diff options
Diffstat (limited to 'controlloop/common/guard/src')
6 files changed, 145 insertions, 45 deletions
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java index 4ac22600b..146f42170 100644 --- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java +++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java @@ -20,45 +20,99 @@ package org.onap.policy.guard; -import com.att.research.xacml.api.DataTypeException; -import com.att.research.xacml.std.annotations.RequestParser; - +import java.util.HashSet; +import java.util.Set; import java.util.UUID; - +import java.util.function.Supplier; import org.drools.core.WorkingMemory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import com.att.research.xacml.api.DataTypeException; +import com.att.research.xacml.std.annotations.RequestParser; public class CallGuardTask implements Runnable { private static final Logger logger = LoggerFactory.getLogger(CallGuardTask.class); - WorkingMemory workingMemory; - String restfulPdpUrl; - String clname; - String actor; - String recipe; - String target; - String requestId; + + /** + * Actor/recipe pairs whose guard requests need a VF Module count. Each element is of + * the form "<actor>:<recipe>". + */ + private static final Set<String> NEEDS_VF_COUNT = new HashSet<>(); + + /** + * Actor/recipe pairs whose guard requests need the VF Module count to be incremented + * (i.e., because a module is being added). Each element is of the form + * "<actor>:<recipe>". + */ + private static final Set<String> INCR_VF_COUNT = new HashSet<>(); + + static { + INCR_VF_COUNT.add("SO:VF Module Create"); + NEEDS_VF_COUNT.addAll(INCR_VF_COUNT); + } + + private WorkingMemory workingMemory; + private String clname; + private String actor; + private String recipe; + private String target; + private String requestId; + private Integer vfCount; + + /** + * Populated once the response has been determined, which may happen during the + * constructor or later, during {@link #run()}. + */ + private PolicyGuardResponse guardResponse; /** * Guard url is grabbed from PolicyEngine.manager properties */ - public CallGuardTask(WorkingMemory wm, String cl, String act, String rec, String tar, String reqId) { + public CallGuardTask(WorkingMemory wm, String cl, String act, String rec, String tar, String reqId, Supplier<Integer> vfcnt) { workingMemory = wm; clname = cl; actor = act; recipe = rec; requestId = reqId; target = tar; + + vfCount = null; + + String key = act + ":" + rec; + + if (NEEDS_VF_COUNT.contains(key)) { + // this actor/recipe needs the count - get it + if ((vfCount = vfcnt.get()) == null) { + /* + * The count is missing - create an artificial Deny, which will be + * inserted into working memory when "run()" is called. + */ + guardResponse = new PolicyGuardResponse(Util.DENY, UUID.fromString(requestId), recipe); + logger.error("CallGuardTask.run missing VF Module count; requestId={}", requestId); + return; + } + + if (INCR_VF_COUNT.contains(key)) { + // this actor/recipe needs the count to be incremented + ++vfCount; + } + } } @Override public void run() { + if (guardResponse != null) { + // already have a response - just insert it + workingMemory.insert(guardResponse); + return; + } + final long startTime = System.nanoTime(); com.att.research.xacml.api.Request request = null; PolicyGuardXacmlRequestAttributes xacmlReq = - new PolicyGuardXacmlRequestAttributes(clname, actor, recipe, target, requestId); + new PolicyGuardXacmlRequestAttributes(clname, actor, recipe, target, requestId, vfCount); try { request = RequestParser.parseRequest(xacmlReq); @@ -90,8 +144,7 @@ public class CallGuardTask implements Runnable { guardDecision = Util.INDETERMINATE; } - PolicyGuardResponse guardResponse = - new PolicyGuardResponse(guardDecision, UUID.fromString(this.requestId), this.recipe); + guardResponse = new PolicyGuardResponse(guardDecision, UUID.fromString(this.requestId), this.recipe); // diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java index 321d80ce2..53ba6075e 100644 --- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java +++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * guard * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -100,6 +100,9 @@ public class PolicyGuardXacmlHelper { if (xacmlReq.getClnameID() != null) { attributes.put("clname", xacmlReq.getClnameID()); } + if (xacmlReq.getVfCount() != null) { + attributes.put("vfCount", xacmlReq.getVfCount()); + } JSONObject jsonReq = new JSONObject(); jsonReq.put("decisionAttributes", attributes); jsonReq.put("onapName", "PDPD"); diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java index ab1d04efa..6b17af804 100644 --- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java +++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java @@ -36,15 +36,17 @@ public class PolicyGuardXacmlRequestAttributes { * @param operationId the operation Id * @param targetId the target Id * @param requestId the request Id + * @param vfCount the new number of VF Modules */ public PolicyGuardXacmlRequestAttributes(String clnameId, String actorId, String operationId, String targetId, - String requestId) { + String requestId, Integer vfCount) { super(); this.clnameID = clnameId; this.actorID = actorId; this.operationID = operationId; this.targetID = targetId; this.requestID = requestId; + this.vfCount = vfCount; } @Override @@ -68,6 +70,9 @@ public class PolicyGuardXacmlRequestAttributes { @XACMLResource(includeInResults = true, attributeId = "urn:oasis:names:tc:xacml:1.0:request:request-id") String requestID; + @XACMLResource(includeInResults = true, attributeId = "urn:oasis:names:tc:xacml:1.0:request:vf-count") + Integer vfCount; + public String getActorID() { return actorID; } @@ -107,4 +112,12 @@ public class PolicyGuardXacmlRequestAttributes { public void setClnameID(String clnameID) { this.clnameID = clnameID; } + + public Integer getVfCount() { + return vfCount; + } + + public void setVfCount(Integer vfCount) { + this.vfCount = vfCount; + } } diff --git a/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java b/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java index 3255aec77..b1b057542 100644 --- a/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java +++ b/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java @@ -26,37 +26,53 @@ import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; -import org.drools.core.impl.StatefulKnowledgeSessionImpl; +import java.util.function.Supplier; +import org.drools.core.WorkingMemory; import org.junit.Test; public class CallGuardTaskTest { - static final String REQ_ID = "1-2-3-4-5"; - static final String REQ_MATCHER = "0+1-0+2-0+3-0+4-0+5"; + private static final String REQ_ID = "1-2-3-4-5"; + private static final String REQ_MATCHER = "0+1-0+2-0+3-0+4-0+5"; + private static final String VF_COUNT_ACTOR = "SO"; + private static final String INCR_VF_COUNT_RECIPE = "VF Module Create"; - @Test /** - * Tests that the run method inserts guard response into working memory. + * Tests that "run" works, and inserts guard response into working memory. */ + @Test public void testRun() { - // Create mock working session - StatefulKnowledgeSessionImpl mockWorkingSession = mock(StatefulKnowledgeSessionImpl.class); + // plain - doesn't need VF module count + doTestRun(Util.INDETERMINATE, "act", "rec", () -> null); + + // SO actor, but plain recipe - doesn't need VF module count + doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, "rec", () -> null); + + // plain actor, but scale-out recipe - doesn't need VF module count + doTestRun(Util.INDETERMINATE, "act", "VF Module Create", () -> null); + + // needs VF count + doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, INCR_VF_COUNT_RECIPE, () -> 22); + + // needs VF count, but it's missing ==> DENY + doTestRun(Util.DENY, VF_COUNT_ACTOR, INCR_VF_COUNT_RECIPE, () -> null); + } + + private void doTestRun(String status, String actor, String recipe, Supplier<Integer> vfCount) { + WorkingMemory mockWorkingSession = mock(WorkingMemory.class); when(mockWorkingSession.insert(isNotNull())).thenReturn(null); // Create CallGuardTask and run - CallGuardTask cgt = new CallGuardTask(mockWorkingSession, "cl", "act", "rec", "tar", REQ_ID); + CallGuardTask cgt = new CallGuardTask(mockWorkingSession, "cl", actor, recipe, "tar", REQ_ID, vfCount); cgt.run(); verify(mockWorkingSession).insert(argThat((Object obj) -> { if (!(obj instanceof PolicyGuardResponse)) { return false; } - // Check if the inserted response is PolicyGuardResponse, is Indeterminate, and has same - // reqID + // Check if the inserted response is PolicyGuardResponse, is Indeterminate, + // and has same reqID PolicyGuardResponse response = (PolicyGuardResponse) obj; // req ID has form 00000001-0002-0003-0004-000000000005 - return Util.INDETERMINATE.equals(response.getResult()) - && response.getRequestID().toString().matches(REQ_MATCHER); + return status.equals(response.getResult()) && response.getRequestID().toString().matches(REQ_MATCHER); })); - } - } diff --git a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java index 867c05d2f..e69820a3d 100644 --- a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java +++ b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java @@ -59,6 +59,8 @@ import org.onap.policy.drools.system.PolicyEngine; import org.onap.policy.drools.utils.logging.LoggerUtil; public class PolicyGuardXacmlHelperTest { + + private static final Integer VF_COUNT = 100; /** * Set up test class. @@ -88,7 +90,8 @@ public class PolicyGuardXacmlHelperTest { // Null/ Bad Connection Case PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes( - org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, "actor", "recipe", "target", "requestId"); + org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, "actor", "recipe", "target", + "requestId", VF_COUNT); String rawDecision = new PolicyGuardXacmlHelper().callPDP(xacmlReq); assertNotNull(rawDecision); assertEquals(0, Util.INDETERMINATE.compareToIgnoreCase(rawDecision)); @@ -97,7 +100,7 @@ public class PolicyGuardXacmlHelperTest { @Test public void testSimulator() { PolicyGuardXacmlRequestAttributes request = new PolicyGuardXacmlRequestAttributes("clname_id", "actor_id", - "operation_id", "target_id", "request_id"); + "operation_id", "target_id", "request_id", VF_COUNT); String xacmlResponse = new PolicyGuardXacmlHelper().callPDP(request); assertNotNull(xacmlResponse); } @@ -110,13 +113,14 @@ public class PolicyGuardXacmlHelperTest { public void testCallPdp() { // Deny Case PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes( - org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, "actor", "recipe", "target", "requestId"); + org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, "actor", "recipe", "target", + "requestId", VF_COUNT); String rawDecision = new PolicyGuardXacmlHelper().callPDP(xacmlReq); assertNotNull(rawDecision); assertTrue(0 == Util.DENY.compareToIgnoreCase(rawDecision)); // Permit Case - xacmlReq = new PolicyGuardXacmlRequestAttributes("clname", "actor", "recipe", "target", "requestId"); + xacmlReq = new PolicyGuardXacmlRequestAttributes("clname", "actor", "recipe", "target", "requestId", VF_COUNT); rawDecision = new PolicyGuardXacmlHelper().callPDP(xacmlReq); assertNotNull(rawDecision); assertEquals(0, Util.PERMIT.compareToIgnoreCase(rawDecision)); @@ -130,7 +134,8 @@ public class PolicyGuardXacmlHelperTest { */ public void testCallPdpExtra() { PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes( - org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, "actor", "recipe", "target", "requestId"); + org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, "actor", "recipe", "target", + "requestId", VF_COUNT); xacmlReq.setClnameID(null); String rawDecision = new PolicyGuardXacmlHelper().callPDP(xacmlReq); diff --git a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributesTest.java b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributesTest.java index a61f5200b..7b5affd32 100644 --- a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributesTest.java +++ b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributesTest.java @@ -4,6 +4,8 @@ * ================================================================================ * Copyright (C) 2018 Ericsson. All rights reserved. * ================================================================================ + * Modifications Copyright (C) 2018 AT&T. All rights reserved. + * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -31,35 +33,43 @@ public class PolicyGuardXacmlRequestAttributesTest { @Test public void policyGuardXacmlRequestAttributesTest() { - assertNotNull(new PolicyGuardXacmlRequestAttributes(null, null, null, null, null)); + PolicyGuardXacmlRequestAttributes attributes = + new PolicyGuardXacmlRequestAttributes(null, null, null, null, null, null); + assertNotNull(attributes); - UUID controlLoopId = UUID.randomUUID(); - UUID operationId = UUID.randomUUID(); UUID requestId = UUID.randomUUID(); - UUID actorId = UUID.randomUUID(); - UUID targetId = UUID.randomUUID(); - - PolicyGuardXacmlRequestAttributes attributes = new PolicyGuardXacmlRequestAttributes(controlLoopId.toString(), - actorId.toString(), operationId.toString(), targetId.toString(), requestId.toString()); - attributes.setRequestID(requestId.toString()); assertEquals(requestId.toString(), attributes.getRequestID()); + UUID operationId = UUID.randomUUID(); attributes.setOperationID(operationId.toString()); assertEquals(operationId.toString(), attributes.getOperationID()); + UUID actorId = UUID.randomUUID(); attributes.setActorID(actorId.toString()); assertEquals(actorId.toString(), attributes.getActorID()); + UUID targetId = UUID.randomUUID(); attributes.setTargetID(targetId.toString()); assertEquals(targetId.toString(), attributes.getTargetID()); attributes.setTargetID(targetId.toString()); assertEquals(targetId.toString(), attributes.getTargetID()); + UUID controlLoopId = UUID.randomUUID(); attributes.setClnameID(controlLoopId.toString()); assertEquals(controlLoopId.toString(), attributes.getClnameID()); + attributes.setClnameID(null); + assertEquals(null, attributes.getClnameID()); + + Integer vfCount = 20; + attributes.setVfCount(vfCount); + assertEquals(vfCount, attributes.getVfCount()); + + attributes.setVfCount(null); + assertEquals(null, attributes.getVfCount()); + assertEquals("PolicyGuardXacmlRequestAttributes [actorID=", attributes.toString().substring(0, 43)); } } |