summaryrefslogtreecommitdiffstats
path: root/controlloop/common/guard
AgeCommit message (Collapse)AuthorFilesLines
2018-03-01Remove CLM issues with commons-collectionsPamela Dragosh1-0/+9
We know that we are not configuring an LDAP PIP in our use of the XACML open source. The LDAP implementation uses Apache Velocity, which uses a very old version of commons-collections that has security issues. So we can exclude commons-collections from the build. Issue-ID: POLICY-504 Change-Id: I6d90731e601f58c8edaca6fe02df30ee2a090c2f Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2018-02-19Rename maven modules to mirror directory structureliamfallon1-70/+73
The naming of Maven modules in drools-applications was not aligned with the directory structure in the git repository of drools-applications. Therefore it was difficult to see the strucutre of the repository in Eclipse and other IDEs. This change amends the Maven module IDs to reflect the repository directory structure. This patch reset fixes the previos patch set, where many references to maven modules internally in drools-applciations were missed. See also changes in engine and docker repos. Updated to reflect repo directory structure in maven artifact groups. Issue-ID: POLICY-238 Change-Id: I8ab1a7ecdb664045222bbbfda269135e3e449109 Signed-off-by: liamfallon <liam.fallon@ericsson.com>
2018-02-09Upgrade XACML jarPamela Dragosh1-1/+1
XACML was released with minor fixes for XML files with comments. Mainly it contained upgrade to dependencies that had fixed security issues. One still remains but will not be able to be fixed. Issue-ID: POLICY-616 Change-Id: Ifaf4f92d8da878a1c49dff5fd028744d01999ff5 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2018-02-07Merge "Resolve security issues SONATYPE-2017-0359"Jorge Hernandez1-1/+1
2018-02-07Resolve security issues SONATYPE-2017-0359Pamela Dragosh1-1/+1
Upgrade httpclient to 4.5.5 - the latest version. Issue-ID: POLICY-612 Change-Id: I5e79918bc447889b1dbcd1bf897c3324f6a0cc0d Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2018-02-07Log thrown exception in PIPEngineGetHistoryliamfallon1-1/+1
Sonar Critical error highlighted, with thrown execption not logged. The exception is now logged. Issue-ID: POLICY-455 Change-Id: If2969a4fe118d22dbd1fb11879ba028487848eb8 Signed-off-by: liamfallon <liam.fallon@ericsson.com>
2018-02-06Add JUnit and Remove Technical Debt in Guardliamfallon24-757/+1783
Unit test for guard added and technical debt removed. Issue-ID: POLICY-455 Change-Id: I440766660ddae078013e21b1991ee49c8e488bb3 Signed-off-by: liamfallon <liam.fallon@ericsson.com>
2017-12-15Add guard junitsTemoc Rodriguez11-14/+550
Added a few junit files which test most functionality in the guard submodule. Some minor bugs were found by the junits and fixed those newly found bugs. Added persistence.xml for use by junits in guard. Issue-ID: POLICY-490 Change-Id: Ied7e276cfd417e1f396b5a6685a2e9acc9efd109 Signed-off-by: Temoc Rodriguez <cr056n@att.com>
2017-11-21Bump minor versionJessica Wagantall1-1/+1
Bump minor version in preparation for Amsterdam branching. Change-Id: Ia7e97a72053a2d1cd10c0b9d5c179817c3ac7e23 Issue-ID: CIMAN-120 Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
2017-11-15Upgrade to 1.1.2-SNAPSHOTPamela Dragosh1-1/+1
Released 1.1.1, now must bump patch by 1 Issue-ID: POLICY-436 Change-Id: I3f5e4c369575f6fe1fa06cabb96a5bd43cb11087 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2017-11-08Update SNAPSHOT versionPamela Dragosh1-1/+1
Releasing v1.1.0 so need to update version to 1.1.1 Issue-ID: POLICY-436 Change-Id: I8b85de39bb3a32f5f4faeeb4fcdfb5d95291ae31 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2017-11-07SNAPSHOT present in policy core and msb depsv1.1.0Jorge Hernandez1-2/+2
Change-Id: I61c8d698f8cf984c648e510997498d41e7d9744a Issue-ID: POLICY-433 Signed-off-by: Jorge Hernandez <jh1730@att.com>
2017-11-03Made network.log output more verbose.Magnusen, Drew (dm741q)1-1/+1
Incoming values were not expanded in network logs for several drools-applications. Current patch makes them more verbose. Issue-ID: POLICY-410 Change-Id: I64bf88a3b39ea58dceaf24de698c8ae6a9a3f8b2 Signed-off-by: Magnusen, Drew (dm741q) <dm741q@att.com>
2017-10-20Added log output to multiple drools applications.Magnusen, Drew (dm741q)1-0/+4
Added logger statments to network.log for AAI, SO, PDPX Guard, and VFC for all inbound/outbound traffic. Issue-Id: POLICY-356 Change-Id: I802d45d8136f987b4304baa8f17e166b1c8df165 Signed-off-by: Magnusen, Drew (dm741q) <dm741q@att.com>
2017-10-18Removed useless imports to clear Sonar IssuesHockla, Ali (ah999m)1-2/+0
Issue-ID: POLICY-292 Change-Id: Ia4d4fae4150ea12e46079aabb4bbf4e3c92c8d00 Signed-off-by: Hockla, Ali (ah999m) <ah999m@att.com>
2017-10-17Fix operation history DB properties for JunitsTemoc Rodriguez3-33/+19
Removed operation_history.properties / operations-history.properties. Changed the properties in persistence.xml so that it uses the correct values. Previously junit would never write to db because the "guard.disabled" property was not set. Set this property. Additionally the operationshistory10 table was trying to be created even though it exists. These values work in junit code. Not tested on rackspace yet. Issue-ID: POLICY-345 Change-Id: Id755b3152ae6ac4991ea9c314154592ea0105070 Signed-off-by: Temoc Rodriguez <cr056n@att.com>
2017-10-11Fix nullPointerException non-200 guard response.Temoc Rodriguez1-6/+7
Added a check for when the guard response from pdp-x is not 200. When the response is unauthorized or forbidden, it will have an empty body, try to convert to json, and throw an exception. Added a null check on the response and returns indeterminate in the case of an empty body. Issue-ID: POLICY-280 Change-Id: I9d384472e230495130bd41d377e25b74fe9ea9bd Signed-off-by: Temoc Rodriguez <cr056n@att.com>
2017-10-04Fixed Sonar blockers/criticalsHockla, Ali (ah999m)2-5/+5
Issue-ID: POLICY-292 Change-Id: Id53e9d3b6ba23b20d7e45d4d3b39f8092f126333 Signed-off-by: Hockla, Ali (ah999m) <ah999m@att.com>
2017-09-28Merge "Add missing auth headers to guard request"Jorge Hernandez3-117/+386
2017-09-28Add missing auth headers to guard requestTemoc Rodriguez3-117/+386
Added guard authentication, client authentication, and environment http headers to the pdp-x guard restful request. Properties are set to PolicyEngine.manager. Property getter, setter, and properties in guard/.../Util.java. Test properties defined in junits themselves. Added code from GuardContext.java to grab the properties and make restful request. PolicyGuardXacmlHelper now closely resembles GuardContext in order to mimic functionality. Guard url no longer is passed into CallGuardTask, it is now a property. Issue-ID: POLICY-260 Change-Id: I5b144764828b6da0e7b738a578e4f6596a0f4f36 Signed-off-by: Temoc Rodriguez <cr056n@att.com>
2017-09-27Fix major sonar issuesshashikanth1-0/+2
Fix major sonar issues in policy/drools-applications module https://sonar.onap.org/component_issues?id=org.onap.policy.drools-applications%3Adrools-pdp-apps#resolved=false|severities=MAJOR|rules=squid%3AS1161 Added "@Override" annotation above this method signature. Issue-Id:POLICY-239 Change-Id: I578d0e740a6c04ba02df400a3abc99f9b774908a Signed-off-by: shashikanth.vh <shashikanth.vh@huawei.com>
2017-09-21Add guard simulator and multiple AAI responsesCharles Cole1-1/+1
Added a guard simulator that can permit or deny (it sends a deny if the clname is denyGuard). Added responses to the AAI simulator to set the is-closed-loop-disabled to true (use a get query with a key of disableClosedLoop). Changed the content-type of all responses to application/json. Issue-ID: POLICY-256 Change-Id: If84813968d3ea59d9ebe029caa69f444a1f413c8 Signed-off-by: Charles Cole <cc847m@att.com>
2017-09-21Implement restful call to xacml pdp guardTemoc Rodriguez3-56/+105
Removed the embedded guard decision and replace with restful call to xacml pdp to restore guard functionality. Set guard URL with PolicyEngine env properties. Modified templates accordingly. Issue-Id: POLICY-260 Change-Id: Ic1558a6ebdd5f6d1b74a748f69433f6213dbf984 Signed-off-by: Temoc Rodriguez <cr056n@att.com> Signed-off-by: Hockla, Ali (ah999m) <ah999m@att.com>
2017-09-15Fix sonar criticalPamela Dragosh1-3/+13
Last transient/serializable issues. Throw a dedicated exception for DateUtil class Unused imports Make the enclosing method "static" or remove this set. Issue-ID: POLICY-115 Change-Id: I366f85922c4d4d290b320e0b88678c805de59872 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2017-09-15Fix sonar criticalsPamela Dragosh5-5/+5
Either re-interrupt this method or rethrow Exception Transient/Serializable issues Unused imports logging exceptions Issue-ID: POLICY-115 Change-Id: I4c8a0c780e2f6c6e8218c1457f18470f7d95919c Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2017-09-14Merge "Move credential information out of persistence.xml"Jorge Hernandez2-2/+43
2017-09-14master lab template maintained under archetypeJorge Hernandez1-7/+0
This is work in progress, the official pom.xml with dependencies, drl template, and support files for controller deployment are maintained here. In the near future the junit template should be consolidated with this one. Added controlloop.properties.environment, this environment file will be populated at installation time with the lab's aai url, etc .. and will be accessible by any drools application such as control loops through the PolicyEngine interface. Note that PDP-D server already supports these environment files, so it is just natural. Therefore, this is the default mechanism to provide to applications, the url, username, and passwords to use at runtime by the control loops for the time being. In the future MSB could set them globally here through existing APIs, or it can be queried by any drools application using MSB library, doesn't matter. There's been some trouble playing nicely with the dependencies used by a control loop application classsloader, and the pdp-d middleware one, causing issues between dependencies version of libraries. Specifically, the snakeyaml library does not play well across classloader when using constructor functionality, note that the snakeyaml libraries are pulled also from jackson parsers used in the pdp-d. I made a change in ControlLoopProcessor to specifically tell the "Yaml" object which classloader to use in order to find the class with the constructor that is intended to be built, otherwise, yaml libraries use a different classloader that does not have visibility into the ControlLoopPolicy that is trying to construct, and fails. This also should respect junits that use the same classloader I pressume and does not give issues. Change-Id: I36271d29cdbf8ff861f9c03ff91cf7116927906a Issue-ID: POLICY-162 Signed-off-by: Jorge Hernandez <jh1730@att.com>
2017-09-14Move credential information out of persistence.xmlTemoc Rodriguez2-2/+43
Move credential information out of persistence.xml. Define properties file which will contain the credentials instead. Access db using new properties file. Issue-ID: POLICY-55 Change-Id: I01ad0611c053ad4285de2a225fca7920a3b1bc8f Signed-off-by: Temoc Rodriguez <cr056n@att.com>
2017-09-12Fix nullPointerExceptionTemoc Rodriguez1-2/+3
Fix nullPointerException by changing return values of attributesProvided and attributesRequired from null to empty Set. Issue-ID: POLICY-55 Change-Id: I9516a9bcad591cc582834cb49fa54e58a1f45a47 Signed-off-by: Temoc Rodriguez <cr056n@att.com>
2017-09-08Set this class as serializablePamela Dragosh2-25/+22
Fixing sonar critical to make this simple class serializable. Issue-ID: POLICY-115 Change-Id: I6a3cf8b1c8c27f434e26d9f2909b2ef38c72825b Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
2017-09-08Added changes for vDNS Use Case - MSO InterfaceHockla, Ali (ah999m)2-0/+92
Rebased and fixed merge conflicts Issue-ID: POLICY-102 Change-Id: Icc36a2cf6391aa9137593bc04f0d4543798b7ccd Signed-off-by: Ali Hockla <ah999m@att.com> Signed-off-by: Hockla, Ali (ah999m) <ah999m@att.com> Signed-off-by: HOCKLA <ah999m@att.com> Signed-off-by: Hockla, Ali (ah999m) <ah999m@att.com>
2017-09-07Add in-mem db to ControlLoopXacmlGuardTestTemoc Rodriguez1-79/+147
Add in-mem specification in test/resources/META-INF/persistence.xml for junit. Use system properties to choose which db to use. Removed named parameters in PIPEngineHistory.java. Change 6.3.0 versions of drools-core to 6.5.0 in pom. Make PIPEngineGetHistory query more general. Increased sleep times in junit. Issue-ID: POLICY-55 Change-Id: I6bc65fd88c43c4e7143f27a7e6d8666c2c4df060 Signed-off-by: Temoc Rodriguez <cr056n@att.com>
2017-08-31Merge "Fix Sonar Blockers for Drools-Applications"Pamela Dragosh1-9/+7
2017-08-31Fix Sonar Blockers for Drools-ApplicationsMike Babinski1-9/+7
Issue-ID: POLICY-111 Add null check for pipResponse right before null check of pipResponse.gitAttributes(). Change-Id: Iba52791da1aae6900ab4dd4bb6286c3ac00e00a4 Signed-off-by: Mike Babinski <mb1915@att.com>
2017-08-31CL dependencies fixes for lab environment runtimeJorge Hernandez1-15/+7
This also includes workarounds to the recent oparent dependency introduction that breaks runtime (with the version-check-maven-plugin). manifested by loading control loops and failing to load some classes due to different versions. The issue was that underlying drools libraries use 3.2.5 and oparent has included a had dependency with transitive dependencies for some maven libraries in 3.2.3 and lower version xml parsers. Bottomoline, the classpath at runtime was formed by the union of both, with some libraries being resolved to the oparent one, and others to the drools one. These errors are very obscured to debug. Additional clean up of dependencies versions and order of build was introduced to avoid issues loading dependencies at runtime in a lab environment (non-junit).. Issue-ID: POLICY-162 Change-Id: I019c82e6bed4eab4884cdbf8f6f32472c3a7352f Signed-off-by: Jorge Hernandez <jh1730@att.com>
2017-08-28Removal of sys.out/err with logger messagesMagnusen, Drew (dm741q)6-35/+42
Removed any use of System.out.println or System.err.println and replaced with relevant logger statements. Issue-ID: POLICY-176 Change-Id: I91513267635bfb2a34f2a9650c48f367d53fc842 Signed-off-by: Magnusen, Drew (dm741q) <dm741q@att.com>
2017-08-25Fix Sonar Blocker for Drools-ApplicationsMike Babinski1-12/+16
Add only the null check for pipResponse. Issue-ID: POLICY-111 Change-Id: I2721c759f27264ce164110a19ea8c649b74869df Signed-off-by: Mike Babinski <mb1915@att.com>
2017-08-23Fix Sonar Blockers for Drools-ApplicationsMike Babinski1-17/+8
Add null checks to protect against potential null exceptions. Issue-ID: POLICY-111 Change-Id: Ib079d1b48a6858332ea3eaa0e75a991f518a0f9a Signed-off-by: Mike Babinski <mb1915@att.com>
2017-08-18Code cleanup to resolve critical sonar issuesMagnusen, Drew (dm741q)4-30/+37
Code cleanup mostly involed directing the output of exception messages to the correct logger stream. Issue-ID: [POLICY-115] Change-Id: I2042bac3d3b0991a2ebed33421a73f1aa300c7c1 Signed-off-by: Magnusen, Drew (dm741q) <dm741q@att.com>
2017-08-15Policy-yaml changesTarun Tej Velaga1-29/+27
Changes to Policy-yaml and sdc projects based on changes from policy/engine. Issue-Id: POLICY-88 Change-Id: Ic1a58f00029b9a66db6980fc7732a2ac57390229 Signed-off-by: Tarun Tej Velaga <tt3868@att.com>
2017-07-25[POLICY-106] Removed unused function in the Guard projectMichael Borokhovich1-15/+0
Change-Id: I4d19514525142c0b688f4811b5b92d0767a7d8bd Signed-off-by: Michael Borokhovich <michael@research.att.com>
2017-07-24[POLICY-76] Remove/rename ATT internal stuffsGao, Chenfei (cg287m)3-3/+1
Change-Id: I251bd2c4f6852a563a4899024d138ebad6c52999 Signed-off-by: Gao, Chenfei (cg287m) <cgao@research.att.com>
2017-07-20[POLICY-76] Remove/rename ATT internal stuffsGao, Chenfei (cg287m)1-3/+3
Change-Id: I3ec4fa22e22e9fccf4b6783b3bc8c92da25e181f Signed-off-by: Gao, Chenfei (cg287m) <cgao@research.att.com>
2017-07-20[POLICY-80] Adding the Policy Guard featuresMichael Borokhovich4-74/+145
Two Policy Guard features added: Frequency-limiter and Blacklist. Change-Id: I48184ab0ae9760c9ea7594cd7346b456aa964d48 Signed-off-by: Michael Borokhovich <michael@research.att.com>
2017-06-29[POLICY-22] Reorganizing drools-appsGao, Chenfei (cg287m)18-0/+1667
Change-Id: I5f9bb3908f8d55c466dd847ae5e01a424e9ba364 Signed-off-by: Gao, Chenfei (cg287m) <chenfei.gao11@gmail.com> Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>