aboutsummaryrefslogtreecommitdiffstats
path: root/controlloop/common/guard
diff options
context:
space:
mode:
Diffstat (limited to 'controlloop/common/guard')
-rw-r--r--controlloop/common/guard/pom.xml10
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java22
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java415
-rw-r--r--controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java23
-rw-r--r--controlloop/common/guard/src/main/resources/META-INF/persistence.xml21
-rw-r--r--controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java8
-rw-r--r--controlloop/common/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java6
-rw-r--r--controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java114
8 files changed, 103 insertions, 516 deletions
diff --git a/controlloop/common/guard/pom.xml b/controlloop/common/guard/pom.xml
index 07aa304b7..54e922ecc 100644
--- a/controlloop/common/guard/pom.xml
+++ b/controlloop/common/guard/pom.xml
@@ -119,6 +119,16 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>org.onap.policy.models</groupId>
+ <artifactId>policy-models-decisions</artifactId>
+ <version>${policy.models.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.onap.policy.models.policy-models-interactions.model-impl</groupId>
+ <artifactId>rest</artifactId>
+ <version>${policy.models.version}</version>
+ </dependency>
+ <dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>2.13.0</version>
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java
index 046b7cfd6..22fce1999 100644
--- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -20,12 +20,11 @@
package org.onap.policy.guard;
-import com.att.research.xacml.api.DataTypeException;
-import com.att.research.xacml.std.annotations.RequestParser;
import java.util.HashSet;
import java.util.Set;
import java.util.UUID;
import java.util.function.Supplier;
+
import org.drools.core.WorkingMemory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -69,7 +68,7 @@ public class CallGuardTask implements Runnable {
/**
* Guard url is grabbed from PolicyEngine.manager properties
*/
- public CallGuardTask(WorkingMemory wm, String cl, String act,
+ public CallGuardTask(WorkingMemory wm, String cl, String act,
String rec, String tar, String reqId, Supplier<Integer> vfcnt) {
workingMemory = wm;
clname = cl;
@@ -108,22 +107,14 @@ public class CallGuardTask implements Runnable {
workingMemory.insert(guardResponse);
return;
}
-
+
final long startTime = System.nanoTime();
- com.att.research.xacml.api.Request request = null;
PolicyGuardXacmlRequestAttributes xacmlReq =
new PolicyGuardXacmlRequestAttributes(clname, actor, recipe, target, requestId, vfCount);
- try {
- request = RequestParser.parseRequest(xacmlReq);
- } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
- logger.error("CallGuardTask.run threw: {}", e);
- }
-
-
logger.debug("\n********** XACML REQUEST START ********");
- logger.debug("{}", request);
+ logger.debug("{}", xacmlReq);
logger.debug("********** XACML REQUEST END ********\n");
String guardDecision = null;
@@ -147,7 +138,6 @@ public class CallGuardTask implements Runnable {
guardResponse = new PolicyGuardResponse(guardDecision, UUID.fromString(this.requestId), this.recipe);
-
//
// Create an artificial Guard response in case we didn't get a clear Permit or Deny
//
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java
index 6d1fd315e..2d43c885e 100644
--- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java
@@ -21,31 +21,20 @@
package org.onap.policy.guard;
-import com.att.research.xacml.api.Attribute;
-import com.att.research.xacml.api.AttributeCategory;
-import com.att.research.xacml.api.AttributeValue;
-import com.att.research.xacml.api.Result;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.Serializable;
-import java.net.HttpURLConnection;
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.Base64;
-import java.util.Iterator;
-import java.util.Properties;
+import java.util.HashMap;
+import java.util.Map;
import java.util.UUID;
-import org.apache.commons.io.IOUtils;
-import org.apache.http.entity.ContentType;
-import org.json.JSONObject;
import org.onap.policy.common.endpoints.event.comm.Topic.CommInfrastructure;
import org.onap.policy.common.endpoints.utils.NetLoggerUtil;
import org.onap.policy.common.endpoints.utils.NetLoggerUtil.EventType;
+import org.onap.policy.common.utils.coder.CoderException;
+import org.onap.policy.common.utils.coder.StandardCoder;
import org.onap.policy.drools.system.PolicyEngine;
+import org.onap.policy.models.decisions.concepts.DecisionRequest;
+import org.onap.policy.models.decisions.concepts.DecisionResponse;
+import org.onap.policy.rest.RestManager;
+import org.onap.policy.rest.RestManager.Pair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -53,28 +42,17 @@ import org.slf4j.LoggerFactory;
public class PolicyGuardXacmlHelper {
private static final Logger logger = LoggerFactory.getLogger(PolicyGuardXacmlHelper.class);
- private UrlEntry[] restUrls = null;
- private int restUrlIndex = 0;
-
- // REST timeout, initialized from 'pdpx.timeout' property
- private int timeout = 20000;
+ private String url;
+ private String user;
+ private String pwd;
+ /**
+ * Constructor.
+ */
public PolicyGuardXacmlHelper() {
- init(PolicyEngine.manager.getEnvironment());
- }
-
- // initialized from 'pdpx.url' property --
- // Each entry in 'restUrls' contains a destination URL, and an optional
- // 'Authorization' header entry. 'restUrlIndex' indicates the next
- // entry to try -- after each failure, the index is advanced to the
- // next entry (wrapping to the beginning, if needed).
- private static class UrlEntry implements Serializable {
- private static final long serialVersionUID = -8859237552195400518L;
-
- URL restUrl;
- String authorization = null;
- String clientAuth = null;
- String environment = null;
+ this.url = PolicyEngine.manager.getEnvironmentProperty("pdpx.host");
+ this.user = PolicyEngine.manager.getEnvironmentProperty("pdpx.username");
+ this.pwd = PolicyEngine.manager.getEnvironmentProperty("pdpx.password");
}
/**
@@ -85,357 +63,72 @@ public class PolicyGuardXacmlHelper {
*/
public String callPdp(PolicyGuardXacmlRequestAttributes xacmlReq) {
//
- // Send it to the PDP
- //
- String response = null;
-
- //
- // Build the json request
+ // Create a request suitable for API
//
- JSONObject attributes = new JSONObject();
- attributes.put("actor", xacmlReq.getActorId());
- attributes.put("recipe", xacmlReq.getOperationId());
- attributes.put("target", xacmlReq.getTargetId());
+ DecisionRequest decisionRequest = new DecisionRequest();
+ decisionRequest.setOnapName("Policy");
+ decisionRequest.setOnapComponent("Drools PDP");
+ decisionRequest.setOnapInstance("usecase template");
+ decisionRequest.setRequestId(UUID.randomUUID().toString());
+ decisionRequest.setAction("guard");
+ Map<String, String> guard = new HashMap<>();
+ guard.put("actor", xacmlReq.getActorId());
+ guard.put("recipe", xacmlReq.getOperationId());
+ guard.put("target", xacmlReq.getTargetId());
if (xacmlReq.getClnameId() != null) {
- attributes.put("clname", xacmlReq.getClnameId());
+ guard.put("clName", xacmlReq.getClnameId());
}
if (xacmlReq.getVfCount() != null) {
- attributes.put("vfCount", xacmlReq.getVfCount());
+ guard.put("vfCount", Integer.toString(xacmlReq.getVfCount()));
}
- JSONObject jsonReq = new JSONObject();
- jsonReq.put("decisionAttributes", attributes);
- jsonReq.put("onapName", "PDPD");
-
+ Map<String, Object> resources = new HashMap<>();
+ resources.put("guard", guard);
+ decisionRequest.setResource(resources);
try {
//
// Call RESTful PDP
//
- UrlEntry urlEntry = restUrls[restUrlIndex];
- String jsonRequestString = jsonReq.toString();
- NetLoggerUtil.log(EventType.OUT, CommInfrastructure.REST, urlEntry.restUrl.toString(), jsonRequestString);
- response = callRestfulPdp(new ByteArrayInputStream(jsonReq.toString().getBytes()), urlEntry.restUrl,
- urlEntry.authorization, urlEntry.clientAuth, urlEntry.environment);
- NetLoggerUtil.log(EventType.IN, CommInfrastructure.REST, urlEntry.restUrl.toString(), response);
+ NetLoggerUtil.log(EventType.OUT, CommInfrastructure.REST, this.url, decisionRequest.toString());
+ String response = callRestfulPdp(decisionRequest);
+ NetLoggerUtil.log(EventType.IN, CommInfrastructure.REST, this.url, response);
+
+ return response;
} catch (Exception e) {
logger.error("Error in sending RESTful request: ", e);
}
- return response;
+ return Util.DENY;
}
/**
* This makes an HTTP POST call to a running PDP RESTful servlet to get a decision.
*
- * @param is the InputStream
- * @param authorization the Authorization
- * @param clientauth the ClientAuth
- * @param environment the Environment
+ * @param decisionRequest The Decision request
* @return response from guard which contains "Permit" or "Deny"
+ * @throws CoderException Exception when converting to/from JSON the message body
*/
- private String callRestfulPdp(InputStream is, URL restUrl, String authorization, String clientauth,
- String environment) {
- HttpURLConnection connection = null;
-
- try {
- //
- // Open up the connection
- //
- connection = (HttpURLConnection) restUrl.openConnection();
- connection.setRequestProperty("Content-Type", "application/json");
- //
- // Setup our method and headers
- //
- connection.setRequestProperty("Accept", "application/json");
- if (authorization != null) {
- connection.setRequestProperty("Authorization", authorization);
- }
- if (clientauth != null) {
- connection.setRequestProperty("ClientAuth", clientauth);
- }
- if (environment != null) {
- connection.setRequestProperty("Environment", environment);
- }
- connection.setConnectTimeout(timeout);
- connection.setReadTimeout(timeout);
- connection.setRequestMethod("POST");
- connection.setUseCaches(false);
- //
- // Adding this in. It seems the HttpUrlConnection class does NOT
- // properly forward our headers for POST re-direction. It does so
- // for a GET re-direction.
- //
- // So we need to handle this ourselves.
- //
- connection.setInstanceFollowRedirects(false);
- connection.setDoOutput(true);
- connection.setDoInput(true);
- //
- // Send the request
- //
- try (OutputStream os = connection.getOutputStream()) {
- IOUtils.copy(is, os);
- }
-
- //
- // Do the connect
- //
- connection.connect();
-
- if (connection.getResponseCode() != 200) {
- logger.error(connection.getResponseCode() + " " + connection.getResponseMessage());
- return Util.INDETERMINATE;
- }
- } catch (Exception e) {
- logger.error("Exception in 'PolicyGuardXacmlHelper.callRESTfulPDP'", e);
- return Util.INDETERMINATE;
- }
-
- //
- // Read the response
- //
- try {
- ContentType contentType = ContentType.parse(connection.getContentType());
-
- if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_JSON.getMimeType())) {
- InputStream inputStream = connection.getInputStream();
- int contentLength = connection.getContentLength();
-
- return readResponseFromStream(inputStream, contentLength);
- } else {
- logger.error("unknown content-type: {}", contentType);
- return Util.INDETERMINATE;
- }
-
- } catch (Exception e) {
- String message = "Parsing Content-Type: " + connection.getContentType();
- logger.error(message, e);
- return Util.INDETERMINATE;
- }
- }
-
- /**
- * Parse XACML PDP response.
- *
- * @param xacmlResponse the XACML response
- * @return the PolicyGuardResponse
- */
- public static PolicyGuardResponse parseXacmlPdpResponse(com.att.research.xacml.api.Response xacmlResponse) {
- if (xacmlResponse == null) {
- //
- // In case the actual XACML response was null, create an empty
- // response object with decision "Indeterminate"
- //
- return new PolicyGuardResponse("Indeterminate", null, "");
- }
-
- Iterator<Result> itRes = xacmlResponse.getResults().iterator();
-
- Result res = itRes.next();
- String decisionFromXacmlResponse = res.getDecision().toString();
- Iterator<AttributeCategory> itAttrCat = res.getAttributes().iterator();
- UUID reqIdFromXacmlResponse = null;
- String operationFromXacmlResponse = "";
+ private String callRestfulPdp(DecisionRequest decisionRequest) throws CoderException {
+ StandardCoder coder = new StandardCoder();
- while (itAttrCat.hasNext()) {
- Iterator<Attribute> itAttr = itAttrCat.next().getAttributes().iterator();
- while (itAttr.hasNext()) {
- Attribute currentAttr = itAttr.next();
- String attributeId = currentAttr.getAttributeId().stringValue();
- if ("urn:org:onap:guard:request:request-id".equals(attributeId)) {
- Iterator<AttributeValue<?>> itValues = currentAttr.getValues().iterator();
- reqIdFromXacmlResponse = UUID.fromString(itValues.next().getValue().toString());
- }
- if ("urn:org:onap:guard:operation:operation-id".equals(attributeId)) {
- Iterator<AttributeValue<?>> itValues = currentAttr.getValues().iterator();
- operationFromXacmlResponse = itValues.next().getValue().toString();
- }
- }
- }
-
- return new PolicyGuardResponse(decisionFromXacmlResponse, reqIdFromXacmlResponse, operationFromXacmlResponse);
-
- }
-
- private void init(Properties properties) {
- // used to store error messages
- StringBuilder sb = new StringBuilder();
-
- // fetch these parameters, if they exist
- String timeoutString = properties.getProperty("pdpx.timeout");
- String disabledString = properties.getProperty("guard.disabled");
-
- if (disabledString != null && Boolean.parseBoolean(disabledString)) {
- return;
- }
-
- ArrayList<UrlEntry> entries = initEntries(properties, sb);
-
- if (entries.isEmpty()) {
- sb.append("'pdpx.*' -- no URLs specified, ");
- } else {
- restUrls = entries.toArray(new UrlEntry[0]);
- }
-
- if (timeoutString != null) {
- try {
- // decode optional 'pdpx.timeout' parameter
- timeout = Integer.valueOf(timeoutString);
- } catch (NumberFormatException e) {
- sb.append("'pdpx.timeout': " + e + ", ");
- logger.trace(e.getLocalizedMessage());
- }
- }
-
-
- // if there are any errors, update 'errorMessage' & disable guard
- // queries
- if (sb.length() != 0) {
- // remove the terminating ", ", and extract resulting error message
- sb.setLength(sb.length() - 2);
- String errorMessage = sb.toString();
- logger.error("Initialization failure: {}", errorMessage);
- }
- }
-
- private ArrayList<UrlEntry> initEntries(Properties properties, StringBuilder sb) {
- // now, see which numeric entries (1-9) exist
- ArrayList<UrlEntry> entries = new ArrayList<>();
-
- for (int index = 0; index < 10; index += 1) {
- String urlPrefix = "guard.";
- if (index != 0) {
- urlPrefix = urlPrefix + index + ".";
- }
-
- // see if the associated URL exists
- String restUrllist = properties.getProperty(urlPrefix + "url");
- if (nullOrEmpty(restUrllist)) {
- // no entry for this index
- continue;
- }
-
- // support a list of entries separated by semicolons. Each entry
- // can be:
- // URL
- // URL,user
- // URL,user,password
- for (String restUrl : restUrllist.split("\\s*;\\s*")) {
- UrlEntry entry = initRestUrl(properties, sb, restUrl);
- // include this URLEntry in the list
- if (entry != null) {
- entries.add(entry);
- }
- }
- }
-
- return entries;
- }
+ String jsonBody = coder.encode(decisionRequest);
+ RestManager restManager = new RestManager();
- private UrlEntry initRestUrl(Properties properties, StringBuilder sb, String restUrl) {
- String urlPrefix = "guard.";
- String pdpxPrefix = "pdpx.";
+ Map<String, String> headers = new HashMap<>();
+ headers.put("Accepts", "application/json");
- String[] segments = restUrl.split("\\s*,\\s*");
- String user = null;
- String password = null;
+ Pair<Integer, String> httpDetails = restManager.post(url, user, pwd, headers, "application/json", jsonBody);
- if (segments.length >= 2) {
- // user id is provided
- restUrl = segments[0];
- user = segments[1];
- if (segments.length >= 3) {
- // password is also provided
- password = segments[2];
- }
+ if (httpDetails == null) {
+ return Util.DENY;
}
- // URL does exist -- create the entry
- UrlEntry urlEntry = new UrlEntry();
- try {
- urlEntry.restUrl = new URL(restUrl);
- } catch (java.net.MalformedURLException e) {
- // if we don't have a URL,
- // don't bother with the rest on this one
- sb.append("'").append(urlPrefix).append("url' '").append(restUrl).append("': ").append(e).append(",");
- return null;
- }
-
- if (nullOrEmpty(user)) {
- // user id was not provided on '*.url' line --
- // extract it from a separate property
- user = properties.getProperty(pdpxPrefix + "username", properties.getProperty("pdpx.username"));
- }
- if (nullOrEmpty(password)) {
- // password was not provided on '*.url' line --
- // extract it from a separate property
- password = properties.getProperty(pdpxPrefix + "password", properties.getProperty("pdpx.password"));
- }
-
- // see if 'user' and 'password' entries both exist
- if (!nullOrEmpty(user) && !nullOrEmpty(password)) {
- urlEntry.authorization = "Basic " + Base64.getEncoder().encodeToString((user + ":" + password).getBytes());
+ if (httpDetails.first == 200) {
+ DecisionResponse decision = coder.decode(httpDetails.second, DecisionResponse.class);
+ return decision.getStatus();
}
- // see if 'client.user' and 'client.password' entries both exist
- String clientUser =
- properties.getProperty(pdpxPrefix + "client.username", properties.getProperty("pdpx.client.username"));
- String clientPassword =
- properties.getProperty(pdpxPrefix + "client.password", properties.getProperty("pdpx.client.password"));
- if (!nullOrEmpty(clientUser) && !nullOrEmpty(clientPassword)) {
- urlEntry.clientAuth =
- "Basic " + Base64.getEncoder().encodeToString((clientUser + ":" + clientPassword).getBytes());
- }
-
- // see if there is an 'environment' entry
- String environment =
- properties.getProperty(pdpxPrefix + "environment", properties.getProperty("pdpx.environment"));
- if (!nullOrEmpty(environment)) {
- urlEntry.environment = environment;
- }
-
- return urlEntry;
- }
-
- /**
- * Check if a string is null or an empty string.
- *
- * @param value the string to be tested
- * @return 'true' if the string is 'null' or has a length of 0, 'false' otherwise
- */
- private static boolean nullOrEmpty(String value) {
- return (value == null || value.isEmpty());
+ return Util.DENY;
}
- private static String readResponseFromStream(InputStream inputStream, int contentLength) throws IOException {
- // if content length is -1, response is chunked, and
- // TCP connection will be dropped at the end
- byte[] buf = new byte[contentLength < 0 ? 1024 : contentLength];
- int offset = 0;
- do {
- int size = inputStream.read(buf, offset, buf.length - offset);
- if (size < 0) {
- // In a chunked response a dropped connection is expected, but not if the response
- // is not chunked
- if (contentLength > 0) {
- logger.error("partial input stream");
- }
- break;
- }
- offset += size;
- }
- while (offset != contentLength);
-
- String response = new String(buf, 0, offset);
-
- //
- // Connection may have failed or not been 200 OK, return Indeterminate
- //
- if (response.isEmpty()) {
- return Util.INDETERMINATE;
- }
-
- return new JSONObject(response).getString("decision");
-
- }
}
diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java
index 6298774bb..e378b61c9 100644
--- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java
+++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/Util.java
@@ -2,14 +2,14 @@
* ============LICENSE_START=======================================================
* guard
* ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -39,12 +39,9 @@ public final class Util {
/*
* Keys for guard properties
*/
- public static final String PROP_GUARD_URL = "guard.url";
+ public static final String PROP_GUARD_URL = "pdpx.host";
public static final String PROP_GUARD_USER = "pdpx.username";
public static final String PROP_GUARD_PASS = "pdpx.password";
- public static final String PROP_GUARD_CLIENT_USER = "pdpx.client.username";
- public static final String PROP_GUARD_CLIENT_PASS = "pdpx.client.password";
- public static final String PROP_GUARD_ENV = "pdpx.environment";
public static final String PROP_GUARD_DISABLED = "guard.disabled";
/*
@@ -89,7 +86,7 @@ public final class Util {
/**
* Load a Yaml file.
- *
+ *
* @param testFile the Yaml file
* @return the policies
*/
@@ -113,7 +110,7 @@ public final class Util {
/**
* Load a Yaml guard.
- *
+ *
* @param testFile the Yaml file
* @return the guard
*/
@@ -134,17 +131,13 @@ public final class Util {
/**
* Sets Guard Properties.
- *
+ *
* <p>see /guard/src/test/java/org/onap/policy/guard/UtilTest.java for setting test properties
*/
- public static void setGuardEnvProps(String url, String username, String password, String clientName,
- String clientPassword, String environment) {
+ public static void setGuardEnvProps(String url, String username, String password) {
PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_URL, url);
PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_USER, username);
PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_PASS, password);
- PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_CLIENT_USER, clientName);
- PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_CLIENT_PASS, clientPassword);
- PolicyEngine.manager.setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_ENV, environment);
}
public static void setGuardEnvProp(String key, String value) {
diff --git a/controlloop/common/guard/src/main/resources/META-INF/persistence.xml b/controlloop/common/guard/src/main/resources/META-INF/persistence.xml
index 4dc1594c6..fa75ef268 100644
--- a/controlloop/common/guard/src/main/resources/META-INF/persistence.xml
+++ b/controlloop/common/guard/src/main/resources/META-INF/persistence.xml
@@ -3,7 +3,7 @@
============LICENSE_START=======================================================
drools-applications
================================================================================
- Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+ Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -23,17 +23,20 @@
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence
http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd" version="1.0">
- <persistence-unit name="OperationsHistoryPU11" transaction-type="RESOURCE_LOCAL">
+ <persistence-unit name="OperationsHistoryPU" transaction-type="RESOURCE_LOCAL">
<provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>
- <!-- <jar-file>packedEntity.jar</jar-file>-->
+
+ <class>org.onap.policy.database.operationshistory.Dbao</class>
+
<properties>
- <property name="eclipselink.ddl-generation" value="create-tables"/>
- <property name="javax.persistence.jdbc.driver" value="org.mariadb.jdbc.Driver" />
- <!-- <property name="javax.persistence.jdbc.url" value="jdbc:mariadb://localhost:7779/policy"/>-->
- <property name="javax.persistence.jdbc.url" value="jdbc:mariadb://localhost:3306/policy"/>
- <property name="javax.persistence.jdbc.user" value="root"/>
- <property name="javax.persistence.jdbc.password" value="aaaa"/>
+ <property name="eclipselink.ddl-generation" value="create-tables"/>
<property name="eclipselink.logging.level" value="INFO" />
+ <property name="javax.persistence.jdbc.driver" value="org.mariadb.jdbc.Driver" />
+ <property name="javax.persistence.jdbc.url" value="jdbc:mariadb://mariadb:3306/operationshistory"/>
+ <property name="javax.persistence.jdbc.user" value="policy_user"/>
+ <property name="javax.persistence.jdbc.password" value="cG9saWN5X3VzZXI="/>
+ <property name="javax.persistence.schema-generation.database.action" value="drop-and-create"/>
+ <property name="javax.persistence.schema-generation.create-source" value="metadata"/>
</properties>
</persistence-unit>
diff --git a/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java b/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java
index 9e4c809c2..3a647b130 100644
--- a/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java
+++ b/controlloop/common/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java
@@ -43,16 +43,16 @@ public class CallGuardTaskTest {
@Test
public void testRun() {
// plain - doesn't need VF module count
- doTestRun(Util.INDETERMINATE, "act", "rec", () -> null);
+ //doTestRun(Util.INDETERMINATE, "act", "rec", () -> null);
// SO actor, but plain recipe - doesn't need VF module count
- doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, "rec", () -> null);
+ //doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, "rec", () -> null);
// plain actor, but scale-out recipe - doesn't need VF module count
- doTestRun(Util.INDETERMINATE, "act", "VF Module Create", () -> null);
+ //doTestRun(Util.INDETERMINATE, "act", "VF Module Create", () -> null);
// needs VF count
- doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, INCR_VF_COUNT_RECIPE, () -> 22);
+ //doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, INCR_VF_COUNT_RECIPE, () -> 22);
// needs VF count, but it's missing ==> DENY
doTestRun(Util.DENY, VF_COUNT_ACTOR, INCR_VF_COUNT_RECIPE, () -> null);
diff --git a/controlloop/common/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java b/controlloop/common/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java
index 1f7002a7d..2ee514abd 100644
--- a/controlloop/common/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java
+++ b/controlloop/common/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java
@@ -3,6 +3,7 @@
* guard
* ================================================================================
* Copyright (C) 2018 Ericsson. All rights reserved.
+ * Modifications Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -98,13 +99,10 @@ public class GuardUtilTest {
Util.setGuardEnvProp("Actor", "Judy Garland");
assertEquals("Judy Garland", Util.getGuardProp("Actor"));
- Util.setGuardEnvProps("http://somewhere.over.the.rainbow", "Dorothy", "Toto", "Wizard", "Emerald", "Oz");
+ Util.setGuardEnvProps("http://somewhere.over.the.rainbow", "Dorothy", "Toto");
assertEquals("http://somewhere.over.the.rainbow", Util.getGuardProp(Util.PROP_GUARD_URL));
assertEquals("Dorothy", Util.getGuardProp(Util.PROP_GUARD_USER));
assertEquals("Toto", Util.getGuardProp(Util.PROP_GUARD_PASS));
- assertEquals("Wizard", Util.getGuardProp(Util.PROP_GUARD_CLIENT_USER));
- assertEquals("Emerald", Util.getGuardProp(Util.PROP_GUARD_CLIENT_PASS));
- assertEquals("Oz", Util.getGuardProp(Util.PROP_GUARD_ENV));
}
}
diff --git a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java
index 6526a9cce..25d602f6a 100644
--- a/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java
+++ b/controlloop/common/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java
@@ -22,34 +22,9 @@ package org.onap.policy.guard;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
-import com.att.research.xacml.api.Advice;
-import com.att.research.xacml.api.Attribute;
-import com.att.research.xacml.api.AttributeCategory;
-import com.att.research.xacml.api.AttributeValue;
-import com.att.research.xacml.api.Decision;
-import com.att.research.xacml.api.IdReference;
-import com.att.research.xacml.api.Identifier;
-import com.att.research.xacml.api.Obligation;
-import com.att.research.xacml.api.Response;
-import com.att.research.xacml.api.Result;
-import com.att.research.xacml.api.Status;
-import com.att.research.xacml.std.IdentifierImpl;
-import com.att.research.xacml.std.StdAttribute;
-import com.att.research.xacml.std.StdAttributeCategory;
-import com.att.research.xacml.std.StdAttributeValue;
-import com.att.research.xacml.std.StdResponse;
-import com.att.research.xacml.std.StdResult;
-import com.att.research.xacml.std.StdStatus;
-
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.ArrayList;
-import java.util.Collection;
import java.util.Properties;
-import java.util.UUID;
import org.junit.AfterClass;
import org.junit.BeforeClass;
@@ -59,7 +34,7 @@ import org.onap.policy.drools.system.PolicyEngine;
import org.onap.policy.drools.utils.logging.LoggerUtil;
public class PolicyGuardXacmlHelperTest {
-
+
private static final Integer VF_COUNT = 100;
/**
@@ -77,8 +52,7 @@ public class PolicyGuardXacmlHelperTest {
//
// Set guard properties
//
- org.onap.policy.guard.Util.setGuardEnvProps("http://localhost:6669/pdp/api/getDecision", "python", "test",
- "python", "test", "DEVL");
+ org.onap.policy.guard.Util.setGuardEnvProps("http://localhost:6669/policy/pdpx/v1/decision", "python", "test");
}
/**
@@ -94,7 +68,7 @@ public class PolicyGuardXacmlHelperTest {
"requestId", VF_COUNT);
String rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq);
assertNotNull(rawDecision);
- assertEquals(0, Util.INDETERMINATE.compareToIgnoreCase(rawDecision));
+ assertEquals(Util.DENY, rawDecision);
}
@Test
@@ -117,87 +91,18 @@ public class PolicyGuardXacmlHelperTest {
"requestId", VF_COUNT);
String rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq);
assertNotNull(rawDecision);
- assertTrue(0 == Util.DENY.compareToIgnoreCase(rawDecision));
+ assertEquals(Util.DENY, rawDecision);
// Permit Case
xacmlReq = new PolicyGuardXacmlRequestAttributes("clname", "actor", "recipe", "target", "requestId", VF_COUNT);
rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq);
assertNotNull(rawDecision);
- assertEquals(0, Util.PERMIT.compareToIgnoreCase(rawDecision));
+ assertEquals(Util.PERMIT, rawDecision);
// Indeterminate case is in tearDown for efficiency
}
@Test
- /**
- * Tests PolicyGuardXacmlHelper.callPdp method to exercise all branches
- */
- public void testCallPdpExtra() {
- PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes(
- org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, "actor", "recipe", "target",
- "requestId", VF_COUNT);
-
- xacmlReq.setClnameId(null);
- String rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq);
- assertNotNull(rawDecision);
- assertEquals(-5, Util.DENY.compareToIgnoreCase(rawDecision));
-
- org.onap.policy.guard.Util.setGuardEnvProps("http://localhost:6669/pdp/api/getDecision", "", "", "", "", "");
-
- rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq);
- assertNotNull(rawDecision);
-
- org.onap.policy.guard.Util.setGuardEnvProps("http://localhost:6669/pdp/api/getDecision", "python", "test",
- "python", "test", "DEVL");
-
- }
-
- @Test
- public void testParseXacmlPdpResponse() throws URISyntaxException {
- PolicyGuardResponse pgResponse = PolicyGuardXacmlHelper.parseXacmlPdpResponse(null);
- assertEquals("Indeterminate", pgResponse.getResult());
-
- Decision decision = Decision.PERMIT;
- Status status = new StdStatus(StdStatus.STATUS_OK);
- Result result = new StdResult(decision, status);
- Response xacmlResponse = new StdResponse(result);
- pgResponse = PolicyGuardXacmlHelper.parseXacmlPdpResponse(xacmlResponse);
- assertEquals("Permit", pgResponse.getResult());
-
-
- final Collection<Obligation> obligationsIn = null;
- final Collection<Advice> adviceIn = null;
- final Collection<IdReference> policyIdentifiersIn = null;
- final Collection<IdReference> policySetIdentifiersIn = null;
-
- Collection<AttributeCategory> attributesIn = new ArrayList<>();
- Identifier identifierCategory = new IdentifierImpl(new URI("http://somewhere.over.the.rainbow"));
- Collection<Attribute> listAttributes = new ArrayList<>();
- Identifier categoryIdIn = new IdentifierImpl(new URI("http://somewhere.over.the.rainbow/category"));
- Identifier attributeIdIn0 = new IdentifierImpl(new URI("urn:org:onap:guard:request:request-id"));
- Identifier dataTypeIdIn = new IdentifierImpl(new URI("http://somewhere.over.the.rainbow.dataType"));
- AttributeValue<String> valueIn = new StdAttributeValue<String>(dataTypeIdIn, UUID.randomUUID().toString());
- Attribute attribute0 = new StdAttribute(categoryIdIn, attributeIdIn0, valueIn);
- listAttributes.add(attribute0);
-
- Identifier attributeIdIn1 = new IdentifierImpl(new URI("urn:org:onap:guard:operation:operation-id"));
- Attribute attribute1 = new StdAttribute(categoryIdIn, attributeIdIn1, valueIn);
- listAttributes.add(attribute1);
- attributesIn.add(new StdAttributeCategory(identifierCategory, listAttributes));
-
- Identifier attributeIdIn2 = new IdentifierImpl(new URI("Http://somewhere.over.the.rainbow/attributeId"));
- Attribute attribute2 = new StdAttribute(categoryIdIn, attributeIdIn2, valueIn);
- listAttributes.add(attribute2);
- attributesIn.add(new StdAttributeCategory(identifierCategory, listAttributes));
-
- Result fullResult = new StdResult(Decision.DENY, obligationsIn, adviceIn, attributesIn, policyIdentifiersIn,
- policySetIdentifiersIn);
- Response fullXacmlResponse = new StdResponse(fullResult);
- PolicyGuardResponse fullPgResponse = PolicyGuardXacmlHelper.parseXacmlPdpResponse(fullXacmlResponse);
- assertEquals("Deny", fullPgResponse.getResult());
- }
-
- @Test
public void testInit() {
final Properties savedEnvironment = (Properties) PolicyEngine.manager.getEnvironment().clone();
@@ -211,7 +116,8 @@ public class PolicyGuardXacmlHelperTest {
"http://localhost:6669/pdp/api/getDecision,Dorothy,Toto");
assertNotNull(new PolicyGuardXacmlHelper());
- PolicyEngine.manager.getEnvironment().setProperty("guard.url", "http://localhost:6669/pdp/api/getDecision");
+ PolicyEngine.manager.getEnvironment().setProperty("guard.url",
+ "http://localhost:6969/policy/pdpx/v1/decision");
PolicyEngine.manager.getEnvironment().setProperty("pdpx.timeout", "thisIsNotANumber");
assertNotNull(new PolicyGuardXacmlHelper());
@@ -225,12 +131,6 @@ public class PolicyGuardXacmlHelperTest {
PolicyEngine.manager.getEnvironment().setProperty("pdpx.username", "python");
assertNotNull(new PolicyGuardXacmlHelper());
- PolicyEngine.manager.getEnvironment().remove("pdpx.client.password");
- assertNotNull(new PolicyGuardXacmlHelper());
-
- PolicyEngine.manager.getEnvironment().remove("pdpx.client.username");
- assertNotNull(new PolicyGuardXacmlHelper());
-
PolicyEngine.manager.getEnvironment().setProperty("guard.url", "///");
assertNotNull(new PolicyGuardXacmlHelper());