aboutsummaryrefslogtreecommitdiffstats
path: root/controlloop/common/guard/src
diff options
context:
space:
mode:
Diffstat (limited to 'controlloop/common/guard/src')
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java83
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java5
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java15
-rw-r--r--controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java44
-rw-r--r--controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java15
-rw-r--r--controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributesTest.java28
6 files changed, 145 insertions, 45 deletions
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java
index 4ac22600b..146f42170 100644
--- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java
@@ -20,45 +20,99 @@
package org.onap.policy.guard;
-import com.att.research.xacml.api.DataTypeException;
-import com.att.research.xacml.std.annotations.RequestParser;
-
+import java.util.HashSet;
+import java.util.Set;
import java.util.UUID;
-
+import java.util.function.Supplier;
import org.drools.core.WorkingMemory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.att.research.xacml.api.DataTypeException;
+import com.att.research.xacml.std.annotations.RequestParser;
public class CallGuardTask implements Runnable {
private static final Logger logger = LoggerFactory.getLogger(CallGuardTask.class);
- WorkingMemory workingMemory;
- String restfulPdpUrl;
- String clname;
- String actor;
- String recipe;
- String target;
- String requestId;
+
+ /**
+ * Actor/recipe pairs whose guard requests need a VF Module count. Each element is of
+ * the form "<actor>:<recipe>".
+ */
+ private static final Set<String> NEEDS_VF_COUNT = new HashSet<>();
+
+ /**
+ * Actor/recipe pairs whose guard requests need the VF Module count to be incremented
+ * (i.e., because a module is being added). Each element is of the form
+ * "<actor>:<recipe>".
+ */
+ private static final Set<String> INCR_VF_COUNT = new HashSet<>();
+
+ static {
+ INCR_VF_COUNT.add("SO:VF Module Create");
+ NEEDS_VF_COUNT.addAll(INCR_VF_COUNT);
+ }
+
+ private WorkingMemory workingMemory;
+ private String clname;
+ private String actor;
+ private String recipe;
+ private String target;
+ private String requestId;
+ private Integer vfCount;
+
+ /**
+ * Populated once the response has been determined, which may happen during the
+ * constructor or later, during {@link #run()}.
+ */
+ private PolicyGuardResponse guardResponse;
/**
* Guard url is grabbed from PolicyEngine.manager properties
*/
- public CallGuardTask(WorkingMemory wm, String cl, String act, String rec, String tar, String reqId) {
+ public CallGuardTask(WorkingMemory wm, String cl, String act, String rec, String tar, String reqId, Supplier<Integer> vfcnt) {
workingMemory = wm;
clname = cl;
actor = act;
recipe = rec;
requestId = reqId;
target = tar;
+
+ vfCount = null;
+
+ String key = act + ":" + rec;
+
+ if (NEEDS_VF_COUNT.contains(key)) {
+ // this actor/recipe needs the count - get it
+ if ((vfCount = vfcnt.get()) == null) {
+ /*
+ * The count is missing - create an artificial Deny, which will be
+ * inserted into working memory when "run()" is called.
+ */
+ guardResponse = new PolicyGuardResponse(Util.DENY, UUID.fromString(requestId), recipe);
+ logger.error("CallGuardTask.run missing VF Module count; requestId={}", requestId);
+ return;
+ }
+
+ if (INCR_VF_COUNT.contains(key)) {
+ // this actor/recipe needs the count to be incremented
+ ++vfCount;
+ }
+ }
}
@Override
public void run() {
+ if (guardResponse != null) {
+ // already have a response - just insert it
+ workingMemory.insert(guardResponse);
+ return;
+ }
+
final long startTime = System.nanoTime();
com.att.research.xacml.api.Request request = null;
PolicyGuardXacmlRequestAttributes xacmlReq =
- new PolicyGuardXacmlRequestAttributes(clname, actor, recipe, target, requestId);
+ new PolicyGuardXacmlRequestAttributes(clname, actor, recipe, target, requestId, vfCount);
try {
request = RequestParser.parseRequest(xacmlReq);
@@ -90,8 +144,7 @@ public class CallGuardTask implements Runnable {
guardDecision = Util.INDETERMINATE;
}
- PolicyGuardResponse guardResponse =
- new PolicyGuardResponse(guardDecision, UUID.fromString(this.requestId), this.recipe);
+ guardResponse = new PolicyGuardResponse(guardDecision, UUID.fromString(this.requestId), this.recipe);
//
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java
index 321d80ce2..53ba6075e 100644
--- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* guard
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -100,6 +100,9 @@ public class PolicyGuardXacmlHelper {
if (xacmlReq.getClnameID() != null) {
attributes.put("clname", xacmlReq.getClnameID());
}
+ if (xacmlReq.getVfCount() != null) {
+ attributes.put("vfCount", xacmlReq.getVfCount());
+ }
JSONObject jsonReq = new JSONObject();
jsonReq.put("decisionAttributes", attributes);
jsonReq.put("onapName", "PDPD");
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java
index ab1d04efa..6b17af804 100644
--- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java
@@ -36,15 +36,17 @@ public class PolicyGuardXacmlRequestAttributes {
* @param operationId the operation Id
* @param targetId the target Id
* @param requestId the request Id
+ * @param vfCount the new number of VF Modules
*/
public PolicyGuardXacmlRequestAttributes(String clnameId, String actorId, String operationId, String targetId,
- String requestId) {
+ String requestId, Integer vfCount) {
super();
this.clnameID = clnameId;
this.actorID = actorId;
this.operationID = operationId;
this.targetID = targetId;
this.requestID = requestId;
+ this.vfCount = vfCount;
}
@Override
@@ -68,6 +70,9 @@ public class PolicyGuardXacmlRequestAttributes {
@XACMLResource(includeInResults = true, attributeId = "urn:oasis:names:tc:xacml:1.0:request:request-id")
String requestID;
+ @XACMLResource(includeInResults = true, attributeId = "urn:oasis:names:tc:xacml:1.0:request:vf-count")
+ Integer vfCount;
+
public String getActorID() {
return actorID;
}
@@ -107,4 +112,12 @@ public class PolicyGuardXacmlRequestAttributes {
public void setClnameID(String clnameID) {
this.clnameID = clnameID;
}
+
+ public Integer getVfCount() {
+ return vfCount;
+ }
+
+ public void setVfCount(Integer vfCount) {
+ this.vfCount = vfCount;
+ }
}
diff --git a/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java b/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java
index 3255aec77..b1b057542 100644
--- a/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java
+++ b/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java
@@ -26,37 +26,53 @@ import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
-import org.drools.core.impl.StatefulKnowledgeSessionImpl;
+import java.util.function.Supplier;
+import org.drools.core.WorkingMemory;
import org.junit.Test;
public class CallGuardTaskTest {
- static final String REQ_ID = "1-2-3-4-5";
- static final String REQ_MATCHER = "0+1-0+2-0+3-0+4-0+5";
+ private static final String REQ_ID = "1-2-3-4-5";
+ private static final String REQ_MATCHER = "0+1-0+2-0+3-0+4-0+5";
+ private static final String VF_COUNT_ACTOR = "SO";
+ private static final String INCR_VF_COUNT_RECIPE = "VF Module Create";
- @Test
/**
- * Tests that the run method inserts guard response into working memory.
+ * Tests that "run" works, and inserts guard response into working memory.
*/
+ @Test
public void testRun() {
- // Create mock working session
- StatefulKnowledgeSessionImpl mockWorkingSession = mock(StatefulKnowledgeSessionImpl.class);
+ // plain - doesn't need VF module count
+ doTestRun(Util.INDETERMINATE, "act", "rec", () -> null);
+
+ // SO actor, but plain recipe - doesn't need VF module count
+ doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, "rec", () -> null);
+
+ // plain actor, but scale-out recipe - doesn't need VF module count
+ doTestRun(Util.INDETERMINATE, "act", "VF Module Create", () -> null);
+
+ // needs VF count
+ doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, INCR_VF_COUNT_RECIPE, () -> 22);
+
+ // needs VF count, but it's missing ==> DENY
+ doTestRun(Util.DENY, VF_COUNT_ACTOR, INCR_VF_COUNT_RECIPE, () -> null);
+ }
+
+ private void doTestRun(String status, String actor, String recipe, Supplier<Integer> vfCount) {
+ WorkingMemory mockWorkingSession = mock(WorkingMemory.class);
when(mockWorkingSession.insert(isNotNull())).thenReturn(null);
// Create CallGuardTask and run
- CallGuardTask cgt = new CallGuardTask(mockWorkingSession, "cl", "act", "rec", "tar", REQ_ID);
+ CallGuardTask cgt = new CallGuardTask(mockWorkingSession, "cl", actor, recipe, "tar", REQ_ID, vfCount);
cgt.run();
verify(mockWorkingSession).insert(argThat((Object obj) -> {
if (!(obj instanceof PolicyGuardResponse)) {
return false;
}
- // Check if the inserted response is PolicyGuardResponse, is Indeterminate, and has same
- // reqID
+ // Check if the inserted response is PolicyGuardResponse, is Indeterminate,
+ // and has same reqID
PolicyGuardResponse response = (PolicyGuardResponse) obj;
// req ID has form 00000001-0002-0003-0004-000000000005
- return Util.INDETERMINATE.equals(response.getResult())
- && response.getRequestID().toString().matches(REQ_MATCHER);
+ return status.equals(response.getResult()) && response.getRequestID().toString().matches(REQ_MATCHER);
}));
-
}
-
}
diff --git a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java
index 867c05d2f..e69820a3d 100644
--- a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java
+++ b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java
@@ -59,6 +59,8 @@ import org.onap.policy.drools.system.PolicyEngine;
import org.onap.policy.drools.utils.logging.LoggerUtil;
public class PolicyGuardXacmlHelperTest {
+
+ private static final Integer VF_COUNT = 100;
/**
* Set up test class.
@@ -88,7 +90,8 @@ public class PolicyGuardXacmlHelperTest {
// Null/ Bad Connection Case
PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes(
- org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, "actor", "recipe", "target", "requestId");
+ org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, "actor", "recipe", "target",
+ "requestId", VF_COUNT);
String rawDecision = new PolicyGuardXacmlHelper().callPDP(xacmlReq);
assertNotNull(rawDecision);
assertEquals(0, Util.INDETERMINATE.compareToIgnoreCase(rawDecision));
@@ -97,7 +100,7 @@ public class PolicyGuardXacmlHelperTest {
@Test
public void testSimulator() {
PolicyGuardXacmlRequestAttributes request = new PolicyGuardXacmlRequestAttributes("clname_id", "actor_id",
- "operation_id", "target_id", "request_id");
+ "operation_id", "target_id", "request_id", VF_COUNT);
String xacmlResponse = new PolicyGuardXacmlHelper().callPDP(request);
assertNotNull(xacmlResponse);
}
@@ -110,13 +113,14 @@ public class PolicyGuardXacmlHelperTest {
public void testCallPdp() {
// Deny Case
PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes(
- org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, "actor", "recipe", "target", "requestId");
+ org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, "actor", "recipe", "target",
+ "requestId", VF_COUNT);
String rawDecision = new PolicyGuardXacmlHelper().callPDP(xacmlReq);
assertNotNull(rawDecision);
assertTrue(0 == Util.DENY.compareToIgnoreCase(rawDecision));
// Permit Case
- xacmlReq = new PolicyGuardXacmlRequestAttributes("clname", "actor", "recipe", "target", "requestId");
+ xacmlReq = new PolicyGuardXacmlRequestAttributes("clname", "actor", "recipe", "target", "requestId", VF_COUNT);
rawDecision = new PolicyGuardXacmlHelper().callPDP(xacmlReq);
assertNotNull(rawDecision);
assertEquals(0, Util.PERMIT.compareToIgnoreCase(rawDecision));
@@ -130,7 +134,8 @@ public class PolicyGuardXacmlHelperTest {
*/
public void testCallPdpExtra() {
PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes(
- org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, "actor", "recipe", "target", "requestId");
+ org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, "actor", "recipe", "target",
+ "requestId", VF_COUNT);
xacmlReq.setClnameID(null);
String rawDecision = new PolicyGuardXacmlHelper().callPDP(xacmlReq);
diff --git a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributesTest.java b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributesTest.java
index a61f5200b..7b5affd32 100644
--- a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributesTest.java
+++ b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributesTest.java
@@ -4,6 +4,8 @@
* ================================================================================
* Copyright (C) 2018 Ericsson. All rights reserved.
* ================================================================================
+ * Modifications Copyright (C) 2018 AT&T. All rights reserved.
+ * ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
@@ -31,35 +33,43 @@ public class PolicyGuardXacmlRequestAttributesTest {
@Test
public void policyGuardXacmlRequestAttributesTest() {
- assertNotNull(new PolicyGuardXacmlRequestAttributes(null, null, null, null, null));
+ PolicyGuardXacmlRequestAttributes attributes =
+ new PolicyGuardXacmlRequestAttributes(null, null, null, null, null, null);
+ assertNotNull(attributes);
- UUID controlLoopId = UUID.randomUUID();
- UUID operationId = UUID.randomUUID();
UUID requestId = UUID.randomUUID();
- UUID actorId = UUID.randomUUID();
- UUID targetId = UUID.randomUUID();
-
- PolicyGuardXacmlRequestAttributes attributes = new PolicyGuardXacmlRequestAttributes(controlLoopId.toString(),
- actorId.toString(), operationId.toString(), targetId.toString(), requestId.toString());
-
attributes.setRequestID(requestId.toString());
assertEquals(requestId.toString(), attributes.getRequestID());
+ UUID operationId = UUID.randomUUID();
attributes.setOperationID(operationId.toString());
assertEquals(operationId.toString(), attributes.getOperationID());
+ UUID actorId = UUID.randomUUID();
attributes.setActorID(actorId.toString());
assertEquals(actorId.toString(), attributes.getActorID());
+ UUID targetId = UUID.randomUUID();
attributes.setTargetID(targetId.toString());
assertEquals(targetId.toString(), attributes.getTargetID());
attributes.setTargetID(targetId.toString());
assertEquals(targetId.toString(), attributes.getTargetID());
+ UUID controlLoopId = UUID.randomUUID();
attributes.setClnameID(controlLoopId.toString());
assertEquals(controlLoopId.toString(), attributes.getClnameID());
+ attributes.setClnameID(null);
+ assertEquals(null, attributes.getClnameID());
+
+ Integer vfCount = 20;
+ attributes.setVfCount(vfCount);
+ assertEquals(vfCount, attributes.getVfCount());
+
+ attributes.setVfCount(null);
+ assertEquals(null, attributes.getVfCount());
+
assertEquals("PolicyGuardXacmlRequestAttributes [actorID=", attributes.toString().substring(0, 43));
}
}