From fa9ed5f98a4eed3d82a440b719dd1db184260e94 Mon Sep 17 00:00:00 2001 From: Temoc Rodriguez Date: Tue, 19 Sep 2017 11:13:34 -0700 Subject: Implement restful call to xacml pdp guard Removed the embedded guard decision and replace with restful call to xacml pdp to restore guard functionality. Set guard URL with PolicyEngine env properties. Modified templates accordingly. Issue-Id: POLICY-260 Change-Id: Ic1558a6ebdd5f6d1b74a748f69433f6213dbf984 Signed-off-by: Temoc Rodriguez Signed-off-by: Hockla, Ali (ah999m) --- .../src/main/resources/__closedLoopControlName__.drl | 5 ++--- controlloop/templates/template.demo/pom.xml | 6 ++++++ .../src/main/resources/ControlLoop_Template_xacml_guard.drl | 5 ++--- .../onap/policy/template/demo/ControlLoopXacmlGuardTest.java | 10 ++++++---- .../template.demo/src/test/resources/META-INF/persistence.xml | 2 +- 5 files changed, 17 insertions(+), 11 deletions(-) (limited to 'controlloop/templates') diff --git a/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl b/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl index 5e90f052d..a2939a0bf 100644 --- a/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl +++ b/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl @@ -627,7 +627,6 @@ rule "${policyName}.EVENT.MANAGER.OPERATION.LOCKED.GUARD_NOT_YET_QUERIED" if(guardEnabled){ Thread t = new Thread(new org.onap.policy.guard.CallGuardTask( - null, PolicyEngine.manager.getEnvironmentProperty("guard.url"), drools.getWorkingMemory(), $event.closedLoopControlName, @@ -667,7 +666,7 @@ rule "${policyName}.GUARD.RESPONSE" //we will permit the operation if there was no Guard for it - if($guardResponse.result == "Indeterminate"){ + if("Indeterminate".equals($guardResponse.result)){ $guardResponse.result = "Permit"; } @@ -685,7 +684,7 @@ rule "${policyName}.GUARD.RESPONSE" PolicyEngine.manager.deliver("POLICY-CL-MGT", notification); - if($guardResponse.result == "Permit"){ + if("Permit".equals($guardResponse.result)){ modify($operation){setGuardApprovalStatus($guardResponse.result)}; } diff --git a/controlloop/templates/template.demo/pom.xml b/controlloop/templates/template.demo/pom.xml index d3d3ef0ab..69c2da80e 100644 --- a/controlloop/templates/template.demo/pom.xml +++ b/controlloop/templates/template.demo/pom.xml @@ -203,5 +203,11 @@ ${project.version} test + + org.onap.policy.drools-pdp + policy-management + 1.1.0-SNAPSHOT + provided + diff --git a/controlloop/templates/template.demo/src/main/resources/ControlLoop_Template_xacml_guard.drl b/controlloop/templates/template.demo/src/main/resources/ControlLoop_Template_xacml_guard.drl index 82899f08b..ff184b385 100644 --- a/controlloop/templates/template.demo/src/main/resources/ControlLoop_Template_xacml_guard.drl +++ b/controlloop/templates/template.demo/src/main/resources/ControlLoop_Template_xacml_guard.drl @@ -589,7 +589,6 @@ rule "${policyName}.EVENT.MANAGER.OPERATION.LOCKED.GUARD_NOT_YET_QUERIED" if(guardEnabled){ Thread t = new Thread(new org.onap.policy.guard.CallGuardTask( - XacmlPdpEngine, "", drools.getWorkingMemory(), $event.closedLoopControlName, @@ -636,7 +635,7 @@ rule "${policyName}.GUARD.RESPONSE" //we will permit the operation if there was no Guard for it - if($guardResponse.result == "Indeterminate"){ + if("Indeterminate".equals($guardResponse.result)){ $guardResponse.result = "Permit"; } @@ -655,7 +654,7 @@ rule "${policyName}.GUARD.RESPONSE" - if($guardResponse.result == "Permit"){ + if("Permit".equals($guardResponse.result)){ modify($operation){setGuardApprovalStatus($guardResponse.result)}; } diff --git a/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/ControlLoopXacmlGuardTest.java b/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/ControlLoopXacmlGuardTest.java index 64ad490b2..5fe2f6222 100644 --- a/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/ControlLoopXacmlGuardTest.java +++ b/controlloop/templates/template.demo/src/test/java/org/onap/policy/template/demo/ControlLoopXacmlGuardTest.java @@ -47,6 +47,7 @@ import org.onap.policy.controlloop.VirtualControlLoopEvent; import org.onap.policy.controlloop.VirtualControlLoopNotification; import org.onap.policy.controlloop.policy.ControlLoopPolicy; import org.onap.policy.controlloop.policy.TargetType; +import org.onap.policy.drools.system.PolicyEngine; import org.onap.policy.drools.http.server.HttpServletServer; import org.onap.policy.drools.impl.PolicyEngineJUnitImpl; import org.onap.policy.guard.PolicyGuard; @@ -75,6 +76,7 @@ public class ControlLoopXacmlGuardTest { @BeforeClass public static void setPUProp(){ System.setProperty(OPSHISTPUPROP, "TestOperationsHistoryPU"); + PolicyEngine.manager.setEnvironmentProperty("guard.url", "http://127.0.0.1:8443/pdp"); } @AfterClass public static void restorePUProp(){ @@ -171,7 +173,7 @@ public class ControlLoopXacmlGuardTest { assertTrue(obj instanceof VirtualControlLoopNotification); assertTrue(((VirtualControlLoopNotification)obj).notification.equals(ControlLoopNotificationType.OPERATION)); - Thread.sleep(4000); + Thread.sleep(2*4000); // "Response from Guard" notification obj = engine.subscribe("UEB", "POLICY-CL-MGT"); assertNotNull(obj); @@ -210,7 +212,7 @@ public class ControlLoopXacmlGuardTest { assertTrue(obj instanceof VirtualControlLoopNotification); assertTrue(((VirtualControlLoopNotification)obj).notification.equals(ControlLoopNotificationType.OPERATION)); - Thread.sleep(4000); + Thread.sleep(2*4000); // "Response from Guard" notification obj = engine.subscribe("UEB", "POLICY-CL-MGT"); @@ -238,7 +240,7 @@ public class ControlLoopXacmlGuardTest { assertTrue(obj instanceof VirtualControlLoopNotification); assertTrue(((VirtualControlLoopNotification)obj).notification.equals(ControlLoopNotificationType.OPERATION)); - Thread.sleep(1000); + Thread.sleep(2*1000); obj = engine.subscribe("UEB", "APPC-CL"); assertNotNull(obj); @@ -277,7 +279,7 @@ public class ControlLoopXacmlGuardTest { // // now wait for it to finish // - Thread.sleep(15000); + Thread.sleep(2*15000); // // Ensure they released the lock // diff --git a/controlloop/templates/template.demo/src/test/resources/META-INF/persistence.xml b/controlloop/templates/template.demo/src/test/resources/META-INF/persistence.xml index c3740d0b2..820874105 100644 --- a/controlloop/templates/template.demo/src/test/resources/META-INF/persistence.xml +++ b/controlloop/templates/template.demo/src/test/resources/META-INF/persistence.xml @@ -14,7 +14,7 @@ - + -- cgit 1.2.3-korg