aboutsummaryrefslogtreecommitdiffstats
path: root/controlloop/common/guard/src/main
diff options
context:
space:
mode:
authorJoshua Reich <jreich@research.att.com>2018-09-14 11:38:01 -0700
committerJoshua Reich <jreich@research.att.com>2018-09-17 22:35:09 -0700
commitfaf283066f186838665ed5c38c1ba8319041bc1c (patch)
treebaecbf025374a4e120de5b9ddf405b26cb6e5d75 /controlloop/common/guard/src/main
parente3357d24078195756c8e16fc0da8aa8d1e507290 (diff)
Add demo for Control Loop Coordination.
New PipEngine and Junit test added to guard. Also bug in existing Junit test fixed. All other code added to new directory template.demo.clc Change-Id: Ida2267528bcb9404dc59ff391d45797b591814cc Issue-ID: POLICY-1109 Signed-off-by: Joshua Reich <jreich@research.att.com>
Diffstat (limited to 'controlloop/common/guard/src/main')
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/PipEngineGetHistory.java (renamed from controlloop/common/guard/src/main/java/org/onap/policy/guard/PIPEngineGetHistory.java)6
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/PipEngineGetStatus.java311
2 files changed, 314 insertions, 3 deletions
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PIPEngineGetHistory.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PipEngineGetHistory.java
index a9a984ade..2a1ef2fc6 100644
--- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PIPEngineGetHistory.java
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PipEngineGetHistory.java
@@ -55,8 +55,8 @@ import org.onap.policy.drools.system.PolicyEngine;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-public class PIPEngineGetHistory extends StdConfigurableEngine {
- private static final Logger logger = LoggerFactory.getLogger(PIPEngineGetHistory.class);
+public class PipEngineGetHistory extends StdConfigurableEngine {
+ private static final Logger logger = LoggerFactory.getLogger(PipEngineGetHistory.class);
//
// Base issuer string. The issuer in the policy will also contain time window information
@@ -91,7 +91,7 @@ public class PIPEngineGetHistory extends StdConfigurableEngine {
new StdPIPRequest(new IdentifierImpl(XACML_ATTRIBUTE_CATEGORY_RESOURCE),
new IdentifierImpl(XACML_TARGET_TARGET_ID), new IdentifierImpl(XML_SCHEMA_STRING));
- public PIPEngineGetHistory() {
+ public PipEngineGetHistory() {
super();
}
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PipEngineGetStatus.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PipEngineGetStatus.java
new file mode 100644
index 000000000..40b26c847
--- /dev/null
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PipEngineGetStatus.java
@@ -0,0 +1,311 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * guard
+ * ================================================================================
+ * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.guard;
+
+import com.att.research.xacml.api.Attribute;
+import com.att.research.xacml.api.AttributeValue;
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.pip.PIPException;
+import com.att.research.xacml.api.pip.PIPFinder;
+import com.att.research.xacml.api.pip.PIPRequest;
+import com.att.research.xacml.api.pip.PIPResponse;
+import com.att.research.xacml.std.IdentifierImpl;
+import com.att.research.xacml.std.StdMutableAttribute;
+import com.att.research.xacml.std.datatypes.DataTypes;
+import com.att.research.xacml.std.pip.StdMutablePIPResponse;
+import com.att.research.xacml.std.pip.StdPIPRequest;
+import com.att.research.xacml.std.pip.StdPIPResponse;
+import com.att.research.xacml.std.pip.engines.StdConfigurableEngine;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.persistence.EntityManager;
+import javax.persistence.EntityManagerFactory;
+import javax.persistence.NoResultException;
+import javax.persistence.NonUniqueResultException;
+import javax.persistence.Persistence;
+import javax.persistence.Query;
+
+import org.onap.policy.drools.system.PolicyEngine;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class PipEngineGetStatus extends StdConfigurableEngine {
+ private static final Logger logger = LoggerFactory.getLogger(PipEngineGetStatus.class);
+
+ //
+ // Base issuer string. The issuer in the policy will contain the operations
+ // E.g., "org:onap:policy:guard:status:clname:testcl"
+ //
+ public static final String DEFAULT_ISSUER = "org:onap:policy:guard:status";
+ public static final String DEFAULT_DESCRIPTION = "PIP for retrieving Operation Status from DB";
+
+ private static final String XML_SCHEMA_STRING = "http://www.w3.org/2001/XMLSchema#string";
+
+ private static final String XACML_SUBJECT_CATEGORY_ACCESS_SUBJECT =
+ "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject";
+ private static final String XACML_ACTOR_ACTOR_ID = "urn:oasis:names:tc:xacml:1.0:actor:actor-id";
+ private static final String XACML_ATTRIBUTE_CATEGORY_ACTION =
+ "urn:oasis:names:tc:xacml:3.0:attribute-category:action";
+ private static final String XACML_OPERATION_OPERATION_ID = "urn:oasis:names:tc:xacml:1.0:operation:operation-id";
+ private static final String XACML_ATTRIBUTE_CATEGORY_RESOURCE =
+ "urn:oasis:names:tc:xacml:3.0:attribute-category:resource";
+ private static final String XACML_TARGET_TARGET_ID = "urn:oasis:names:tc:xacml:1.0:target:target-id";
+ private static final String XACML_TEST_SQL_RESOURCE_OPERATIONS_STATUS =
+ "com:att:research:xacml:test:sql:resource:operations:status";
+
+ private static final PIPRequest PIP_REQUEST_ACTOR =
+ new StdPIPRequest(new IdentifierImpl(XACML_SUBJECT_CATEGORY_ACCESS_SUBJECT),
+ new IdentifierImpl(XACML_ACTOR_ACTOR_ID), new IdentifierImpl(XML_SCHEMA_STRING));
+
+ private static final PIPRequest PIP_REQUEST_RECIPE =
+ new StdPIPRequest(new IdentifierImpl(XACML_ATTRIBUTE_CATEGORY_ACTION),
+ new IdentifierImpl(XACML_OPERATION_OPERATION_ID), new IdentifierImpl(XML_SCHEMA_STRING));
+
+ private static final PIPRequest PIP_REQUEST_TARGET =
+ new StdPIPRequest(new IdentifierImpl(XACML_ATTRIBUTE_CATEGORY_RESOURCE),
+ new IdentifierImpl(XACML_TARGET_TARGET_ID), new IdentifierImpl(XML_SCHEMA_STRING));
+
+ public PipEngineGetStatus() {
+ super();
+ }
+
+ @Override
+ public Collection<PIPRequest> attributesRequired() {
+ return Collections.emptySet();
+ }
+
+ @Override
+ public Collection<PIPRequest> attributesProvided() {
+ return Collections.emptySet();
+ }
+
+ @Override
+ public PIPResponse getAttributes(PIPRequest pipRequest, PIPFinder pipFinder) throws PIPException {
+ logger.debug("Entering Status PIP");
+
+ /*
+ * First check to see if the issuer is set and then match it
+ */
+ String issuer;
+ if ((issuer = pipRequest.getIssuer()) == null) {
+
+ logger.debug("No issuer in the request...");
+ logger.debug("Status PIP - No issuer in the request!");
+ return StdPIPResponse.PIP_RESPONSE_EMPTY;
+
+ } else if (!issuer.contains(this.getIssuer())) {
+ // Notice, we are checking here for the base issuer prefix.
+ logger.debug("Requested issuer '{}' does not match {}", issuer, getIssuer());
+ logger.debug("Status PIP - Issuer {} does not match with: ", issuer, this.getIssuer());
+ return StdPIPResponse.PIP_RESPONSE_EMPTY;
+ }
+
+ String[] s1 = issuer.split("clname:");
+ String clname = s1[1];
+ String target = null;
+ try {
+ target = getTarget(pipFinder).iterator().next();
+ } catch (Exception e) {
+ logger.debug("could not retrieve target from PIP finder", e);
+ return StdPIPResponse.PIP_RESPONSE_EMPTY;
+ }
+
+ logger.debug("Going to query DB about: clname={}, target={}", clname, target);
+ String statusFromDb = getStatusFromDb(clname, target);
+
+ StdMutablePIPResponse stdPipResponse = new StdMutablePIPResponse();
+
+ this.addStringAttribute(stdPipResponse, new IdentifierImpl(XACML_ATTRIBUTE_CATEGORY_RESOURCE),
+ new IdentifierImpl(XACML_TEST_SQL_RESOURCE_OPERATIONS_STATUS), statusFromDb, pipRequest);
+
+ return new StdPIPResponse(stdPipResponse);
+ }
+
+ @Override
+ public void configure(String id, Properties properties) throws PIPException {
+ super.configure(id, properties);
+
+ if (this.getDescription() == null) {
+ this.setDescription(DEFAULT_DESCRIPTION);
+ }
+ if (this.getIssuer() == null) {
+ this.setIssuer(DEFAULT_ISSUER);
+ }
+ }
+
+ private PIPResponse getAttribute(PIPRequest pipRequest, PIPFinder pipFinder) {
+ PIPResponse pipResponse = null;
+
+ try {
+ pipResponse = pipFinder.getMatchingAttributes(pipRequest, this);
+ } catch (PIPException ex) {
+ logger.error("getAttribute threw:", ex);
+ return null;
+ }
+ if (pipResponse == null) {
+ return null;
+ }
+ if (pipResponse.getStatus() != null && !pipResponse.getStatus().isOk()) {
+ logger.warn("PIP response error {}: {}", pipRequest.getAttributeId().stringValue(),
+ pipResponse.getStatus());
+ return null;
+ }
+ if (pipResponse.getAttributes() != null && pipResponse.getAttributes().isEmpty()) {
+ logger.warn("No attributes in POP response {}: {}", pipRequest.getAttributeId().stringValue(),
+ pipResponse.getStatus());
+ return null;
+ }
+ return pipResponse;
+ }
+
+ private void addStringAttribute(StdMutablePIPResponse stdPipResponse, Identifier category, Identifier attributeId,
+ String value, PIPRequest pipRequest) {
+ AttributeValue<String> attributeValue = null;
+ try {
+ attributeValue = DataTypes.DT_STRING.createAttributeValue(value);
+ } catch (Exception ex) {
+ logger.error("Failed to convert {} to an AttributeValue<String>", value, ex);
+ }
+ if (attributeValue != null) {
+ stdPipResponse.addAttribute(new StdMutableAttribute(category, attributeId, attributeValue,
+ pipRequest.getIssuer()/* this.getIssuer() */, false));
+ }
+ }
+
+ private Set<String> getTarget(PIPFinder pipFinder) {
+ /*
+ * Get the UID from either the subject id or the uid property
+ */
+ PIPResponse pipResponseUid = this.getAttribute(PIP_REQUEST_TARGET, pipFinder);
+ if (pipResponseUid == null) {
+ return new HashSet<>();
+ }
+
+ /*
+ * Iterate over all of the returned results and do the LDAP requests
+ */
+ Collection<Attribute> listUids = pipResponseUid.getAttributes();
+ Set<String> setUids = new HashSet<>();
+ for (Attribute attributeUid : listUids) {
+ Iterator<AttributeValue<String>> iterAttributeValues = attributeUid.findValues(DataTypes.DT_STRING);
+ if (iterAttributeValues != null) {
+ while (iterAttributeValues.hasNext()) {
+ String uid = iterAttributeValues.next().getValue();
+ if (uid != null) {
+ setUids.add(uid);
+ }
+ }
+ }
+ }
+
+ return setUids;
+ }
+
+ private static String getStatusFromDb(String clname, String target) {
+ //
+ // DB Properties
+ //
+ Properties props = new Properties();
+ try {
+ props.put(Util.ECLIPSE_LINK_KEY_URL, PolicyEngine.manager.getEnvironmentProperty(Util.ONAP_KEY_URL));
+ props.put(Util.ECLIPSE_LINK_KEY_USER, PolicyEngine.manager.getEnvironmentProperty(Util.ONAP_KEY_USER));
+ props.put(Util.ECLIPSE_LINK_KEY_PASS, PolicyEngine.manager.getEnvironmentProperty(Util.ONAP_KEY_PASS));
+ } catch (NullPointerException e) {
+ logger.error("getStatusFromDB: {} when setting properties", e.getMessage());
+ }
+ //
+ // Set opsHistPu to the correct value and clear properties if necessary.
+ //
+ String opsHistPu = System.getProperty("OperationsHistoryPU");
+ if (opsHistPu == null || !opsHistPu.equals("TestOperationsHistoryPU")) {
+ opsHistPu = "OperationsHistoryPU";
+ } else {
+ props.clear();
+ }
+ //
+ // Set up the EntityManager
+ //
+ EntityManagerFactory emf = null;
+ EntityManager em = null;
+ try {
+ emf = Persistence.createEntityManagerFactory(opsHistPu, props);
+ } catch (Exception ex) {
+ logger.error("PIP thread got Exception. Can't connect to Operations History DB -- {}", opsHistPu);
+ logger.error("getStatusFromDb threw: ", ex);
+ return null;
+ }
+ try {
+ em = emf.createEntityManager();
+ } catch (Exception ex) {
+ logger.error("PIP thread got Exception. Problem creating EntityManager");
+ logger.error("getStatusFromDb threw: ", ex);
+ emf.close();
+ return null;
+ }
+ //
+ // Create the query
+ //
+ String sql = "select outcome from operationshistory10 where"
+ + " clname= ?"
+ + " and target= ?"
+ + " order by endtime desc limit 1";
+ Query nq = em.createNativeQuery(sql);
+ nq.setParameter(1, clname);
+ nq.setParameter(2, target);
+ logger.debug("SQL query: {}, {}, {}", sql, clname, target);
+ //
+ // Run the query
+ //
+ String ret = null;
+ try{
+ ret = ((String)nq.getSingleResult());
+ } catch(NoResultException ex) {
+ logger.debug("NoResultException for getSingleResult()");
+ ret = "NO_MATCHING_ENTRY";
+ } catch(Exception ex){
+ logger.error("getStatusFromDB threw: ", ex);
+ }
+ if (ret != null) {
+ logger.debug("SQL query result: {}", ret);
+ }
+ //
+ // Clean up and return the result
+ //
+ try {
+ em.close();
+ } catch(Exception ex){
+ logger.error("getStatusFromDB threw: ", ex);
+ }
+ try {
+ emf.close();
+ } catch(Exception ex){
+ logger.error("getStatusFromDB threw: ", ex);
+ }
+ return ret;
+ }
+}