From fa09813ca39cbdb7a0ac6a38507d4ea96e28879f Mon Sep 17 00:00:00 2001 From: Michael Borokhovich Date: Thu, 20 Jul 2017 09:53:57 -0400 Subject: [POLICY-80] Adding the Policy Guard features Two Policy Guard features added: Frequency-limiter and Blacklist. Change-Id: I48184ab0ae9760c9ea7594cd7346b456aa964d48 Signed-off-by: Michael Borokhovich --- .../java/org/onap/policy/guard/CallGuardTask.java | 16 +-- .../org/onap/policy/guard/PIPEngineGetHistory.java | 75 +++++++------- .../guard/PolicyGuardXacmlRequestAttributes.java | 18 +++- .../onap/policy/guard/PolicyGuardYamlToXacml.java | 110 ++++++++++++++++----- 4 files changed, 145 insertions(+), 74 deletions(-) (limited to 'controlloop/common/guard/src/main') diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java index af81a3610..dbef0c433 100644 --- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java +++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/CallGuardTask.java @@ -18,7 +18,6 @@ * ============LICENSE_END========================================================= */ - package org.onap.policy.guard; import com.att.research.xacml.api.DataTypeException; @@ -34,16 +33,18 @@ public class CallGuardTask implements Runnable { WorkingMemory workingMemory; PDPEngine embeddedPdpEngine; String restfulPdpUrl; + String clname; String actor; String recipe; String target; String requestId; - public CallGuardTask(PDPEngine engine, String url, WorkingMemory wm, String act, String rec, String tar, String reqId) { + public CallGuardTask(PDPEngine engine, String url, WorkingMemory wm, String cl, String act, String rec, String tar, String reqId) { embeddedPdpEngine = engine; restfulPdpUrl = url; workingMemory = wm; + clname = cl; actor = act; recipe = rec; requestId = reqId; @@ -53,7 +54,7 @@ public class CallGuardTask implements Runnable { long startTime = System.nanoTime(); com.att.research.xacml.api.Request request = null; - PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes(actor, recipe, target, requestId); + PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes(clname, actor, recipe, target, requestId); try { request = RequestParser.parseRequest(xacmlReq); @@ -61,14 +62,7 @@ public class CallGuardTask implements Runnable { // TODO Auto-generated catch block e.printStackTrace(); } - /* - try { - Thread.sleep(2000); - } catch (InterruptedException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - */ + System.out.println("\n********** XACML REQUEST START ********"); System.out.println(request); diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PIPEngineGetHistory.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PIPEngineGetHistory.java index 99775dc3d..87eb5170f 100644 --- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PIPEngineGetHistory.java +++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PIPEngineGetHistory.java @@ -28,6 +28,8 @@ import java.util.Properties; import java.util.Set; import javax.persistence.EntityManager; +import javax.persistence.NoResultException; +import javax.persistence.NonUniqueResultException; import javax.persistence.Persistence; import javax.persistence.Query; @@ -97,9 +99,6 @@ public class PIPEngineGetHistory extends StdConfigurableEngine{ public PIPEngineGetHistory() { super(); - - System.out.println("HAHAHAHAHAHAHAHAHAHAHAHAHAHAHA"); - // TODO Auto-generated constructor stub } @@ -108,21 +107,19 @@ public class PIPEngineGetHistory extends StdConfigurableEngine{ @Override public Collection attributesRequired() { // TODO Auto-generated method stub - System.out.println("DADADADADADADADADADADADADA"); return null; } @Override public Collection attributesProvided() { // TODO Auto-generated method stub - System.out.println("GAGAGAGAGAGAGAGAGAGAGAGAGAGAGAGAGAGAG"); return null; } @Override public PIPResponse getAttributes(PIPRequest pipRequest, PIPFinder pipFinder) throws PIPException { // TODO Auto-generated method stub - System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - Entering FeqLimiter PIP!!!"); + System.out.println("Entering FeqLimiter PIP"); /* * First check to see if the issuer is set and then match it @@ -130,14 +127,14 @@ public class PIPEngineGetHistory extends StdConfigurableEngine{ String string; if ((string = pipRequest.getIssuer()) == null) { this.logger.debug("No issuer in the request..."); - System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - FeqLimiter PIP - No issuer in the request!!!"); + System.out.println("FeqLimiter PIP - No issuer in the request!"); return StdPIPResponse.PIP_RESPONSE_EMPTY; } else{ //Notice, we are checking here for the base issuer prefix. if (!string.contains(this.getIssuer())) { this.logger.debug("Requested issuer '" + string + "' does not match " + (this.getIssuer() == null ? "null" : "'" + this.getIssuer() + "'")); - System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - FeqLimiter PIP - Issuer "+ string +" does not match with: "+this.getIssuer()); + System.out.println("FeqLimiter PIP - Issuer "+ string +" does not match with: "+this.getIssuer()); return StdPIPResponse.PIP_RESPONSE_EMPTY; } } @@ -146,9 +143,6 @@ public class PIPEngineGetHistory extends StdConfigurableEngine{ String[] s2 = s1[1].split(":"); String timeWindowVal = s2[0];// number [of minutes, hours, days...] String timeWindowScale = s2[1];//e.g., minute, hour, day, week, month, year - - //System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - FeqLimiter PIP - Issuer " + string + " is OK - proceeding with the request!!!"); - //System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - FeqLimiter PIP - TimeWindow: " + timeWindowVal + " " + timeWindowScale); String actor = getActor(pipFinder).iterator().next(); String operation = getRecipe(pipFinder).iterator().next(); @@ -159,7 +153,6 @@ public class PIPEngineGetHistory extends StdConfigurableEngine{ System.out.println("Going to query DB about: "+actor + " " + operation + " " + target + " " + timeWindow); int countFromDB = getCountFromDB(actor, operation, target, timeWindow); - StdMutablePIPResponse stdPIPResponse = new StdMutablePIPResponse(); this.addIntegerAttribute(stdPIPResponse, @@ -175,26 +168,32 @@ public class PIPEngineGetHistory extends StdConfigurableEngine{ @Override public void configure(String id, Properties properties) throws PIPException { super.configure(id, properties); - //System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - Configuring FeqLimiter PIP!!!"); + if (this.getDescription() == null) { this.setDescription(DEFAULT_DESCRIPTION); } if (this.getIssuer() == null) { this.setIssuer(DEFAULT_ISSUER); } - /* - try{ - em = Persistence.createEntityManagerFactory("OperationsHistoryPU").createEntityManager();//emf.createEntityManager(); - }catch(Exception e){ - System.err.println("Freq limiter PIP got Exception " + e.getLocalizedMessage() + " Can't connect to Operations History DB."); - return; - } - */ - } + + private void addStringAttribute(StdMutablePIPResponse stdPIPResponse, Identifier category, Identifier attributeId, String value) { + if (value != null) { + AttributeValue attributeValue = null; + try { + attributeValue = DataTypes.DT_STRING.createAttributeValue(value); + } catch (Exception ex) { + //this.logger.error("Failed to convert " + value + " to an AttributeValue", ex); + } + if (attributeValue != null) { + stdPIPResponse.addAttribute(new StdMutableAttribute(category, attributeId, attributeValue, this.getIssuer(), false)); + } + } + } + private PIPResponse getAttribute(PIPRequest pipRequest, PIPFinder pipFinder) { PIPResponse pipResponse = null; @@ -305,20 +304,16 @@ public class PIPEngineGetHistory extends StdConfigurableEngine{ private static int getCountFromDB(String actor, String operation, String target, String timeWindow){ - long startTime = System.nanoTime(); + //long startTime = System.nanoTime(); - - EntityManager em; try{ - em = Persistence.createEntityManagerFactory("OperationsHistoryPU").createEntityManager();//emf.createEntityManager(); + em = Persistence.createEntityManagerFactory("OperationsHistoryPU").createEntityManager(); }catch(Exception e){ - System.err.println("Test thread got Exception " + e.getLocalizedMessage() + " Can't write to Operations History DB."); + System.err.println("PIP thread got Exception " + e.getLocalizedMessage() + " Can't connect to Operations History DB."); return -1; } - - //em.getTransaction().begin(); String sql = "select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor='" + actor + "' and operation='" @@ -332,19 +327,23 @@ public class PIPEngineGetHistory extends StdConfigurableEngine{ Query nq = em.createNativeQuery(sql); - int ret = ((Number)nq.getSingleResult()).intValue(); - - System.out.println("###########************** History count: " + ret); + int ret = -1; + try{ + ret = ((Number)nq.getSingleResult()).intValue(); + } + catch(NoResultException | NonUniqueResultException ex){ + System.err.println("PIP thread got Exception " + ex.getLocalizedMessage()); + return -1; + } - //em.getTransaction().commit(); - long estimatedTime = System.nanoTime() - startTime; - System.out.println("time took: " + (double)estimatedTime/1000/1000 + " mili sec."); + //System.out.println("###########************** History count: " + ret); + + //long estimatedTime = System.nanoTime() - startTime; + //System.out.println("time took: " + (double)estimatedTime/1000/1000 + " mili sec."); em.close(); - return ret; - - + return ret; } diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java index 4abb70f84..115108219 100644 --- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java +++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardXacmlRequestAttributes.java @@ -34,9 +34,10 @@ public class PolicyGuardXacmlRequestAttributes { - public PolicyGuardXacmlRequestAttributes(String actor_id, String operation_id, String target_id, + public PolicyGuardXacmlRequestAttributes(String clname_id, String actor_id, String operation_id, String target_id, String request_id) { super(); + this.clname_id = clname_id; this.actor_id = actor_id; this.operation_id = operation_id; this.target_id = target_id; @@ -59,6 +60,9 @@ public class PolicyGuardXacmlRequestAttributes { //@XACMLAction() //String action; + @XACMLSubject(includeInResults=true, attributeId="urn:oasis:names:tc:xacml:1.0:clname:clname-id") + String clname_id; + @XACMLSubject(includeInResults=true, attributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id") String actor_id; @@ -119,6 +123,18 @@ public class PolicyGuardXacmlRequestAttributes { public void setRequest_id(String request_id) { this.request_id = request_id; } + + + + public String getClname_id() { + return clname_id; + } + + + + public void setClname_id(String clname_id) { + this.clname_id = clname_id; + } diff --git a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardYamlToXacml.java b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardYamlToXacml.java index b9a7881b6..baf43b3b0 100644 --- a/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardYamlToXacml.java +++ b/controlloop/common/guard/src/main/java/org/onap/policy/guard/PolicyGuardYamlToXacml.java @@ -20,30 +20,33 @@ package org.onap.policy.guard; - import java.io.IOException; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; + import org.onap.policy.controlloop.policy.guard.ControlLoopGuard; + public class PolicyGuardYamlToXacml { public static void fromYamlToXacml(String yamlFile, String xacmlTemplate, String xacmlPolicyOutput){ ControlLoopGuard yamlGuardObject = Util.loadYamlGuard(yamlFile); - System.out.println("actor: " + yamlGuardObject.guards.getFirst().actor); - System.out.println("recipe: " + yamlGuardObject.guards.getFirst().recipe); - System.out.println("num: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().num); - System.out.println("duration: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().duration); - System.out.println("time_in_range: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range); + System.out.println("clname: " + yamlGuardObject.guards.getFirst().match_parameters.controlLoopName); + System.out.println("actor: " + yamlGuardObject.guards.getFirst().match_parameters.actor); + System.out.println("recipe: " + yamlGuardObject.guards.getFirst().match_parameters.recipe); + System.out.println("num: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().freq_limit_per_target); + System.out.println("duration: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_window); + System.out.println("time_in_range: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range); Path xacmlTemplatePath = Paths.get(xacmlTemplate); String xacmlTemplateContent; @@ -52,12 +55,14 @@ public class PolicyGuardYamlToXacml { xacmlTemplateContent = new String(Files.readAllBytes(xacmlTemplatePath)); String xacmlPolicyContent = generateXacmlGuard(xacmlTemplateContent, - yamlGuardObject.guards.getFirst().actor, - yamlGuardObject.guards.getFirst().recipe, - yamlGuardObject.guards.getFirst().limit_constraints.getFirst().num, - yamlGuardObject.guards.getFirst().limit_constraints.getFirst().duration, - yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range.get("arg2"), - yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range.get("arg3") + yamlGuardObject.guards.getFirst().match_parameters.controlLoopName, + yamlGuardObject.guards.getFirst().match_parameters.actor, + yamlGuardObject.guards.getFirst().match_parameters.recipe, + yamlGuardObject.guards.getFirst().match_parameters.targets, + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().freq_limit_per_target, + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_window, + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range.get("start"), + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range.get("end") ); @@ -73,20 +78,44 @@ public class PolicyGuardYamlToXacml { public static String generateXacmlGuard(String xacmlFileContent, + String clname, String actor, - String recipe, + String recipe, + LinkedList targets, Integer limit, Map timeWindow, String guardActiveStart, String guardActiveEnd) { - Pattern p = Pattern.compile("\\$\\{actor\\}"); + Pattern p = Pattern.compile("\\$\\{clname\\}"); Matcher m = p.matcher(xacmlFileContent); + if(isNullOrEmpty(clname)) clname = ".*"; + xacmlFileContent = m.replaceAll(clname); + + p = Pattern.compile("\\$\\{actor\\}"); + m = p.matcher(xacmlFileContent); + if(isNullOrEmpty(actor)) actor = ".*"; xacmlFileContent = m.replaceAll(actor); p = Pattern.compile("\\$\\{recipe\\}"); m = p.matcher(xacmlFileContent); + if(isNullOrEmpty(recipe)) recipe = ".*"; xacmlFileContent = m.replaceAll(recipe); + + p = Pattern.compile("\\$\\{targets\\}"); + m = p.matcher(xacmlFileContent); + String targetsRegex = ""; + if(isNullOrEmptyList(targets)){ + targetsRegex = ".*"; + } + else{ + for(String t : targets){ + targetsRegex += (t + "|"); + + } + targetsRegex = targetsRegex.substring(0, targetsRegex.length()-1); + } + xacmlFileContent = m.replaceAll(targetsRegex); p = Pattern.compile("\\$\\{limit\\}"); m = p.matcher(xacmlFileContent); @@ -118,16 +147,39 @@ public class PolicyGuardYamlToXacml { return xacmlFileContent; } + public static boolean isNullOrEmpty(String s){ + + if(s == null){ + return true; + } + else if(s.equals("")){ + return true; + } + return false; + + } + + public static boolean isNullOrEmptyList(LinkedList list){ + + if(list == null){ + return true; + } + else if(list.isEmpty()){ + return true; + } + return false; + + } public static void fromYamlToXacmlBlacklist(String yamlFile, String xacmlTemplate, String xacmlPolicyOutput){ ControlLoopGuard yamlGuardObject = Util.loadYamlGuard(yamlFile); - System.out.println("actor: " + yamlGuardObject.guards.getFirst().actor); - System.out.println("recipe: " + yamlGuardObject.guards.getFirst().recipe); - System.out.println("num: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().num); - System.out.println("duration: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().duration); - System.out.println("time_in_range: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range); + System.out.println("actor: " + yamlGuardObject.guards.getFirst().match_parameters.actor); + System.out.println("recipe: " + yamlGuardObject.guards.getFirst().match_parameters.recipe); + System.out.println("freq_limit_per_target: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().freq_limit_per_target); + System.out.println("time_window: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_window); + System.out.println("active_time_range: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range); Path xacmlTemplatePath = Paths.get(xacmlTemplate); String xacmlTemplateContent; @@ -136,11 +188,12 @@ public class PolicyGuardYamlToXacml { xacmlTemplateContent = new String(Files.readAllBytes(xacmlTemplatePath)); String xacmlPolicyContent = generateXacmlGuardBlacklist(xacmlTemplateContent, - yamlGuardObject.guards.getFirst().actor, - yamlGuardObject.guards.getFirst().recipe, + yamlGuardObject.guards.getFirst().match_parameters.controlLoopName, + yamlGuardObject.guards.getFirst().match_parameters.actor, + yamlGuardObject.guards.getFirst().match_parameters.recipe, yamlGuardObject.guards.getFirst().limit_constraints.getFirst().blacklist, - yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range.get("arg2"), - yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range.get("arg3") + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range.get("start"), + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range.get("end") ); @@ -154,18 +207,27 @@ public class PolicyGuardYamlToXacml { } public static String generateXacmlGuardBlacklist(String xacmlFileContent, + String clname, String actor, String recipe, List blacklist, String guardActiveStart, String guardActiveEnd) { - Pattern p = Pattern.compile("\\$\\{actor\\}"); + + Pattern p = Pattern.compile("\\$\\{clname\\}"); Matcher m = p.matcher(xacmlFileContent); + if(isNullOrEmpty(clname)) clname = ".*"; + xacmlFileContent = m.replaceAll(clname); + + p = Pattern.compile("\\$\\{actor\\}"); + m = p.matcher(xacmlFileContent); + if(isNullOrEmpty(actor)) actor = ".*"; xacmlFileContent = m.replaceAll(actor); p = Pattern.compile("\\$\\{recipe\\}"); m = p.matcher(xacmlFileContent); + if(isNullOrEmpty(recipe)) recipe = ".*"; xacmlFileContent = m.replaceAll(recipe); p = Pattern.compile("\\$\\{guardActiveStart\\}"); -- cgit 1.2.3-korg