diff options
| author |   Tarun Tej Velaga <tt3868@att.com> | 2017-07-24 17:13:43 +0000 |
|---|---|---|
| committer | Tarun Tej Velaga <tt3868@att.com> | 2017-07-25 14:23:59 +0000 |
| commit | e92ff832cf993db876f22b2d27562fedf59f5043 (patch) | |
| tree | 47429eeaaf4241905d7ea1f71dbdb5c2d0504618 /ECOMP-PAP-REST/src/main | |
| parent | 570290dc6ba8198e653022c2f6f8e5d01cfa8d1b (diff) | |
[Policy-52, Policy-92, Policy-93] Policy Enhancements and bugfixes
Change-Id: I5675cf4527e17963b3142cf7184c0df31a766197
Signed-off-by: Tarun Tej Velaga <tt3868@att.com>
Diffstat (limited to 'ECOMP-PAP-REST/src/main')
19 files changed, 179 insertions, 162 deletions
diff --git a/ECOMP-PAP-REST/src/main/java/hibernate.cfg.xml b/ECOMP-PAP-REST/src/main/java/hibernate.cfg.xml deleted file mode 100644 index e2ba058e8..000000000 --- a/ECOMP-PAP-REST/src/main/java/hibernate.cfg.xml +++ /dev/null @@ -1,82 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - ============LICENSE_START======================================================= - ECOMP-PAP-REST - ================================================================================ - Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ============LICENSE_END========================================================= - --> - - -<!DOCTYPE hibernate-configuration SYSTEM - "classpath://org/hibernate/hibernate-configuration-3.0.dtd"> - -<hibernate-configuration> - <session-factory> - - <!-- Hibernate JPA Mapping Classes --> - <mapping class="org.openecomp.policy.rest.jpa.Attribute"/> - <mapping class="org.openecomp.policy.rest.jpa.ActionPolicyDict"/> - <mapping class="org.openecomp.policy.rest.jpa.ActionList"/> - <mapping class="org.openecomp.policy.rest.jpa.AddressGroup"/> - <mapping class="org.openecomp.policy.rest.jpa.BRMSParamTemplate"/> - <mapping class="org.openecomp.policy.rest.jpa.Category"/> - <mapping class="org.openecomp.policy.rest.jpa.ClosedLoopD2Services"/> - <mapping class="org.openecomp.policy.rest.jpa.ClosedLoopSite"/> - <mapping class="org.openecomp.policy.rest.jpa.ConstraintType"/> - <mapping class="org.openecomp.policy.rest.jpa.ConstraintValue"/> - <mapping class="org.openecomp.policy.rest.jpa.Datatype"/> - <mapping class="org.openecomp.policy.rest.jpa.DCAEuuid"/> - <mapping class="org.openecomp.policy.rest.jpa.DecisionSettings"/> - <mapping class="org.openecomp.policy.rest.jpa.RainyDayTreatments"/> - <mapping class="org.openecomp.policy.rest.jpa.DescriptiveScope"/> - <mapping class="org.openecomp.policy.rest.jpa.EcompName"/> - <mapping class="org.openecomp.policy.rest.jpa.EnforcingType"/> - <mapping class="org.openecomp.policy.rest.jpa.FirewallDictionaryList"/> - <mapping class="org.openecomp.policy.rest.jpa.FWTag"/> - <mapping class="org.openecomp.policy.rest.jpa.FWTagPicker"/> - <mapping class="org.openecomp.policy.rest.jpa.FunctionDefinition"/> - <mapping class="org.openecomp.policy.rest.jpa.FunctionArgument"/> - <mapping class="org.openecomp.policy.rest.jpa.GroupPolicyScopeList"/> - <mapping class="org.openecomp.policy.rest.jpa.GroupServiceList"/> - <mapping class="org.openecomp.policy.rest.jpa.MicroServiceConfigName"/> - <mapping class="org.openecomp.policy.rest.jpa.MicroServiceLocation"/> - <mapping class="org.openecomp.policy.rest.jpa.MicroServiceModels"/> - <mapping class="org.openecomp.policy.rest.jpa.PEPOptions"/> - <mapping class="org.openecomp.policy.rest.jpa.PolicyScopeClosedLoop"/> - <mapping class="org.openecomp.policy.rest.jpa.PolicyScopeResource"/> - <mapping class="org.openecomp.policy.rest.jpa.PolicyScopeType"/> - <mapping class="org.openecomp.policy.rest.jpa.PolicyScopeService"/> - <mapping class="org.openecomp.policy.rest.jpa.PolicyEditorScopes"/> - <mapping class="org.openecomp.policy.rest.jpa.PolicyVersion"/> - <mapping class="org.openecomp.policy.rest.jpa.PortList"/> - <mapping class="org.openecomp.policy.rest.jpa.PrefixList"/> - <mapping class="org.openecomp.policy.rest.jpa.ProtocolList"/> - <mapping class="org.openecomp.policy.rest.jpa.ServiceList"/> - <mapping class="org.openecomp.policy.rest.jpa.SecurityZone"/> - <mapping class="org.openecomp.policy.rest.jpa.TermList"/> - <mapping class="org.openecomp.policy.rest.jpa.UserInfo"/> - <mapping class="org.openecomp.policy.rest.jpa.VarbindDictionary"/> - <mapping class="org.openecomp.policy.rest.jpa.VNFType"/> - <mapping class="org.openecomp.policy.rest.jpa.VSCLAction"/> - <mapping class="org.openecomp.policy.rest.jpa.Zone"/> - <mapping class="org.openecomp.policy.rest.jpa.RiskType"/> - <mapping class="org.openecomp.policy.rest.jpa.SafePolicyWarning"/> - <mapping class="org.openecomp.policy.rest.jpa.ClosedLoops"/> - <mapping class="org.openecomp.policy.rest.jpa.BRMSController"/> - <mapping class="org.openecomp.policy.rest.jpa.BRMSDependency"/> - <mapping class="org.openecomp.policy.rest.jpa.MicroServiceAttribute"/> - </session-factory> -</hibernate-configuration> diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/DecisionPolicy.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/DecisionPolicy.java index 180b989e7..5a566c9bd 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/DecisionPolicy.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/DecisionPolicy.java @@ -50,6 +50,7 @@ import org.openecomp.policy.controlloop.policy.guard.Constraint; import org.openecomp.policy.controlloop.policy.guard.ControlLoopGuard; import org.openecomp.policy.controlloop.policy.guard.Guard; import org.openecomp.policy.controlloop.policy.guard.GuardPolicy; +import org.openecomp.policy.controlloop.policy.guard.MatchParameters; import org.openecomp.policy.controlloop.policy.guard.builder.ControlLoopGuardBuilder; import org.openecomp.policy.pap.xacml.rest.XACMLPapServlet; import org.openecomp.policy.pap.xacml.rest.util.JPAUtils; @@ -57,6 +58,7 @@ import org.openecomp.policy.rest.adapter.PolicyRestAdapter; import org.openecomp.policy.rest.jpa.Datatype; import org.openecomp.policy.rest.jpa.DecisionSettings; import org.openecomp.policy.rest.jpa.FunctionDefinition; +import org.openecomp.policy.utils.PolicyUtils; import org.openecomp.policy.xacml.api.XACMLErrorConstants; import org.openecomp.policy.xacml.std.pip.engines.aaf.AAFEngine; import org.openecomp.policy.xacml.util.XACMLPolicyScanner; @@ -86,7 +88,7 @@ public class DecisionPolicy extends Policy { private static final Logger LOGGER = FlexLogger.getLogger(DecisionPolicy.class); public static final String FUNCTION_NOT = "urn:oasis:names:tc:xacml:1.0:function:not"; - private static final String AAFProvider = "AAF"; + private static final String AAFPROVIDER = "AAF"; public static final String GUARD_YAML = "GUARD_YAML"; public static final String GUARD_BL_YAML = "GUARD_BL_YAML"; public static final String RAINY_DAY = "Rainy_Day"; @@ -200,7 +202,7 @@ public class DecisionPolicy extends Policy { allOf.getMatch().add(createMatch(ECOMPNAME, (policyAdapter.getEcompName()))); Map<String, String> dynamicFieldComponentAttributes = policyAdapter.getDynamicFieldConfigAttributes(); - if(policyAdapter.getRuleProvider()!=null && policyAdapter.getRuleProvider().equals(AAFProvider)){ + if(policyAdapter.getRuleProvider()!=null && policyAdapter.getRuleProvider().equals(AAFPROVIDER)){ dynamicFieldComponentAttributes = new HashMap<>(); } @@ -221,9 +223,7 @@ public class DecisionPolicy extends Policy { decisionPolicy.setTarget(target); Map<String, String> dynamicFieldDecisionSettings = policyAdapter.getDynamicSettingsMap(); - - //dynamicVariableList = policyAdapter.getDynamicVariableList(); - if(policyAdapter.getRuleProvider()!=null && policyAdapter.getRuleProvider().equals(AAFProvider)){ + if(policyAdapter.getRuleProvider()!=null && policyAdapter.getRuleProvider().equals(AAFPROVIDER)){ dynamicFieldDecisionSettings = new HashMap<>(); } @@ -231,13 +231,10 @@ public class DecisionPolicy extends Policy { for (String keyField : dynamicFieldDecisionSettings.keySet()) { String key = keyField; String value = dynamicFieldDecisionSettings.get(key); - //String dataType = (String) dynamicVariableList.get(counter); String dataType = getDataType(key); VariableDefinitionType dynamicVariable = createDynamicVariable(key, value, dataType); decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(dynamicVariable); } - - Map<String, String> dynamicFieldTreatmentAttributes = policyAdapter.getRainydayMap(); if(policyAdapter.getRuleProvider().equals(RAINY_DAY)){ @@ -252,24 +249,39 @@ public class DecisionPolicy extends Policy { } } - setPreparedToSave(true); return true; } - public PolicyType getGuardPolicy(Map<String, String> yamlParams, String ruleProvider) { + public PolicyType getGuardPolicy(Map<String, String> yamlParams, String ruleProvider) throws BuilderException{ try { ControlLoopGuardBuilder builder = ControlLoopGuardBuilder.Factory.buildControlLoopGuard(new Guard()); - GuardPolicy policy1 = new GuardPolicy((policyAdapter.getUuid()!=null? policyAdapter.getUuid(): UUID.randomUUID().toString()) ,yamlParams.get(POLICY_NAME), yamlParams.get(DESCRIPTION), yamlParams.get("actor"), yamlParams.get("recipe")); + MatchParameters matchParameters = new MatchParameters(yamlParams.get("actor"), yamlParams.get("recipe")); + matchParameters.setControlLoopName(yamlParams.get("clname")); + if(yamlParams.containsKey("targets")){ + String targetString = yamlParams.get("targets"); + List<String> targets = null; + if(targetString!=null && !targetString.isEmpty()){ + if (targetString.contains(",")){ + targets = Arrays.asList(targetString.split(",")); + } + else{ + targets = new ArrayList<>(); + targets.add(targetString); + } + } + matchParameters.setTargets(targets); + } + GuardPolicy policy1 = new GuardPolicy((policyAdapter.getUuid()!=null? policyAdapter.getUuid(): UUID.randomUUID().toString()) ,yamlParams.get(POLICY_NAME), yamlParams.get(DESCRIPTION), matchParameters); builder = builder.addGuardPolicy(policy1); - Map<String, String> time_in_range = new HashMap<>(); - time_in_range.put("arg2", yamlParams.get("guardActiveStart")); - time_in_range.put("arg3", yamlParams.get("guardActiveEnd")); + Map<String, String> activeTimeRange = new HashMap<>(); + activeTimeRange.put("start", yamlParams.get("guardActiveStart")); + activeTimeRange.put("end", yamlParams.get("guardActiveEnd")); String blackListString = yamlParams.get("blackList"); List<String> blackList = null; if(blackListString!=null){ if (blackListString.contains(",")){ - blackList = Arrays.asList(blackListString.split(",")); + blackList = Arrays.asList(blackListString.split(",")); } else{ blackList = new ArrayList<>(); @@ -278,18 +290,30 @@ public class DecisionPolicy extends Policy { } File templateFile; Path xacmlTemplatePath; - Constraint cons; ClassLoader classLoader = getClass().getClassLoader(); + Constraint cons = new Constraint(); switch (ruleProvider){ case GUARD_BL_YAML: templateFile = new File(classLoader.getResource(XACML_BLGUARD_TEMPLATE).getFile()); xacmlTemplatePath = templateFile.toPath(); - cons = new Constraint(time_in_range,blackList); + cons.setActive_time_range(activeTimeRange); + cons.setBlacklist(blackList); break; default: templateFile = new File(classLoader.getResource(XACML_GUARD_TEMPLATE).getFile()); xacmlTemplatePath = templateFile.toPath(); - cons = new Constraint(Integer.parseInt(yamlParams.get("limit")), yamlParams.get("timeWindow"), time_in_range); + Map<String,String> timeWindow = new HashMap<>(); + if(!PolicyUtils.isInteger(yamlParams.get("timeWindow"))){ + throw new BuilderException("time window is not in Integer format."); + } + String timeUnits = yamlParams.get("timeUnits"); + if(timeUnits==null || !(timeUnits.equalsIgnoreCase("minute") || timeUnits.equalsIgnoreCase("hour") || timeUnits.equalsIgnoreCase("day") + || timeUnits.equalsIgnoreCase("week") || timeUnits.equalsIgnoreCase("month")||timeUnits.equalsIgnoreCase("year"))){ + throw new BuilderException("time Units is not in proper format."); + } + timeWindow.put("value", yamlParams.get("timeWindow")); + timeWindow.put("units", yamlParams.get("timeUnits")); + cons = new Constraint(Integer.parseInt(yamlParams.get("limit")),timeWindow,activeTimeRange); break; } builder = builder.addLimitConstraint(policy1.getId(), cons); @@ -297,7 +321,6 @@ public class DecisionPolicy extends Policy { Results results = builder.buildSpecification(); // YAML TO XACML ControlLoopGuard yamlGuardObject = SafePolicyBuilder.loadYamlGuard(results.getSpecification()); - String xacmlTemplateContent; try { xacmlTemplateContent = new String(Files.readAllBytes(xacmlTemplatePath)); @@ -305,25 +328,28 @@ public class DecisionPolicy extends Policy { yamlSpecs.put(POLICY_NAME, yamlParams.get(POLICY_NAME)); yamlSpecs.put(DESCRIPTION, yamlParams.get(DESCRIPTION)); yamlSpecs.put(ECOMPNAME, yamlParams.get(ECOMPNAME)); - yamlSpecs.put("actor", yamlGuardObject.getGuards().getFirst().getActor()); - yamlSpecs.put("recipe", yamlGuardObject.getGuards().getFirst().getRecipe()); - if(yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getNum()!=null){ - yamlSpecs.put("limit", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getNum().toString()); + yamlSpecs.put("actor", yamlGuardObject.getGuards().getFirst().getMatch_parameters().getActor()); + yamlSpecs.put("recipe", yamlGuardObject.getGuards().getFirst().getMatch_parameters().getRecipe()); + yamlSpecs.put("clname", yamlGuardObject.getGuards().getFirst().getMatch_parameters().getControlLoopName()); + if(yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getFreq_limit_per_target()!=null){ + yamlSpecs.put("limit", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getFreq_limit_per_target().toString()); } - if(yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getDuration()!=null){ - yamlSpecs.put("timeWindow", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getDuration()); + if(yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getTime_window()!=null){ + yamlSpecs.put("twValue", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getTime_window().get("value")); + yamlSpecs.put("twUnits", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getTime_window().get("units")); } - yamlSpecs.put("guardActiveStart", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getTime_in_range().get("arg2")); - yamlSpecs.put("guardActiveEnd", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getTime_in_range().get("arg3")); - String xacmlPolicyContent = SafePolicyBuilder.generateXacmlGuard(xacmlTemplateContent,yamlSpecs, yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getBlacklist()); + yamlSpecs.put("guardActiveStart", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getActive_time_range().get("start")); + yamlSpecs.put("guardActiveEnd", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getActive_time_range().get("end")); + String xacmlPolicyContent = SafePolicyBuilder.generateXacmlGuard(xacmlTemplateContent,yamlSpecs, yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getBlacklist(), yamlGuardObject.getGuards().getFirst().getMatch_parameters().getTargets()); // Convert the Policy into Stream input to Policy Adapter. Object policy = XACMLPolicyScanner.readPolicy(new ByteArrayInputStream(xacmlPolicyContent.getBytes(StandardCharsets.UTF_8))); return (PolicyType) policy; } catch (IOException e) { - LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage() + e); + LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage() , e); } } catch (BuilderException e) { - LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage() +e); + LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage() ,e); + throw e; } return null; } @@ -384,7 +410,7 @@ public class DecisionPolicy extends Policy { dynamicFieldTwoRuleAlgorithms = policyAdapter.getDynamicRuleAlgorithmField2(); dropDownMap = createDropDownMap(); - if(policyAdapter.getRuleProvider()!=null && policyAdapter.getRuleProvider().equals(AAFProvider)){ + if(policyAdapter.getRuleProvider()!=null && policyAdapter.getRuleProvider().equals(AAFPROVIDER)){ // Values for AAF Provider are here for XML Creation. ConditionType condition = new ConditionType(); ApplyType decisionApply = new ApplyType(); @@ -427,7 +453,7 @@ public class DecisionPolicy extends Policy { if(!permitRule){ AdviceExpressionsType adviceExpressions = new AdviceExpressionsType(); AdviceExpressionType adviceExpression = new AdviceExpressionType(); - adviceExpression.setAdviceId(AAFProvider); + adviceExpression.setAdviceId(AAFPROVIDER); adviceExpression.setAppliesTo(EffectType.DENY); AttributeAssignmentExpressionType assignment = new AttributeAssignmentExpressionType(); assignment.setAttributeId("aaf.response"); @@ -511,7 +537,7 @@ public class DecisionPolicy extends Policy { // Create Target in Rule AllOfType allOfInRule = new AllOfType(); - // Creating match for ACCESS in rule target + // Creating match for DECIDE in rule target MatchType accessMatch = new MatchType(); AttributeValueType accessAttributeValue = new AttributeValueType(); accessAttributeValue.setDataType(STRING_DATATYPE); @@ -539,11 +565,11 @@ public class DecisionPolicy extends Policy { errorcodeAttributeValue.getContent().add(errorcode); errorcodeMatch.setAttributeValue(errorcodeAttributeValue); AttributeDesignatorType errorcodeAttributeDesignator = new AttributeDesignatorType(); - errorcodeAttributeDesignator.setCategory(CATEGORY_ACTION); + errorcodeAttributeDesignator.setCategory(CATEGORY_RESOURCE); errorcodeAttributeDesignator.setDataType(STRING_DATATYPE); errorcodeAttributeDesignator.setAttributeId("ErrorCode"); errorcodeMatch.setAttributeDesignator(errorcodeAttributeDesignator); - errorcodeMatch.setMatchId(FUNCTION_STRING_EQUAL_IGNORE); + errorcodeMatch.setMatchId(FUNCTION_STRING_REGEXP_MATCH); allOfInRule.getMatch().add(errorcodeMatch); @@ -707,7 +733,6 @@ public class DecisionPolicy extends Policy { private void populateDataTypeList(String value1) { String dataType = null; - if(value1.contains("S_")) { value1 = value1.substring(2, value1.length()); DecisionSettings decisionSettings = findDecisionSettingsBySettingId(value1.substring(2, value1.length())); @@ -732,17 +757,16 @@ public class DecisionPolicy extends Policy { } catch (Exception e) { LOGGER.error("Exception Occured"+e); } - Map<String, String> dropDownMap = new HashMap<>(); + Map<String, String> dropDownOptions = new HashMap<>(); if(jpaUtils!=null){ Map<Datatype, List<FunctionDefinition>> functionMap = jpaUtils.getFunctionDatatypeMap(); for (Map.Entry<Datatype,List<FunctionDefinition>> map: functionMap.entrySet()) { for (FunctionDefinition functionDef : map.getValue()) { - dropDownMap.put(functionDef.getShortname(),functionDef.getXacmlid()); + dropDownOptions.put(functionDef.getShortname(),functionDef.getXacmlid()); } } } - - return dropDownMap; + return dropDownOptions; } private String getDataType(String key) { diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/Policy.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/Policy.java index a0746439f..bdd36123f 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/Policy.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/Policy.java @@ -105,6 +105,7 @@ public abstract class Policy { public static final String FUNCTION_BOOLEAN_ONE_AND_ONLY = "urn:oasis:names:tc:xacml:1.0:function:boolean-one-and-only"; public static final String FUNCTION_STRING_EQUAL = "urn:oasis:names:tc:xacml:1.0:function:string-equal"; public static final String FUNCTION_STRING_REGEX_MATCH = "org.openecomp.function.regex-match"; + public static final String FUNCTION_STRING_REGEXP_MATCH = "urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"; public static final String FUNCTION_STRING_EQUAL_IGNORE = "urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"; public static final String INTEGER_DATATYPE = "http://www.w3.org/2001/XMLSchema#integer"; public static final String BOOLEAN_DATATYPE = "http://www.w3.org/2001/XMLSchema#boolean"; diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/SafePolicyBuilder.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/SafePolicyBuilder.java index c4f53582b..bd69a8808 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/SafePolicyBuilder.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/SafePolicyBuilder.java @@ -30,11 +30,11 @@ import org.yaml.snakeyaml.Yaml; import org.yaml.snakeyaml.constructor.Constructor; public class SafePolicyBuilder { - + private SafePolicyBuilder(){ //Private Constructor. } - + public static ControlLoopGuard loadYamlGuard(String specification) { // // Read the yaml into our Java Object @@ -45,7 +45,20 @@ public class SafePolicyBuilder { return (ControlLoopGuard) obj; } - public static String generateXacmlGuard(String xacmlFileContent,Map<String, String> generateMap, List<String> blacklist) { + public static String generateXacmlGuard(String xacmlFileContent,Map<String, String> generateMap, List<String> blacklist, List<String> targets) { + //Setup default values and Targets. + StringBuilder targetRegex= new StringBuilder(".*|"); + if(targets!=null && !targets.isEmpty()){ + targetRegex = new StringBuilder(); + for(String t : targets){ + targetRegex.append(t + "|"); + } + } + if(generateMap.get("clname")==null|| generateMap.get("clname").isEmpty()){ + generateMap.put("clname",".*"); + } + generateMap.put("targets", targetRegex.toString().substring(0, targetRegex.length()-1)); + // Replace values. for(Map.Entry<String,String> map: generateMap.entrySet()){ Pattern p = Pattern.compile("\\$\\{" +map.getKey() +"\\}"); Matcher m = p.matcher(xacmlFileContent); diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/ActionPolicyDictionaryController.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/ActionPolicyDictionaryController.java index 65f0ede26..3ddeee32e 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/ActionPolicyDictionaryController.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/ActionPolicyDictionaryController.java @@ -22,6 +22,7 @@ package org.openecomp.policy.pap.xacml.rest.controller; import java.io.PrintWriter; import java.util.ArrayList; +import java.util.Date; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.List; @@ -170,6 +171,7 @@ public class ActionPolicyDictionaryController { }else{ if(!isFakeUpdate) { actionPolicyDict.setUserModifiedBy(this.getUserInfo(userId)); + actionPolicyDict.setModifiedDate(new Date()); commonClassDao.update(actionPolicyDict); } } diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/BRMSDictionaryController.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/BRMSDictionaryController.java index eb03aa996..4dda095d4 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/BRMSDictionaryController.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/BRMSDictionaryController.java @@ -23,6 +23,7 @@ package org.openecomp.policy.pap.xacml.rest.controller; import java.io.PrintWriter; import java.io.StringWriter; import java.nio.charset.StandardCharsets; +import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -324,6 +325,7 @@ public class BRMSDictionaryController{ } }else{ brmsDependency.setUserModifiedBy(this.getUserInfo(userId)); + brmsDependency.setModifiedDate(new Date()); commonClassDao.update(brmsDependency); } if(duplicateflag) { @@ -476,6 +478,7 @@ public class BRMSDictionaryController{ } }else{ brmsController.setUserModifiedBy(this.getUserInfo(userId)); + brmsController.setModifiedDate(new Date()); commonClassDao.update(brmsController); } if(duplicateflag) { diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/ClosedLoopDictionaryController.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/ClosedLoopDictionaryController.java index 9aab267d6..f97d84692 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/ClosedLoopDictionaryController.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/ClosedLoopDictionaryController.java @@ -21,6 +21,7 @@ package org.openecomp.policy.pap.xacml.rest.controller; import java.io.PrintWriter; +import java.util.Date; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.List; @@ -325,6 +326,7 @@ public class ClosedLoopDictionaryController{ }else{ vSCLAction.setUserCreatedBy(this.getUserInfo(userId)); vSCLAction.setUserModifiedBy(this.getUserInfo(userId)); + vSCLAction.setModifiedDate(new Date()); commonClassDao.save(vSCLAction); } }else{ @@ -453,6 +455,7 @@ public class ClosedLoopDictionaryController{ }else{ if(!isFakeUpdate) { vNFType.setUserModifiedBy(this.getUserInfo(userId)); + vNFType.setModifiedDate(new Date()); commonClassDao.update(vNFType); } } @@ -592,6 +595,7 @@ public class ClosedLoopDictionaryController{ }else{ if(!isFakeUpdate){ pEPOptions.setUserModifiedBy(this.getUserInfo(userId)); + pEPOptions.setModifiedDate(new Date()); commonClassDao.update(pEPOptions); } } @@ -712,6 +716,7 @@ public class ClosedLoopDictionaryController{ }else{ if(!isFakeUpdate){ serviceData.setUserModifiedBy(this.getUserInfo(userId)); + serviceData.setModifiedDate(new Date()); commonClassDao.update(serviceData); } } @@ -830,6 +835,7 @@ public class ClosedLoopDictionaryController{ }else{ if(!isFakeUpdate) { siteData.setUserModifiedBy(this.getUserInfo(userId)); + siteData.setModifiedDate(new Date()); commonClassDao.update(siteData); } } @@ -949,6 +955,7 @@ public class ClosedLoopDictionaryController{ }else{ if(!isFakeUpdate){ varbindDictionary.setUserModifiedBy(this.getUserInfo(userId)); + varbindDictionary.setModifiedDate(new Date()); commonClassDao.update(varbindDictionary); } } diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/DecisionPolicyDictionaryController.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/DecisionPolicyDictionaryController.java index fc525bbe3..c9a20066d 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/DecisionPolicyDictionaryController.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/DecisionPolicyDictionaryController.java @@ -22,6 +22,7 @@ package org.openecomp.policy.pap.xacml.rest.controller; import java.io.PrintWriter; import java.util.ArrayList; +import java.util.Date; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.List; @@ -169,6 +170,7 @@ public class DecisionPolicyDictionaryController { }else{ if(!isFakeUpdate) { decisionSettings.setUserModifiedBy(this.getUserInfo(userId)); + decisionSettings.setModifiedDate(new Date()); commonClassDao.update(decisionSettings); } } @@ -248,7 +250,7 @@ public class DecisionPolicyDictionaryController { try{ Map<String, Object> model = new HashMap<>(); ObjectMapper mapper = new ObjectMapper(); - model.put("rainyDayDictionaryDatas", mapper.writeValueAsString(commonClassDao.getDataByColumn(RainyDayTreatments.class, "bbID"))); + model.put("rainyDayDictionaryDatas", mapper.writeValueAsString(commonClassDao.getDataByColumn(RainyDayTreatments.class, "bbid"))); JsonMessage msg = new JsonMessage(mapper.writeValueAsString(model)); JSONObject j = new JSONObject(msg); response.getWriter().write(j.toString()); diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/DescriptiveDictionaryController.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/DescriptiveDictionaryController.java index a64cdf77e..0ea1da171 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/DescriptiveDictionaryController.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/DescriptiveDictionaryController.java @@ -21,6 +21,7 @@ package org.openecomp.policy.pap.xacml.rest.controller; import java.io.PrintWriter; +import java.util.Date; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.List; @@ -169,6 +170,7 @@ public class DescriptiveDictionaryController { }else{ if(!isFakeUpdate){ descriptiveScope.setUserModifiedBy(this.getUserInfo(userId)); + descriptiveScope.setModifiedDate(new Date()); commonClassDao.update(descriptiveScope); } } diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/DictionaryController.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/DictionaryController.java index 49d841a6e..b01f9b031 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/DictionaryController.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/DictionaryController.java @@ -22,6 +22,7 @@ package org.openecomp.policy.pap.xacml.rest.controller; import java.io.PrintWriter; import java.util.ArrayList; +import java.util.Date; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.List; @@ -204,6 +205,7 @@ public class DictionaryController { }else{ if(!isFakeUpdate) { attributeData.setUserModifiedBy(this.getUserInfo(userId)); + attributeData.setModifiedDate(new Date()); commonClassDao.update(attributeData); } } @@ -357,6 +359,7 @@ public class DictionaryController { }else{ if(!isFakeUpdate){ ecompData.setUserModifiedBy(this.getUserInfo(userId)); + ecompData.setModifiedDate(new Date()); commonClassDao.update(ecompData); } } diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/FirewallDictionaryController.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/FirewallDictionaryController.java index 6c9d713ef..5172f451b 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/FirewallDictionaryController.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/FirewallDictionaryController.java @@ -23,6 +23,7 @@ package org.openecomp.policy.pap.xacml.rest.controller; import java.io.PrintWriter; import java.net.UnknownHostException; import java.util.ArrayList; +import java.util.Date; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.List; @@ -1969,6 +1970,7 @@ public class FirewallDictionaryController { } }else{ fwTagPicker.setUserModifiedBy(this.getUserInfo(userId)); + fwTagPicker.setModifiedDate(new Date()); commonClassDao.update(fwTagPicker); } @@ -2130,6 +2132,7 @@ public class FirewallDictionaryController { } }else{ fwTag.setUserModifiedBy(this.getUserInfo(userId)); + fwTag.setModifiedDate(new Date()); commonClassDao.update(fwTag); } diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/MicroServiceDictionaryController.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/MicroServiceDictionaryController.java index ecf84620e..b933a4f84 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/MicroServiceDictionaryController.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/MicroServiceDictionaryController.java @@ -62,7 +62,11 @@ public class MicroServiceDictionaryController { private static final Logger LOGGER = FlexLogger.getLogger(MicroServiceDictionaryController.class); private static CommonClassDao commonClassDao; - + + public static void setCommonClassDao(CommonClassDao commonClassDao) { + MicroServiceDictionaryController.commonClassDao = commonClassDao; + } + @Autowired public MicroServiceDictionaryController(CommonClassDao commonClassDao){ MicroServiceDictionaryController.commonClassDao = commonClassDao; diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/SafePolicyController.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/SafePolicyController.java index 42dfb88fe..8c88e68be 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/SafePolicyController.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/SafePolicyController.java @@ -21,6 +21,7 @@ package org.openecomp.policy.pap.xacml.rest.controller; import java.io.PrintWriter; +import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -155,6 +156,7 @@ public class SafePolicyController { } else { if (!isFakeUpdate) { riskTypeData.setUserModifiedBy(this.getUserInfo(userId)); + riskTypeData.setModifiedDate(new Date()); commonClassDao.update(riskTypeData); } } diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/elk/client/ElkConnectorImpl.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/elk/client/ElkConnectorImpl.java index 4dd48adfd..a6315f89d 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/elk/client/ElkConnectorImpl.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/elk/client/ElkConnectorImpl.java @@ -206,17 +206,19 @@ public class ElkConnectorImpl implements ElkConnector{ " \"must\" : ["; String match_params = ""; + boolean first = true; for(Entry<String, String> entry : filter_s.entrySet()){ String key = entry.getKey(); String value = entry.getValue(); - if(filter_s.size() == 1){ - match_params = "\"match\" : {\""+key+"\" : \""+value+"\" }"; + if(first){ + match_params = "\"match\" : {\""+key+"\" : \""+value+"\" }},"; + first = false; }else{ - match_params = match_params + "match\" : { \""+key+"\" : \""+value+"\" } ,"; + match_params = match_params + "{\"match\" : { \""+key+"\" : \""+value+"\" } },"; } } if(match_params.endsWith(",")){ - match_params = match_params.substring(0, match_params.length()-1); + match_params = match_params.substring(0, match_params.length()-2); } matches_s = matches_s + "{\n" + match_params + "\n}" ; diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/elk/client/PolicyElasticData.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/elk/client/PolicyElasticData.java index d4cf812a9..15eae89ec 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/elk/client/PolicyElasticData.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/elk/client/PolicyElasticData.java @@ -123,7 +123,11 @@ public class PolicyElasticData { this.configName = policyData.getConfigName(); this.configType = policyData.getConfigType(); this.jsonBody = policyData.getJsonBody(); - this.jsonBodyData = policyData.getJsonBodyData(); + if(configPolicyType.startsWith("ClosedLoop")){ + this.jsonBodyData = jsonBody; + }else{ + this.jsonBodyData = policyData.getJsonBodyData(); + } this.serviceTypePolicyName = policyData.getServiceTypePolicyName(); this.verticaMetrics = policyData.getVerticaMetrics(); diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/elk/client/PolicyElasticSearchController.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/elk/client/PolicyElasticSearchController.java index a18a2295a..e5250d6b6 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/elk/client/PolicyElasticSearchController.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/elk/client/PolicyElasticSearchController.java @@ -65,6 +65,7 @@ import org.openecomp.policy.rest.jpa.VNFType; import org.openecomp.policy.rest.jpa.VSCLAction; import org.openecomp.policy.rest.jpa.VarbindDictionary; import org.openecomp.policy.xacml.api.XACMLErrorConstants; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -96,6 +97,7 @@ public class PolicyElasticSearchController{ public static CommonClassDao commonClassDao; + @Autowired public PolicyElasticSearchController(CommonClassDao commonClassDao) { PolicyElasticSearchController.commonClassDao = commonClassDao; } @@ -219,12 +221,16 @@ public class PolicyElasticSearchController{ String searchText = searchData.getQuery(); String descriptivevalue = searchData.getDescriptiveScope(); if(descriptivevalue != null){ - DescriptiveScope dsSearch = (DescriptiveScope) commonClassDao.getEntityItem(DescriptiveScope.class, "descriptiveScopeName", searchData.getDescriptiveScope()); + DescriptiveScope dsSearch = (DescriptiveScope) commonClassDao.getEntityItem(DescriptiveScope.class, "descriptiveScopeName", descriptivevalue); if(dsSearch != null){ String[] descriptiveList = dsSearch.getSearch().split("AND"); for(String keyValue : descriptiveList){ String[] entry = keyValue.split(":"); - searchKeyValue.put(entry[0], entry[1]); + if(searchData.getPolicyType() != null && "closedLoop".equals(searchData.getPolicyType())){ + searchKeyValue.put("jsonBodyData", "*" +entry[1] +"*"); + }else{ + searchKeyValue.put(entry[0], entry[1]); + } } } } @@ -257,16 +263,16 @@ public class PolicyElasticSearchController{ searchKeyValue.put("jsonBodyData."+d2Service+"", "true"); } if(searchData.getVnfType() != null){ - searchKeyValue.put("jsonBodyData.vnfType", searchData.getVnfType()); + searchKeyValue.put("jsonBodyData", "*" +searchData.getVnfType() +"*"); } if(searchData.getPolicyStatus() != null){ - searchKeyValue.put("jsonBodyData.closedLoopPolicyStatus", searchData.getPolicyStatus()); + searchKeyValue.put("jsonBodyData", "*" +searchData.getPolicyStatus()+"*"); } if(searchData.getVproAction() != null){ - searchKeyValue.put("jsonBodyData.actions", searchData.getVproAction()); + searchKeyValue.put("jsonBodyData", "*" +searchData.getVproAction()+"*"); } if(searchData.getServiceType() != null){ - searchKeyValue.put("jsonBodyData.serviceTypePolicyName", searchData.getServiceType()); + searchKeyValue.put("serviceType", searchData.getServiceType()); } if(searchData.getBindTextSearch() != null){ searchKeyValue.put(searchData.getBindTextSearch(), searchText); diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/policycontroller/PolicyCreation.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/policycontroller/PolicyCreation.java index 0d84519d3..e6f322a72 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/policycontroller/PolicyCreation.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/policycontroller/PolicyCreation.java @@ -379,14 +379,20 @@ public class PolicyCreation extends AbstractPolicyCreation{ && policyData.getYamlparams()!=null){ attributeMap.put("actor", policyData.getYamlparams().getActor()); attributeMap.put("recipe", policyData.getYamlparams().getRecipe()); + attributeMap.put("clname", policyData.getYamlparams().getClname()); attributeMap.put("limit", policyData.getYamlparams().getLimit()); attributeMap.put("timeWindow", policyData.getYamlparams().getTimeWindow()); + attributeMap.put("timeUnits", policyData.getYamlparams().getTimeUnits()); attributeMap.put("guardActiveStart", policyData.getYamlparams().getGuardActiveStart()); attributeMap.put("guardActiveEnd", policyData.getYamlparams().getGuardActiveEnd()); if(policyData.getYamlparams().getBlackList()!=null){ String blackList = StringUtils.join(policyData.getYamlparams().getBlackList(), ","); attributeMap.put("blackList", blackList); } + if(policyData.getYamlparams().getTargets()!=null){ + String targets = StringUtils.join(policyData.getYamlparams().getTargets(),","); + attributeMap.put("targets", targets); + } } if(policyData.getRuleProvider()!=null && policyData.getRuleProvider().equals(DecisionPolicy.RAINY_DAY)){ attributeMap.put("ServiceType", policyData.getRainyday().getServiceType()); @@ -513,8 +519,11 @@ public class PolicyCreation extends AbstractPolicyCreation{ } catch (Exception e){ LOGGER.error("Exception Occured : "+e); + body = "error"; + response.addHeader("error", e.getMessage()); + response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); } - return new ResponseEntity<String>(body, status); + return new ResponseEntity<>(body, status); } @ExceptionHandler({ HttpMessageNotReadableException.class }) diff --git a/ECOMP-PAP-REST/src/main/resources/Decision_GuardBLPolicyTemplate.xml b/ECOMP-PAP-REST/src/main/resources/Decision_GuardBLPolicyTemplate.xml index 1e428ff34..7e4201a58 100644 --- a/ECOMP-PAP-REST/src/main/resources/Decision_GuardBLPolicyTemplate.xml +++ b/ECOMP-PAP-REST/src/main/resources/Decision_GuardBLPolicyTemplate.xml @@ -14,14 +14,18 @@ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${ECOMPName}</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ECOMPName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> </Match> - <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="actor" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> </Match> - <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="recipe" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="clname" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> </AllOf> </AnyOf> </Target> diff --git a/ECOMP-PAP-REST/src/main/resources/Decision_GuardPolicyTemplate.xml b/ECOMP-PAP-REST/src/main/resources/Decision_GuardPolicyTemplate.xml index 6701a0848..d404080e0 100644 --- a/ECOMP-PAP-REST/src/main/resources/Decision_GuardPolicyTemplate.xml +++ b/ECOMP-PAP-REST/src/main/resources/Decision_GuardPolicyTemplate.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="UTF-8" standalone="yes"?> -<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:d56af069-6cf1-430c-ba07-e26602e06a52" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides"> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:d56af069-6cf1-430c-ba07-e26602e06a52" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny"> <Description>${description}</Description> <Target> <AnyOf> @@ -14,14 +14,22 @@ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${ECOMPName}</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ECOMPName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> </Match> - <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="actor" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> </Match> - <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue> <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="recipe" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${targets}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="target" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="clname" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> </AllOf> </AnyOf> </Target> @@ -37,8 +45,8 @@ </AnyOf> </Target> <Condition> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or"> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/> @@ -46,12 +54,12 @@ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> </Apply> - </Apply> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-less-than-or-equal"> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> - <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="count" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="org:openecomp:xacml:sql:${timeWindow}" MustBePresent="false"/> - </Apply> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">${limit}</AttributeValue> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="count" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="org:onap:xacml:guard:historydb:tw:${twValue}:${twUnits}" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">${limit}</AttributeValue> + </Apply> </Apply> </Apply> </Condition> @@ -69,21 +77,21 @@ </Target> <Condition> <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or"> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> - <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> + <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/> </Apply> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> </Apply> - </Apply> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-less-than-or-equal"> - <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> - <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="count" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="org:openecomp:xacml:sql:${timeWindow}" MustBePresent="false"/> - </Apply> - <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">${limit}</AttributeValue> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="count" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="org:onap:xacml:guard:historydb:tw:${twValue}:${twUnits}" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">${limit}</AttributeValue> + </Apply> </Apply> </Apply> </Apply> |