Age | Commit message (Collapse) | Author | Files | Lines |
|
We know that we are not configuring an LDAP PIP in our
use of the XACML open source. The LDAP implementation
uses Apache Velocity, which uses a very old version
of commons-collections that has security issues. So
we can exclude commons-collections from the build.
Issue-ID: POLICY-504
Change-Id: I6d90731e601f58c8edaca6fe02df30ee2a090c2f
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
The naming of Maven modules in drools-applications was not
aligned with the directory structure in the git repository
of drools-applications. Therefore it was difficult to
see the strucutre of the repository in Eclipse and other
IDEs. This change amends the Maven module IDs to
reflect the repository directory structure.
This patch reset fixes the previos patch set, where many
references to maven modules internally in drools-applciations
were missed. See also changes in engine and docker repos.
Updated to reflect repo directory structure in maven
artifact groups.
Issue-ID: POLICY-238
Change-Id: I8ab1a7ecdb664045222bbbfda269135e3e449109
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
|
|
XACML was released with minor fixes for XML files with comments. Mainly
it contained upgrade to dependencies that had fixed security issues. One
still remains but will not be able to be fixed.
Issue-ID: POLICY-616
Change-Id: Ifaf4f92d8da878a1c49dff5fd028744d01999ff5
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
|
|
Upgrade httpclient to 4.5.5 - the latest version.
Issue-ID: POLICY-612
Change-Id: I5e79918bc447889b1dbcd1bf897c3324f6a0cc0d
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Sonar Critical error highlighted, with thrown execption not logged. The
exception is now logged.
Issue-ID: POLICY-455
Change-Id: If2969a4fe118d22dbd1fb11879ba028487848eb8
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
|
|
Unit test for guard added and technical debt removed.
Issue-ID: POLICY-455
Change-Id: I440766660ddae078013e21b1991ee49c8e488bb3
Signed-off-by: liamfallon <liam.fallon@ericsson.com>
|
|
Added a few junit files which test most functionality in the guard
submodule. Some minor bugs were found by the junits and fixed those
newly found bugs. Added persistence.xml for use by junits in guard.
Issue-ID: POLICY-490
Change-Id: Ied7e276cfd417e1f396b5a6685a2e9acc9efd109
Signed-off-by: Temoc Rodriguez <cr056n@att.com>
|
|
Bump minor version in preparation for Amsterdam
branching.
Change-Id: Ia7e97a72053a2d1cd10c0b9d5c179817c3ac7e23
Issue-ID: CIMAN-120
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
|
|
Released 1.1.1, now must bump patch by 1
Issue-ID: POLICY-436
Change-Id: I3f5e4c369575f6fe1fa06cabb96a5bd43cb11087
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Releasing v1.1.0 so need to update version to 1.1.1
Issue-ID: POLICY-436
Change-Id: I8b85de39bb3a32f5f4faeeb4fcdfb5d95291ae31
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Change-Id: I61c8d698f8cf984c648e510997498d41e7d9744a
Issue-ID: POLICY-433
Signed-off-by: Jorge Hernandez <jh1730@att.com>
|
|
Incoming values were not expanded in network logs for several
drools-applications. Current patch makes them more verbose.
Issue-ID: POLICY-410
Change-Id: I64bf88a3b39ea58dceaf24de698c8ae6a9a3f8b2
Signed-off-by: Magnusen, Drew (dm741q) <dm741q@att.com>
|
|
Added logger statments to network.log for AAI, SO,
PDPX Guard, and VFC for all inbound/outbound traffic.
Issue-Id: POLICY-356
Change-Id: I802d45d8136f987b4304baa8f17e166b1c8df165
Signed-off-by: Magnusen, Drew (dm741q) <dm741q@att.com>
|
|
Issue-ID: POLICY-292
Change-Id: Ia4d4fae4150ea12e46079aabb4bbf4e3c92c8d00
Signed-off-by: Hockla, Ali (ah999m) <ah999m@att.com>
|
|
Removed operation_history.properties / operations-history.properties.
Changed the properties in persistence.xml
so that it uses the correct values. Previously junit would never write
to db because the "guard.disabled" property was not set. Set this property.
Additionally the operationshistory10 table was trying to be created even
though it exists. These values work in junit code. Not tested on
rackspace yet.
Issue-ID: POLICY-345
Change-Id: Id755b3152ae6ac4991ea9c314154592ea0105070
Signed-off-by: Temoc Rodriguez <cr056n@att.com>
|
|
Added a check for when the guard response from pdp-x is not
200. When the response is unauthorized or forbidden, it will
have an empty body, try to convert to json, and throw an
exception. Added a null check on the response and returns
indeterminate in the case of an empty body.
Issue-ID: POLICY-280
Change-Id: I9d384472e230495130bd41d377e25b74fe9ea9bd
Signed-off-by: Temoc Rodriguez <cr056n@att.com>
|
|
Issue-ID: POLICY-292
Change-Id: Id53e9d3b6ba23b20d7e45d4d3b39f8092f126333
Signed-off-by: Hockla, Ali (ah999m) <ah999m@att.com>
|
|
|
|
Added guard authentication, client authentication, and environment http
headers to the pdp-x guard restful request. Properties are set to
PolicyEngine.manager. Property getter, setter, and properties in
guard/.../Util.java. Test properties defined in junits themselves. Added
code from GuardContext.java to grab the properties and make restful request.
PolicyGuardXacmlHelper now closely resembles GuardContext in order to mimic
functionality. Guard url no longer is passed into CallGuardTask, it is now
a property.
Issue-ID: POLICY-260
Change-Id: I5b144764828b6da0e7b738a578e4f6596a0f4f36
Signed-off-by: Temoc Rodriguez <cr056n@att.com>
|
|
Fix major sonar issues in policy/drools-applications module
https://sonar.onap.org/component_issues?id=org.onap.policy.drools-applications%3Adrools-pdp-apps#resolved=false|severities=MAJOR|rules=squid%3AS1161
Added "@Override" annotation above this method signature.
Issue-Id:POLICY-239
Change-Id: I578d0e740a6c04ba02df400a3abc99f9b774908a
Signed-off-by: shashikanth.vh <shashikanth.vh@huawei.com>
|
|
Added a guard simulator that can permit or deny (it sends a deny if the
clname is denyGuard). Added responses to the AAI simulator to set the
is-closed-loop-disabled to true (use a get query with a key of
disableClosedLoop). Changed the content-type of all responses to
application/json.
Issue-ID: POLICY-256
Change-Id: If84813968d3ea59d9ebe029caa69f444a1f413c8
Signed-off-by: Charles Cole <cc847m@att.com>
|
|
Removed the embedded guard decision and replace with restful call to
xacml pdp to restore guard functionality. Set guard URL with PolicyEngine env properties. Modified templates accordingly.
Issue-Id: POLICY-260
Change-Id: Ic1558a6ebdd5f6d1b74a748f69433f6213dbf984
Signed-off-by: Temoc Rodriguez <cr056n@att.com>
Signed-off-by: Hockla, Ali (ah999m) <ah999m@att.com>
|
|
Last transient/serializable issues.
Throw a dedicated exception for DateUtil class
Unused imports
Make the enclosing method "static" or remove this set.
Issue-ID: POLICY-115
Change-Id: I366f85922c4d4d290b320e0b88678c805de59872
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Either re-interrupt this method or rethrow Exception
Transient/Serializable issues
Unused imports
logging exceptions
Issue-ID: POLICY-115
Change-Id: I4c8a0c780e2f6c6e8218c1457f18470f7d95919c
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
|
|
This is work in progress, the official pom.xml with dependencies,
drl template, and support files for controller deployment
are maintained here. In the near future the junit template
should be consolidated with this one.
Added controlloop.properties.environment, this environment file
will be populated at installation time with the lab's aai url,
etc .. and will be accessible by any drools application such as
control loops through the PolicyEngine interface. Note that PDP-D
server already supports these environment files, so it is just natural.
Therefore, this is the default mechanism to provide to applications, the url, username,
and passwords to use at runtime by the control loops for the time being.
In the future MSB could set them globally here through existing APIs,
or it can be queried by any drools application using MSB library,
doesn't matter.
There's been some trouble playing nicely with the dependencies used
by a control loop application classsloader, and the pdp-d middleware one,
causing issues between dependencies version of libraries. Specifically,
the snakeyaml library does not play well across classloader when using
constructor functionality, note that the snakeyaml libraries are pulled
also from jackson parsers used in the pdp-d. I made a change in ControlLoopProcessor
to specifically tell the "Yaml" object which classloader to use in order to
find the class with the constructor that is intended to be built, otherwise,
yaml libraries use a different classloader that does not have visibility
into the ControlLoopPolicy that is trying to construct, and fails. This also
should respect junits that use the same classloader I pressume and does not
give issues.
Change-Id: I36271d29cdbf8ff861f9c03ff91cf7116927906a
Issue-ID: POLICY-162
Signed-off-by: Jorge Hernandez <jh1730@att.com>
|
|
Move credential information out of persistence.xml. Define properties
file which will contain the credentials instead. Access db using new
properties file.
Issue-ID: POLICY-55
Change-Id: I01ad0611c053ad4285de2a225fca7920a3b1bc8f
Signed-off-by: Temoc Rodriguez <cr056n@att.com>
|
|
Fix nullPointerException by changing return values of attributesProvided
and attributesRequired from null to empty Set.
Issue-ID: POLICY-55
Change-Id: I9516a9bcad591cc582834cb49fa54e58a1f45a47
Signed-off-by: Temoc Rodriguez <cr056n@att.com>
|
|
Fixing sonar critical to make this simple class serializable.
Issue-ID: POLICY-115
Change-Id: I6a3cf8b1c8c27f434e26d9f2909b2ef38c72825b
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|
|
Rebased and fixed merge conflicts
Issue-ID: POLICY-102
Change-Id: Icc36a2cf6391aa9137593bc04f0d4543798b7ccd
Signed-off-by: Ali Hockla <ah999m@att.com>
Signed-off-by: Hockla, Ali (ah999m) <ah999m@att.com>
Signed-off-by: HOCKLA <ah999m@att.com>
Signed-off-by: Hockla, Ali (ah999m) <ah999m@att.com>
|
|
Add in-mem specification in test/resources/META-INF/persistence.xml for junit. Use system properties to choose
which db to use. Removed named parameters in PIPEngineHistory.java. Change
6.3.0 versions of drools-core to 6.5.0 in pom. Make PIPEngineGetHistory
query more general. Increased sleep times in junit.
Issue-ID: POLICY-55
Change-Id: I6bc65fd88c43c4e7143f27a7e6d8666c2c4df060
Signed-off-by: Temoc Rodriguez <cr056n@att.com>
|
|
|
|
Issue-ID: POLICY-111
Add null check for pipResponse right before null check of pipResponse.gitAttributes().
Change-Id: Iba52791da1aae6900ab4dd4bb6286c3ac00e00a4
Signed-off-by: Mike Babinski <mb1915@att.com>
|
|
This also includes workarounds to the recent oparent dependency
introduction that breaks runtime (with the version-check-maven-plugin).
manifested by loading control loops and failing to load some classes
due to different versions.
The issue was that underlying drools libraries use 3.2.5 and oparent
has included a had dependency with transitive dependencies for some maven
libraries in 3.2.3 and lower version xml parsers. Bottomoline, the
classpath at runtime was formed by the union of both, with some
libraries being resolved to the oparent one, and others to the drools
one. These errors are very obscured to debug.
Additional clean up of dependencies versions and order of build
was introduced to avoid issues loading dependencies at runtime in a
lab environment (non-junit)..
Issue-ID: POLICY-162
Change-Id: I019c82e6bed4eab4884cdbf8f6f32472c3a7352f
Signed-off-by: Jorge Hernandez <jh1730@att.com>
|
|
Removed any use of System.out.println or System.err.println
and replaced with relevant logger statements.
Issue-ID: POLICY-176
Change-Id: I91513267635bfb2a34f2a9650c48f367d53fc842
Signed-off-by: Magnusen, Drew (dm741q) <dm741q@att.com>
|
|
Add only the null check for pipResponse.
Issue-ID: POLICY-111
Change-Id: I2721c759f27264ce164110a19ea8c649b74869df
Signed-off-by: Mike Babinski <mb1915@att.com>
|
|
Add null checks to protect against potential null exceptions.
Issue-ID: POLICY-111
Change-Id: Ib079d1b48a6858332ea3eaa0e75a991f518a0f9a
Signed-off-by: Mike Babinski <mb1915@att.com>
|
|
Code cleanup mostly involed directing the output of exception messages
to the correct logger stream.
Issue-ID: [POLICY-115]
Change-Id: I2042bac3d3b0991a2ebed33421a73f1aa300c7c1
Signed-off-by: Magnusen, Drew (dm741q) <dm741q@att.com>
|
|
Changes to Policy-yaml and sdc projects based on changes from policy/engine.
Issue-Id: POLICY-88
Change-Id: Ic1a58f00029b9a66db6980fc7732a2ac57390229
Signed-off-by: Tarun Tej Velaga <tt3868@att.com>
|
|
Change-Id: I4d19514525142c0b688f4811b5b92d0767a7d8bd
Signed-off-by: Michael Borokhovich <michael@research.att.com>
|
|
Change-Id: I251bd2c4f6852a563a4899024d138ebad6c52999
Signed-off-by: Gao, Chenfei (cg287m) <cgao@research.att.com>
|
|
Change-Id: I3ec4fa22e22e9fccf4b6783b3bc8c92da25e181f
Signed-off-by: Gao, Chenfei (cg287m) <cgao@research.att.com>
|
|
Two Policy Guard features added: Frequency-limiter and Blacklist.
Change-Id: I48184ab0ae9760c9ea7594cd7346b456aa964d48
Signed-off-by: Michael Borokhovich <michael@research.att.com>
|
|
Change-Id: I5f9bb3908f8d55c466dd847ae5e01a424e9ba364
Signed-off-by: Gao, Chenfei (cg287m) <chenfei.gao11@gmail.com>
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
|