diff options
Diffstat (limited to 'controlloop/m2/guard/src')
23 files changed, 0 insertions, 2743 deletions
diff --git a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java b/controlloop/m2/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java deleted file mode 100644 index 0331b7aab..000000000 --- a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java +++ /dev/null @@ -1,155 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2017-2020 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import java.util.HashSet; -import java.util.Set; -import java.util.UUID; -import java.util.function.Supplier; -import org.drools.core.WorkingMemory; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class CallGuardTask implements Runnable { - - private static final Logger logger = LoggerFactory.getLogger(CallGuardTask.class); - - /** - * Actor/recipe pairs whose guard requests need a VF Module count. Each element is of - * the form "<actor>:<recipe>". - */ - private static final Set<String> NEEDS_VF_COUNT = new HashSet<>(); - - /** - * Actor/recipe pairs whose guard requests need the VF Module count to be incremented - * (i.e., because a module is being added). Each element is of the form - * "<actor>:<recipe>". - */ - private static final Set<String> INCR_VF_COUNT = new HashSet<>(); - - static { - INCR_VF_COUNT.add("SO:VF Module Create"); - NEEDS_VF_COUNT.addAll(INCR_VF_COUNT); - } - - private WorkingMemory workingMemory; - private String clname; - private String actor; - private String recipe; - private String target; - private String requestId; - private Integer vfCount; - - /** - * Populated once the response has been determined, which may happen during the - * constructor or later, during {@link #run()}. - */ - private PolicyGuardResponse guardResponse; - - /** - * Guard url is grabbed from PolicyEngine manager properties. - */ - public CallGuardTask(WorkingMemory wm, String cl, String act, - String rec, String tar, String reqId, Supplier<Integer> vfcnt) { - workingMemory = wm; - clname = cl; - actor = act; - recipe = rec; - requestId = reqId; - target = tar; - - vfCount = null; - - String key = act + ":" + rec; - - if (NEEDS_VF_COUNT.contains(key)) { - // this actor/recipe needs the count - get it - if ((vfCount = vfcnt.get()) == null) { - /* - * The count is missing - create an artificial Deny, which will be - * inserted into working memory when "run()" is called. - */ - guardResponse = new PolicyGuardResponse(Util.DENY, UUID.fromString(requestId), recipe); - logger.error("CallGuardTask.run missing VF Module count; requestId={}", requestId); - return; - } - - if (INCR_VF_COUNT.contains(key)) { - // this actor/recipe needs the count to be incremented - ++vfCount; - } - } - } - - @Override - public void run() { - if (guardResponse != null) { - // already have a response - just insert it - workingMemory.insert(guardResponse); - return; - } - - final long startTime = System.nanoTime(); - - PolicyGuardXacmlRequestAttributes xacmlReq = - new PolicyGuardXacmlRequestAttributes(clname, actor, recipe, target, requestId, vfCount); - - logger.debug("\n********** XACML REQUEST START ********"); - logger.debug("{}", xacmlReq); - logger.debug("********** XACML REQUEST END ********\n"); - - String guardDecision = null; - - // - // Make guard request - // - guardDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq); - - logger.debug("\n********** XACML RESPONSE START ********"); - logger.debug("{}", guardDecision); - logger.debug("********** XACML RESPONSE END ********\n"); - - // - // Check if the restful call was unsuccessful or property doesn't exist - // - if (guardDecision == null) { - logger.error("********** XACML FAILED TO CONNECT ********"); - guardDecision = Util.INDETERMINATE; - } - - guardResponse = new PolicyGuardResponse(guardDecision, UUID.fromString(this.requestId), this.recipe); - - // - // Create an artificial Guard response in case we didn't get a clear Permit or Deny - // - if ("Indeterminate".equals(guardResponse.getResult())) { - guardResponse.setOperation(recipe); - guardResponse.setRequestId(UUID.fromString(requestId)); - } - - long estimatedTime = System.nanoTime() - startTime; - logger.debug("\n\n============ Guard inserted with decision {} !!! =========== time took: {} mili sec \n\n", - guardResponse.getResult(), (double) estimatedTime / 1000 / 1000); - workingMemory.insert(guardResponse); - - } - -} diff --git a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/GuardContext.java b/controlloop/m2/guard/src/main/java/org/onap/policy/guard/GuardContext.java deleted file mode 100644 index 75163e24e..000000000 --- a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/GuardContext.java +++ /dev/null @@ -1,393 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import java.io.ObjectStreamException; -import java.io.Serializable; -import java.sql.Timestamp; -import java.time.Instant; -import java.util.HashMap; -import java.util.Properties; -import java.util.UUID; -import javax.persistence.EntityManager; -import javax.persistence.EntityManagerFactory; -import javax.persistence.Persistence; -import org.drools.core.WorkingMemory; -import org.eclipse.persistence.config.PersistenceUnitProperties; -import org.onap.policy.drools.core.PolicyContainer; -import org.onap.policy.drools.core.PolicySession; -import org.onap.policy.drools.system.PolicyControllerConstants; -import org.onap.policy.drools.system.PolicyEngineConstants; -import org.onap.policy.util.DroolsSessionCommonSerializable; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * Each instance of this class is initialized from a 'Properties' object, - * which is most likely a '*-controller.properties' file. The expectation is - * that it will be initialized within a '.drl' file, and be referenced by - * the associated 'Context' object. - */ -public class GuardContext implements Serializable { - private static final long serialVersionUID = 1L; - - private static Logger logger = LoggerFactory.getLogger(GuardContext.class); - - // object that should be serialized - private Object namedSerializable; - - /*==================================*/ - /* fields extracted from properties */ - /*==================================*/ - // contains the four database properties, 'javax.persistence.jdbc.*', - private Properties dbProperties = null; - - // initialized from 'guard.disabled', but may also be set to 'true' if - // there is an initialization error - private boolean disabled = false; - - // errors that forced 'disabled' to be set to 'true' - private String errorMessage = null; - - /*======================================================*/ - /* fields that shouldn't be included in serialized data */ - /*======================================================*/ - - // derived from DB properties - private transient EntityManagerFactory emf = null; - - /** - * Constructor - initialize the 'GuardContext' instance using the - * controller's properties file. The properties file is located using a - * 'PolicySession' instance, but the way this mapping is done isn't - * perfect -- it may use the wrong properties file if there is another - * 'PolicyContainer' instance using the same 'artifactId' and 'groupId'. - * - * @param session the 'PolicySession' instance used to locate the associated - * 'Properties' instance - */ - public GuardContext(PolicySession session) { - this(session, null); - } - - /** - * Constructor - initialize the 'GuardContext' instance using the - * controller's properties file. The properties file is located using a - * 'PolicySession' instance, but the way this mapping is done isn't - * perfect -- it may use the wrong properties file if there is another - * 'PolicyContainer' instance using the same 'artifactId' and 'groupId'. - * - * @param session the 'PolicySession' instance used to locate the associated - * 'Properties' instance - * @param serializableName a String name unique within the Drools session - * that can be used to locate the corresponding 'GuardContext' object - * on the remote host - */ - public GuardContext(PolicySession session, String serializableName) { - namedSerializable = - (serializableName == null ? this : - new DroolsSessionCommonSerializable(serializableName, this)); - - // At present, there is no simple way to get the properties based - // upon a 'PolicyContainer'. Instead, we search through all of the - // 'PolicyController' instances looking for one with a matching - // 'artifactId' and 'groupId'. Note that this may not work correctly - // if there is more than one controller using the same or different - // version of the same artifact. - - PolicyContainer container = session.getPolicyContainer(); - String artifactId = container.getArtifactId(); - String groupId = container.getGroupId(); - - Properties properties = - PolicyControllerConstants.getFactory().get(groupId, artifactId).getProperties(); - init(properties); - } - - /** - * Constructor - initialize the 'GuardContext' instance using the - * specified properties. - * - * @param properties configuration data used to initialize the 'GuardContext' instance - */ - public GuardContext(Properties properties) { - init(properties); - } - - /** - * Common initialization routine code used by both constructors. - * - * @param properties configuration data used to initialize the 'GuardContext' instance - */ - private void init(Properties properties) { - // used to store error messages - StringBuilder sb = new StringBuilder(); - - // fetch these parameters, if they exist - String disabledString = - PolicyEngineConstants.getManager().getEnvironmentProperty(Util.PROP_GUARD_DISABLED); - - if (disabledString != null) { - // decode optional 'guard.disabled' parameter - disabled = Boolean.valueOf(disabledString); - if (disabled) { - // skip everything else - return; - } - } - - // extract 'guard.java.persistence.jdbc.*' parameters, - // which are all mandatory - dbProperties = new Properties(); - setProperty(dbProperties, Util.ONAP_KEY_URL, PersistenceUnitProperties.JDBC_URL, sb); - setProperty(dbProperties, Util.ONAP_KEY_USER, PersistenceUnitProperties.JDBC_USER, sb); - setProperty(dbProperties, Util.ONAP_KEY_PASS, PersistenceUnitProperties.JDBC_PASSWORD, sb); - String driver = properties.getProperty("guard." + PersistenceUnitProperties.JDBC_DRIVER); - if (driver != null) { - dbProperties.setProperty(PersistenceUnitProperties.JDBC_DRIVER, driver); - } - dbProperties.setProperty(Util.PROP_GUARD_PERSISTENCE_UNIT, - properties.getProperty(Util.PROP_GUARD_PERSISTENCE_UNIT, Util.PU_KEY)); - - // if there are any errors, update 'errorMessage' & disable guard queries - if (sb.length() != 0) { - // remove the terminating ", ", and extract resulting error message - sb.setLength(sb.length() - 2); - errorMessage = sb.toString(); - disabled = true; - logger.error("Initialization failure: {}", errorMessage); - } - } - - /** - * Fetch a property from the PolicyEngine environment, and store it in - * a corresponding property in 'properties'. - * - * @param properties the location to store the properties - * @param srcName source environment property name - * @param destName destination property name - * @param log a 'StringBuilder' used to construct an error message, if needed - */ - private void setProperty(Properties properties, String srcName, String destName, StringBuilder log) { - String value = - PolicyEngineConstants.getManager().getEnvironmentProperty(srcName); - if (value == null) { - log.append("'").append(srcName).append("' is not defined, "); - } else { - properties.setProperty(destName, value); - } - } - - /** - * Do an asynchronous (non-blocking) HTTP REST query to see if this - * operation is permitted by 'guard'. The response is returned by - * inserting a 'PolicyGuardResponse' instance into Drools memory. - * - * @param workingMemory the Drools response is inserted here - * @param actor the processor being acted upon (e.g. "APPC") - * @param recipe otherwise known as "operation" (e.g. "Restart") - * @param target a further qualifier on 'actor'? (e.g. "VM") - * @param requestId the UUID string identifying the overall request - */ - public void asyncQuery( - WorkingMemory workingMemory, - String actor, String recipe, String target, - String requestId) { - - asyncQuery(workingMemory, actor, recipe, target, requestId, null); - } - - /** - * Do an asynchronous (non-blocking) HTTP REST query to see if this - * operation is permitted by 'guard'. The response is returned by - * inserting a 'PolicyGuardResponse' instance into Drools memory. - * - * @param workingMemory the Drools response is inserted here - * @param actor the processor being acted upon (e.g. "APPC") - * @param recipe otherwise known as "operation" (e.g. "Restart") - * @param target a further qualifier on 'actor'? (e.g. "VM") - * @param requestId the UUID string identifying the overall request - * @param controlLoopName the 'controlLoopName' value or 'null' - * (if 'null', it is ommitted from the query to 'guard') - */ - public void asyncQuery( - final WorkingMemory workingMemory, - final String actor, final String recipe, final String target, - final String requestId, final String controlLoopName) { - - if (disabled) { - logger.error("query skipped: {}", errorMessage); - workingMemory.insert( - new PolicyGuardResponse("Deny", UUID.fromString(requestId), recipe)); - return; - } - - CallGuardTask cgt = new CallGuardTask(workingMemory, controlLoopName, - actor, recipe, target, requestId, () -> null); - - PolicyEngineConstants.getManager().getExecutorService().execute(cgt); - } - - /** - * Create an 'EntityManagerFactory', if needed, and then create a new - * 'EntityManager' instance. - * - * @return a new 'EntityManager' instance - */ - private EntityManager createEntityManager() { - if (emf == null) { - // 'EntityManagerFactory' does not exist yet -- create one - - // copy database properties to a 'HashMap' - HashMap<Object, Object> propertiesMap = new HashMap<>(dbProperties); - - // use 'ClassLoader' from Drools session - propertiesMap.put("eclipselink.classloader", - GuardContext.class.getClassLoader()); - - // create DB tables, if needed - propertiesMap.put("eclipselink.ddl-generation", "create-tables"); - - // create entity manager factory - String persistenceUnit = dbProperties.getProperty(Util.PROP_GUARD_PERSISTENCE_UNIT); - emf = Persistence.createEntityManagerFactory(persistenceUnit, propertiesMap); - } - - // create and return the 'EntityManager' - return emf.createEntityManager(); - } - - /** - * This is a synchronous (blocking) method, which creates a database entity - * for an in-progress request. - * - * @param starttime this is used as the 'starttime' timestamp in the record - * @param endtime this is used as the 'endtime' timestamp in the record - * @param closedLoopControlName uniquely identifies the Drools rules - * @param actor the processor being acted upon (e.g. "APPC") - * @param recipe otherwise known as "operation" (e.g. "Restart") - * @param target a further qualifier on 'actor'? (e.g. "VM") - * @param requestId the UUID string identifying the overall request - * @param subRequestId further qualifier on 'requestId' - * @param message indicates success status, or reason for failure - * @param outcome 'PolicyResult' enumeration string - * @return 'true' if the operation was successful, and 'false' if not - */ - public boolean createDbEntry( - Instant starttime, Instant endtime, String closedLoopControlName, - String actor, String recipe, String target, - String requestId, String subRequestId, String message, String outcome) { - - if (disabled) { - if (errorMessage != null) { - logger.error("Database update skipped: {}", errorMessage); - } - return false; - } - - EntityManager em = null; - boolean rval = false; - - try { - em = createEntityManager(); - - // create the new DB table entry - OperationsHistory newEntry = new OperationsHistory(); - - // populate the new DB table entry - newEntry.setClosedLoopName(closedLoopControlName); - newEntry.setRequestId(requestId); - newEntry.setActor(actor); - newEntry.setOperation(recipe); - newEntry.setTarget(target); - newEntry.setStarttime(new Timestamp(starttime.toEpochMilli())); - newEntry.setSubrequestId(subRequestId); - - newEntry.setEndtime(new Timestamp(endtime.toEpochMilli())); - newEntry.setMessage(message); - newEntry.setOutcome(outcome); - - // store the new entry in the DB - em.getTransaction().begin(); - em.persist(newEntry); - em.getTransaction().commit(); - - rval = true; - } finally { - // free EntityManager - if (em != null) { - em.close(); - } - } - return rval; - } - - /** - * This is an asynchronous (non-blocking) method, which creates a database - * entity for an in-progress request. - * - * @param starttime this is used as the 'starttime' timestamp in the record - * @param endtime this is used as the 'endtime' timestamp in the record - * @param closedLoopControlName uniquely identifies the Drools rules - * @param actor the processor being acted upon (e.g. "APPC") - * @param recipe otherwise known as "operation" (e.g. "Restart") - * @param target a further qualifier on 'actor'? (e.g. "VM") - * @param requestId the UUID string identifying the overall request - * @param subRequestId further qualifier on 'requestId' - * @param message indicates success status, or reason for failure - * @param outcome 'PolicyResult' enumeration string - */ - public void asyncCreateDbEntry( - final Instant starttime, final Instant endtime, - final String closedLoopControlName, - final String actor, final String recipe, final String target, - final String requestId, final String subRequestId, - final String message, final String outcome) { - if (disabled) { - if (errorMessage != null) { - logger.error("Database update skipped: {}", errorMessage); - } - return; - } - - PolicyEngineConstants.getManager().getExecutorService().execute(() -> { - try { - // using a separate thread, call the synchronous 'createDbEntry' - // method - createDbEntry(starttime, endtime, closedLoopControlName, - actor, recipe, target, requestId, subRequestId, - message, outcome); - } catch (Exception e) { - logger.error("GuardContext.asyncCreateDbEntry", e); - } - }); - } - - /** - * This method is used as part of serialization -- 'namedSerializable' - * is serialized instead of 'this'. - * - * @return the object to be serialized - */ - private Object writeReplace() throws ObjectStreamException { - return namedSerializable; - } -} diff --git a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/GuardResult.java b/controlloop/m2/guard/src/main/java/org/onap/policy/guard/GuardResult.java deleted file mode 100644 index 6b11c1afa..000000000 --- a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/GuardResult.java +++ /dev/null @@ -1,25 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -public enum GuardResult { - LOCK_ACQUIRED, LOCK_DENIED, LOCK_EXCEPTION; -} diff --git a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/PolicyGuardRequest.java b/controlloop/m2/guard/src/main/java/org/onap/policy/guard/PolicyGuardRequest.java deleted file mode 100644 index 8887e00b7..000000000 --- a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/PolicyGuardRequest.java +++ /dev/null @@ -1,84 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import java.util.UUID; - -public class PolicyGuardRequest { - private String actor; - private String target; - private UUID requestId; - private String operation; - - /** - * Construct an instance. - * - * @param actor the actor - * @param target the target - * @param requestId the request Id - * @param operation the operation - */ - public PolicyGuardRequest(String actor, String target, UUID requestId, String operation) { - super(); - this.actor = actor; - this.target = target; - this.requestId = requestId; - this.operation = operation; - } - - @Override - public String toString() { - return "PolicyGuardRequest [actor=" + actor + ", target=" + target + ", requestId=" + requestId + ", operation=" - + operation + "]"; - } - - public String getActor() { - return actor; - } - - public void setActor(String actor) { - this.actor = actor; - } - - public String getTarget() { - return target; - } - - public void setTarget(String target) { - this.target = target; - } - - public UUID getRequestId() { - return requestId; - } - - public void setRequestId(UUID requestId) { - this.requestId = requestId; - } - - public String getOperation() { - return operation; - } - - public void setOperation(String operation) { - this.operation = operation; - } -} diff --git a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/PolicyGuardResponse.java b/controlloop/m2/guard/src/main/java/org/onap/policy/guard/PolicyGuardResponse.java deleted file mode 100644 index 574c50b79..000000000 --- a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/PolicyGuardResponse.java +++ /dev/null @@ -1,71 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import java.util.UUID; - -public class PolicyGuardResponse { - private UUID requestId; - private String operation; - private String result; - - /** - * Create an instance. - * - * @param result the result - * @param req the request Id - * @param op the operation - */ - public PolicyGuardResponse(String result, UUID req, String op) { - this.result = result; - this.requestId = req; - this.operation = op; - } - - @Override - public String toString() { - return "PolicyGuardResponse [requestId=" + requestId + ", operation=" + operation + ", result=" + result + "]"; - } - - public UUID getRequestId() { - return requestId; - } - - public void setRequestId(UUID requestId) { - this.requestId = requestId; - } - - public String getResult() { - return result; - } - - public void setResult(String result) { - this.result = result; - } - - public String getOperation() { - return operation; - } - - public void setOperation(String operation) { - this.operation = operation; - } -} diff --git a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java b/controlloop/m2/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java deleted file mode 100644 index d9ace1d83..000000000 --- a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlHelper.java +++ /dev/null @@ -1,139 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP - * ================================================================================ - * Copyright (C) 2017-2020 AT&T Intellectual Property. All rights reserved. - * Modifications Copyright (C) 2019 Samsung Electronics Co., Ltd. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import java.util.HashMap; -import java.util.Map; -import java.util.UUID; -import org.apache.commons.lang3.tuple.Pair; -import org.onap.policy.common.endpoints.event.comm.Topic.CommInfrastructure; -import org.onap.policy.common.endpoints.utils.NetLoggerUtil; -import org.onap.policy.common.endpoints.utils.NetLoggerUtil.EventType; -import org.onap.policy.common.utils.coder.CoderException; -import org.onap.policy.common.utils.coder.StandardCoder; -import org.onap.policy.drools.system.PolicyEngineConstants; -import org.onap.policy.models.decisions.concepts.DecisionRequest; -import org.onap.policy.models.decisions.concepts.DecisionResponse; -import org.onap.policy.rest.RestManager; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - - -public class PolicyGuardXacmlHelper { - private static final Logger logger = LoggerFactory.getLogger(PolicyGuardXacmlHelper.class); - - private String url; - private String user; - private String pwd; - - /** - * Constructor. - */ - public PolicyGuardXacmlHelper() { - this.url = PolicyEngineConstants.getManager().getEnvironmentProperty("guard.url"); - this.user = PolicyEngineConstants.getManager().getEnvironmentProperty("pdpx.username"); - this.pwd = PolicyEngineConstants.getManager().getEnvironmentProperty("pdpx.password"); - } - - /** - * Call PDP. - * - * @param xacmlReq the XACML request - * @return the response - */ - public String callPdp(PolicyGuardXacmlRequestAttributes xacmlReq) { - // - // Create a request suitable for API - // - DecisionRequest decisionRequest = new DecisionRequest(); - decisionRequest.setOnapName("Policy"); - decisionRequest.setOnapComponent("Drools PDP"); - decisionRequest.setOnapInstance("usecase template"); - decisionRequest.setRequestId(UUID.randomUUID().toString()); - decisionRequest.setAction("guard"); - Map<String, String> guard = new HashMap<>(); - guard.put("actor", xacmlReq.getActorId()); - guard.put("operation", xacmlReq.getOperationId()); - guard.put("target", xacmlReq.getTargetId()); - if (xacmlReq.getClnameId() != null) { - guard.put("clname", xacmlReq.getClnameId()); - } - if (xacmlReq.getVfCount() != null) { - guard.put("vfCount", Integer.toString(xacmlReq.getVfCount())); - } - Map<String, Object> resources = new HashMap<>(); - resources.put("guard", guard); - decisionRequest.setResource(resources); - - try { - // - // Call RESTful PDP - // - NetLoggerUtil.log(EventType.OUT, CommInfrastructure.REST, this.url, decisionRequest.toString()); - String response = callRestfulPdp(decisionRequest); - NetLoggerUtil.log(EventType.IN, CommInfrastructure.REST, this.url, response); - - return response; - } catch (Exception e) { - logger.error("Exception in sending RESTful request: ", e); - } - - return Util.DENY; - } - - /** - * This makes an HTTP POST call to a running PDP RESTful servlet to get a decision. - * - * @param decisionRequest The Decision request - * @return response from guard which contains "Permit" or "Deny" - * @throws CoderException Exception when converting to/from JSON the message body - */ - private String callRestfulPdp(DecisionRequest decisionRequest) throws CoderException { - StandardCoder coder = new StandardCoder(); - - String jsonBody = coder.encode(decisionRequest); - RestManager restManager = new RestManager(); - - Map<String, String> headers = new HashMap<>(); - headers.put("Accepts", "application/json"); - - logger.info("Guard Decision Request: {}", jsonBody); - - Pair<Integer, String> httpDetails = restManager.post(url, user, pwd, headers, "application/json", jsonBody); - - if (httpDetails == null) { - logger.error("Guard rest call returned a null pair - defaulting to DENY"); - return Util.DENY; - } - - logger.info("Guard Decision REST Response {} {}", httpDetails.getLeft(), httpDetails.getRight()); - - if (httpDetails.getLeft() == 200) { - DecisionResponse decision = coder.decode(httpDetails.getRight(), DecisionResponse.class); - logger.info("Guard Decision {}", decision); - return decision.getStatus(); - } - - return Util.DENY; - } - -} diff --git a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java b/controlloop/m2/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java deleted file mode 100644 index c888f94c1..000000000 --- a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java +++ /dev/null @@ -1,123 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import com.att.research.xacml.std.annotations.XACMLAction; -import com.att.research.xacml.std.annotations.XACMLRequest; -import com.att.research.xacml.std.annotations.XACMLResource; -import com.att.research.xacml.std.annotations.XACMLSubject; - -@XACMLRequest(ReturnPolicyIdList = true, CombinedDecision = true) -public class PolicyGuardXacmlRequestAttributes { - - @XACMLSubject(includeInResults = true, attributeId = "urn:org:onap:guard:clname:clname-id") - String clnameId; - - @XACMLSubject(includeInResults = true, attributeId = "urn:org:onap:guard:actor:actor-id") - String actorId; - - @XACMLAction(includeInResults = true, attributeId = "urn:org:onap:guard:operation:operation-id") - String operationId; - - @XACMLResource(includeInResults = true, attributeId = "urn:org:onap:guard:target:target-id") - String targetId; - - @XACMLResource(includeInResults = true, attributeId = "urn:org:onap:guard:request:request-id") - String requestId; - - @XACMLResource(includeInResults = true, attributeId = "urn:org:onap:guard:request:vf-count") - Integer vfCount; - - /** - * Construct an instance. - * - * @param clnameId the control loop Id - * @param actorId the actor Id - * @param operationId the operation Id - * @param targetId the target Id - * @param requestId the request Id - * @param vfCount the new number of VF Modules - */ - public PolicyGuardXacmlRequestAttributes(String clnameId, String actorId, String operationId, String targetId, - String requestId, Integer vfCount) { - super(); - this.clnameId = clnameId; - this.actorId = actorId; - this.operationId = operationId; - this.targetId = targetId; - this.requestId = requestId; - this.vfCount = vfCount; - } - - @Override - public String toString() { - return "PolicyGuardXacmlRequestAttributes [actorId=" + actorId + ", operationId=" + operationId + ", targetId=" - + targetId + ", requestId=" + requestId + "]"; - } - - public String getActorId() { - return actorId; - } - - public void setActorId(String actorId) { - this.actorId = actorId; - } - - public String getOperationId() { - return operationId; - } - - public void setOperationId(String operationId) { - this.operationId = operationId; - } - - public String getTargetId() { - return targetId; - } - - public void setTargetId(String targetId) { - this.targetId = targetId; - } - - public String getRequestId() { - return requestId; - } - - public void setRequestId(String requestId) { - this.requestId = requestId; - } - - public String getClnameId() { - return clnameId; - } - - public void setClnameId(String clnameId) { - this.clnameId = clnameId; - } - - public Integer getVfCount() { - return vfCount; - } - - public void setVfCount(Integer vfCount) { - this.vfCount = vfCount; - } -} diff --git a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/PolicyGuardYamlToXacml.java b/controlloop/m2/guard/src/main/java/org/onap/policy/guard/PolicyGuardYamlToXacml.java deleted file mode 100644 index 60ccce05d..000000000 --- a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/PolicyGuardYamlToXacml.java +++ /dev/null @@ -1,210 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2017, 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import java.io.IOException; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.util.List; -import java.util.function.Consumer; -import org.onap.policy.controlloop.policy.guard.Constraint; -import org.onap.policy.controlloop.policy.guard.ControlLoopGuard; -import org.onap.policy.controlloop.policy.guard.GuardPolicy; -import org.onap.policy.controlloop.policy.guard.MatchParameters; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class PolicyGuardYamlToXacml { - private static final Logger logger = LoggerFactory.getLogger(PolicyGuardYamlToXacml.class); - - private PolicyGuardYamlToXacml() { - // Construction of this static class is not allowed - } - - /** - * Convert from Yaml to Xacml. - * - * @param yamlFile the Yaml file - * @param xacmlTemplate the Xacml template - * @param xacmlPolicyOutput the Xacml output - */ - public static void fromYamlToXacml(String yamlFile, String xacmlTemplate, String xacmlPolicyOutput) { - fromYamlToXacml(yamlFile, xacmlTemplate, xacmlPolicyOutput, PolicyGuardYamlToXacml::generateXacmlGuard, - constraint -> { - logger.debug("num: {}", constraint.getFreq_limit_per_target()); - logger.debug("duration: {}", constraint.getTime_window()); - logger.debug("time_in_range: {}", constraint.getActive_time_range()); - }); - } - - /** - * Convert from Yaml to Xacml. - * - * @param yamlFile the Yaml file - * @param xacmlTemplate the Xacml template - * @param xacmlPolicyOutput the Xacml output - * @param generator function to generate the yaml from the xacml - * @param logConstraint function to log relevant fields of the constraint - */ - public static void fromYamlToXacml(String yamlFile, String xacmlTemplate, String xacmlPolicyOutput, - Generator generator, Consumer<Constraint> logConstraint) { - - ControlLoopGuard yamlGuardObject = Util.loadYamlGuard(yamlFile); - GuardPolicy guardPolicy = yamlGuardObject.getGuards().get(0); - logger.debug("clname: {}", guardPolicy.getMatch_parameters().getControlLoopName()); - logger.debug("actor: {}", guardPolicy.getMatch_parameters().getActor()); - logger.debug("recipe: {}", guardPolicy.getMatch_parameters().getRecipe()); - Constraint constraint = guardPolicy.getLimit_constraints().get(0); - logConstraint.accept(constraint); - - Path xacmlTemplatePath = Paths.get(xacmlTemplate); - String xacmlTemplateContent; - - try { - xacmlTemplateContent = new String(Files.readAllBytes(xacmlTemplatePath)); - - String xacmlPolicyContent = generator.apply(xacmlTemplateContent, - guardPolicy.getMatch_parameters(), constraint); - - Files.write(Paths.get(xacmlPolicyOutput), xacmlPolicyContent.getBytes()); - - } catch (IOException e) { - logger.error("fromYamlToXacml threw: ", e); - } - } - - /** - * Generate a Xacml guard. - * - * @param xacmlTemplateContent the Xacml template content - * @param matchParameters the paremeters to use - * @param constraint the constraint to use - * @return the guard - */ - private static String generateXacmlGuard(String xacmlTemplateContent, MatchParameters matchParameters, - Constraint constraint) { - - xacmlTemplateContent = doCommonReplacements(xacmlTemplateContent, matchParameters, constraint); - - String targetsRegex = ""; - if (isNullOrEmptyList(matchParameters.getTargets())) { - targetsRegex = ".*"; - } else { - StringBuilder targetsRegexSb = new StringBuilder(); - boolean addBarChar = false; - for (String t : matchParameters.getTargets()) { - targetsRegexSb.append(t); - if (addBarChar) { - targetsRegexSb.append("|"); - } else { - addBarChar = true; - } - } - targetsRegex = targetsRegexSb.toString(); - } - xacmlTemplateContent = xacmlTemplateContent.replace("${targets}", targetsRegex); - - xacmlTemplateContent = xacmlTemplateContent.replace("${limit}", - constraint.getFreq_limit_per_target().toString()); - - xacmlTemplateContent = xacmlTemplateContent.replace("${twValue}", constraint.getTime_window().get("value")); - - xacmlTemplateContent = xacmlTemplateContent.replace("${twUnits}", constraint.getTime_window().get("units")); - - logger.debug(xacmlTemplateContent); - - return xacmlTemplateContent; - } - - private static String doCommonReplacements(String xacmlTemplateContent, MatchParameters matchParameters, - Constraint constraint) { - - replaceNullOrEmpty(matchParameters.getControlLoopName(), matchParameters::setControlLoopName, ".*"); - xacmlTemplateContent = xacmlTemplateContent.replace("${clname}", matchParameters.getControlLoopName()); - - replaceNullOrEmpty(matchParameters.getActor(), matchParameters::setActor, ".*"); - xacmlTemplateContent = xacmlTemplateContent.replace("${actor}", matchParameters.getActor()); - - replaceNullOrEmpty(matchParameters.getRecipe(), matchParameters::setRecipe, ".*"); - xacmlTemplateContent = xacmlTemplateContent.replace("${recipe}", matchParameters.getRecipe()); - - xacmlTemplateContent = xacmlTemplateContent.replace("${guardActiveStart}", - constraint.getActive_time_range().get("start")); - - xacmlTemplateContent = xacmlTemplateContent.replace("${guardActiveEnd}", - constraint.getActive_time_range().get("end")); - - return xacmlTemplateContent; - } - - private static void replaceNullOrEmpty(String text, Consumer<String> replacer, String newValue) { - if (isNullOrEmpty(text)) { - replacer.accept(newValue); - } - } - - public static boolean isNullOrEmpty(String string) { - return string == null || string.trim().isEmpty(); - } - - public static boolean isNullOrEmptyList(List<String> list) { - return list == null || list.isEmpty(); - } - - /** - * Convert from Yaml to Xacml blacklist. - * - * @param yamlFile the Yaml file - * @param xacmlTemplate the Xacml template - * @param xacmlPolicyOutput the Xacml output - */ - public static void fromYamlToXacmlBlacklist(String yamlFile, String xacmlTemplate, String xacmlPolicyOutput) { - fromYamlToXacml(yamlFile, xacmlTemplate, xacmlPolicyOutput, PolicyGuardYamlToXacml::generateXacmlGuardBlacklist, - constraint -> { - logger.debug("freq_limit_per_target: {}", constraint.getFreq_limit_per_target()); - logger.debug("time_window: {}", constraint.getTime_window()); - logger.debug("active_time_range: {}", constraint.getActive_time_range()); - }); - } - - private static String generateXacmlGuardBlacklist(String xacmlTemplateContent, MatchParameters matchParameters, - Constraint constraint) { - - String result = doCommonReplacements(xacmlTemplateContent, matchParameters, constraint); - - for (String target : constraint.getBlacklist()) { - result = result.replace("${blackListElement}", - "<AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">" + target - + "</AttributeValue>" + "\n\t\t\t\t\t\t\\${blackListElement}\n"); - } - - result = result.replace("\t\t\t\t\t\t\\${blackListElement}\n", ""); - - return result; - } - - @FunctionalInterface - private static interface Generator { - public String apply(String xacmlTemplateContent, MatchParameters matchParameters, - Constraint constraint); - } -} diff --git a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/Util.java b/controlloop/m2/guard/src/main/java/org/onap/policy/guard/Util.java deleted file mode 100644 index d1eed1bb4..000000000 --- a/controlloop/m2/guard/src/main/java/org/onap/policy/guard/Util.java +++ /dev/null @@ -1,146 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2017-2020 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.nio.charset.StandardCharsets; -import org.apache.commons.io.IOUtils; -import org.onap.policy.controlloop.policy.ControlLoopPolicy; -import org.onap.policy.controlloop.policy.guard.ControlLoopGuard; -import org.onap.policy.drools.system.PolicyEngineConstants; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.yaml.snakeyaml.Yaml; -import org.yaml.snakeyaml.constructor.Constructor; - -public final class Util { - /* - * Keys for guard properties - */ - public static final String PROP_GUARD_URL = "guard.url"; - public static final String PROP_GUARD_USER = "pdpx.username"; - public static final String PROP_GUARD_PASS = "pdpx.password"; - public static final String PROP_GUARD_DISABLED = "guard.disabled"; - public static final String PROP_GUARD_PERSISTENCE_UNIT = "guard.persistenceUnit"; - - /* - * Keys for ONAP properties - */ - public static final String ONAP_KEY_URL = "guard.jdbc.url"; - public static final String ONAP_KEY_USER = "sql.db.username"; - public static final String ONAP_KEY_PASS = "sql.db.password"; - - /* - * Guard responses - */ - public static final String INDETERMINATE = "Indeterminate"; - public static final String PERMIT = "Permit"; - public static final String DENY = "Deny"; - - /* - * Junit props - */ - protected static final String PU_KEY = "OperationsHistoryPU"; - protected static final String JUNITPU = "OperationsHistoryPUTest"; - - private static final Logger logger = LoggerFactory.getLogger(Util.class); - - public static class Pair<A, B> { - public final A parameterA; - public final B parameterB; - - public Pair(A parameterA, B parameterB) { - this.parameterA = parameterA; - this.parameterB = parameterB; - } - } - - private Util() { - // This static class cannot be instantiated - } - - /** - * Load a Yaml file. - * - * @param testFile the Yaml file - * @return the policies - */ - public static Pair<ControlLoopPolicy, String> loadYaml(String testFile) { - try (InputStream is = new FileInputStream(new File(testFile))) { - String contents = IOUtils.toString(is, StandardCharsets.UTF_8); - // - // Read the yaml into our Java Object - // - Yaml yaml = new Yaml(new Constructor(ControlLoopPolicy.class)); - Object obj = yaml.load(contents); - - logger.debug(contents); - - return new Pair<>((ControlLoopPolicy) obj, contents); - } catch (IOException e) { - logger.error(e.getLocalizedMessage(), e); - } - return null; - } - - /** - * Load a Yaml guard. - * - * @param testFile the Yaml file - * @return the guard - */ - public static ControlLoopGuard loadYamlGuard(String testFile) { - try (InputStream is = new FileInputStream(new File(testFile))) { - String contents = IOUtils.toString(is, StandardCharsets.UTF_8); - // - // Read the yaml into our Java Object - // - Yaml yaml = new Yaml(new Constructor(ControlLoopGuard.class)); - Object obj = yaml.load(contents); - return (ControlLoopGuard) obj; - } catch (IOException e) { - logger.error(e.getLocalizedMessage(), e); - } - return null; - } - - /** - * Sets Guard Properties. - * - * <p>see /guard/src/test/java/org/onap/policy/guard/UtilTest.java for setting test properties - */ - public static void setGuardEnvProps(String url, String username, String password) { - PolicyEngineConstants.getManager().setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_URL, url); - PolicyEngineConstants.getManager().setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_USER, username); - PolicyEngineConstants.getManager().setEnvironmentProperty(org.onap.policy.guard.Util.PROP_GUARD_PASS, password); - } - - public static void setGuardEnvProp(String key, String value) { - PolicyEngineConstants.getManager().setEnvironmentProperty(key, value); - } - - public static String getGuardProp(String propName) { - return PolicyEngineConstants.getManager().getEnvironmentProperty(propName); - } -} diff --git a/controlloop/m2/guard/src/main/resources/META-INF/persistence.xml b/controlloop/m2/guard/src/main/resources/META-INF/persistence.xml deleted file mode 100644 index cf7e28190..000000000 --- a/controlloop/m2/guard/src/main/resources/META-INF/persistence.xml +++ /dev/null @@ -1,43 +0,0 @@ -<?xml version="1.0" encoding="UTF-8" ?> -<!-- - ============LICENSE_START======================================================= - drools-applications - ================================================================================ - Copyright (C) 2018-2020 AT&T Intellectual Property. All rights reserved. - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ============LICENSE_END========================================================= - --> -<persistence xmlns="http://java.sun.com/xml/ns/persistence" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://java.sun.com/xml/ns/persistence - http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd" version="1.0"> - - <persistence-unit name="OperationsHistoryPU" transaction-type="RESOURCE_LOCAL"> - <provider>org.eclipse.persistence.jpa.PersistenceProvider</provider> - - <class>org.onap.policy.guard.OperationsHistory</class> - - <properties> - <property name="eclipselink.ddl-generation" value="create-tables"/> - <property name="eclipselink.logging.level" value="INFO" /> - <property name="javax.persistence.jdbc.driver" value="org.mariadb.jdbc.Driver" /> - <property name="javax.persistence.jdbc.url" value="jdbc:mariadb://mariadb:3306/operationshistory"/> - <property name="javax.persistence.jdbc.user" value="policy_user"/> - <property name="javax.persistence.jdbc.password" value="cG9saWN5X3VzZXI="/> - <property name="javax.persistence.schema-generation.database.action" value="drop-and-create"/> - <property name="javax.persistence.schema-generation.create-source" value="metadata"/> - </properties> - </persistence-unit> - -</persistence> diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java deleted file mode 100644 index 3a647b130..000000000 --- a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/CallGuardTaskTest.java +++ /dev/null @@ -1,78 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import static org.mockito.ArgumentMatchers.argThat; -import static org.mockito.ArgumentMatchers.isNotNull; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; - -import java.util.function.Supplier; -import org.drools.core.WorkingMemory; -import org.junit.Test; - -public class CallGuardTaskTest { - - private static final String REQ_ID = "1-2-3-4-5"; - private static final String REQ_MATCHER = "0+1-0+2-0+3-0+4-0+5"; - private static final String VF_COUNT_ACTOR = "SO"; - private static final String INCR_VF_COUNT_RECIPE = "VF Module Create"; - - /** - * Tests that "run" works, and inserts guard response into working memory. - */ - @Test - public void testRun() { - // plain - doesn't need VF module count - //doTestRun(Util.INDETERMINATE, "act", "rec", () -> null); - - // SO actor, but plain recipe - doesn't need VF module count - //doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, "rec", () -> null); - - // plain actor, but scale-out recipe - doesn't need VF module count - //doTestRun(Util.INDETERMINATE, "act", "VF Module Create", () -> null); - - // needs VF count - //doTestRun(Util.INDETERMINATE, VF_COUNT_ACTOR, INCR_VF_COUNT_RECIPE, () -> 22); - - // needs VF count, but it's missing ==> DENY - doTestRun(Util.DENY, VF_COUNT_ACTOR, INCR_VF_COUNT_RECIPE, () -> null); - } - - private void doTestRun(String status, String actor, String recipe, Supplier<Integer> vfCount) { - WorkingMemory mockWorkingSession = mock(WorkingMemory.class); - when(mockWorkingSession.insert(isNotNull())).thenReturn(null); - // Create CallGuardTask and run - CallGuardTask cgt = new CallGuardTask(mockWorkingSession, "cl", actor, recipe, "tar", REQ_ID, vfCount); - cgt.run(); - verify(mockWorkingSession).insert(argThat((Object obj) -> { - if (!(obj instanceof PolicyGuardResponse)) { - return false; - } - // Check if the inserted response is PolicyGuardResponse, is Indeterminate, - // and has same reqID - PolicyGuardResponse response = (PolicyGuardResponse) obj; - // req ID has form 00000001-0002-0003-0004-000000000005 - return status.equals(response.getResult()) && response.getRequestId().toString().matches(REQ_MATCHER); - })); - } -} diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardContextTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardContextTest.java deleted file mode 100644 index 1b375cf21..000000000 --- a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardContextTest.java +++ /dev/null @@ -1,194 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import static org.assertj.core.api.Assertions.assertThatExceptionOfType; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; -import static org.mockito.ArgumentMatchers.isNotNull; -import static org.mockito.Mockito.atLeast; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; - -import java.io.IOException; -import java.time.Instant; -import java.util.Properties; -import java.util.UUID; -import java.util.concurrent.LinkedBlockingQueue; -import java.util.concurrent.TimeUnit; -import org.drools.core.WorkingMemory; -import org.junit.AfterClass; -import org.junit.BeforeClass; -import org.junit.Test; -import org.mockito.Mockito; -import org.onap.policy.drools.core.PolicyContainer; -import org.onap.policy.drools.core.PolicySession; -import org.onap.policy.drools.system.PolicyEngineConstants; - -public class GuardContextTest { - - private static Properties prop; - private static GuardContext guardContext; - private static WorkingMemory workingMemory; - private static LinkedBlockingQueue<Object> queue = new LinkedBlockingQueue<>(); - - /** - * Class-level initialization. - */ - @BeforeClass - public static void setup() throws IOException { - PolicyEngineConstants.getManager().configure(new Properties()); - PolicyEngineConstants.getManager().start(); - - prop = new Properties(); - prop.setProperty("guard.pdp.rest.url", "http://www.google.com/"); - prop.setProperty("guard.pdp.rest.client.user", "testuser"); - prop.setProperty("guard.pdp.rest.client.password", "testpassword"); - prop.setProperty("guard.pdp.rest.timeout", "1000"); - prop.setProperty("guard.pdp.rest.environment", "dev"); - - workingMemory = mock(WorkingMemory.class); - when(workingMemory.insert(isNotNull())).thenAnswer( - invocation -> { - queue.add(invocation.getArgument(0)); - return null; - }); - } - - @AfterClass - public static void stop() { - PolicyEngineConstants.getManager().stop(); - } - - @Test - public void testGuardDbResponse() throws InterruptedException { - Properties props = new Properties(prop); - props.setProperty(Util.PROP_GUARD_PERSISTENCE_UNIT, Util.JUNITPU); - props.setProperty("guard.disabled", "false"); - props.setProperty("guard.javax.persistence.jdbc.user", "user"); - props.setProperty("guard.javax.persistence.jdbc.password", "secret"); - props.setProperty("guard.javax.persistence.jdbc.driver", "org.h2.Driver"); - props.setProperty("guard.javax.persistence.jdbc.url", "jdbc:h2:mem:testGuardDbResponse"); - - guardContext = new GuardContext(props); - assertNotNull(guardContext); - - guardContext.asyncCreateDbEntry(Instant.now().minusSeconds(1), Instant.now(), - "testCLName", "testActor", "testRecipe", "testTarget", - UUID.randomUUID().toString(), "1", "testMessage", "testOutcome"); - - queue.clear(); - guardContext.asyncQuery(workingMemory, "testActor", "testRecipe", - "testTarget", UUID.randomUUID().toString(), "testCLName"); - Object response = queue.poll(10, TimeUnit.SECONDS); - assertNotNull(response); - } - - @Test - public void testBadValues() throws InterruptedException { - Properties props = new Properties(prop); - props.setProperty("guard.disabled", "true"); - props.setProperty("guard.pdp.rest.client.user", ""); - props.setProperty("guard.pdp.rest.client.password", ""); - props.setProperty("guard.pdp.rest.url", "bad,testuser,testpassword"); - - guardContext = new GuardContext(props); - - guardContext.asyncCreateDbEntry(Instant.now().minusSeconds(1), Instant.now(), - "testCLName", "testActor", "testRecipe", "testTarget", - UUID.randomUUID().toString(), "1", "testMessage", "testOutcome"); - - queue.clear(); - guardContext.asyncQuery(workingMemory, "testActor", "testRecipe", - "testTarget", UUID.randomUUID().toString()); - Object response = queue.poll(10, TimeUnit.SECONDS); - assertNotNull(response); - } - - @Test - public void testPolicyGuardResponse() { - UUID requestId = UUID.randomUUID(); - PolicyGuardResponse emptyResponse1 = new PolicyGuardResponse(null, null, null); - - assertNotNull(emptyResponse1); - - PolicyGuardResponse response = new PolicyGuardResponse("Some Result", requestId, "Some Details"); - - response.setRequestId(requestId); - assertEquals(requestId, response.getRequestId()); - - response.setResult("Some Result"); - assertEquals("Some Result", response.getResult()); - - assertEquals("PolicyGuardResponse [requestId=", response.toString().substring(0, 31)); - } - - @Test - public void testConstructors() { - PolicySession mockPolicySession = Mockito.mock(PolicySession.class); - PolicyContainer mockPolicyContainer = Mockito.mock(PolicyContainer.class); - - when(mockPolicySession.getPolicyContainer()).thenReturn(mockPolicyContainer); - when(mockPolicyContainer.getArtifactId()).thenReturn("testArtifactId"); - when(mockPolicyContainer.getGroupId()).thenReturn("testGroupId"); - - assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> { - guardContext = new GuardContext(mockPolicySession); - }); - - assertThatExceptionOfType(IllegalArgumentException.class).isThrownBy(() -> { - guardContext = new GuardContext(mockPolicySession, "testSerializableName"); - }); - - verify(mockPolicySession, atLeast(1)).getPolicyContainer(); - verify(mockPolicyContainer, atLeast(1)).getArtifactId(); - verify(mockPolicyContainer, atLeast(1)).getGroupId(); - } - - @Test - public void testCreateDbEntry() { - Properties props = new Properties(); - props.setProperty(Util.PROP_GUARD_PERSISTENCE_UNIT, Util.JUNITPU); - Instant startTime = Instant.now(); - Instant endTime = Instant.now(); - - guardContext = new GuardContext(props); - assertFalse(guardContext.createDbEntry(startTime, endTime, "testClosedLoopControlName", "testActor", - "testRecipe", "testTarget", "testRequestId", "testSubRequestId", "testMessage", "testOutcome")); - - PolicyEngineConstants.getManager().setEnvironmentProperty("guard.disabled", "true"); - assertFalse(guardContext.createDbEntry(startTime, endTime, "testClosedLoopControlName", "testActor", - "testRecipe", "testTarget", "testRequestId", "testSubRequestId", "testMessage", "testOutcome")); - - PolicyEngineConstants.getManager().setEnvironmentProperty("guard.disabled", ""); - PolicyEngineConstants.getManager().setEnvironmentProperty("guard.jdbc.url", "jdbc:h2:mem:testCreateDbEntry"); - PolicyEngineConstants.getManager().setEnvironmentProperty("sql.db.username", "user"); - PolicyEngineConstants.getManager().setEnvironmentProperty("sql.db.password", "secret"); - guardContext = new GuardContext(props); - assertTrue(guardContext.createDbEntry(startTime, endTime, "testClosedLoopControlName", "testActor", - "testRecipe", "testTarget", "testRequestId", "testSubRequestId", "testMessage", "testOutcome")); - - PolicyEngineConstants.getManager().setEnvironmentProperty("guard.disabled", ""); - } -} diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardResultTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardResultTest.java deleted file mode 100644 index 6fe0f2b50..000000000 --- a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardResultTest.java +++ /dev/null @@ -1,42 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2018 Ericsson. All rights reserved. - * Modifications Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; - -import org.junit.Test; - -public class GuardResultTest { - - @Test - public void testGuardResult() { - assertEquals(3, GuardResult.values().length); - assertNotNull(GuardResult.LOCK_ACQUIRED); - assertNotNull(GuardResult.LOCK_DENIED); - assertNotNull(GuardResult.LOCK_EXCEPTION); - - assertEquals(GuardResult.LOCK_ACQUIRED, GuardResult.valueOf("LOCK_ACQUIRED")); - assertEquals(GuardResult.LOCK_DENIED, GuardResult.valueOf("LOCK_DENIED")); - assertEquals(GuardResult.LOCK_EXCEPTION, GuardResult.valueOf("LOCK_EXCEPTION")); - } -} diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java deleted file mode 100644 index e17207634..000000000 --- a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/GuardUtilTest.java +++ /dev/null @@ -1,102 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2018 Ericsson. All rights reserved. - * Modifications Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNull; - -import com.google.common.io.Files; -import java.io.File; -import java.io.IOException; -import org.junit.Test; -import org.onap.policy.controlloop.policy.ControlLoopPolicy; -import org.onap.policy.controlloop.policy.guard.ControlLoopGuard; -import org.onap.policy.guard.Util.Pair; -import org.yaml.snakeyaml.Yaml; -import org.yaml.snakeyaml.constructor.Constructor; - -public class GuardUtilTest { - @Test - public void testLoadYamlOk() throws IOException { - File tempYamlFile = File.createTempFile("ONAPPF", "yaml"); - tempYamlFile.deleteOnExit(); - - ControlLoopPolicy clPolicy = new ControlLoopPolicy(); - - Yaml clYaml = new Yaml(new Constructor(ControlLoopPolicy.class)); - String clYamlString = clYaml.dump(clPolicy); - - SupportTextFileUtils.putStringAsFile(clYamlString, tempYamlFile); - - Pair<ControlLoopPolicy, String> result = Util.loadYaml(tempYamlFile.getCanonicalPath()); - - assertEquals(clPolicy, result.parameterA); - assertEquals(clYamlString, result.parameterB); - } - - @Test - public void testLoadYamlError() throws IOException { - File tempDir = Files.createTempDir(); - tempDir.deleteOnExit(); - - // Read from a directory forces an IO exception - assertNull(Util.loadYaml(tempDir.getCanonicalPath())); - } - - @Test - public void testLoadGuardYamlOk() throws IOException { - File tempYamlFile = File.createTempFile("ONAPPF", "yaml"); - tempYamlFile.deleteOnExit(); - - ControlLoopGuard clGuardPolicy = new ControlLoopGuard(); - - Yaml clYaml = new Yaml(new Constructor(ControlLoopPolicy.class)); - String clYamlString = clYaml.dump(clGuardPolicy); - - SupportTextFileUtils.putStringAsFile(clYamlString, tempYamlFile); - - ControlLoopGuard result = Util.loadYamlGuard(tempYamlFile.getCanonicalPath()); - - assertEquals(clGuardPolicy, result); - } - - @Test - public void testLoadGuardYamlError() throws IOException { - File tempDir = Files.createTempDir(); - tempDir.deleteOnExit(); - - // Read from a directory forces an IO exception - assertNull(Util.loadYamlGuard(tempDir.getCanonicalPath())); - } - - @Test - public void testMisc() { - Util.setGuardEnvProp("Actor", "Judy Garland"); - assertEquals("Judy Garland", Util.getGuardProp("Actor")); - - Util.setGuardEnvProps("http://somewhere.over.the.rainbow", "Dorothy", "Toto"); - - assertEquals("http://somewhere.over.the.rainbow", Util.getGuardProp(Util.PROP_GUARD_URL)); - assertEquals("Dorothy", Util.getGuardProp(Util.PROP_GUARD_USER)); - assertEquals("Toto", Util.getGuardProp(Util.PROP_GUARD_PASS)); - } -} diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardRequestTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardRequestTest.java deleted file mode 100644 index cdc862acb..000000000 --- a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardRequestTest.java +++ /dev/null @@ -1,59 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2018 Ericsson. All rights reserved. - * ================================================================================ - * Modifications Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; - -import java.util.UUID; -import org.junit.Test; - -public class PolicyGuardRequestTest { - - private static final String KANSAS = "Kansas"; - private static final String GET_BACK_HOME = "GetBackHome"; - private static final String DOROTHY = "Dorothy"; - - @Test - public void testPolicyGuardRequest() { - UUID requestId = UUID.randomUUID(); - - assertNotNull(new PolicyGuardRequest(null, null, null, null)); - - PolicyGuardRequest request = new PolicyGuardRequest(DOROTHY, KANSAS, requestId, GET_BACK_HOME); - - request.setRequestId(requestId); - assertEquals(requestId, request.getRequestId()); - - request.setActor(DOROTHY); - assertEquals(DOROTHY, request.getActor()); - - request.setTarget(KANSAS); - assertEquals(KANSAS, request.getTarget()); - - request.setOperation(GET_BACK_HOME); - assertEquals(GET_BACK_HOME, request.getOperation()); - - assertEquals("PolicyGuardRequest [actor=Dorothy", request.toString().substring(0, 33)); - } -} diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardResponseTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardResponseTest.java deleted file mode 100644 index 629555297..000000000 --- a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardResponseTest.java +++ /dev/null @@ -1,55 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2018 Ericsson. All rights reserved. - * ================================================================================ - * Modifications Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; - -import java.util.UUID; -import org.junit.Test; - -public class PolicyGuardResponseTest { - - private static final String GET_BACK_HOME = "GetBackHome"; - private static final String BACK_HOME = "BackHome"; - - @Test - public void testPolicyGuardResponse() { - UUID requestId = UUID.randomUUID(); - - assertNotNull(new PolicyGuardResponse(null, null, null)); - - PolicyGuardResponse response = new PolicyGuardResponse(BACK_HOME, requestId, GET_BACK_HOME); - - response.setRequestId(requestId); - assertEquals(requestId, response.getRequestId()); - - response.setResult(BACK_HOME); - assertEquals(BACK_HOME, response.getResult()); - - response.setOperation(GET_BACK_HOME); - assertEquals(GET_BACK_HOME, response.getOperation()); - - assertEquals("PolicyGuardResponse [requestId=", response.toString().substring(0, 31)); - } -} diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java deleted file mode 100644 index 47af1fbc6..000000000 --- a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlHelperTest.java +++ /dev/null @@ -1,150 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; - -import java.util.Properties; -import org.junit.AfterClass; -import org.junit.BeforeClass; -import org.junit.Test; -import org.onap.policy.common.endpoints.http.server.HttpServletServerFactoryInstance; -import org.onap.policy.drools.system.PolicyEngineConstants; -import org.onap.policy.drools.utils.logging.LoggerUtil; - -public class PolicyGuardXacmlHelperTest { - - private static final String TARGET = "target"; - private static final String REQUEST_ID = "requestId"; - private static final String RECIPE = "recipe"; - private static final String GUARD_URL = "guard.url"; - private static final String ACTOR = "actor"; - private static final Integer VF_COUNT = 100; - - /** - * Set up test class. - */ - @BeforeClass - public static void setupSimulator() throws Exception { - LoggerUtil.setLevel("ROOT", "INFO"); - LoggerUtil.setLevel("org.eclipse.jetty", "WARN"); - - HttpServletServerFactoryInstance.getServerFactory().destroy(); - org.onap.policy.simulators.Util.buildGuardSim(); - - // - // Set guard properties - // - org.onap.policy.guard.Util.setGuardEnvProps("http://localhost:6669/policy/pdpx/v1/decision", "python", "test"); - } - - /** - * Shuts down simulator and performs 1 more test for the case where the connection fails. - */ - @AfterClass - public static void tearDownSimulator() { - HttpServletServerFactoryInstance.getServerFactory().destroy(); - - // Null/ Bad Connection Case - PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes( - org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, ACTOR, RECIPE, TARGET, - REQUEST_ID, VF_COUNT); - String rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq); - assertNotNull(rawDecision); - assertEquals(Util.DENY, rawDecision); - } - - @Test - public void testSimulator() { - PolicyGuardXacmlRequestAttributes request = new PolicyGuardXacmlRequestAttributes("clname_id", "actor_id", - "operation_id", "target_id", "request_id", VF_COUNT); - String xacmlResponse = new PolicyGuardXacmlHelper().callPdp(request); - assertNotNull(xacmlResponse); - } - - @Test - /* - * Tests PolicyGuardXacmlHelper.callPdp method to determine if it returns DENY, PERMIT, or - * INDETERMINATE as expected. - */ - public void testCallPdp() { - // Deny Case - PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes( - org.onap.policy.simulators.GuardSimulatorJaxRs.DENY_CLNAME, ACTOR, RECIPE, TARGET, - REQUEST_ID, VF_COUNT); - String rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq); - assertNotNull(rawDecision); - assertEquals(Util.DENY, rawDecision); - - // Permit Case - xacmlReq = new PolicyGuardXacmlRequestAttributes("clname", ACTOR, RECIPE, TARGET, REQUEST_ID, VF_COUNT); - rawDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq); - assertNotNull(rawDecision); - assertEquals(Util.PERMIT, rawDecision); - - // Indeterminate case is in tearDown for efficiency - } - - @Test - public void testInit() { - final Properties savedEnvironment = (Properties) PolicyEngineConstants.getManager().getEnvironment().clone(); - - assertNotNull(new PolicyGuardXacmlHelper()); - - PolicyEngineConstants.getManager().getEnvironment().setProperty(GUARD_URL, - "http://localhost:6669/pdp/api/getDecision,Dorothy"); - assertNotNull(new PolicyGuardXacmlHelper()); - - PolicyEngineConstants.getManager().getEnvironment().setProperty(GUARD_URL, - "http://localhost:6669/pdp/api/getDecision,Dorothy,Toto"); - assertNotNull(new PolicyGuardXacmlHelper()); - - PolicyEngineConstants.getManager().getEnvironment().setProperty(GUARD_URL, - "http://localhost:6969/policy/pdpx/v1/decision"); - - PolicyEngineConstants.getManager().getEnvironment().setProperty("pdpx.timeout", "thisIsNotANumber"); - assertNotNull(new PolicyGuardXacmlHelper()); - - PolicyEngineConstants.getManager().getEnvironment().setProperty("pdpx.timeout", "1000"); - assertNotNull(new PolicyGuardXacmlHelper()); - - PolicyEngineConstants.getManager().getEnvironment().remove("pdpx.password"); - assertNotNull(new PolicyGuardXacmlHelper()); - - PolicyEngineConstants.getManager().getEnvironment().setProperty("pdpx.username", "python"); - assertNotNull(new PolicyGuardXacmlHelper()); - - PolicyEngineConstants.getManager().getEnvironment().setProperty(GUARD_URL, "///"); - assertNotNull(new PolicyGuardXacmlHelper()); - - PolicyEngineConstants.getManager().getEnvironment().setProperty("guard.disabled", ""); - assertNotNull(new PolicyGuardXacmlHelper()); - - PolicyEngineConstants.getManager().getEnvironment().setProperty("guard.disabled", "true"); - assertNotNull(new PolicyGuardXacmlHelper()); - - PolicyEngineConstants.getManager().getEnvironment().clear(); - assertNotNull(new PolicyGuardXacmlHelper()); - - PolicyEngineConstants.getManager().setEnvironment(savedEnvironment); - } -} diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributesTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributesTest.java deleted file mode 100644 index 3d49d99c1..000000000 --- a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributesTest.java +++ /dev/null @@ -1,74 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2018 Ericsson. All rights reserved. - * ================================================================================ - * Modifications Copyright (C) 2018-2020 AT&T. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; - -import java.util.UUID; -import org.junit.Test; - -public class PolicyGuardXacmlRequestAttributesTest { - - @Test - public void testPolicyGuardXacmlRequestAttributes() { - PolicyGuardXacmlRequestAttributes attributes = - new PolicyGuardXacmlRequestAttributes(null, null, null, null, null, null); - assertNotNull(attributes); - - UUID requestId = UUID.randomUUID(); - attributes.setRequestId(requestId.toString()); - assertEquals(requestId.toString(), attributes.getRequestId()); - - UUID operationId = UUID.randomUUID(); - attributes.setOperationId(operationId.toString()); - assertEquals(operationId.toString(), attributes.getOperationId()); - - UUID actorId = UUID.randomUUID(); - attributes.setActorId(actorId.toString()); - assertEquals(actorId.toString(), attributes.getActorId()); - - UUID targetId = UUID.randomUUID(); - attributes.setTargetId(targetId.toString()); - assertEquals(targetId.toString(), attributes.getTargetId()); - - attributes.setTargetId(targetId.toString()); - assertEquals(targetId.toString(), attributes.getTargetId()); - - UUID controlLoopId = UUID.randomUUID(); - attributes.setClnameId(controlLoopId.toString()); - assertEquals(controlLoopId.toString(), attributes.getClnameId()); - - attributes.setClnameId(null); - assertEquals(null, attributes.getClnameId()); - - Integer vfCount = 20; - attributes.setVfCount(vfCount); - assertEquals(vfCount, attributes.getVfCount()); - - attributes.setVfCount(null); - assertEquals(null, attributes.getVfCount()); - - assertEquals("PolicyGuardXacmlRequestAttributes [actorId=", attributes.toString().substring(0, 43)); - } -} diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardYamlToXacmlTest.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardYamlToXacmlTest.java deleted file mode 100644 index a8110ed04..000000000 --- a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/PolicyGuardYamlToXacmlTest.java +++ /dev/null @@ -1,248 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; - -import java.io.File; -import java.io.IOException; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; -import org.junit.Before; -import org.junit.Test; -import org.onap.policy.controlloop.policy.guard.Constraint; -import org.onap.policy.controlloop.policy.guard.ControlLoopGuard; -import org.onap.policy.controlloop.policy.guard.GuardPolicy; -import org.onap.policy.controlloop.policy.guard.MatchParameters; -import org.yaml.snakeyaml.Yaml; -import org.yaml.snakeyaml.constructor.Constructor; - -public class PolicyGuardYamlToXacmlTest { - private static final String SOME_START_TIME = "someStartTime"; - private static final String SOME_END_TIME = "someEndTime"; - private static final String HOURS = "hours"; - private static final String TARGET2 = "WickedWitchOfTheWest"; - private static final String TARGET1 = "Wizard"; - private static final String ONAPPF_FILE = "ONAPPF"; - private static final String RECIPE = "GoToOz"; - private static final String TEXT1 = "WestWitches"; - private static final String TEXT2 = "EastWitches"; - private static final String OUT_XACML = ".out.xacml"; - private ControlLoopGuard clGuard; - - /** - * Set up test cases. - */ - @Before - public void createControlLoopGuard() { - clGuard = new ControlLoopGuard(); - MatchParameters matchParameters = new MatchParameters(); - matchParameters.setControlLoopName("WizardOfOz"); - matchParameters.setActor("Dorothy"); - matchParameters.setRecipe(RECIPE); - List<String> targets = new ArrayList<>(); - targets.add(TARGET1); - targets.add(TARGET2); - matchParameters.setTargets(targets); - GuardPolicy guardPolicy = new GuardPolicy(); - guardPolicy.setMatch_parameters(matchParameters); - Constraint limitConstraint = new Constraint(); - limitConstraint.setFreq_limit_per_target(5); - Map<String, String> timeWindow = new HashMap<>(); - timeWindow.put("value", "10"); - timeWindow.put("units", HOURS); - limitConstraint.setTime_window(timeWindow); - Map<String, String> activeTimeRange = new HashMap<>(); - activeTimeRange.put("start", SOME_START_TIME); - activeTimeRange.put("end", SOME_END_TIME); - limitConstraint.setActive_time_range(activeTimeRange); - LinkedList<Constraint> limitConstraints = new LinkedList<>(); - limitConstraints.add(limitConstraint); - guardPolicy.setLimit_constraints(limitConstraints); - LinkedList<GuardPolicy> guardList = new LinkedList<>(); - guardList.add(guardPolicy); - clGuard.setGuards(guardList); - } - - @Test - public void testGenerateXacmlGuardFull() throws IOException { - File tempYamlFile = File.createTempFile(ONAPPF_FILE, "yaml"); - tempYamlFile.deleteOnExit(); - - File tempXacmlTemplateFile = new File("src/test/resources/frequency_limiter_template.xml"); - - File tempXacmlOutputFile = File.createTempFile(ONAPPF_FILE, OUT_XACML); - tempXacmlOutputFile.deleteOnExit(); - - Yaml clYaml = new Yaml(new Constructor(ControlLoopGuard.class)); - String clYamlString = clYaml.dump(clGuard); - - SupportTextFileUtils.putStringAsFile(clYamlString, tempYamlFile); - PolicyGuardYamlToXacml.fromYamlToXacml(tempYamlFile.getCanonicalPath(), - tempXacmlTemplateFile.getCanonicalPath(), tempXacmlOutputFile.getCanonicalPath()); - - String result = SupportTextFileUtils.getTextFileAsString(tempXacmlOutputFile.getCanonicalPath()); - - // Assert no mote "${}" are left - assertFalse(result.contains("${")); - assertFalse(result.contains("}")); - // Assert all substitutions are made - assertTrue(result.contains("cl")); - assertTrue(result.contains("actor")); - assertTrue(result.contains(RECIPE)); - assertTrue(result.contains(TARGET1)); - assertTrue(result.contains(TARGET2)); - assertTrue(result.contains("10")); - assertTrue(result.contains(HOURS)); - assertTrue(result.contains(SOME_START_TIME)); - assertTrue(result.contains(SOME_END_TIME)); - } - - @Test - public void testGenerateXacmlGuardPartial() throws IOException { - final File tempYamlFile = File.createTempFile(ONAPPF_FILE, "yaml"); - tempYamlFile.deleteOnExit(); - - final File tempXacmlTemplateFile = new File("src/test/resources/frequency_limiter_template.xml"); - - final File tempXacmlOutputFile = File.createTempFile(ONAPPF_FILE, OUT_XACML); - tempXacmlOutputFile.deleteOnExit(); - - MatchParameters matchParameters = clGuard.getGuards().get(0).getMatch_parameters(); - matchParameters.setControlLoopName(null); - matchParameters.setActor(null); - matchParameters.setRecipe(null); - matchParameters.setTargets(null); - - Yaml clYaml = new Yaml(new Constructor(ControlLoopGuard.class)); - String clYamlString = clYaml.dump(clGuard); - - SupportTextFileUtils.putStringAsFile(clYamlString, tempYamlFile); - PolicyGuardYamlToXacml.fromYamlToXacml(tempYamlFile.getCanonicalPath(), - tempXacmlTemplateFile.getCanonicalPath(), tempXacmlOutputFile.getCanonicalPath()); - - String result = SupportTextFileUtils.getTextFileAsString(tempXacmlOutputFile.getCanonicalPath()); - - // Assert no mote "${}" are left - assertFalse(result.contains("${")); - assertFalse(result.contains("}")); - // Assert all substitutions are made - assertTrue(result.contains("cl")); - assertTrue(result.contains("actor")); - assertFalse(result.contains(RECIPE)); - assertFalse(result.contains(TARGET1)); - assertFalse(result.contains(TARGET2)); - assertTrue(result.contains("10")); - assertTrue(result.contains(HOURS)); - assertTrue(result.contains(SOME_START_TIME)); - assertTrue(result.contains(SOME_END_TIME)); - } - - @Test - public void testIsNullOrEmpty() { - assertTrue(PolicyGuardYamlToXacml.isNullOrEmpty("")); - assertTrue(PolicyGuardYamlToXacml.isNullOrEmpty(null)); - assertFalse(PolicyGuardYamlToXacml.isNullOrEmpty("hello")); - } - - @Test - public void testIsNullOrEmptyList() { - List<String> list = new ArrayList<>(); - assertTrue(PolicyGuardYamlToXacml.isNullOrEmptyList(null)); - assertTrue(PolicyGuardYamlToXacml.isNullOrEmptyList(list)); - - list.add("hello"); - assertFalse(PolicyGuardYamlToXacml.isNullOrEmptyList(list)); - } - - @Test - public void testGenerateXacmlGuardBlacklist() throws IOException { - final File tempYamlFile = File.createTempFile(ONAPPF_FILE, "yaml"); - tempYamlFile.deleteOnExit(); - - final File tempXacmlTemplateFile = new File("src/test/resources/blacklist_template.xml"); - - final File tempXacmlOutputFile = File.createTempFile(ONAPPF_FILE, OUT_XACML); - tempXacmlOutputFile.deleteOnExit(); - - List<String> blacklist = new ArrayList<>(); - blacklist.add(TEXT1); - blacklist.add(TEXT2); - clGuard.getGuards().get(0).getLimit_constraints().get(0).setBlacklist(blacklist); - - Yaml clYaml = new Yaml(new Constructor(ControlLoopGuard.class)); - String clYamlString = clYaml.dump(clGuard); - - SupportTextFileUtils.putStringAsFile(clYamlString, tempYamlFile); - PolicyGuardYamlToXacml.fromYamlToXacmlBlacklist(tempYamlFile.getCanonicalPath(), - tempXacmlTemplateFile.getCanonicalPath(), tempXacmlOutputFile.getCanonicalPath()); - - String result = SupportTextFileUtils.getTextFileAsString(tempXacmlOutputFile.getCanonicalPath()); - // Assert no mote "${}" are left - assertFalse(result.contains("${")); - assertFalse(result.contains("}")); - // Assert all substitutions are made - assertTrue(result.contains(TEXT1)); - assertTrue(result.contains(TEXT2)); - } - - @Test - public void testGenerateXacmlGuardBlacklistPartial() throws IOException { - final File tempYamlFile = File.createTempFile(ONAPPF_FILE, "yaml"); - tempYamlFile.deleteOnExit(); - - final File tempXacmlTemplateFile = new File("src/test/resources/blacklist_template.xml"); - - final File tempXacmlOutputFile = File.createTempFile(ONAPPF_FILE, OUT_XACML); - tempXacmlOutputFile.deleteOnExit(); - - List<String> blacklist = new ArrayList<>(); - blacklist.add(TEXT1); - blacklist.add(TEXT2); - GuardPolicy guardPolicy = clGuard.getGuards().get(0); - guardPolicy.getLimit_constraints().get(0).setBlacklist(blacklist); - - MatchParameters matchParameters = guardPolicy.getMatch_parameters(); - matchParameters.setControlLoopName(null); - matchParameters.setActor(null); - matchParameters.setRecipe(null); - matchParameters.setTargets(null); - - Yaml clYaml = new Yaml(new Constructor(ControlLoopGuard.class)); - String clYamlString = clYaml.dump(clGuard); - - SupportTextFileUtils.putStringAsFile(clYamlString, tempYamlFile); - PolicyGuardYamlToXacml.fromYamlToXacmlBlacklist(tempYamlFile.getCanonicalPath(), - tempXacmlTemplateFile.getCanonicalPath(), tempXacmlOutputFile.getCanonicalPath()); - - String result = SupportTextFileUtils.getTextFileAsString(tempXacmlOutputFile.getCanonicalPath()); - // Assert no mote "${}" are left - assertFalse(result.contains("${")); - assertFalse(result.contains("}")); - // Assert all substitutions are made - assertTrue(result.contains(TEXT1)); - assertTrue(result.contains(TEXT2)); - } -} diff --git a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/SupportTextFileUtils.java b/controlloop/m2/guard/src/test/java/org/onap/policy/guard/SupportTextFileUtils.java deleted file mode 100644 index 98c33c761..000000000 --- a/controlloop/m2/guard/src/test/java/org/onap/policy/guard/SupportTextFileUtils.java +++ /dev/null @@ -1,65 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * guard - * ================================================================================ - * Copyright (C) 2018 Ericsson. All rights reserved. - * Modifications Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.guard; - -import java.io.File; -import java.io.FileOutputStream; -import java.io.IOException; -import java.nio.charset.StandardCharsets; -import org.drools.core.util.IoUtils; - -/** - * The Class TextFileUtils is class that provides useful functions for handling text files. - * Functions to read and wrtie text files to strings and strings are provided. - * - * @author Liam Fallon (liam.fallon@ericsson.com) - */ -public class SupportTextFileUtils { - - private SupportTextFileUtils() { - // do nothing - } - - /** - * Method to return the contents of a text file as a string. - * - * @param textFilePath The path to the file as a string - * @return A string containing the contents of the file - * @throws IOException on errors reading text from the file - */ - public static String getTextFileAsString(final String textFilePath) { - return IoUtils.readFileAsString(new File(textFilePath)); - } - - /** - * Method to write contents of a string to a text file. - * - * @param outString The string to write - * @param textFile The file to write the string to - * @throws IOException on errors reading text from the file - */ - public static void putStringAsFile(final String outString, final File textFile) throws IOException { - try (final FileOutputStream textFileOutputStream = new FileOutputStream(textFile)) { - textFileOutputStream.write(outString.getBytes(StandardCharsets.UTF_8)); - } - } -} diff --git a/controlloop/m2/guard/src/test/resources/META-INF/persistence.xml b/controlloop/m2/guard/src/test/resources/META-INF/persistence.xml deleted file mode 100644 index 8e8be4ed2..000000000 --- a/controlloop/m2/guard/src/test/resources/META-INF/persistence.xml +++ /dev/null @@ -1,43 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - ============LICENSE_START======================================================= - drools-applications - ================================================================================ - Copyright (C) 2018-2020 AT&T Intellectual Property. All rights reserved. - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ============LICENSE_END========================================================= - --> -<persistence xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence persistence_1_0.xsd" version="1.0"> - - <!-- In-mem DB for junit --> - <persistence-unit name="OperationsHistoryPUTest" - transaction-type="RESOURCE_LOCAL"> - <provider>org.eclipse.persistence.jpa.PersistenceProvider</provider> - - <class>org.onap.policy.guard.OperationsHistory</class> - - <properties> - <property name="eclipselink.ddl-generation" value="create-tables" /> - <property name="eclipselink.logging.level" value="FINE" /> - <property name="hibernate.dialect" value="org.hibernate.dialect.H2Dialect"/> - <property name="javax.persistence.jdbc.driver" value="org.h2.Driver" /> - <property name="javax.persistence.jdbc.url" value="jdbc:h2:mem:testdb;DATABASE_TO_UPPER=FALSE" /> - <property name="javax.persistence.jdbc.user" value="policy" /> - <property name="javax.persistence.jdbc.password" value="P01icY" /> - <property name="javax.persistence.schema-generation.database.action" value="drop-and-create"/> - <property name="javax.persistence.schema-generation.create-source" value="metadata"/> - </properties> - </persistence-unit> - -</persistence> diff --git a/controlloop/m2/guard/src/test/resources/blacklist_template.xml b/controlloop/m2/guard/src/test/resources/blacklist_template.xml deleted file mode 100644 index 1563e4a7d..000000000 --- a/controlloop/m2/guard/src/test/resources/blacklist_template.xml +++ /dev/null @@ -1,117 +0,0 @@ -<?xml version="1.0" encoding="UTF-8" standalone="yes"?> -<!-- - ============LICENSE_START======================================================= - drools-applications - ================================================================================ - Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved. - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ============LICENSE_END========================================================= - --> -<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" - PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069" - Version="1" - RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny"> - <Description>Policy for frequency limiter.</Description> - <Target> - <AnyOf> - <AllOf> - <Match - MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> - <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*</AttributeValue>--> - <AttributeValue - DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue> - <AttributeDesignator - Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" - AttributeId="urn:org:onap:guard:clname:clname-id" - DataType="http://www.w3.org/2001/XMLSchema#string" - MustBePresent="false" /> - </Match> - - <!-- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">--> - <Match - MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> - <AttributeValue - DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue> - <AttributeDesignator - Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" - AttributeId="urn:org:onap:guard:actor:actor-id" - DataType="http://www.w3.org/2001/XMLSchema#string" - MustBePresent="false" /> - </Match> - <Match - MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> - <AttributeValue - DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue> - <AttributeDesignator - Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" - AttributeId="urn:org:onap:guard:operation:operation-id" - DataType="http://www.w3.org/2001/XMLSchema#string" - MustBePresent="false" /> - </Match> - </AllOf> - </AnyOf> - </Target> - <Rule - RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21" - Effect="Deny"> - <Description>DENY - only if target is in black list and guard is - active.</Description> - <Condition> - <Apply - FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> - <VariableReference - VariableId="isGuardActive" /> - <VariableReference - VariableId="isInBlackList" /> - </Apply> - </Condition> - </Rule> - <VariableDefinition VariableId="isInBlackList"> - <Apply - FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of"> - <Function - FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal" /> - <Apply - FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> - <AttributeDesignator - Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" - AttributeId="urn:org:onap:guard:target:target-id" - DataType="http://www.w3.org/2001/XMLSchema#string" - MustBePresent="false" /> - </Apply> - <Apply - FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"> - ${blackListElement} - <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">vserver.vserver-name</AttributeValue>--> - </Apply> - </Apply> - </VariableDefinition> - <VariableDefinition VariableId="isGuardActive"> - <Apply - FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> - <Apply - FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> - <AttributeDesignator - AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" - DataType="http://www.w3.org/2001/XMLSchema#time" - Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" - MustBePresent="false" /> - </Apply> - <AttributeValue - DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> - <AttributeValue - DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> - </Apply> - </VariableDefinition> -</Policy> diff --git a/controlloop/m2/guard/src/test/resources/frequency_limiter_template.xml b/controlloop/m2/guard/src/test/resources/frequency_limiter_template.xml deleted file mode 100644 index d26432f86..000000000 --- a/controlloop/m2/guard/src/test/resources/frequency_limiter_template.xml +++ /dev/null @@ -1,127 +0,0 @@ -<?xml version="1.0" encoding="UTF-8" standalone="yes"?> -<!-- - ============LICENSE_START======================================================= - drools-applications - ================================================================================ - Copyright (C) 2018-2019 AT&T Intellectual Property. All rights reserved. - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ============LICENSE_END========================================================= - --> -<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" - PolicyId="urn:com:att:xacml:policy:id:25e12b06-11d5-4895-b2a2-6f6c594de069" - Version="1" - RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny"> - <Description>Policy for frequency limiter.</Description> - <Target> - <AnyOf> - <AllOf> - - <Match - MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> - <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*</AttributeValue>--> - <AttributeValue - DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue> - <AttributeDesignator - Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" - AttributeId="urn:org:onap:guard:clname:clname-id" - DataType="http://www.w3.org/2001/XMLSchema#string" - MustBePresent="false" /> - </Match> - - <!-- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">--> - <Match - MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> - <AttributeValue - DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue> - <AttributeDesignator - Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" - AttributeId="urn:org:onap:guard:actor:actor-id" - DataType="http://www.w3.org/2001/XMLSchema#string" - MustBePresent="false" /> - </Match> - <Match - MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> - <AttributeValue - DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue> - <AttributeDesignator - Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" - AttributeId="urn:org:onap:guard:operation:operation-id" - DataType="http://www.w3.org/2001/XMLSchema#string" - MustBePresent="false" /> - </Match> - - <Match - MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> - <AttributeValue - DataType="http://www.w3.org/2001/XMLSchema#string">${targets}</AttributeValue> - <AttributeDesignator - Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" - AttributeId="urn:org:onap:guard:target:target-id" - DataType="http://www.w3.org/2001/XMLSchema#string" - MustBePresent="false" /> - </Match> - - </AllOf> - </AnyOf> - </Target> - <Rule - RuleId="urn:com:att:xacml:rule:id:e1e8c5c0-e2ba-47d5-9289-6c015305ed21" - Effect="Deny"> - <Description>DENY - only if number of operations performed in - the past is larger than the limit and the Guard is active.</Description> - <Condition> - <Apply - FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> - <VariableReference - VariableId="isGuardActive" /> - <VariableReference - VariableId="isHistoryGreaterThanLimit" /> - </Apply> - </Condition> - </Rule> - <VariableDefinition VariableId="isGuardActive"> - <Apply - FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> - <Apply - FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> - <AttributeDesignator - AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" - DataType="http://www.w3.org/2001/XMLSchema#time" - Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" - MustBePresent="false" /> - </Apply> - <AttributeValue - DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> - <AttributeValue - DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> - </Apply> - </VariableDefinition> - <VariableDefinition - VariableId="isHistoryGreaterThanLimit"> - <Apply - FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal"> - <Apply - FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> - <AttributeDesignator - Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" - AttributeId="com:att:research:xacml:test:sql:resource:operations:count" - DataType="http://www.w3.org/2001/XMLSchema#integer" - Issuer="com:att:research:xacml:guard:historydb:tw:${twValue}:${twUnits}" - MustBePresent="false" /> - </Apply> - <AttributeValue - DataType="http://www.w3.org/2001/XMLSchema#integer">${limit}</AttributeValue> - </Apply> - </VariableDefinition> -</Policy> |