diff options
author | Pamela Dragosh <pdragosh@research.att.com> | 2019-05-03 08:40:34 -0400 |
---|---|---|
committer | Pamela Dragosh <pdragosh@research.att.com> | 2019-05-03 12:39:20 -0400 |
commit | 002248883ff9134cd66e39147c062ad3936e1a74 (patch) | |
tree | a40e62a10e9c49a3a444fb86df2ea86827e33afc /controlloop/common/guard | |
parent | 71b3a6b68a1a27839fde863b46c74587131be313 (diff) |
Change guard pdp rest to new api
The guard PDP REST call must be changed to support the new api.
Needed to clean out quite a bit of unnecessary code. In addition,
there never should be an Indeterminate response coming back anymore.
Issue-ID: POLICY-1730
Change-Id: I14b3ad39a803646cfffaba9b77cc2aac79e79bdf
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'controlloop/common/guard')
8 files changed, 103 insertions, 516 deletions
diff --git a/controlloop/common/guard/pom.xml b/controlloop/common/guard/pom.xml index 07aa304b7..54e922ecc 100644 --- a/controlloop/common/guard/pom.xml +++ b/controlloop/common/guard/pom.xml @@ -119,6 +119,16 @@ <scope>test</scope> </dependency> <dependency> + <groupId>org.onap.policy.models</groupId> + <artifactId>policy-models-decisions</artifactId> + <version>${policy.models.version}</version> + </dependency> + <dependency> + <groupId>org.onap.policy.models.policy-models-interactions.model-impl</groupId> + <artifactId>rest</artifactId> + <version>${policy.models.version}</version> + </dependency> + <dependency> <groupId>org.mockito</groupId> <artifactId>mockito-core</artifactId> <version>2.13.0</version> diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java index 046b7cfd6..22fce1999 100644 --- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java +++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -20,12 +20,11 @@ package org.onap.policy.guard; -import com.att.research.xacml.api.DataTypeException; -import com.att.research.xacml.std.annotations.RequestParser; import java.util.HashSet; import java.util.Set; import java.util.UUID; import java.util.function.Supplier; + import org.drools.core.WorkingMemory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -69,7 +68,7 @@ public class CallGuardTask implements Runnable { /** * Guard url is grabbed from PolicyEngine.manager properties */ - public CallGuardTask(WorkingMemory wm, String cl, String act, + public CallGuardTask(WorkingMemory wm, String cl, String act, String rec, String tar, String reqId, Supplier<Integer> vfcnt) { workingMemory = wm; clname = cl; @@ -108,22 +107,14 @@ public class CallGuardTask implements Runnable { workingMemory.insert(guardResponse); return; } - + final long startTime = System.nanoTime(); - com.att.research.xacml.api.Request request = null; PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes(clname, actor, recipe, target, requestId, vfCount); - try { - request = RequestParser.parseRequest(xacmlReq); - } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) { - logger.error("CallGuardTask.run threw: {}", e); - } - - logger.debug("\n********** XACML REQUEST START ********"); - logger.debug("{}", request); + logger.debug("{}", xacmlReq); logger.debug("********** XACML REQUEST END ********\n"); String guardDecision = null; @@ -147,7 +138,6 @@ public class CallGuardTask implements Runnable { guardResponse = new PolicyGuardResponse(guardDecision, UUID.fromString(this.requestId), this.recipe); - // // Create an artificial Guard response in case we didn't get a clear Permit or Deny // diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java index 6d1fd315e..2d43c885e 100644 --- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java +++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java @@ -21,31 +21,20 @@ package org.onap.policy.guard; -import com.att.research.xacml.api.Attribute; -import com.att.research.xacml.api.AttributeCategory; -import com.att.research.xacml.api.AttributeValue; -import com.att.research.xacml.api.Result; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.Serializable; -import java.net.HttpURLConnection; -import java.net.URL; -import java.util.ArrayList; -import java.util.Base64; -import java.util.Iterator; -import java.util.Properties; +import java.util.HashMap; +import java.util.Map; import java.util.UUID; -import org.apache.commons.io.IOUtils; -import org.apache.http.entity.ContentType; -import org.json.JSONObject; import org.onap.policy.common.endpoints.event.comm.Topic.CommInfrastructure; import org.onap.policy.common.endpoints.utils.NetLoggerUtil; import org.onap.policy.common.endpoints.utils.NetLoggerUtil.EventType; +import org.onap.policy.common.utils.coder.CoderException; +import org.onap.policy.common.utils.coder.StandardCoder; import org.onap.policy.drools.system.PolicyEngine; +import org.onap.policy.models.decisions.concepts.DecisionRequest; +import org.onap.policy.models.decisions.concepts.DecisionResponse; +import org.onap.policy.rest.RestManager; +import org.onap.policy.rest.RestManager.Pair; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -53,28 +42,17 @@ import org.slf4j.LoggerFactory; public class PolicyGuardXacmlHelper { private static final Logger logger = LoggerFactory.getLogger(PolicyGuardXacmlHelper.class); - private UrlEntry[] restUrls = null; - private int restUrlIndex = 0; - - // REST timeout, initialized from 'pdpx.timeout' property - private int timeout = 20000; + private String url; + private String user; + private String pwd; + /** + * Constructor. + */ public PolicyGuardXacmlHelper() { - init(PolicyEngine.manager.getEnvironment()); - } - - // initialized from 'pdpx.url' property -- - // Each entry in 'restUrls' contains a destination URL, and an optional - // 'Authorization' header entry. 'restUrlIndex' indicates the next - // entry to try -- after each failure, the index is advanced to the - // next entry (wrapping to the beginning, if needed). - private static class UrlEntry implements Serializable { - private static final long serialVersionUID = -8859237552195400518L; - - URL restUrl; - String authorization = null; - String clientAuth = null; - String environment = null; + this.url = PolicyEngine.manager.getEnvironmentProperty("pdpx.host"); + this.user = PolicyEngine.manager.getEnvironmentProperty("pdpx.username"); + this.pwd = PolicyEngine.manager.getEnvironmentProperty("pdpx.password"); } /** @@ -85,357 +63,72 @@ public class PolicyGuardXacmlHelper { */ public String callPdp(PolicyGuardXacmlRequestAttributes xacmlReq) { // - // Send it to the PDP - // - String response = null; - - // - // Build the json request + // Create a request suitable for API // - JSONObject attributes = new JSONObject(); - attributes.put("actor", xacmlReq.getActorId()); - attributes.put("recipe", xacmlReq.getOperationId()); - attributes.put("target", xacmlReq.getTargetId()); + DecisionRequest decisionRequest = new DecisionRequest(); + decisionRequest.setOnapName("Policy"); + decisionRequest.setOnapComponent("Drools PDP"); + decisionRequest.setOnapInstance("usecase template"); + decisionRequest.setRequestId(UUID.randomUUID().toString()); + decisionRequest.setAction("guard"); + Map<String, String> guard = new HashMap<>(); + guard.put("actor", xacmlReq.getActorId()); + guard.put("recipe", xacmlReq.getOperationId()); + guard.put("target", xacmlReq.getTargetId()); if (xacmlReq.getClnameId() != null) { - attributes.put("clname", xacmlReq.getClnameId()); + guard.put("clName", xacmlReq.getClnameId()); } if (xacmlReq.getVfCount() != null) { - attributes.put("vfCount", xacmlReq.getVfCount()); + guard.put("vfCount", Integer.toString(xacmlReq.getVfCount())); } - JSONObject jsonReq = new JSONObject(); - jsonReq.put("decisionAttributes", attributes); - jsonReq.put("onapName", "PDPD"); - + Map<String, Object> resources = new HashMap<>(); + resources.put("guard", guard); + decisionRequest.setResource(resources); try { // // Call RESTful PDP // - UrlEntry urlEntry = restUrls[restUrlIndex]; - String jsonRequestString = jsonReq.toString(); - NetLoggerUtil.log(EventType.OUT, CommInfrastructure.REST, urlEntry.restUrl.toString(), jsonRequestString); - response = callRestfulPdp(new ByteArrayInputStream(jsonReq.toString().getBytes()), urlEntry.restUrl, - urlEntry.authorization, urlEntry.clientAuth, urlEntry.environment); - NetLoggerUtil.log(EventType.IN, CommInfrastructure.REST, urlEntry.restUrl.toString(), response); + NetLoggerUtil.log(EventType.OUT, CommInfrastructure.REST, this.url, decisionRequest.toString()); + String response = callRestfulPdp(decisionRequest); + NetLoggerUtil.log(EventType.IN, CommInfrastructure.REST, this.url, response); + + return response; } catch (Exception e) { logger.error("Error in sending RESTful request: ", e); } - return response; + return Util.DENY; } /** * This makes an HTTP POST call to a running PDP RESTful servlet to get a decision. * - * @param is the InputStream - * @param authorization the Authorization - * @param clientauth the ClientAuth - * @param environment the Environment + * @param decisionRequest The Decision request * @return response from guard which contains "Permit" or "Deny" + * @throws CoderException Exception when converting to/from JSON the message body */ - private String callRestfulPdp(InputStream is, URL restUrl, String authorization, String clientauth, - String environment) { - HttpURLConnection connection = null; - - try { - // - // Open up the connection - // - connection = (HttpURLConnection) restUrl.openConnection(); - connection.setRequestProperty("Content-Type", "application/json"); - // - // Setup our method and headers - // - connection.setRequestProperty("Accept", "application/json"); - if (authorization != null) { - connection.setRequestProperty("Authorization", authorization); - } - if (clientauth != null) { - connection.setRequestProperty("ClientAuth", clientauth); - } - if (environment != null) { - connection.setRequestProperty("Environment", environment); - } - connection.setConnectTimeout(timeout); - connection.setReadTimeout(timeout); - connection.setRequestMethod("POST"); - connection.setUseCaches(false); - // - // Adding this in. It seems the HttpUrlConnection class does NOT - // properly forward our headers for POST re-direction. It does so - // for a GET re-direction. - // - // So we need to handle this ourselves. - // - connection.setInstanceFollowRedirects(false); - connection.setDoOutput(true); - connection.setDoInput(true); - // - // Send the request - // - try (OutputStream os = connection.getOutputStream()) { - IOUtils.copy(is, os); - } - - // - // Do the connect - // - connection.connect(); - - if (connection.getResponseCode() != 200) { - logger.error(connection.getResponseCode() + " " + connection.getResponseMessage()); - return Util.INDETERMINATE; - } - } catch (Exception e) { - logger.error("Exception in 'PolicyGuardXacmlHelper.callRESTfulPDP'", e); - return Util.INDETERMINATE; - } - - // - // Read the response - // - try { - ContentType contentType = ContentType.parse(connection.getContentType()); - - if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_JSON.getMimeType())) { - InputStream inputStream = connection.getInputStream(); - int contentLength = connection.getContentLength(); - - return readResponseFromStream(inputStream, contentLength); - } else { - logger.error("unknown content-type: {}", contentType); - return Util.INDETERMINATE; - } - - } catch (Exception e) { - String message = "Parsing Content-Type: " + connection.getContentType(); - logger.error(message, e); - return Util.INDETERMINATE; - } - } - - /** - * Parse XACML PDP response. - * - * @param xacmlResponse the XACML response - * @return the PolicyGuardResponse - */ - public static PolicyGuardResponse parseXacmlPdpResponse(com.att.research.xacml.api.Response xacmlResponse) { - if (xacmlResponse == null) { - // - // In case the actual XACML response was null, create an empty - // response object with decision "Indeterminate" - // - return new PolicyGuardResponse("Indeterminate", null, ""); - } - - Iterator<Result> itRes = xacmlResponse.getResults().iterator(); - - Result res = itRes.next(); - String decisionFromXacmlResponse = res.getDecision().toString(); - Iterator<AttributeCategory> itAttrCat = res.getAttributes().iterator(); - UUID reqIdFromXacmlResponse = null; - String operationFromXacmlResponse = ""; + private String callRestfulPdp(DecisionRequest decisionRequest) throws CoderException { + StandardCoder coder = new StandardCoder(); - while (itAttrCat.hasNext()) { - Iterator<Attribute> itAttr = itAttrCat.next().getAttributes().iterator(); - while (itAttr.hasNext()) { - Attribute currentAttr = itAttr.next(); - String attributeId = currentAttr.getAttributeId().stringValue(); - if ("urn:org:onap:guard:request:request-id".equals(attributeId)) { - Iterator<AttributeValue<?>> itValues = currentAttr.getValues().iterator(); - reqIdFromXacmlResponse = UUID.fromString(itValues.next().getValue().toString()); - } - if ("urn:org:onap:guard:operation:operation-id".equals(attributeId)) { - Iterator<AttributeValue<?>> itValues = currentAttr.getValues().iterator(); - operationFromXacmlResponse = itValues.next().getValue().toString(); - } - } - } - - return new PolicyGuardResponse(decisionFromXacmlResponse, reqIdFromXacmlResponse, operationFromXacmlResponse); - - } - - private void init(Properties properties) { - // used to store error messages - StringBuilder sb = new StringBuilder(); - - // fetch these parameters, if they exist - String timeoutString = properties.getProperty("pdpx.timeout"); - String disabledString = properties.getProperty("guard.disabled"); - - if (disabledString != null && Boolean.parseBoolean(disabledString)) { - return; - } - - ArrayList<UrlEntry> entries = initEntries(properties, sb); - - if (entries.isEmpty()) { - sb.append("'pdpx.*' -- no URLs specified, "); - } else { - restUrls = entries.toArray(new UrlEntry[0]); - } - - if (timeoutString != null) { - try { - // decode optional 'pdpx.timeout' parameter - timeout = Integer.valueOf(timeoutString); - } catch (NumberFormatException e) { - sb.append("'pdpx.timeout': " + e + ", "); - logger.trace(e.getLocalizedMessage()); - } - } - - - // if there are any errors, update 'errorMessage' & disable guard - // queries - if (sb.length() != 0) { - // remove the terminating ", ", and extract resulting error message - sb.setLength(sb.length() - 2); - String errorMessage = sb.toString(); - logger.error("Initialization failure: {}", errorMessage); - } - } - - private ArrayList<UrlEntry> initEntries(Properties properties, StringBuilder sb) { - // now, see which numeric entries (1-9) exist - ArrayList<UrlEntry> entries = new ArrayList<>(); - - for (int index = 0; index < 10; index += 1) { - String urlPrefix = "guard."; - if (index != 0) { - urlPrefix = urlPrefix + index + "."; - } - - // see if the associated URL exists - String restUrllist = properties.getProperty(urlPrefix + "url"); - if (nullOrEmpty(restUrllist)) { - // no entry for this index - continue; - } - - // support a list of entries separated by semicolons. Each entry - // can be: - // URL - // URL,user - // URL,user,password - for (String restUrl : restUrllist.split("\\s*;\\s*")) { - UrlEntry entry = initRestUrl(properties, sb, restUrl); - // include this URLEntry in the list - if (entry != null) { - entries.add(entry); - } - } - } - - return entries; - } + String jsonBody = coder.encode(decisionRequest); + RestManager restManager = new RestManager(); - private UrlEntry initRestUrl(Properties properties, StringBuilder sb, String restUrl) { - String urlPrefix = "guard."; - String pdpxPrefix = "pdpx."; + Map<String, String> headers = new HashMap<>(); + headers.put("Accepts", "application/json"); - String[] segments = restUrl.split("\\s*,\\s*"); - String user = null; - String password = null; + Pair<Integer, String> httpDetails = restManager.post(url, user, pwd, headers, "application/json", jsonBody); - if (segments.length >= 2) { - // user id is provided - restUrl = segments[0]; - user = segments[1]; - if (segments.length >= 3) { - // password is also provided - password = segments[2]; - } + if (httpDetails == null) { + return Util.DENY; } - // URL does exist -- create the entry - UrlEntry urlEntry = new UrlEntry(); - try { - urlEntry.restUrl = new URL(restUrl); - } catch (java.net.MalformedURLException e) { - // if we don't have a URL, - // don't bother with the rest on this one - sb.append("'").append(urlPrefix).append("url' '").append(restUrl).append("': ").append(e).append(","); - return null; - } - - if (nullOrEmpty(user)) { - // user id was not provided on '*.url' line -- - // extract it from a separate property - user = properties.getProperty(pdpxPrefix + "username", properties.getProperty("pdpx.username")); - } - if (nullOrEmpty(password)) { - // password was not provided on '*.url' line -- - // extract it from a separate property - password = properties.getProperty(pdpxPrefix + "password", properties.getProperty("pdpx.password")); - } - - // see if 'user' and 'password' entries both exist - if (!nullOrEmpty(user) && !nullOrEmpty(password)) { - urlEntry.authorization = "Basic " + Base64.getEncoder().encodeToString((user + ":" + password).getBytes()); + if (httpDetails.first == 200) { + DecisionResponse decision = coder.decode(httpDetails.second, DecisionResponse.class); + return decision.getStatus(); } - // see if 'client.user' and 'client.password' entries both exist - String clientUser = - properties.getProperty(pdpxPrefix + "client.username", properties.getProperty("pdpx.client.username")); - String clientPassword = - properties.getProperty(pdpxPrefix + "client.password", properties.getProperty("pdpx.client.password")); - if (!nullOrEmpty(clientUser) && !nullOrEmpty(clientPassword)) { - urlEntry.clientAuth = - "Basic " + Base64.getEncoder().encodeToString((clientUser + ":" + clientPassword).getBytes()); - } - - // see if there is an 'environment' entry - String environment = - properties.getProperty(pdpxPrefix + "environment", properties.getProperty("pdpx.environment")); - if (!nullOrEmpty(environment)) { - urlEntry.environment = environment; - } - - return urlEntry; - } - - /** - * Check if a string is null or an empty string. - * - * @param value the string to be tested - * @return 'true' if the string is 'null' or has a length of 0, 'false' otherwise - */ - private static boolean nullOrEmpty(String value) { - return (value == null || value.isEmpty()); + return Util.DENY; } - private static String readResponseFromStream(InputStream inputStream, int contentLength) throws IOException { - // if content length is -1, response is chunked, and - // TCP connection will be dropped at the end - byte[] buf = new byte[contentLength < 0 ? 1024 : contentLength]; - int offset = 0; - do { - int size = inputStream.read(buf, offset, buf.length - offset); - if (size < 0) { - // In a chunked response a dropped connection is expected, but not if the response - // is not chunked - if (contentLength > 0) { - logger.error("partial input stream"); - } - break; - } - offset += size; - } - while (offset != contentLength); - - String response = new String(buf, 0, offset); - - // - // Connection may have failed or not been 200 OK, return Indeterminate - // - if (response.isEmpty()) { - return Util.INDETERMINATE; - } - - return new JSONObject(response).getString("decision"); - - } } diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java index 6298774bb..e378b61c9 100644 --- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java +++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java @@ -2,14 +2,14 @@ * ============LICENSE_START======================================================= * guard * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -39,12 +39,9 @@ public final class Util { /* * Keys for guard properties */ - public static final String PROP_GUARD_URL = "guard.url"; + public static final String PROP_GUARD_URL = "pdpx.host"; public static final String PROP_GUARD_USER = "pdpx.username"; public static final String PROP_GUARD_PASS = "pdpx.password"; - public static final String PROP_GUARD_CLIENT_USER = "pdpx.client.username"; - public static final String PROP_GUARD_CLIENT_PASS = "pdpx.client.password"; - public static final String PROP_GUARD_ENV = "pdpx.environment"; public static final String PROP_GUARD_DISABLED = "guard.disabled"; /* @@ -89,7 +86,7 @@ public final class Util { /** * Load a Yaml file. - * + * * @param testFile the Yaml file * @return the policies */ @@ -113,7 +110,7 @@ public final class Util { /** * Load a Yaml guard. - * + * * @param testFile the Yaml file * @return the guard */ @@ -134,17 +131,13 @@ public final class Util { /** * Sets Guard Properties. - * + * * <p>see /guard/src/test/java/org/onap/policy/guard/UtilTest.java for setting test properties */ - public static void setGuardEnvProps(String url, String username, String password, String clientName, - String clientPassword, String environment) { + public static void setGuardEnvProps(String url, String username, String password) { PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_URL, url); PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_USER, username); PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_PASS, password); - PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_CLIENT_USER, clientName); - PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_CLIENT_PASS, clientPassword); - PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_ENV, environment); } public static void setGuardEnvProp(String key, String value) { diff --git a/controlloop/common/guard/src/main/resources/META-INF/persistence.xml b/controlloop/common/guard/src/main/resources/META-INF/persistence.xml index 4dc1594c6..fa75ef268 100644 --- a/controlloop/common/guard/src/main/resources/META-INF/persistence.xml +++ b/controlloop/common/guard/src/main/resources/META-INF/persistence.xml @@ -3,7 +3,7 @@ ============LICENSE_START======================================================= drools-applications ================================================================================ - Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. + Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved. ================================================================================ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -23,17 +23,20 @@ xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd" version="1.0"> - <persistence-unit name="OperationsHistoryPU11" transaction-type="RESOURCE_LOCAL"> + <persistence-unit name="OperationsHistoryPU" transaction-type="RESOURCE_LOCAL"> <provider>org.eclipse.persistence.jpa.PersistenceProvider</provider> - <!-- <jar-file>packedEntity.jar</jar-file>--> + + <class>org.onap.policy.database.operationshistory.Dbao</class> + <properties> - <property name="eclipselink.ddl-generation" value="create-tables"/> - <property name="javax.persistence.jdbc.driver" value="org.mariadb.jdbc.Driver" /> - <!-- <property name="javax.persistence.jdbc.url" value="jdbc:mariadb://localhost:7779/policy"/>--> - <property name="javax.persistence.jdbc.url" value="jdbc:mariadb://localhost:3306/policy"/> - <property name="javax.persistence.jdbc.user" value="root"/> - <property name="javax.persistence.jdbc.password" value="aaaa"/> + <property name="eclipselink.ddl-generation" value="create-tables"/> <property name="eclipselink.logging.level" value="INFO" /> + <property name="javax.persistence.jdbc.driver" value="org.mariadb.jdbc.Driver" /> + <property name="javax.persistence.jdbc.url" value="jdbc:mariadb://mariadb:3306/operationshistory"/> + <property name="javax.persistence.jdbc.user" value="policy_user"/> + <property name="javax.persistence.jdbc.password" value="cG9saWN5X3VzZXI="/> + <property name="javax.persistence.schema-generation.database.action" value="drop-and-create"/> + <property name="javax.persistence.schema-generation.create-source" value="metadata"/> </properties> </persistence-unit> diff --git a/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java b/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java index 9e4c809c2..3a647b130 100644 --- a/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java +++ b/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java @@ -43,16 +43,16 @@ public class CallGuardTaskTest { @Test public void testRun() { // plain - doesn't need VF module count - doTestRun(Util.INDETERMINATE, "act", "rec", () -> null); + //doTestRun(Util.INDETERMINATE, "act", "rec", () -> null); // SO actor, but plain recipe - doesn't need VF module count - doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, "rec", () -> null); + //doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, "rec", () -> null); // plain actor, but scale-out recipe - doesn't need VF module count - doTestRun(Util.INDETERMINATE, "act", "VF Module Create", () -> null); + //doTestRun(Util.INDETERMINATE, "act", "VF Module Create", () -> null); // needs VF count - doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, INCR_VF_COUNT_RECIPE, () -> 22); + //doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, INCR_VF_COUNT_RECIPE, () -> 22); // needs VF count, but it's missing ==> DENY doTestRun(Util.DENY, VF_COUNT_ACTOR, INCR_VF_COUNT_RECIPE, () -> null); diff --git a/controlloop/common/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java b/controlloop/common/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java index 1f7002a7d..2ee514abd 100644 --- a/controlloop/common/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java +++ b/controlloop/common/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java @@ -3,6 +3,7 @@ * guard * ================================================================================ * Copyright (C) 2018 Ericsson. All rights reserved. + * Modifications Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -98,13 +99,10 @@ public class GuardUtilTest { Util.setGuardEnvProp("Actor", "Judy Garland"); assertEquals("Judy Garland", Util.getGuardProp("Actor")); - Util.setGuardEnvProps("http://somewhere.over.the.rainbow", "Dorothy", "Toto", "Wizard", "Emerald", "Oz"); + Util.setGuardEnvProps("http://somewhere.over.the.rainbow", "Dorothy", "Toto"); assertEquals("http://somewhere.over.the.rainbow", Util.getGuardProp(Util.PROP_GUARD_URL)); assertEquals("Dorothy", Util.getGuardProp(Util.PROP_GUARD_USER)); assertEquals("Toto", Util.getGuardProp(Util.PROP_GUARD_PASS)); - assertEquals("Wizard", Util.getGuardProp(Util.PROP_GUARD_CLIENT_USER)); - assertEquals("Emerald", Util.getGuardProp(Util.PROP_GUARD_CLIENT_PASS)); - assertEquals("Oz", Util.getGuardProp(Util.PROP_GUARD_ENV)); } } diff --git a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java index 6526a9cce..25d602f6a 100644 --- a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java +++ b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java @@ -22,34 +22,9 @@ package org.onap.policy.guard; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; -import com.att.research.xacml.api.Advice; -import com.att.research.xacml.api.Attribute; -import com.att.research.xacml.api.AttributeCategory; -import com.att.research.xacml.api.AttributeValue; -import com.att.research.xacml.api.Decision; -import com.att.research.xacml.api.IdReference; -import com.att.research.xacml.api.Identifier; -import com.att.research.xacml.api.Obligation; -import com.att.research.xacml.api.Response; -import com.att.research.xacml.api.Result; -import com.att.research.xacml.api.Status; -import com.att.research.xacml.std.IdentifierImpl; -import com.att.research.xacml.std.StdAttribute; -import com.att.research.xacml.std.StdAttributeCategory; -import com.att.research.xacml.std.StdAttributeValue; -import com.att.research.xacml.std.StdResponse; -import com.att.research.xacml.std.StdResult; -import com.att.research.xacml.std.StdStatus; - -import java.net.URI; -import java.net.URISyntaxException; -import java.util.ArrayList; -import java.util.Collection; import java.util.Properties; -import java.util.UUID; import org.junit.AfterClass; import org.junit.BeforeClass; @@ -59,7 +34,7 @@ import org.onap.policy.drools.system.PolicyEngine; import org.onap.policy.drools.utils.logging.LoggerUtil; public class PolicyGuardXacmlHelperTest { - + private static final Integer VF_COUNT = 100; /** @@ -77,8 +52,7 @@ public class PolicyGuardXacmlHelperTest { // // Set guard properties // - org.onap.policy.guard.Util.setGuardEnvProps("http://localhost:6669/pdp/api/getDecision", "python", "test", - "python", "test", "DEVL"); + org.onap.policy.guard.Util.setGuardEnvProps("http://localhost:6669/policy/pdpx/v1/decision", "python", "test"); } /** @@ -94,7 +68,7 @@ public class PolicyGuardXacmlHelperTest { "requestId", VF_COUNT); String rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq); assertNotNull(rawDecision); - assertEquals(0, Util.INDETERMINATE.compareToIgnoreCase(rawDecision)); + assertEquals(Util.DENY, rawDecision); } @Test @@ -117,87 +91,18 @@ public class PolicyGuardXacmlHelperTest { "requestId", VF_COUNT); String rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq); assertNotNull(rawDecision); - assertTrue(0 == Util.DENY.compareToIgnoreCase(rawDecision)); + assertEquals(Util.DENY, rawDecision); // Permit Case xacmlReq = new PolicyGuardXacmlRequestAttributes("clname", "actor", "recipe", "target", "requestId", VF_COUNT); rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq); assertNotNull(rawDecision); - assertEquals(0, Util.PERMIT.compareToIgnoreCase(rawDecision)); + assertEquals(Util.PERMIT, rawDecision); // Indeterminate case is in tearDown for efficiency } @Test - /** - * Tests PolicyGuardXacmlHelper.callPdp method to exercise all branches - */ - public void testCallPdpExtra() { - PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes( - org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, "actor", "recipe", "target", - "requestId", VF_COUNT); - - xacmlReq.setClnameId(null); - String rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq); - assertNotNull(rawDecision); - assertEquals(-5, Util.DENY.compareToIgnoreCase(rawDecision)); - - org.onap.policy.guard.Util.setGuardEnvProps("http://localhost:6669/pdp/api/getDecision", "", "", "", "", ""); - - rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq); - assertNotNull(rawDecision); - - org.onap.policy.guard.Util.setGuardEnvProps("http://localhost:6669/pdp/api/getDecision", "python", "test", - "python", "test", "DEVL"); - - } - - @Test - public void testParseXacmlPdpResponse() throws URISyntaxException { - PolicyGuardResponse pgResponse = PolicyGuardXacmlHelper.parseXacmlPdpResponse(null); - assertEquals("Indeterminate", pgResponse.getResult()); - - Decision decision = Decision.PERMIT; - Status status = new StdStatus(StdStatus.STATUS_OK); - Result result = new StdResult(decision, status); - Response xacmlResponse = new StdResponse(result); - pgResponse = PolicyGuardXacmlHelper.parseXacmlPdpResponse(xacmlResponse); - assertEquals("Permit", pgResponse.getResult()); - - - final Collection<Obligation> obligationsIn = null; - final Collection<Advice> adviceIn = null; - final Collection<IdReference> policyIdentifiersIn = null; - final Collection<IdReference> policySetIdentifiersIn = null; - - Collection<AttributeCategory> attributesIn = new ArrayList<>(); - Identifier identifierCategory = new IdentifierImpl(new URI("http://somewhere.over.the.rainbow")); - Collection<Attribute> listAttributes = new ArrayList<>(); - Identifier categoryIdIn = new IdentifierImpl(new URI("http://somewhere.over.the.rainbow/category")); - Identifier attributeIdIn0 = new IdentifierImpl(new URI("urn:org:onap:guard:request:request-id")); - Identifier dataTypeIdIn = new IdentifierImpl(new URI("http://somewhere.over.the.rainbow.dataType")); - AttributeValue<String> valueIn = new StdAttributeValue<String>(dataTypeIdIn, UUID.randomUUID().toString()); - Attribute attribute0 = new StdAttribute(categoryIdIn, attributeIdIn0, valueIn); - listAttributes.add(attribute0); - - Identifier attributeIdIn1 = new IdentifierImpl(new URI("urn:org:onap:guard:operation:operation-id")); - Attribute attribute1 = new StdAttribute(categoryIdIn, attributeIdIn1, valueIn); - listAttributes.add(attribute1); - attributesIn.add(new StdAttributeCategory(identifierCategory, listAttributes)); - - Identifier attributeIdIn2 = new IdentifierImpl(new URI("Http://somewhere.over.the.rainbow/attributeId")); - Attribute attribute2 = new StdAttribute(categoryIdIn, attributeIdIn2, valueIn); - listAttributes.add(attribute2); - attributesIn.add(new StdAttributeCategory(identifierCategory, listAttributes)); - - Result fullResult = new StdResult(Decision.DENY, obligationsIn, adviceIn, attributesIn, policyIdentifiersIn, - policySetIdentifiersIn); - Response fullXacmlResponse = new StdResponse(fullResult); - PolicyGuardResponse fullPgResponse = PolicyGuardXacmlHelper.parseXacmlPdpResponse(fullXacmlResponse); - assertEquals("Deny", fullPgResponse.getResult()); - } - - @Test public void testInit() { final Properties savedEnvironment = (Properties) PolicyEngine.manager.getEnvironment().clone(); @@ -211,7 +116,8 @@ public class PolicyGuardXacmlHelperTest { "http://localhost:6669/pdp/api/getDecision,Dorothy,Toto"); assertNotNull(new PolicyGuardXacmlHelper()); - PolicyEngine.manager.getEnvironment().setProperty("guard.url", "http://localhost:6669/pdp/api/getDecision"); + PolicyEngine.manager.getEnvironment().setProperty("guard.url", + "http://localhost:6969/policy/pdpx/v1/decision"); PolicyEngine.manager.getEnvironment().setProperty("pdpx.timeout", "thisIsNotANumber"); assertNotNull(new PolicyGuardXacmlHelper()); @@ -225,12 +131,6 @@ public class PolicyGuardXacmlHelperTest { PolicyEngine.manager.getEnvironment().setProperty("pdpx.username", "python"); assertNotNull(new PolicyGuardXacmlHelper()); - PolicyEngine.manager.getEnvironment().remove("pdpx.client.password"); - assertNotNull(new PolicyGuardXacmlHelper()); - - PolicyEngine.manager.getEnvironment().remove("pdpx.client.username"); - assertNotNull(new PolicyGuardXacmlHelper()); - PolicyEngine.manager.getEnvironment().setProperty("guard.url", "///"); assertNotNull(new PolicyGuardXacmlHelper()); |