_id, String operation_id, String target_id,
+ public PolicyGuardXacmlRequestAttributes(String clname_id, String actor_id, String operation_id, String target_id,
String request_id) {
super();
+ this.clname_id = clname_id;
this.actor_id = actor_id;
this.operation_id = operation_id;
this.target_id = target_id;
@@ -59,6 +60,9 @@ public class PolicyGuardXacmlRequestAttributes {
//@XACMLAction()
//String action;
+ @XACMLSubject(includeInResults=true, attributeId="urn:oasis:names:tc:xacml:1.0:clname:clname-id")
+ String clname_id;
+
@XACMLSubject(includeInResults=true, attributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id")
String actor_id;
@@ -119,6 +123,18 @@ public class PolicyGuardXacmlRequestAttributes {
public void setRequest_id(String request_id) {
this.request_id = request_id;
}
+
+
+
+ public String getClname_id() {
+ return clname_id;
+ }
+
+
+
+ public void setClname_id(String clname_id) {
+ this.clname_id = clname_id;
+ }
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardYamlToXacml.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardYamlToXacml.java
index b9a7881b6..baf43b3b0 100644
--- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardYamlToXacml.java
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardYamlToXacml.java
@@ -20,30 +20,33 @@
package org.onap.policy.guard;
-
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
+import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+
import org.onap.policy.controlloop.policy.guard.ControlLoopGuard;
+
public class PolicyGuardYamlToXacml {
public static void fromYamlToXacml(String yamlFile, String xacmlTemplate, String xacmlPolicyOutput){
ControlLoopGuard yamlGuardObject = Util.loadYamlGuard(yamlFile);
- System.out.println("actor: " + yamlGuardObject.guards.getFirst().actor);
- System.out.println("recipe: " + yamlGuardObject.guards.getFirst().recipe);
- System.out.println("num: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().num);
- System.out.println("duration: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().duration);
- System.out.println("time_in_range: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range);
+ System.out.println("clname: " + yamlGuardObject.guards.getFirst().match_parameters.controlLoopName);
+ System.out.println("actor: " + yamlGuardObject.guards.getFirst().match_parameters.actor);
+ System.out.println("recipe: " + yamlGuardObject.guards.getFirst().match_parameters.recipe);
+ System.out.println("num: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().freq_limit_per_target);
+ System.out.println("duration: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_window);
+ System.out.println("time_in_range: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range);
Path xacmlTemplatePath = Paths.get(xacmlTemplate);
String xacmlTemplateContent;
@@ -52,12 +55,14 @@ public class PolicyGuardYamlToXacml {
xacmlTemplateContent = new String(Files.readAllBytes(xacmlTemplatePath));
String xacmlPolicyContent = generateXacmlGuard(xacmlTemplateContent,
- yamlGuardObject.guards.getFirst().actor,
- yamlGuardObject.guards.getFirst().recipe,
- yamlGuardObject.guards.getFirst().limit_constraints.getFirst().num,
- yamlGuardObject.guards.getFirst().limit_constraints.getFirst().duration,
- yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range.get("arg2"),
- yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range.get("arg3")
+ yamlGuardObject.guards.getFirst().match_parameters.controlLoopName,
+ yamlGuardObject.guards.getFirst().match_parameters.actor,
+ yamlGuardObject.guards.getFirst().match_parameters.recipe,
+ yamlGuardObject.guards.getFirst().match_parameters.targets,
+ yamlGuardObject.guards.getFirst().limit_constraints.getFirst().freq_limit_per_target,
+ yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_window,
+ yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range.get("start"),
+ yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range.get("end")
);
@@ -73,20 +78,44 @@ public class PolicyGuardYamlToXacml {
public static String generateXacmlGuard(String xacmlFileContent,
+ String clname,
String actor,
- String recipe,
+ String recipe,
+ LinkedList<String> targets,
Integer limit,
Map<String,String> timeWindow,
String guardActiveStart,
String guardActiveEnd) {
- Pattern p = Pattern.compile("\\$\\{actor\\}");
+ Pattern p = Pattern.compile("\\$\\{clname\\}");
Matcher m = p.matcher(xacmlFileContent);
+ if(isNullOrEmpty(clname)) clname = ".*";
+ xacmlFileContent = m.replaceAll(clname);
+
+ p = Pattern.compile("\\$\\{actor\\}");
+ m = p.matcher(xacmlFileContent);
+ if(isNullOrEmpty(actor)) actor = ".*";
xacmlFileContent = m.replaceAll(actor);
p = Pattern.compile("\\$\\{recipe\\}");
m = p.matcher(xacmlFileContent);
+ if(isNullOrEmpty(recipe)) recipe = ".*";
xacmlFileContent = m.replaceAll(recipe);
+
+ p = Pattern.compile("\\$\\{targets\\}");
+ m = p.matcher(xacmlFileContent);
+ String targetsRegex = "";
+ if(isNullOrEmptyList(targets)){
+ targetsRegex = ".*";
+ }
+ else{
+ for(String t : targets){
+ targetsRegex += (t + "|");
+
+ }
+ targetsRegex = targetsRegex.substring(0, targetsRegex.length()-1);
+ }
+ xacmlFileContent = m.replaceAll(targetsRegex);
p = Pattern.compile("\\$\\{limit\\}");
m = p.matcher(xacmlFileContent);
@@ -118,16 +147,39 @@ public class PolicyGuardYamlToXacml {
return xacmlFileContent;
}
+ public static boolean isNullOrEmpty(String s){
+
+ if(s == null){
+ return true;
+ }
+ else if(s.equals("")){
+ return true;
+ }
+ return false;
+
+ }
+
+ public static boolean isNullOrEmptyList(LinkedList<String> list){
+
+ if(list == null){
+ return true;
+ }
+ else if(list.isEmpty()){
+ return true;
+ }
+ return false;
+
+ }
public static void fromYamlToXacmlBlacklist(String yamlFile, String xacmlTemplate, String xacmlPolicyOutput){
ControlLoopGuard yamlGuardObject = Util.loadYamlGuard(yamlFile);
- System.out.println("actor: " + yamlGuardObject.guards.getFirst().actor);
- System.out.println("recipe: " + yamlGuardObject.guards.getFirst().recipe);
- System.out.println("num: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().num);
- System.out.println("duration: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().duration);
- System.out.println("time_in_range: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range);
+ System.out.println("actor: " + yamlGuardObject.guards.getFirst().match_parameters.actor);
+ System.out.println("recipe: " + yamlGuardObject.guards.getFirst().match_parameters.recipe);
+ System.out.println("freq_limit_per_target: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().freq_limit_per_target);
+ System.out.println("time_window: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_window);
+ System.out.println("active_time_range: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range);
Path xacmlTemplatePath = Paths.get(xacmlTemplate);
String xacmlTemplateContent;
@@ -136,11 +188,12 @@ public class PolicyGuardYamlToXacml {
xacmlTemplateContent = new String(Files.readAllBytes(xacmlTemplatePath));
String xacmlPolicyContent = generateXacmlGuardBlacklist(xacmlTemplateContent,
- yamlGuardObject.guards.getFirst().actor,
- yamlGuardObject.guards.getFirst().recipe,
+ yamlGuardObject.guards.getFirst().match_parameters.controlLoopName,
+ yamlGuardObject.guards.getFirst().match_parameters.actor,
+ yamlGuardObject.guards.getFirst().match_parameters.recipe,
yamlGuardObject.guards.getFirst().limit_constraints.getFirst().blacklist,
- yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range.get("arg2"),
- yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range.get("arg3")
+ yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range.get("start"),
+ yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range.get("end")
);
@@ -154,18 +207,27 @@ public class PolicyGuardYamlToXacml {
}
public static String generateXacmlGuardBlacklist(String xacmlFileContent,
+ String clname,
String actor,
String recipe,
List<String> blacklist,
String guardActiveStart,
String guardActiveEnd) {
- Pattern p = Pattern.compile("\\$\\{actor\\}");
+
+ Pattern p = Pattern.compile("\\$\\{clname\\}");
Matcher m = p.matcher(xacmlFileContent);
+ if(isNullOrEmpty(clname)) clname = ".*";
+ xacmlFileContent = m.replaceAll(clname);
+
+ p = Pattern.compile("\\$\\{actor\\}");
+ m = p.matcher(xacmlFileContent);
+ if(isNullOrEmpty(actor)) actor = ".*";
xacmlFileContent = m.replaceAll(actor);
p = Pattern.compile("\\$\\{recipe\\}");
m = p.matcher(xacmlFileContent);
+ if(isNullOrEmpty(recipe)) recipe = ".*";
xacmlFileContent = m.replaceAll(recipe);
p = Pattern.compile("\\$\\{guardActiveStart\\}");