diff options
Diffstat (limited to 'controlloop/m2/guard/src/test')
13 files changed, 1167 insertions, 5 deletions
diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java new file mode 100644 index 000000000..3a647b130 --- /dev/null +++ b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java @@ -0,0 +1,78 @@ +/*- + * ============LICENSE_START======================================================= + * guard + * ================================================================================ + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.guard; + +import static org.mockito.ArgumentMatchers.argThat; +import static org.mockito.ArgumentMatchers.isNotNull; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; + +import java.util.function.Supplier; +import org.drools.core.WorkingMemory; +import org.junit.Test; + +public class CallGuardTaskTest { + + private static final String REQ_ID = "1-2-3-4-5"; + private static final String REQ_MATCHER = "0+1-0+2-0+3-0+4-0+5"; + private static final String VF_COUNT_ACTOR = "SO"; + private static final String INCR_VF_COUNT_RECIPE = "VF Module Create"; + + /** + * Tests that "run" works, and inserts guard response into working memory. + */ + @Test + public void testRun() { + // plain - doesn't need VF module count + //doTestRun(Util.INDETERMINATE, "act", "rec", () -> null); + + // SO actor, but plain recipe - doesn't need VF module count + //doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, "rec", () -> null); + + // plain actor, but scale-out recipe - doesn't need VF module count + //doTestRun(Util.INDETERMINATE, "act", "VF Module Create", () -> null); + + // needs VF count + //doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, INCR_VF_COUNT_RECIPE, () -> 22); + + // needs VF count, but it's missing ==> DENY + doTestRun(Util.DENY, VF_COUNT_ACTOR, INCR_VF_COUNT_RECIPE, () -> null); + } + + private void doTestRun(String status, String actor, String recipe, Supplier<Integer> vfCount) { + WorkingMemory mockWorkingSession = mock(WorkingMemory.class); + when(mockWorkingSession.insert(isNotNull())).thenReturn(null); + // Create CallGuardTask and run + CallGuardTask cgt = new CallGuardTask(mockWorkingSession, "cl", actor, recipe, "tar", REQ_ID, vfCount); + cgt.run(); + verify(mockWorkingSession).insert(argThat((Object obj) -> { + if (!(obj instanceof PolicyGuardResponse)) { + return false; + } + // Check if the inserted response is PolicyGuardResponse, is Indeterminate, + // and has same reqID + PolicyGuardResponse response = (PolicyGuardResponse) obj; + // req ID has form 00000001-0002-0003-0004-000000000005 + return status.equals(response.getResult()) && response.getRequestId().toString().matches(REQ_MATCHER); + })); + } +} diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardContextTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardContextTest.java index 54fd323c2..1b375cf21 100644 --- a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardContextTest.java +++ b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardContextTest.java @@ -84,11 +84,12 @@ public class GuardContextTest { @Test public void testGuardDbResponse() throws InterruptedException { Properties props = new Properties(prop); + props.setProperty(Util.PROP_GUARD_PERSISTENCE_UNIT, Util.JUNITPU); props.setProperty("guard.disabled", "false"); props.setProperty("guard.javax.persistence.jdbc.user", "user"); props.setProperty("guard.javax.persistence.jdbc.password", "secret"); props.setProperty("guard.javax.persistence.jdbc.driver", "org.h2.Driver"); - props.setProperty("guard.javax.persistence.jdbc.url", "jdbc:h2:file:./H2DB"); + props.setProperty("guard.javax.persistence.jdbc.url", "jdbc:h2:mem:testGuardDbResponse"); guardContext = new GuardContext(props); assertNotNull(guardContext); @@ -167,11 +168,12 @@ public class GuardContextTest { @Test public void testCreateDbEntry() { - Properties mockProperties = Mockito.mock(Properties.class); + Properties props = new Properties(); + props.setProperty(Util.PROP_GUARD_PERSISTENCE_UNIT, Util.JUNITPU); Instant startTime = Instant.now(); Instant endTime = Instant.now(); - guardContext = new GuardContext(mockProperties); + guardContext = new GuardContext(props); assertFalse(guardContext.createDbEntry(startTime, endTime, "testClosedLoopControlName", "testActor", "testRecipe", "testTarget", "testRequestId", "testSubRequestId", "testMessage", "testOutcome")); @@ -180,10 +182,10 @@ public class GuardContextTest { "testRecipe", "testTarget", "testRequestId", "testSubRequestId", "testMessage", "testOutcome")); PolicyEngineConstants.getManager().setEnvironmentProperty("guard.disabled", ""); - PolicyEngineConstants.getManager().setEnvironmentProperty("guard.jdbc.url", "jdbc:h2:file:./H2DB"); + PolicyEngineConstants.getManager().setEnvironmentProperty("guard.jdbc.url", "jdbc:h2:mem:testCreateDbEntry"); PolicyEngineConstants.getManager().setEnvironmentProperty("sql.db.username", "user"); PolicyEngineConstants.getManager().setEnvironmentProperty("sql.db.password", "secret"); - guardContext = new GuardContext(mockProperties); + guardContext = new GuardContext(props); assertTrue(guardContext.createDbEntry(startTime, endTime, "testClosedLoopControlName", "testActor", "testRecipe", "testTarget", "testRequestId", "testSubRequestId", "testMessage", "testOutcome")); diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardResultTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardResultTest.java new file mode 100644 index 000000000..6fe0f2b50 --- /dev/null +++ b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardResultTest.java @@ -0,0 +1,42 @@ +/*- + * ============LICENSE_START======================================================= + * guard + * ================================================================================ + * Copyright (C) 2018 Ericsson. All rights reserved. + * Modifications Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.guard; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +import org.junit.Test; + +public class GuardResultTest { + + @Test + public void testGuardResult() { + assertEquals(3, GuardResult.values().length); + assertNotNull(GuardResult.LOCK_ACQUIRED); + assertNotNull(GuardResult.LOCK_DENIED); + assertNotNull(GuardResult.LOCK_EXCEPTION); + + assertEquals(GuardResult.LOCK_ACQUIRED, GuardResult.valueOf("LOCK_ACQUIRED")); + assertEquals(GuardResult.LOCK_DENIED, GuardResult.valueOf("LOCK_DENIED")); + assertEquals(GuardResult.LOCK_EXCEPTION, GuardResult.valueOf("LOCK_EXCEPTION")); + } +} diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java new file mode 100644 index 000000000..e17207634 --- /dev/null +++ b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java @@ -0,0 +1,102 @@ +/*- + * ============LICENSE_START======================================================= + * guard + * ================================================================================ + * Copyright (C) 2018 Ericsson. All rights reserved. + * Modifications Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.guard; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; + +import com.google.common.io.Files; +import java.io.File; +import java.io.IOException; +import org.junit.Test; +import org.onap.policy.controlloop.policy.ControlLoopPolicy; +import org.onap.policy.controlloop.policy.guard.ControlLoopGuard; +import org.onap.policy.guard.Util.Pair; +import org.yaml.snakeyaml.Yaml; +import org.yaml.snakeyaml.constructor.Constructor; + +public class GuardUtilTest { + @Test + public void testLoadYamlOk() throws IOException { + File tempYamlFile = File.createTempFile("ONAPPF", "yaml"); + tempYamlFile.deleteOnExit(); + + ControlLoopPolicy clPolicy = new ControlLoopPolicy(); + + Yaml clYaml = new Yaml(new Constructor(ControlLoopPolicy.class)); + String clYamlString = clYaml.dump(clPolicy); + + SupportTextFileUtils.putStringAsFile(clYamlString, tempYamlFile); + + Pair<ControlLoopPolicy, String> result = Util.loadYaml(tempYamlFile.getCanonicalPath()); + + assertEquals(clPolicy, result.parameterA); + assertEquals(clYamlString, result.parameterB); + } + + @Test + public void testLoadYamlError() throws IOException { + File tempDir = Files.createTempDir(); + tempDir.deleteOnExit(); + + // Read from a directory forces an IO exception + assertNull(Util.loadYaml(tempDir.getCanonicalPath())); + } + + @Test + public void testLoadGuardYamlOk() throws IOException { + File tempYamlFile = File.createTempFile("ONAPPF", "yaml"); + tempYamlFile.deleteOnExit(); + + ControlLoopGuard clGuardPolicy = new ControlLoopGuard(); + + Yaml clYaml = new Yaml(new Constructor(ControlLoopPolicy.class)); + String clYamlString = clYaml.dump(clGuardPolicy); + + SupportTextFileUtils.putStringAsFile(clYamlString, tempYamlFile); + + ControlLoopGuard result = Util.loadYamlGuard(tempYamlFile.getCanonicalPath()); + + assertEquals(clGuardPolicy, result); + } + + @Test + public void testLoadGuardYamlError() throws IOException { + File tempDir = Files.createTempDir(); + tempDir.deleteOnExit(); + + // Read from a directory forces an IO exception + assertNull(Util.loadYamlGuard(tempDir.getCanonicalPath())); + } + + @Test + public void testMisc() { + Util.setGuardEnvProp("Actor", "Judy Garland"); + assertEquals("Judy Garland", Util.getGuardProp("Actor")); + + Util.setGuardEnvProps("http://somewhere.over.the.rainbow", "Dorothy", "Toto"); + + assertEquals("http://somewhere.over.the.rainbow", Util.getGuardProp(Util.PROP_GUARD_URL)); + assertEquals("Dorothy", Util.getGuardProp(Util.PROP_GUARD_USER)); + assertEquals("Toto", Util.getGuardProp(Util.PROP_GUARD_PASS)); + } +} diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardRequestTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardRequestTest.java new file mode 100644 index 000000000..cdc862acb --- /dev/null +++ b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardRequestTest.java @@ -0,0 +1,59 @@ +/*- + * ============LICENSE_START======================================================= + * guard + * ================================================================================ + * Copyright (C) 2018 Ericsson. All rights reserved. + * ================================================================================ + * Modifications Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.guard; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +import java.util.UUID; +import org.junit.Test; + +public class PolicyGuardRequestTest { + + private static final String KANSAS = "Kansas"; + private static final String GET_BACK_HOME = "GetBackHome"; + private static final String DOROTHY = "Dorothy"; + + @Test + public void testPolicyGuardRequest() { + UUID requestId = UUID.randomUUID(); + + assertNotNull(new PolicyGuardRequest(null, null, null, null)); + + PolicyGuardRequest request = new PolicyGuardRequest(DOROTHY, KANSAS, requestId, GET_BACK_HOME); + + request.setRequestId(requestId); + assertEquals(requestId, request.getRequestId()); + + request.setActor(DOROTHY); + assertEquals(DOROTHY, request.getActor()); + + request.setTarget(KANSAS); + assertEquals(KANSAS, request.getTarget()); + + request.setOperation(GET_BACK_HOME); + assertEquals(GET_BACK_HOME, request.getOperation()); + + assertEquals("PolicyGuardRequest [actor=Dorothy", request.toString().substring(0, 33)); + } +} diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardResponseTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardResponseTest.java new file mode 100644 index 000000000..629555297 --- /dev/null +++ b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardResponseTest.java @@ -0,0 +1,55 @@ +/*- + * ============LICENSE_START======================================================= + * guard + * ================================================================================ + * Copyright (C) 2018 Ericsson. All rights reserved. + * ================================================================================ + * Modifications Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.guard; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +import java.util.UUID; +import org.junit.Test; + +public class PolicyGuardResponseTest { + + private static final String GET_BACK_HOME = "GetBackHome"; + private static final String BACK_HOME = "BackHome"; + + @Test + public void testPolicyGuardResponse() { + UUID requestId = UUID.randomUUID(); + + assertNotNull(new PolicyGuardResponse(null, null, null)); + + PolicyGuardResponse response = new PolicyGuardResponse(BACK_HOME, requestId, GET_BACK_HOME); + + response.setRequestId(requestId); + assertEquals(requestId, response.getRequestId()); + + response.setResult(BACK_HOME); + assertEquals(BACK_HOME, response.getResult()); + + response.setOperation(GET_BACK_HOME); + assertEquals(GET_BACK_HOME, response.getOperation()); + + assertEquals("PolicyGuardResponse [requestId=", response.toString().substring(0, 31)); + } +} diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java new file mode 100644 index 000000000..47af1fbc6 --- /dev/null +++ b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java @@ -0,0 +1,150 @@ +/*- + * ============LICENSE_START======================================================= + * guard + * ================================================================================ + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.guard; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +import java.util.Properties; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; +import org.onap.policy.common.endpoints.http.server.HttpServletServerFactoryInstance; +import org.onap.policy.drools.system.PolicyEngineConstants; +import org.onap.policy.drools.utils.logging.LoggerUtil; + +public class PolicyGuardXacmlHelperTest { + + private static final String TARGET = "target"; + private static final String REQUEST_ID = "requestId"; + private static final String RECIPE = "recipe"; + private static final String GUARD_URL = "guard.url"; + private static final String ACTOR = "actor"; + private static final Integer VF_COUNT = 100; + + /** + * Set up test class. + */ + @BeforeClass + public static void setupSimulator() throws Exception { + LoggerUtil.setLevel("ROOT", "INFO"); + LoggerUtil.setLevel("org.eclipse.jetty", "WARN"); + + HttpServletServerFactoryInstance.getServerFactory().destroy(); + org.onap.policy.simulators.Util.buildGuardSim(); + + // + // Set guard properties + // + org.onap.policy.guard.Util.setGuardEnvProps("http://localhost:6669/policy/pdpx/v1/decision", "python", "test"); + } + + /** + * Shuts down simulator and performs 1 more test for the case where the connection fails. + */ + @AfterClass + public static void tearDownSimulator() { + HttpServletServerFactoryInstance.getServerFactory().destroy(); + + // Null/ Bad Connection Case + PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes( + org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, ACTOR, RECIPE, TARGET, + REQUEST_ID, VF_COUNT); + String rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq); + assertNotNull(rawDecision); + assertEquals(Util.DENY, rawDecision); + } + + @Test + public void testSimulator() { + PolicyGuardXacmlRequestAttributes request = new PolicyGuardXacmlRequestAttributes("clname_id", "actor_id", + "operation_id", "target_id", "request_id", VF_COUNT); + String xacmlResponse = new PolicyGuardXacmlHelper().callPdp(request); + assertNotNull(xacmlResponse); + } + + @Test + /* + * Tests PolicyGuardXacmlHelper.callPdp method to determine if it returns DENY, PERMIT, or + * INDETERMINATE as expected. + */ + public void testCallPdp() { + // Deny Case + PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes( + org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, ACTOR, RECIPE, TARGET, + REQUEST_ID, VF_COUNT); + String rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq); + assertNotNull(rawDecision); + assertEquals(Util.DENY, rawDecision); + + // Permit Case + xacmlReq = new PolicyGuardXacmlRequestAttributes("clname", ACTOR, RECIPE, TARGET, REQUEST_ID, VF_COUNT); + rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq); + assertNotNull(rawDecision); + assertEquals(Util.PERMIT, rawDecision); + + // Indeterminate case is in tearDown for efficiency + } + + @Test + public void testInit() { + final Properties savedEnvironment = (Properties) PolicyEngineConstants.getManager().getEnvironment().clone(); + + assertNotNull(new PolicyGuardXacmlHelper()); + + PolicyEngineConstants.getManager().getEnvironment().setProperty(GUARD_URL, + "http://localhost:6669/pdp/api/getDecision,Dorothy"); + assertNotNull(new PolicyGuardXacmlHelper()); + + PolicyEngineConstants.getManager().getEnvironment().setProperty(GUARD_URL, + "http://localhost:6669/pdp/api/getDecision,Dorothy,Toto"); + assertNotNull(new PolicyGuardXacmlHelper()); + + PolicyEngineConstants.getManager().getEnvironment().setProperty(GUARD_URL, + "http://localhost:6969/policy/pdpx/v1/decision"); + + PolicyEngineConstants.getManager().getEnvironment().setProperty("pdpx.timeout", "thisIsNotANumber"); + assertNotNull(new PolicyGuardXacmlHelper()); + + PolicyEngineConstants.getManager().getEnvironment().setProperty("pdpx.timeout", "1000"); + assertNotNull(new PolicyGuardXacmlHelper()); + + PolicyEngineConstants.getManager().getEnvironment().remove("pdpx.password"); + assertNotNull(new PolicyGuardXacmlHelper()); + + PolicyEngineConstants.getManager().getEnvironment().setProperty("pdpx.username", "python"); + assertNotNull(new PolicyGuardXacmlHelper()); + + PolicyEngineConstants.getManager().getEnvironment().setProperty(GUARD_URL, "///"); + assertNotNull(new PolicyGuardXacmlHelper()); + + PolicyEngineConstants.getManager().getEnvironment().setProperty("guard.disabled", ""); + assertNotNull(new PolicyGuardXacmlHelper()); + + PolicyEngineConstants.getManager().getEnvironment().setProperty("guard.disabled", "true"); + assertNotNull(new PolicyGuardXacmlHelper()); + + PolicyEngineConstants.getManager().getEnvironment().clear(); + assertNotNull(new PolicyGuardXacmlHelper()); + + PolicyEngineConstants.getManager().setEnvironment(savedEnvironment); + } +} diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributesTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributesTest.java new file mode 100644 index 000000000..3d49d99c1 --- /dev/null +++ b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributesTest.java @@ -0,0 +1,74 @@ +/*- + * ============LICENSE_START======================================================= + * guard + * ================================================================================ + * Copyright (C) 2018 Ericsson. All rights reserved. + * ================================================================================ + * Modifications Copyright (C) 2018-2020 AT&T. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.guard; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +import java.util.UUID; +import org.junit.Test; + +public class PolicyGuardXacmlRequestAttributesTest { + + @Test + public void testPolicyGuardXacmlRequestAttributes() { + PolicyGuardXacmlRequestAttributes attributes = + new PolicyGuardXacmlRequestAttributes(null, null, null, null, null, null); + assertNotNull(attributes); + + UUID requestId = UUID.randomUUID(); + attributes.setRequestId(requestId.toString()); + assertEquals(requestId.toString(), attributes.getRequestId()); + + UUID operationId = UUID.randomUUID(); + attributes.setOperationId(operationId.toString()); + assertEquals(operationId.toString(), attributes.getOperationId()); + + UUID actorId = UUID.randomUUID(); + attributes.setActorId(actorId.toString()); + assertEquals(actorId.toString(), attributes.getActorId()); + + UUID targetId = UUID.randomUUID(); + attributes.setTargetId(targetId.toString()); + assertEquals(targetId.toString(), attributes.getTargetId()); + + attributes.setTargetId(targetId.toString()); + assertEquals(targetId.toString(), attributes.getTargetId()); + + UUID controlLoopId = UUID.randomUUID(); + attributes.setClnameId(controlLoopId.toString()); + assertEquals(controlLoopId.toString(), attributes.getClnameId()); + + attributes.setClnameId(null); + assertEquals(null, attributes.getClnameId()); + + Integer vfCount = 20; + attributes.setVfCount(vfCount); + assertEquals(vfCount, attributes.getVfCount()); + + attributes.setVfCount(null); + assertEquals(null, attributes.getVfCount()); + + assertEquals("PolicyGuardXacmlRequestAttributes [actorId=", attributes.toString().substring(0, 43)); + } +} diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardYamlToXacmlTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardYamlToXacmlTest.java new file mode 100644 index 000000000..a8110ed04 --- /dev/null +++ b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardYamlToXacmlTest.java @@ -0,0 +1,248 @@ +/*- + * ============LICENSE_START======================================================= + * guard + * ================================================================================ + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.guard; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import java.io.File; +import java.io.IOException; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import org.junit.Before; +import org.junit.Test; +import org.onap.policy.controlloop.policy.guard.Constraint; +import org.onap.policy.controlloop.policy.guard.ControlLoopGuard; +import org.onap.policy.controlloop.policy.guard.GuardPolicy; +import org.onap.policy.controlloop.policy.guard.MatchParameters; +import org.yaml.snakeyaml.Yaml; +import org.yaml.snakeyaml.constructor.Constructor; + +public class PolicyGuardYamlToXacmlTest { + private static final String SOME_START_TIME = "someStartTime"; + private static final String SOME_END_TIME = "someEndTime"; + private static final String HOURS = "hours"; + private static final String TARGET2 = "WickedWitchOfTheWest"; + private static final String TARGET1 = "Wizard"; + private static final String ONAPPF_FILE = "ONAPPF"; + private static final String RECIPE = "GoToOz"; + private static final String TEXT1 = "WestWitches"; + private static final String TEXT2 = "EastWitches"; + private static final String OUT_XACML = ".out.xacml"; + private ControlLoopGuard clGuard; + + /** + * Set up test cases. + */ + @Before + public void createControlLoopGuard() { + clGuard = new ControlLoopGuard(); + MatchParameters matchParameters = new MatchParameters(); + matchParameters.setControlLoopName("WizardOfOz"); + matchParameters.setActor("Dorothy"); + matchParameters.setRecipe(RECIPE); + List<String> targets = new ArrayList<>(); + targets.add(TARGET1); + targets.add(TARGET2); + matchParameters.setTargets(targets); + GuardPolicy guardPolicy = new GuardPolicy(); + guardPolicy.setMatch_parameters(matchParameters); + Constraint limitConstraint = new Constraint(); + limitConstraint.setFreq_limit_per_target(5); + Map<String, String> timeWindow = new HashMap<>(); + timeWindow.put("value", "10"); + timeWindow.put("units", HOURS); + limitConstraint.setTime_window(timeWindow); + Map<String, String> activeTimeRange = new HashMap<>(); + activeTimeRange.put("start", SOME_START_TIME); + activeTimeRange.put("end", SOME_END_TIME); + limitConstraint.setActive_time_range(activeTimeRange); + LinkedList<Constraint> limitConstraints = new LinkedList<>(); + limitConstraints.add(limitConstraint); + guardPolicy.setLimit_constraints(limitConstraints); + LinkedList<GuardPolicy> guardList = new LinkedList<>(); + guardList.add(guardPolicy); + clGuard.setGuards(guardList); + } + + @Test + public void testGenerateXacmlGuardFull() throws IOException { + File tempYamlFile = File.createTempFile(ONAPPF_FILE, "yaml"); + tempYamlFile.deleteOnExit(); + + File tempXacmlTemplateFile = new File("src/test/resources/frequency_limiter_template.xml"); + + File tempXacmlOutputFile = File.createTempFile(ONAPPF_FILE, OUT_XACML); + tempXacmlOutputFile.deleteOnExit(); + + Yaml clYaml = new Yaml(new Constructor(ControlLoopGuard.class)); + String clYamlString = clYaml.dump(clGuard); + + SupportTextFileUtils.putStringAsFile(clYamlString, tempYamlFile); + PolicyGuardYamlToXacml.fromYamlToXacml(tempYamlFile.getCanonicalPath(), + tempXacmlTemplateFile.getCanonicalPath(), tempXacmlOutputFile.getCanonicalPath()); + + String result = SupportTextFileUtils.getTextFileAsString(tempXacmlOutputFile.getCanonicalPath()); + + // Assert no mote "${}" are left + assertFalse(result.contains("${")); + assertFalse(result.contains("}")); + // Assert all substitutions are made + assertTrue(result.contains("cl")); + assertTrue(result.contains("actor")); + assertTrue(result.contains(RECIPE)); + assertTrue(result.contains(TARGET1)); + assertTrue(result.contains(TARGET2)); + assertTrue(result.contains("10")); + assertTrue(result.contains(HOURS)); + assertTrue(result.contains(SOME_START_TIME)); + assertTrue(result.contains(SOME_END_TIME)); + } + + @Test + public void testGenerateXacmlGuardPartial() throws IOException { + final File tempYamlFile = File.createTempFile(ONAPPF_FILE, "yaml"); + tempYamlFile.deleteOnExit(); + + final File tempXacmlTemplateFile = new File("src/test/resources/frequency_limiter_template.xml"); + + final File tempXacmlOutputFile = File.createTempFile(ONAPPF_FILE, OUT_XACML); + tempXacmlOutputFile.deleteOnExit(); + + MatchParameters matchParameters = clGuard.getGuards().get(0).getMatch_parameters(); + matchParameters.setControlLoopName(null); + matchParameters.setActor(null); + matchParameters.setRecipe(null); + matchParameters.setTargets(null); + + Yaml clYaml = new Yaml(new Constructor(ControlLoopGuard.class)); + String clYamlString = clYaml.dump(clGuard); + + SupportTextFileUtils.putStringAsFile(clYamlString, tempYamlFile); + PolicyGuardYamlToXacml.fromYamlToXacml(tempYamlFile.getCanonicalPath(), + tempXacmlTemplateFile.getCanonicalPath(), tempXacmlOutputFile.getCanonicalPath()); + + String result = SupportTextFileUtils.getTextFileAsString(tempXacmlOutputFile.getCanonicalPath()); + + // Assert no mote "${}" are left + assertFalse(result.contains("${")); + assertFalse(result.contains("}")); + // Assert all substitutions are made + assertTrue(result.contains("cl")); + assertTrue(result.contains("actor")); + assertFalse(result.contains(RECIPE)); + assertFalse(result.contains(TARGET1)); + assertFalse(result.contains(TARGET2)); + assertTrue(result.contains("10")); + assertTrue(result.contains(HOURS)); + assertTrue(result.contains(SOME_START_TIME)); + assertTrue(result.contains(SOME_END_TIME)); + } + + @Test + public void testIsNullOrEmpty() { + assertTrue(PolicyGuardYamlToXacml.isNullOrEmpty("")); + assertTrue(PolicyGuardYamlToXacml.isNullOrEmpty(null)); + assertFalse(PolicyGuardYamlToXacml.isNullOrEmpty("hello")); + } + + @Test + public void testIsNullOrEmptyList() { + List<String> list = new ArrayList<>(); + assertTrue(PolicyGuardYamlToXacml.isNullOrEmptyList(null)); + assertTrue(PolicyGuardYamlToXacml.isNullOrEmptyList(list)); + + list.add("hello"); + assertFalse(PolicyGuardYamlToXacml.isNullOrEmptyList(list)); + } + + @Test + public void testGenerateXacmlGuardBlacklist() throws IOException { + final File tempYamlFile = File.createTempFile(ONAPPF_FILE, "yaml"); + tempYamlFile.deleteOnExit(); + + final File tempXacmlTemplateFile = new File("src/test/resources/blacklist_template.xml"); + + final File tempXacmlOutputFile = File.createTempFile(ONAPPF_FILE, OUT_XACML); + tempXacmlOutputFile.deleteOnExit(); + + List<String> blacklist = new ArrayList<>(); + blacklist.add(TEXT1); + blacklist.add(TEXT2); + clGuard.getGuards().get(0).getLimit_constraints().get(0).setBlacklist(blacklist); + + Yaml clYaml = new Yaml(new Constructor(ControlLoopGuard.class)); + String clYamlString = clYaml.dump(clGuard); + + SupportTextFileUtils.putStringAsFile(clYamlString, tempYamlFile); + PolicyGuardYamlToXacml.fromYamlToXacmlBlacklist(tempYamlFile.getCanonicalPath(), + tempXacmlTemplateFile.getCanonicalPath(), tempXacmlOutputFile.getCanonicalPath()); + + String result = SupportTextFileUtils.getTextFileAsString(tempXacmlOutputFile.getCanonicalPath()); + // Assert no mote "${}" are left + assertFalse(result.contains("${")); + assertFalse(result.contains("}")); + // Assert all substitutions are made + assertTrue(result.contains(TEXT1)); + assertTrue(result.contains(TEXT2)); + } + + @Test + public void testGenerateXacmlGuardBlacklistPartial() throws IOException { + final File tempYamlFile = File.createTempFile(ONAPPF_FILE, "yaml"); + tempYamlFile.deleteOnExit(); + + final File tempXacmlTemplateFile = new File("src/test/resources/blacklist_template.xml"); + + final File tempXacmlOutputFile = File.createTempFile(ONAPPF_FILE, OUT_XACML); + tempXacmlOutputFile.deleteOnExit(); + + List<String> blacklist = new ArrayList<>(); + blacklist.add(TEXT1); + blacklist.add(TEXT2); + GuardPolicy guardPolicy = clGuard.getGuards().get(0); + guardPolicy.getLimit_constraints().get(0).setBlacklist(blacklist); + + MatchParameters matchParameters = guardPolicy.getMatch_parameters(); + matchParameters.setControlLoopName(null); + matchParameters.setActor(null); + matchParameters.setRecipe(null); + matchParameters.setTargets(null); + + Yaml clYaml = new Yaml(new Constructor(ControlLoopGuard.class)); + String clYamlString = clYaml.dump(clGuard); + + SupportTextFileUtils.putStringAsFile(clYamlString, tempYamlFile); + PolicyGuardYamlToXacml.fromYamlToXacmlBlacklist(tempYamlFile.getCanonicalPath(), + tempXacmlTemplateFile.getCanonicalPath(), tempXacmlOutputFile.getCanonicalPath()); + + String result = SupportTextFileUtils.getTextFileAsString(tempXacmlOutputFile.getCanonicalPath()); + // Assert no mote "${}" are left + assertFalse(result.contains("${")); + assertFalse(result.contains("}")); + // Assert all substitutions are made + assertTrue(result.contains(TEXT1)); + assertTrue(result.contains(TEXT2)); + } +} diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/SupportTextFileUtils.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/SupportTextFileUtils.java new file mode 100644 index 000000000..98c33c761 --- /dev/null +++ b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/SupportTextFileUtils.java @@ -0,0 +1,65 @@ +/*- + * ============LICENSE_START======================================================= + * guard + * ================================================================================ + * Copyright (C) 2018 Ericsson. All rights reserved. + * Modifications Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.guard; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import org.drools.core.util.IoUtils; + +/** + * The Class TextFileUtils is class that provides useful functions for handling text files. + * Functions to read and wrtie text files to strings and strings are provided. + * + * @author Liam Fallon (liam.fallon@ericsson.com) + */ +public class SupportTextFileUtils { + + private SupportTextFileUtils() { + // do nothing + } + + /** + * Method to return the contents of a text file as a string. + * + * @param textFilePath The path to the file as a string + * @return A string containing the contents of the file + * @throws IOException on errors reading text from the file + */ + public static String getTextFileAsString(final String textFilePath) { + return IoUtils.readFileAsString(new File(textFilePath)); + } + + /** + * Method to write contents of a string to a text file. + * + * @param outString The string to write + * @param textFile The file to write the string to + * @throws IOException on errors reading text from the file + */ + public static void putStringAsFile(final String outString, final File textFile) throws IOException { + try (final FileOutputStream textFileOutputStream = new FileOutputStream(textFile)) { + textFileOutputStream.write(outString.getBytes(StandardCharsets.UTF_8)); + } + } +} diff --git a/controlloop/m2/guard/src/test/resources/META-INF/persistence.xml b/controlloop/m2/guard/src/test/resources/META-INF/persistence.xml new file mode 100644 index 000000000..8e8be4ed2 --- /dev/null +++ b/controlloop/m2/guard/src/test/resources/META-INF/persistence.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ============LICENSE_START======================================================= + drools-applications + ================================================================================ + Copyright (C) 2018-2020 AT&T Intellectual Property. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + --> +<persistence xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence persistence_1_0.xsd" version="1.0"> + + <!-- In-mem DB for junit --> + <persistence-unit name="OperationsHistoryPUTest" + transaction-type="RESOURCE_LOCAL"> + <provider>org.eclipse.persistence.jpa.PersistenceProvider</provider> + + <class>org.onap.policy.guard.OperationsHistory</class> + + <properties> + <property name="eclipselink.ddl-generation" value="create-tables" /> + <property name="eclipselink.logging.level" value="FINE" /> + <property name="hibernate.dialect" value="org.hibernate.dialect.H2Dialect"/> + <property name="javax.persistence.jdbc.driver" value="org.h2.Driver" /> + <property name="javax.persistence.jdbc.url" value="jdbc:h2:mem:testdb;DATABASE_TO_UPPER=FALSE" /> + <property name="javax.persistence.jdbc.user" value="policy" /> + <property name="javax.persistence.jdbc.password" value="P01icY" /> + <property name="javax.persistence.schema-generation.database.action" value="drop-and-create"/> + <property name="javax.persistence.schema-generation.create-source" value="metadata"/> + </properties> + </persistence-unit> + +</persistence> diff --git a/controlloop/m2/guard/src/test/resources/blacklist_template.xml b/controlloop/m2/guard/src/test/resources/blacklist_template.xml new file mode 100644 index 000000000..1563e4a7d --- /dev/null +++ b/controlloop/m2/guard/src/test/resources/blacklist_template.xml @@ -0,0 +1,117 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + ============LICENSE_START======================================================= + drools-applications + ================================================================================ + Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + --> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069" + Version="1" + RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny"> + <Description>Policy for frequency limiter.</Description> + <Target> + <AnyOf> + <AllOf> + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*</AttributeValue>--> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" + AttributeId="urn:org:onap:guard:clname:clname-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> + + <!-- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">--> + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" + AttributeId="urn:org:onap:guard:actor:actor-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" + AttributeId="urn:org:onap:guard:operation:operation-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule + RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21" + Effect="Deny"> + <Description>DENY - only if target is in black list and guard is + active.</Description> + <Condition> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> + <VariableReference + VariableId="isGuardActive" /> + <VariableReference + VariableId="isInBlackList" /> + </Apply> + </Condition> + </Rule> + <VariableDefinition VariableId="isInBlackList"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of"> + <Function + FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal" /> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" + AttributeId="urn:org:onap:guard:target:target-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Apply> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"> + ${blackListElement} + <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">vserver.vserver-name</AttributeValue>--> + </Apply> + </Apply> + </VariableDefinition> + <VariableDefinition VariableId="isGuardActive"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> + <AttributeDesignator + AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" + DataType="http://www.w3.org/2001/XMLSchema#time" + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" + MustBePresent="false" /> + </Apply> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> + </Apply> + </VariableDefinition> +</Policy> diff --git a/controlloop/m2/guard/src/test/resources/frequency_limiter_template.xml b/controlloop/m2/guard/src/test/resources/frequency_limiter_template.xml new file mode 100644 index 000000000..d26432f86 --- /dev/null +++ b/controlloop/m2/guard/src/test/resources/frequency_limiter_template.xml @@ -0,0 +1,127 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + ============LICENSE_START======================================================= + drools-applications + ================================================================================ + Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + --> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069" + Version="1" + RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny"> + <Description>Policy for frequency limiter.</Description> + <Target> + <AnyOf> + <AllOf> + + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*</AttributeValue>--> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" + AttributeId="urn:org:onap:guard:clname:clname-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> + + <!-- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">--> + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" + AttributeId="urn:org:onap:guard:actor:actor-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" + AttributeId="urn:org:onap:guard:operation:operation-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> + + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">${targets}</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" + AttributeId="urn:org:onap:guard:target:target-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> + + </AllOf> + </AnyOf> + </Target> + <Rule + RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21" + Effect="Deny"> + <Description>DENY - only if number of operations performed in + the past is larger than the limit and the Guard is active.</Description> + <Condition> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> + <VariableReference + VariableId="isGuardActive" /> + <VariableReference + VariableId="isHistoryGreaterThanLimit" /> + </Apply> + </Condition> + </Rule> + <VariableDefinition VariableId="isGuardActive"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> + <AttributeDesignator + AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" + DataType="http://www.w3.org/2001/XMLSchema#time" + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" + MustBePresent="false" /> + </Apply> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> + </Apply> + </VariableDefinition> + <VariableDefinition + VariableId="isHistoryGreaterThanLimit"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" + AttributeId="com:att:research:xacml:test:sql:resource:operations:count" + DataType="http://www.w3.org/2001/XMLSchema#integer" + Issuer="com:att:research:xacml:guard:historydb:tw:${twValue}:${twUnits}" + MustBePresent="false" /> + </Apply> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#integer">${limit}</AttributeValue> + </Apply> + </VariableDefinition> +</Policy> |