diff options
Diffstat (limited to 'controlloop/common/guard/src/main')
-rw-r--r-- | controlloop/common/guard/src/main/java/org/onap/policy/guard/PipEngineGetHistory.java (renamed from controlloop/common/guard/src/main/java/org/onap/policy/guard/PIPEngineGetHistory.java) | 6 | ||||
-rw-r--r-- | controlloop/common/guard/src/main/java/org/onap/policy/guard/PipEngineGetStatus.java | 311 |
2 files changed, 314 insertions, 3 deletions
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PIPEngineGetHistory.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PipEngineGetHistory.java index a9a984ade..2a1ef2fc6 100644 --- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PIPEngineGetHistory.java +++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PipEngineGetHistory.java @@ -55,8 +55,8 @@ import org.onap.policy.drools.system.PolicyEngine; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class PIPEngineGetHistory extends StdConfigurableEngine { - private static final Logger logger = LoggerFactory.getLogger(PIPEngineGetHistory.class); +public class PipEngineGetHistory extends StdConfigurableEngine { + private static final Logger logger = LoggerFactory.getLogger(PipEngineGetHistory.class); // // Base issuer string. The issuer in the policy will also contain time window information @@ -91,7 +91,7 @@ public class PIPEngineGetHistory extends StdConfigurableEngine { new StdPIPRequest(new IdentifierImpl(XACML_ATTRIBUTE_CATEGORY_RESOURCE), new IdentifierImpl(XACML_TARGET_TARGET_ID), new IdentifierImpl(XML_SCHEMA_STRING)); - public PIPEngineGetHistory() { + public PipEngineGetHistory() { super(); } diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PipEngineGetStatus.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PipEngineGetStatus.java new file mode 100644 index 000000000..40b26c847 --- /dev/null +++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PipEngineGetStatus.java @@ -0,0 +1,311 @@ +/*- + * ============LICENSE_START======================================================= + * guard + * ================================================================================ + * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.guard; + +import com.att.research.xacml.api.Attribute; +import com.att.research.xacml.api.AttributeValue; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.pip.PIPException; +import com.att.research.xacml.api.pip.PIPFinder; +import com.att.research.xacml.api.pip.PIPRequest; +import com.att.research.xacml.api.pip.PIPResponse; +import com.att.research.xacml.std.IdentifierImpl; +import com.att.research.xacml.std.StdMutableAttribute; +import com.att.research.xacml.std.datatypes.DataTypes; +import com.att.research.xacml.std.pip.StdMutablePIPResponse; +import com.att.research.xacml.std.pip.StdPIPRequest; +import com.att.research.xacml.std.pip.StdPIPResponse; +import com.att.research.xacml.std.pip.engines.StdConfigurableEngine; + +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Properties; +import java.util.Set; + +import javax.persistence.EntityManager; +import javax.persistence.EntityManagerFactory; +import javax.persistence.NoResultException; +import javax.persistence.NonUniqueResultException; +import javax.persistence.Persistence; +import javax.persistence.Query; + +import org.onap.policy.drools.system.PolicyEngine; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class PipEngineGetStatus extends StdConfigurableEngine { + private static final Logger logger = LoggerFactory.getLogger(PipEngineGetStatus.class); + + // + // Base issuer string. The issuer in the policy will contain the operations + // E.g., "org:onap:policy:guard:status:clname:testcl" + // + public static final String DEFAULT_ISSUER = "org:onap:policy:guard:status"; + public static final String DEFAULT_DESCRIPTION = "PIP for retrieving Operation Status from DB"; + + private static final String XML_SCHEMA_STRING = "http://www.w3.org/2001/XMLSchema#string"; + + private static final String XACML_SUBJECT_CATEGORY_ACCESS_SUBJECT = + "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"; + private static final String XACML_ACTOR_ACTOR_ID = "urn:oasis:names:tc:xacml:1.0:actor:actor-id"; + private static final String XACML_ATTRIBUTE_CATEGORY_ACTION = + "urn:oasis:names:tc:xacml:3.0:attribute-category:action"; + private static final String XACML_OPERATION_OPERATION_ID = "urn:oasis:names:tc:xacml:1.0:operation:operation-id"; + private static final String XACML_ATTRIBUTE_CATEGORY_RESOURCE = + "urn:oasis:names:tc:xacml:3.0:attribute-category:resource"; + private static final String XACML_TARGET_TARGET_ID = "urn:oasis:names:tc:xacml:1.0:target:target-id"; + private static final String XACML_TEST_SQL_RESOURCE_OPERATIONS_STATUS = + "com:att:research:xacml:test:sql:resource:operations:status"; + + private static final PIPRequest PIP_REQUEST_ACTOR = + new StdPIPRequest(new IdentifierImpl(XACML_SUBJECT_CATEGORY_ACCESS_SUBJECT), + new IdentifierImpl(XACML_ACTOR_ACTOR_ID), new IdentifierImpl(XML_SCHEMA_STRING)); + + private static final PIPRequest PIP_REQUEST_RECIPE = + new StdPIPRequest(new IdentifierImpl(XACML_ATTRIBUTE_CATEGORY_ACTION), + new IdentifierImpl(XACML_OPERATION_OPERATION_ID), new IdentifierImpl(XML_SCHEMA_STRING)); + + private static final PIPRequest PIP_REQUEST_TARGET = + new StdPIPRequest(new IdentifierImpl(XACML_ATTRIBUTE_CATEGORY_RESOURCE), + new IdentifierImpl(XACML_TARGET_TARGET_ID), new IdentifierImpl(XML_SCHEMA_STRING)); + + public PipEngineGetStatus() { + super(); + } + + @Override + public Collection<PIPRequest> attributesRequired() { + return Collections.emptySet(); + } + + @Override + public Collection<PIPRequest> attributesProvided() { + return Collections.emptySet(); + } + + @Override + public PIPResponse getAttributes(PIPRequest pipRequest, PIPFinder pipFinder) throws PIPException { + logger.debug("Entering Status PIP"); + + /* + * First check to see if the issuer is set and then match it + */ + String issuer; + if ((issuer = pipRequest.getIssuer()) == null) { + + logger.debug("No issuer in the request..."); + logger.debug("Status PIP - No issuer in the request!"); + return StdPIPResponse.PIP_RESPONSE_EMPTY; + + } else if (!issuer.contains(this.getIssuer())) { + // Notice, we are checking here for the base issuer prefix. + logger.debug("Requested issuer '{}' does not match {}", issuer, getIssuer()); + logger.debug("Status PIP - Issuer {} does not match with: ", issuer, this.getIssuer()); + return StdPIPResponse.PIP_RESPONSE_EMPTY; + } + + String[] s1 = issuer.split("clname:"); + String clname = s1[1]; + String target = null; + try { + target = getTarget(pipFinder).iterator().next(); + } catch (Exception e) { + logger.debug("could not retrieve target from PIP finder", e); + return StdPIPResponse.PIP_RESPONSE_EMPTY; + } + + logger.debug("Going to query DB about: clname={}, target={}", clname, target); + String statusFromDb = getStatusFromDb(clname, target); + + StdMutablePIPResponse stdPipResponse = new StdMutablePIPResponse(); + + this.addStringAttribute(stdPipResponse, new IdentifierImpl(XACML_ATTRIBUTE_CATEGORY_RESOURCE), + new IdentifierImpl(XACML_TEST_SQL_RESOURCE_OPERATIONS_STATUS), statusFromDb, pipRequest); + + return new StdPIPResponse(stdPipResponse); + } + + @Override + public void configure(String id, Properties properties) throws PIPException { + super.configure(id, properties); + + if (this.getDescription() == null) { + this.setDescription(DEFAULT_DESCRIPTION); + } + if (this.getIssuer() == null) { + this.setIssuer(DEFAULT_ISSUER); + } + } + + private PIPResponse getAttribute(PIPRequest pipRequest, PIPFinder pipFinder) { + PIPResponse pipResponse = null; + + try { + pipResponse = pipFinder.getMatchingAttributes(pipRequest, this); + } catch (PIPException ex) { + logger.error("getAttribute threw:", ex); + return null; + } + if (pipResponse == null) { + return null; + } + if (pipResponse.getStatus() != null && !pipResponse.getStatus().isOk()) { + logger.warn("PIP response error {}: {}", pipRequest.getAttributeId().stringValue(), + pipResponse.getStatus()); + return null; + } + if (pipResponse.getAttributes() != null && pipResponse.getAttributes().isEmpty()) { + logger.warn("No attributes in POP response {}: {}", pipRequest.getAttributeId().stringValue(), + pipResponse.getStatus()); + return null; + } + return pipResponse; + } + + private void addStringAttribute(StdMutablePIPResponse stdPipResponse, Identifier category, Identifier attributeId, + String value, PIPRequest pipRequest) { + AttributeValue<String> attributeValue = null; + try { + attributeValue = DataTypes.DT_STRING.createAttributeValue(value); + } catch (Exception ex) { + logger.error("Failed to convert {} to an AttributeValue<String>", value, ex); + } + if (attributeValue != null) { + stdPipResponse.addAttribute(new StdMutableAttribute(category, attributeId, attributeValue, + pipRequest.getIssuer()/* this.getIssuer() */, false)); + } + } + + private Set<String> getTarget(PIPFinder pipFinder) { + /* + * Get the UID from either the subject id or the uid property + */ + PIPResponse pipResponseUid = this.getAttribute(PIP_REQUEST_TARGET, pipFinder); + if (pipResponseUid == null) { + return new HashSet<>(); + } + + /* + * Iterate over all of the returned results and do the LDAP requests + */ + Collection<Attribute> listUids = pipResponseUid.getAttributes(); + Set<String> setUids = new HashSet<>(); + for (Attribute attributeUid : listUids) { + Iterator<AttributeValue<String>> iterAttributeValues = attributeUid.findValues(DataTypes.DT_STRING); + if (iterAttributeValues != null) { + while (iterAttributeValues.hasNext()) { + String uid = iterAttributeValues.next().getValue(); + if (uid != null) { + setUids.add(uid); + } + } + } + } + + return setUids; + } + + private static String getStatusFromDb(String clname, String target) { + // + // DB Properties + // + Properties props = new Properties(); + try { + props.put(Util.ECLIPSE_LINK_KEY_URL, PolicyEngine.manager.getEnvironmentProperty(Util.ONAP_KEY_URL)); + props.put(Util.ECLIPSE_LINK_KEY_USER, PolicyEngine.manager.getEnvironmentProperty(Util.ONAP_KEY_USER)); + props.put(Util.ECLIPSE_LINK_KEY_PASS, PolicyEngine.manager.getEnvironmentProperty(Util.ONAP_KEY_PASS)); + } catch (NullPointerException e) { + logger.error("getStatusFromDB: {} when setting properties", e.getMessage()); + } + // + // Set opsHistPu to the correct value and clear properties if necessary. + // + String opsHistPu = System.getProperty("OperationsHistoryPU"); + if (opsHistPu == null || !opsHistPu.equals("TestOperationsHistoryPU")) { + opsHistPu = "OperationsHistoryPU"; + } else { + props.clear(); + } + // + // Set up the EntityManager + // + EntityManagerFactory emf = null; + EntityManager em = null; + try { + emf = Persistence.createEntityManagerFactory(opsHistPu, props); + } catch (Exception ex) { + logger.error("PIP thread got Exception. Can't connect to Operations History DB -- {}", opsHistPu); + logger.error("getStatusFromDb threw: ", ex); + return null; + } + try { + em = emf.createEntityManager(); + } catch (Exception ex) { + logger.error("PIP thread got Exception. Problem creating EntityManager"); + logger.error("getStatusFromDb threw: ", ex); + emf.close(); + return null; + } + // + // Create the query + // + String sql = "select outcome from operationshistory10 where" + + " clname= ?" + + " and target= ?" + + " order by endtime desc limit 1"; + Query nq = em.createNativeQuery(sql); + nq.setParameter(1, clname); + nq.setParameter(2, target); + logger.debug("SQL query: {}, {}, {}", sql, clname, target); + // + // Run the query + // + String ret = null; + try{ + ret = ((String)nq.getSingleResult()); + } catch(NoResultException ex) { + logger.debug("NoResultException for getSingleResult()"); + ret = "NO_MATCHING_ENTRY"; + } catch(Exception ex){ + logger.error("getStatusFromDB threw: ", ex); + } + if (ret != null) { + logger.debug("SQL query result: {}", ret); + } + // + // Clean up and return the result + // + try { + em.close(); + } catch(Exception ex){ + logger.error("getStatusFromDB threw: ", ex); + } + try { + emf.close(); + } catch(Exception ex){ + logger.error("getStatusFromDB threw: ", ex); + } + return ret; + } +} |