summaryrefslogtreecommitdiffstats
path: root/packages/base/src/files/install/servers
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2017-02-14 19:41:00 -0500
committerPamela Dragosh <pdragosh@research.att.com>2017-02-14 19:41:32 -0500
commit91d04c64771832a0b8815ffbe1f0f9920320d94d (patch)
treefb02d5e1c84a3d91def9a7ee95bc87f9c046cc96 /packages/base/src/files/install/servers
parentb9d4caa40ef8e3566ac475968bce17b9b64b6939 (diff)
Initial OpenECOMP policy/engine commit
Change-Id: I7dbff37733b661643dd4d1caefa3d7dccc361b6e Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'packages/base/src/files/install/servers')
-rw-r--r--packages/base/src/files/install/servers/brmsgw/client.properties22
-rw-r--r--packages/base/src/files/install/servers/brmsgw/config.properties87
-rw-r--r--packages/base/src/files/install/servers/brmsgw/config/policyLogger.properties44
-rw-r--r--packages/base/src/files/install/servers/brmsgw/init.d/brmsgw134
-rwxr-xr-xpackages/base/src/files/install/servers/common/logparser/init.d/logparserd131
-rw-r--r--packages/base/src/files/install/servers/common/tomcat/bin/setenv.sh31
-rw-r--r--packages/base/src/files/install/servers/common/tomcat/conf/server.xml167
-rw-r--r--packages/base/src/files/install/servers/common/tomcat/init.d/tomcatd91
-rw-r--r--packages/base/src/files/install/servers/configs/conf/server.xml169
-rw-r--r--packages/base/src/files/install/servers/console/bin/JSONConfig.json132
-rw-r--r--packages/base/src/files/install/servers/console/bin/Policy-Admin.xml565
-rw-r--r--packages/base/src/files/install/servers/console/bin/config/policyLogger.properties44
-rw-r--r--packages/base/src/files/install/servers/console/bin/model.properties22
-rw-r--r--packages/base/src/files/install/servers/console/bin/sql/log.h2.dbbin0 -> 2127872 bytes
-rw-r--r--packages/base/src/files/install/servers/console/bin/sql/xacml.h2.dbbin0 -> 292864 bytes
-rw-r--r--packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.xml93
-rw-r--r--packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.xml93
-rw-r--r--packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_MS_vFirewall.1.xml114
-rw-r--r--packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_MS_vLoadBalancer.1.xml114
-rw-r--r--packages/base/src/files/install/servers/console/bin/xacml.admin.properties203
-rw-r--r--packages/base/src/files/install/servers/console/conf/server.xml172
-rw-r--r--packages/base/src/files/install/servers/ecomp/WEB-INF/classes/portal.properties73
-rw-r--r--packages/base/src/files/install/servers/ecomp/WEB-INF/conf/system.properties84
-rw-r--r--packages/base/src/files/install/servers/ecomp/app/policyApp/Properties/config.json3
-rw-r--r--packages/base/src/files/install/servers/pap/bin/autopush.properties22
-rw-r--r--packages/base/src/files/install/servers/pap/bin/config/policyLogger.properties44
-rw-r--r--packages/base/src/files/install/servers/pap/bin/test.properties21
-rw-r--r--packages/base/src/files/install/servers/pap/bin/xacml.pap.properties132
-rw-r--r--packages/base/src/files/install/servers/pap/webapps/Config/com.Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.txt1116
-rw-r--r--packages/base/src/files/install/servers/pap/webapps/Config/com.Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.txt1116
-rw-r--r--packages/base/src/files/install/servers/pap/webapps/Config/com.Config_MS_vFirewall.1.json1
-rw-r--r--packages/base/src/files/install/servers/pap/webapps/Config/com.Config_MS_vLoadBalancer.1.json1
-rw-r--r--packages/base/src/files/install/servers/paplp/bin/config/policyLogger.properties44
-rw-r--r--packages/base/src/files/install/servers/paplp/bin/parserlog.properties57
-rw-r--r--packages/base/src/files/install/servers/pdp/bin/config/policyLogger.properties44
-rw-r--r--packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties125
-rw-r--r--packages/base/src/files/install/servers/pdplp/bin/config/policyLogger.properties44
-rwxr-xr-xpackages/base/src/files/install/servers/pdplp/bin/parserlog.properties57
-rw-r--r--packages/base/src/files/install/servers/pypdp/bin/client.properties22
-rw-r--r--packages/base/src/files/install/servers/pypdp/bin/config.properties51
-rw-r--r--packages/base/src/files/install/servers/pypdp/bin/config/policyLogger.properties44
41 files changed, 5529 insertions, 0 deletions
diff --git a/packages/base/src/files/install/servers/brmsgw/client.properties b/packages/base/src/files/install/servers/brmsgw/client.properties
new file mode 100644
index 000000000..0b8dc258e
--- /dev/null
+++ b/packages/base/src/files/install/servers/brmsgw/client.properties
@@ -0,0 +1,22 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+python=test,MASTER
+PyPDPServer=test,MASTER \ No newline at end of file
diff --git a/packages/base/src/files/install/servers/brmsgw/config.properties b/packages/base/src/files/install/servers/brmsgw/config.properties
new file mode 100644
index 000000000..f46a27840
--- /dev/null
+++ b/packages/base/src/files/install/servers/brmsgw/config.properties
@@ -0,0 +1,87 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+BRMSGW_JMX_PORT=${{BRMSGW_JMX_PORT}}
+COMPONENT_X_MX_MB=${{COMPONENT_X_MX_MB}}
+COMPONENT_X_MS_MB=${{COMPONENT_X_MS_MB}}
+
+PDP_URL = ${{REST_PDP_ID}} , ${{PDP_HTTP_USER_ID}} , ${{PDP_HTTP_PASSWORD}}
+PAP_URL = ${{REST_PAP_URL}} , ${{PDP_PAP_PDP_HTTP_USER_ID}} , ${{PDP_PAP_PDP_HTTP_PASSWORD}}
+NOTIFICATION_TYPE=websocket
+NOTIFICATION_UEB_SERVERS=
+CLIENT_ID=${{CLIENT_ID}}
+CLIENT_KEY=${{CLIENT_KEY}}
+# Environment should be Set either DEV, TEST or PROD
+ENVIRONMENT=${{ENVIRONMENT}}
+
+# BRMS Properties.
+## defaultName is the default group name to which the rule gets pushed if no artifactID is specified.
+defaultName = default
+## repositoryID
+repositoryID = ${{releaseRepositoryID}}
+## reposiroryName
+repositoryName = ${{releaseRepositoryName}}
+## repositoryURL
+repositoryURL = ${{releaseRepositoryURL}}
+repositoryUsername = ${{repositoryUsername}}
+repositoryPassword = ${{repositoryPassword}}
+## policyKeyID the value of Policy Key whose value will be the group Name.
+policyKeyID = controller
+# UEB Notification Details.
+UEB_URL=${{UEB_URL}}
+UEB_TOPIC=${{UEB_TOPIC}}
+UEB_API_KEY=${{UEB_API_KEY}}
+UEB_API_SECRET=${{UEB_API_SECRET}}
+## GroupNames can be comma separated values.
+groupNames = default, vFW , vDNS
+
+default.groupID = ${{groupID}}
+default.artifactID = ${{artifactID}}
+vFW.groupID= ${{VFW_GROUP_ID}}
+vFW.artifactID= ${{VFW_ARTIFACT_ID}}
+vDNS.groupID= ${{VDNS_GROUP_ID}}
+vDNS.artifactID= ${{VDNS_ARTIFACT_ID}}
+
+#Integrity Monitor values
+#database driver for Integrity Monitor
+javax.persistence.jdbc.driver=${{JDBC_DRIVER}}
+#database URL for Integrity Monitor
+javax.persistence.jdbc.url=${{JDBC_URL}}
+#database username for Integrity Monitor
+javax.persistence.jdbc.user=${{JDBC_USER}}
+#database password for Integrity Monitor
+javax.persistence.jdbc.password=${{JDBC_PASSWORD}}
+#resource name
+RESOURCE_NAME=${{resource_name}}
+#***Properties for IntegrityMonitor integration defined in IntegrityMonitorProperties.java***
+site_name=${{site_name}}
+node_type=${{node_type}}
+fp_monitor_interval=${{fp_monitor_interval}}
+failed_counter_threshold=${{failed_counter_threshold}}
+test_trans_interval=${{test_trans_interval}}
+write_fpc_interval=${{write_fpc_interval}}
+max_fpc_update_interval=${{max_fpc_update_interval}}
+test_via_jmx=${{test_via_jmx}}
+
+ping_interval=30000
+
+brms.dependency.version=1.0.0-SNAPSHOT
+
+CLIENT_FILE=client.properties
diff --git a/packages/base/src/files/install/servers/brmsgw/config/policyLogger.properties b/packages/base/src/files/install/servers/brmsgw/config/policyLogger.properties
new file mode 100644
index 000000000..0deb1b3d6
--- /dev/null
+++ b/packages/base/src/files/install/servers/brmsgw/config/policyLogger.properties
@@ -0,0 +1,44 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+################################### Set concurrentHashMap and timer info #######################
+#Timer initial delay and the delay between in milliseconds before task is to be execute.
+timer.delay.time=1000
+#Timer scheduleAtFixedRate period - time in milliseconds between successive task executions.
+check.interval= 30000
+#Longest time an event info can be stored in the concurrentHashMap for logging - in seconds.
+event.expired.time=86400
+#Size of the concurrentHashMap which stores the event starting time, etc - when its size reaches this limit, the Timer gets executed
+#to remove all expired records from this concurrentHashMap.
+concurrentHashMap.limit=5000
+#Size of the concurrentHashMap - when its size drops to this point, stop the Timer
+stop.check.point=2500
+################################### Set logging format #############################################
+# set EELF for EELF logging format, set LOG4J for using log4j, set SYSTEMOUT for using system.out.println
+logger.type=EELF
+#################################### Set level for EELF or SYSTEMOUT logging ##################################
+# Set level for debug file. Set DEBUG to enable .info, .warn and .debug; set INFO for enable .info and .warn; set OFF to disable all
+debugLogger.level=INFO
+# Set level for metrics file. Set OFF to disable; set ON to enable
+metricsLogger.level=ON
+# Set level for error file. Set OFF to disable; set ON to enable
+error.level=ON
+# Set level for audit file. Set OFF to disable; set ON to enable
+audit.level=ON
diff --git a/packages/base/src/files/install/servers/brmsgw/init.d/brmsgw b/packages/base/src/files/install/servers/brmsgw/init.d/brmsgw
new file mode 100644
index 000000000..c3b406b42
--- /dev/null
+++ b/packages/base/src/files/install/servers/brmsgw/init.d/brmsgw
@@ -0,0 +1,134 @@
+#!/bin/bash
+
+BRMSGW_BASE=${POLICY_HOME}/servers/brmsgw/
+COMPONENT=brmsgw
+brmsgw_RUNNING="pgrep -f "${BRMSGW_BASE}""
+
+RETVAL=0
+
+function update_monitor() {
+ COMPONENT=$1
+ STATUS=$2
+ if [[ -f ${POLICY_HOME}/etc/monitor/monitor.cfg ]]; then
+ /bin/sed -i.bak \
+ -e "s/^${COMPONENT}=.*/${COMPONENT}=${STATUS}/g" \
+ ${POLICY_HOME}/etc/monitor/monitor.cfg
+ fi
+}
+
+# unmonitored stop, does not change monitor status (immutable)
+function um_stop() {
+ pid=$(pgrep -f "${BRMSGW_BASE}" 2> /dev/null)
+ kill -9 "${pid}"
+ RETVAL=$?
+}
+
+function stop() {
+ um_stop
+ if [[ ${RETVAL} != 0 ]]; then
+ update_monitor ${COMPONENT} on
+ else
+ update_monitor ${COMPONENT} off
+ fi
+}
+
+# unmonitored start, does not change monitor status (immutable)
+function um_start() {
+ unset JMX_JAVA_OPTS JVM_SECURITY
+ JMX_JAVA_OPTS+=("-Dcom.sun.management.jmxremote")
+ JMX_JAVA_OPTS+=("-Dcom.sun.management.jmxremote.port=$BRMSGW_JMX_PORT")
+ JMX_JAVA_OPTS+=("-Dcom.sun.management.jmxremote.ssl=false")
+ JMX_JAVA_OPTS+=("-Dcom.sun.management.jmxremote.authenticate=false")
+ JVM_JAVA_OPTS=("-Xms${COMPONENT_X_MS_MB}M" "-Xmx${COMPONENT_X_MX_MB}M")
+ JVM_SECURITY+=("-Djavax.net.ssl.keyStore=${POLICY_HOME}/etc/ssl/policy-keystore")
+ JVM_SECURITY+=("-Djavax.net.ssl.keyStorePassword=${KEYSTORE_PASSWD}")
+ JVM_SECURITY+=("-Djavax.net.ssl.trustStore=${POLICY_HOME}/etc/ssl/policy-keystore")
+ JVM_SECURITY+=("-Djavax.net.ssl.trustStorePassword=${KEYSTORE_PASSWD}")
+
+ JAVA_OPTS=("${JVM_JAVA_OPTS[@]}" "${JMX_JAVA_OPTS[@]}" "${JVM_SECURITY[@]}")
+
+ cd $POLICY_HOME/servers/brmsgw
+ nohup $JAVA_HOME/bin/java -jar "${JAVA_OPTS[@]}" $POLICY_HOME/servers/brmsgw/BRMSGateway.jar>> $POLICY_HOME/logs/brmsgw.log 2>&1 &
+ RETVAL=$?
+}
+
+function start() {
+ um_start
+ if [[ ${RETVAL} != 0 ]]; then
+ update_monitor ${COMPONENT} off
+ else
+ update_monitor ${COMPONENT} on
+ fi
+}
+
+function status() {
+ # check status
+ pid=$(pgrep -f "${BRMSGW_BASE}" 2> /dev/null)
+ RETVAL=$?
+
+ # If the PID was returned means the application is running
+ if [ ${RETVAL} -eq 0 ]; then
+ echo "running with pid ${pid}"
+ else
+ echo "stopped"
+ fi
+}
+
+
+# main
+
+COMPONENT=$(basename $0)
+
+CONF_FILE="${POLICY_HOME}/servers/${COMPONENT}/config.properties"
+
+# read properties
+
+shopt -s extglob
+configfile="dos_or_unix" # set the actual path name of your (DOS or Unix) config file
+while IFS='= ' read lhs rhs
+do
+ if [[ ! $lhs =~ ^\ *# && -n $lhs ]]; then
+ rhs="${rhs%%\#*}" # Del in line right comments
+ rhs="${rhs%%*( )}" # Del trailing spaces
+ rhs="${rhs%\"*}" # Del opening string quotes
+ rhs="${rhs#\"*}" # Del closing string quotes
+ if [[ $lhs != *"."* ]]; then
+ declare $lhs="$rhs"
+ fi
+ fi
+done < "${CONF_FILE}"
+
+
+if [ $? -ne 0 ]; then
+ echo "error: cannot source configuration ${CONF_FILE}"
+ exit 1
+fi
+
+case "$1" in
+ status)
+ status
+ ;;
+ restart)
+ stop
+ sleep 2
+ start
+ ;;
+ start)
+ start
+ ;;
+ umstart)
+ um_start
+ ;;
+ stop)
+ stop
+ ;;
+ umstop)
+ um_stop
+ ;;
+ *)
+ echo "error: invalid option $@"
+ RETVAL=1
+ ;;
+esac
+
+exit ${RETVAL}
diff --git a/packages/base/src/files/install/servers/common/logparser/init.d/logparserd b/packages/base/src/files/install/servers/common/logparser/init.d/logparserd
new file mode 100755
index 000000000..37221b9c3
--- /dev/null
+++ b/packages/base/src/files/install/servers/common/logparser/init.d/logparserd
@@ -0,0 +1,131 @@
+#!/bin/bash
+#
+# init script for a Java application
+#
+
+function update_monitor() {
+ COMPONENT=$1
+ STATUS=$2
+ if [[ -f ${POLICY_HOME}/etc/monitor/monitor.cfg ]]; then
+ /bin/sed -i.bak \
+ -e "s/^${COMPONENT}=.*/${COMPONENT}=${STATUS}/g" \
+ ${POLICY_HOME}/etc/monitor/monitor.cfg
+ fi
+}
+
+# unmonitored start, does not change monitor status (immutable)
+function um_start() {
+ JMX_JAVA_OPTS="-Dcom.sun.management.jmxremote"
+ JMX_JAVA_OPTS="${JMX_JAVA_OPTS} -Dcom.sun.management.jmxremote.port=${LOGPARSER_JMX_PORT}"
+ JMX_JAVA_OPTS="${JMX_JAVA_OPTS} -Dcom.sun.management.jmxremote.ssl=false"
+ JMX_JAVA_OPTS="${JMX_JAVA_OPTS} -Dcom.sun.management.jmxremote.authenticate=false"
+ JVM_JAVA_OPTS="-Xms${LOGPARSER_X_MS_MB}M -Xmx${LOGPARSER_X_MX_MB}M"
+
+ JAVA_OPTS="${JAVA_OPTS} ${JMX_JAVA_OPTS} ${JVM_JAVA_OPTS}"
+
+ # Redirects default and error output to a log file
+ cd ${POLICY_HOME}/servers/${COMPONENT}/bin
+ nohup $JAVA_HOME/bin/java -jar ${JAVA_OPTS} ${SERVICE} ${SERVER} ${LOGTYPE} >> ${POLICY_HOME}/servers/${COMPONENT}/logs/stdout 2>&1 &
+RETVAL=$?
+ RETVAL=$?
+}
+
+# Starts the application
+function start() {
+ um_start
+ if [[ ${RETVAL} != 0 ]]; then
+ update_monitor ${COMPONENT} off
+ else
+ update_monitor ${COMPONENT} on
+ fi
+}
+
+# unmonitored stop, does not change monitor status (immutable)
+function um_stop() {
+ # Kills the application process
+ pkill -u ${POLICY_USER} -f "${SERVICE} ${SERVER} ${LOGTYPE}" -TERM
+ RETVAL=$?
+ if [[ ${RETVAL} != 0 ]]; then
+ sleep 2
+ pkill -u ${POLICY_USER} -f "${SERVICE} ${SERVER} ${LOGTYPE}" -KILL
+ RETVAL=$?
+ fi
+}
+
+# Stops the application
+function stop() {
+ um_stop
+ update_monitor ${COMPONENT} off
+}
+
+# Show the application status
+function status() {
+ # check status
+ pid=$(pgrep -f -u ${POLICY_USER} "${SERVICE} ${SERVER} ${LOGTYPE}" 2> /dev/null)
+ RETVAL=$?
+
+ # If the PID was returned means the application is running
+ if [ ${RETVAL} -eq 0 ] ; then
+ echo "running with pid ${pid}"
+ else
+ echo "stopped"
+ fi
+}
+
+# Main logic, a simple case to call functions
+
+# determine if this is a paplp or pdplp component
+COMPONENT=$(basename $0)
+
+CONF_FILE="${POLICY_HOME}/servers/${COMPONENT}/bin/parserlog.properties"
+SERVICE="${POLICY_HOME}/servers/${COMPONENT}/bin/logparser.jar"
+
+# read properties
+shopt -s extglob
+configfile="dos_or_unix" # set the actual path name of your (DOS or Unix) config file
+while IFS='= ' read lhs rhs
+do
+ if [[ ! $lhs =~ ^\ *# && -n $lhs ]]; then
+ rhs="${rhs%%\#*}" # Del in line right comments
+ rhs="${rhs%%*( )}" # Del trailing spaces
+ rhs="${rhs%\"*}" # Del opening string quotes
+ rhs="${rhs#\"*}" # Del closing string quotes
+ if [[ $lhs != *"."* ]]; then
+ declare $lhs="$rhs"
+ fi
+ fi
+done < "${CONF_FILE}"
+if [ $? -ne 0 ]; then
+ echo "error: cannot source configuration ${CONF_FILE}"
+ exit 1
+fi
+
+case "$1" in
+ status)
+ status
+ ;;
+ restart)
+ stop
+ sleep 2
+ start
+ ;;
+ start)
+ start
+ ;;
+ umstart)
+ um_start
+ ;;
+ stop)
+ stop
+ ;;
+ umstop)
+ um_stop
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|umstart|umstop|restart|status}"
+ RETVAL=1
+ ;;
+esac
+
+exit ${RETVAL}
+
diff --git a/packages/base/src/files/install/servers/common/tomcat/bin/setenv.sh b/packages/base/src/files/install/servers/common/tomcat/bin/setenv.sh
new file mode 100644
index 000000000..154b2a544
--- /dev/null
+++ b/packages/base/src/files/install/servers/common/tomcat/bin/setenv.sh
@@ -0,0 +1,31 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote"
+CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.port=${{TOMCAT_JMX_PORT}}"
+CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.ssl=false"
+CATALINA_OPTS="${CATALINA_OPTS} -Dcom.sun.management.jmxremote.authenticate=false"
+CATALINA_OPTS="${CATALINA_OPTS} -Djavax.net.ssl.keyStore=${POLICY_HOME}/etc/ssl/policy-keystore"
+CATALINA_OPTS="${CATALINA_OPTS} -Djavax.net.ssl.keyStorePassword=${KEYSTORE_PASSWD}"
+CATALINA_OPTS="${CATALINA_OPTS} -Djavax.net.ssl.trustStore=${POLICY_HOME}/etc/ssl/policy-keystore"
+CATALINA_OPTS="${CATALINA_OPTS} -Djavax.net.ssl.trustStorePassword=${KEYSTORE_PASSWD}"
+CATALINA_OPTS="${CATALINA_OPTS} -Xms${{TOMCAT_X_MS_MB}}M"
+CATALINA_OPTS="${CATALINA_OPTS} -Xmx${{TOMCAT_X_MX_MB}}M"
+export CATALINA_OPTS
diff --git a/packages/base/src/files/install/servers/common/tomcat/conf/server.xml b/packages/base/src/files/install/servers/common/tomcat/conf/server.xml
new file mode 100644
index 000000000..e45450024
--- /dev/null
+++ b/packages/base/src/files/install/servers/common/tomcat/conf/server.xml
@@ -0,0 +1,167 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+ ============LICENSE_START=======================================================
+ ECOMP Policy Engine
+ ================================================================================
+ Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/server.html
+ -->
+<Server port="${{TOMCAT_SHUTDOWN_PORT}}" shutdown="SHUTDOWN">
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+ <!-- Security listener. Documentation at /docs/config/listeners.html
+ <Listener className="org.apache.catalina.security.SecurityListener" />
+ -->
+ <!--APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+ <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+ <!-- Global JNDI resources
+ Documentation at /docs/jndi-resources-howto.html
+ -->
+ <GlobalNamingResources>
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users
+ -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved"
+ factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+ pathname="conf/tomcat-users.xml" />
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" Note: A "Service" is not itself a "Container",
+ so you may not define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/service.html
+ -->
+ <Service name="Catalina">
+
+ <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+ <!--
+ <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+ maxThreads="150" minSpareThreads="4"/>
+ -->
+
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Documentation at :
+ Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
+ Java AJP Connector: /docs/config/ajp.html
+ APR (HTTP/AJP) Connector: /docs/apr.html
+ Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+
+ <Connector port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <!-- A "Connector" using the shared thread pool-->
+ <!--
+ <Connector executor="tomcatThreadPool"
+ port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
+ This connector uses the NIO implementation that requires the JSSE
+ style configuration. When using the APR/native implementation, the
+ OpenSSL style configuration is required as described in the APR/native
+ documentation -->
+
+ <!-- Use http instead of https
+ <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
+ clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
+ keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"/>
+ -->
+ <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" />
+
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <Connector port="${{SSL_AJP_CONNECTOR_PORT}}" protocol="AJP/1.3" redirectPort="${{SSL_AJP_CONNECTOR_REDIRECT_PORT}}" />
+
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host).
+ Documentation at /docs/config/engine.html -->
+
+ <!-- You should set jvmRoute to support load-balancing via AJP ie :
+ <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+ -->
+ <Engine name="Catalina" defaultHost="localhost">
+
+ <!--For clustering, please take a look at documentation at:
+ /docs/cluster-howto.html (simple how to)
+ /docs/config/cluster.html (reference documentation) -->
+ <!--
+ <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+ -->
+
+ <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+ via a brute-force attack -->
+ <Realm className="org.apache.catalina.realm.LockOutRealm">
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ resourceName="UserDatabase"/>
+ </Realm>
+
+ <Host name="localhost" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- SingleSignOn valve, share authentication between web applications
+ Documentation at: /docs/config/valve.html -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+ prefix="localhost_access_log" suffix=".txt"
+ pattern="%h %l %u %t &quot;%r&quot; %s %b" />
+
+ </Host>
+ </Engine>
+ </Service>
+</Server>
diff --git a/packages/base/src/files/install/servers/common/tomcat/init.d/tomcatd b/packages/base/src/files/install/servers/common/tomcat/init.d/tomcatd
new file mode 100644
index 000000000..114f8a77e
--- /dev/null
+++ b/packages/base/src/files/install/servers/common/tomcat/init.d/tomcatd
@@ -0,0 +1,91 @@
+#!/bin/bash
+
+function update_monitor() {
+ COMPONENT=$1
+ STATUS=$2
+ if [[ -f ${POLICY_HOME}/etc/monitor/monitor.cfg ]]; then
+ /bin/sed -i.bak \
+ -e "s/^${COMPONENT}=.*/${COMPONENT}=${STATUS}/g" \
+ ${POLICY_HOME}/etc/monitor/monitor.cfg
+ fi
+}
+
+# unmonitored stop, does not change monitor status (immutable)
+function um_stop() {
+ cd ${TOMCAT_BASE}/bin/
+ ${TOMCAT_BASE}/bin/catalina.sh stop -force
+
+ # make sure ..
+ pid=$(pgrep -f -u ${POLICY_USER} "${TOMCAT_RUNNING}" 2> /dev/null)
+ RETVAL=$?
+ if [[ ${RETVAL} == 0 ]]; then
+ pkill -u ${POLICY_USER} -f "${TOMCAT_RUNNING}" -KILL
+ RETVAL=$?
+ fi
+}
+
+function stop() {
+ um_stop
+ update_monitor ${{COMPONENT_TYPE}} off
+}
+
+# unmonitored start, does not change monitor status (immutable)
+function um_start() {
+ cd ${TOMCAT_BASE}/bin/
+ ${TOMCAT_BASE}/bin/catalina.sh start
+ RETVAL=$?
+}
+
+function start() {
+ um_start
+ if [[ ${RETVAL} != 0 ]]; then
+ update_monitor ${{COMPONENT_TYPE}} off
+ else
+ update_monitor ${{COMPONENT_TYPE}} on
+ fi
+}
+
+TOMCAT_BASE=${POLICY_HOME}/servers/${{COMPONENT_TYPE}}
+TOMCAT_RUNNING="^$JAVA_HOME/bin/java .* -Dcatalina.base=${TOMCAT_BASE} .* start$"
+
+PWD_ENTER=${PWD}
+RETVAL=0
+
+. ${POLICY_HOME}/etc/profile.d/env.sh
+
+case "$1" in
+ status)
+ pid=$(pgrep -f -u ${POLICY_USER} "${TOMCAT_RUNNING}" 2> /dev/null)
+ RETVAL=$?
+ if [ $RETVAL -eq 0 ]; then
+ echo "running with pid ${pid}"
+ else
+ echo "stopped"
+ fi
+ ;;
+ restart)
+ stop
+ sleep 2
+ start
+ ;;
+ start)
+ start
+ ;;
+ umstart)
+ um_start
+ ;;
+ stop)
+ stop
+ ;;
+ umstop)
+ um_stop
+ ;;
+ *)
+ cd ${TOMCAT_BASE}/bin/
+ ${TOMCAT_BASE}/bin/catalina.sh "$@"
+ RETVAL=$?
+ ;;
+esac
+
+cd ${PWD_ENTER}
+exit ${RETVAL}
diff --git a/packages/base/src/files/install/servers/configs/conf/server.xml b/packages/base/src/files/install/servers/configs/conf/server.xml
new file mode 100644
index 000000000..acda634ef
--- /dev/null
+++ b/packages/base/src/files/install/servers/configs/conf/server.xml
@@ -0,0 +1,169 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+ ============LICENSE_START=======================================================
+ ECOMP Policy Engine
+ ================================================================================
+ Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/server.html
+ -->
+<Server port="${{TOMCAT_SHUTDOWN_PORT}}" shutdown="SHUTDOWN">
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+ <!-- Security listener. Documentation at /docs/config/listeners.html
+ <Listener className="org.apache.catalina.security.SecurityListener" />
+ -->
+ <!--APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+ <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+ <!-- Global JNDI resources
+ Documentation at /docs/jndi-resources-howto.html
+ -->
+ <GlobalNamingResources>
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users
+ -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved"
+ factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+ pathname="conf/tomcat-users.xml" />
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" Note: A "Service" is not itself a "Container",
+ so you may not define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/service.html
+ -->
+ <Service name="Catalina">
+
+ <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+ <!--
+ <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+ maxThreads="150" minSpareThreads="4"/>
+ -->
+
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Documentation at :
+ Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
+ Java AJP Connector: /docs/config/ajp.html
+ APR (HTTP/AJP) Connector: /docs/apr.html
+ Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+ -->
+
+ <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="${{SSL_HTTP_CONNECTOR_REDIRECT_PORT}}" />
+
+ <!-- A "Connector" using the shared thread pool-->
+ <!--
+ <Connector executor="tomcatThreadPool"
+ port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
+ This connector uses the NIO implementation that requires the JSSE
+ style configuration. When using the APR/native implementation, the
+ OpenSSL style configuration is required as described in the APR/native
+ documentation -->
+
+ <!--
+ <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
+ clientAuth="false" sslProtocol="TLS"
+ keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"/>
+ -->
+
+
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <!--
+ <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
+ -->
+
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host).
+ Documentation at /docs/config/engine.html -->
+
+ <!-- You should set jvmRoute to support load-balancing via AJP ie :
+ <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+ -->
+ <Engine name="Catalina" defaultHost="localhost">
+
+ <!--For clustering, please take a look at documentation at:
+ /docs/cluster-howto.html (simple how to)
+ /docs/config/cluster.html (reference documentation) -->
+ <!--
+ <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+ -->
+
+ <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+ via a brute-force attack -->
+ <Realm className="org.apache.catalina.realm.LockOutRealm">
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ resourceName="UserDatabase"/>
+ </Realm>
+
+ <Host name="localhost" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- SingleSignOn valve, share authentication between web applications
+ Documentation at: /docs/config/valve.html -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+ prefix="localhost_access_log" suffix=".txt"
+ pattern="%h %l %u %t &quot;%r&quot; %s %b" />
+
+ </Host>
+ </Engine>
+ </Service>
+</Server>
diff --git a/packages/base/src/files/install/servers/console/bin/JSONConfig.json b/packages/base/src/files/install/servers/console/bin/JSONConfig.json
new file mode 100644
index 000000000..4b90f4ebf
--- /dev/null
+++ b/packages/base/src/files/install/servers/console/bin/JSONConfig.json
@@ -0,0 +1,132 @@
+[
+ {
+ "serviceTypePolicyName": "Registration Failure(Trinity)",
+ "verticaMetrics": "DATETIMEUTC\n VNFC_NAME\n BW_SIP_STATS_REGISTER_RESPONSE_CODE_VALUE \nBW_SIP_STATS_REGISTER_RESPONSE_INS \n BW_SIP_STATS_REGISTER_RESPONSE_OUTS",
+ "attributes": {
+ "Onset&abatement anomaly detection": {
+ "PtileLimit": "Percentile value used by anomaly detection model",
+ "Threshold": "initial value for the quantile at percentile(PtileLimit) used by the anomaly detection model",
+ "Window": "Number of weeks anomaly detection model keeps in memory to estimate Threshold",
+ "Training": "Number of historical weeks anomaly detection model needs for training ",
+ "FractionSamplePerDay": "This corresponds to the minimum number of samples per day to be used in the daily percentile computation when updating the distribution tail crossing model. When there are less samples than that threshold, the model is not updated with these samples. "
+ },
+ "Onset signature trigger": {
+ "ConsecutiveInterval": "Number of consecutive intervals normalized metric must trigger the anomaly detection model before resulting in an action",
+ "RetryTimer": "Minimum interval between policy triggers"
+ },
+ "Abatement signature trigger": {
+ "Consecutiveinterval": "Number of consecutive intervals normalized metric does not trigger the anomaly detection model after onset signature was triggered"
+ },
+ "Onset & abatement UEB notification": {
+ "OnsetMessage": "Value of field OnSetMessage sent by Analytics Engine published on UEB",
+ "AbatementMessage": "Value of field AbatementMessage sent by Analytics Engine published on UEB",
+ "PolicyName": "Value of field PolicyName sent by Analytics Engine published on UEB"
+ }
+ },
+ "policyDescription": "Policy to detect instances where SIP registration rate exceeds a normal level over a number of consecutive sampling periods. \n Notes \n (1) Vertica metrics normalized and combined in a SIP registration failure probability per Site and per VM. \n (2) Anomaly detection model operates on SIP registration failure probability. \n (3) Anomaly detection consists of an estimated distribution percentile threshold crossing. \n (4) Actions: Send email and/or UEB notification"
+ },
+ {
+ "serviceTypePolicyName": "International Fraud(Trinity)",
+ "verticaMetrics": "INTERVAL_START_TS\n CUSTOMER\n A_SITE\n A_SBG\n BW\n Z_COUNTRY\n CALL_COUNT\n MINUTES_OF_USE",
+ "attributes": {
+ "Onset&abatement anomaly detection": {
+ "PtileLimit": "Percentile value used by anomaly detection model",
+ "Threshold": "initial value for the quantile at percentile(PtileLimit) used by the anomaly detection model",
+ "Window": "Number of weeks anomaly detection model keeps in memory to estimate Threshold",
+ "Training": "Number of historical weeks anomaly detection model needs for training ",
+ "FractionSamplePerDay": "This corresponds to the minimum number of samples per day to be used in the daily percentile computation when updating the distribution tail crossing model. When there are less samples than that threshold, the model is not updated with these samples. "
+ },
+ "Onset signature trigger": {
+ "ConsecutiveInterval": "Number of consecutive intervals normalized metric must trigger the anomaly detection model before resulting in an action",
+ "RetryTimer": "Minimum interval between policy triggers"
+ },
+ "Abatement signature trigger": {
+ "Consecutiveinterval": "Number of consecutive intervals normalized metric does not trigger the anomaly detection model after onset signature was triggered"
+ },
+ "Onset & abatement UEB notification ": {
+ "OnsetMessage": "Value of field OnSetMessage sent by Analytics Engine published on UEB",
+ "AbatementMessage": "Value of field AbatementMessage sent by Analytics Engine published on UEB",
+ "PolicyName": "Value of field PolicyName sent by Analytics Engine published on UEB"
+ }
+ },
+ "policyDescription": "Policy to detect instances where count of calls towards an international destination exceeds a normal level over a number of consecutive sampling periods. \n Notes \n (1) Vertica metrics normalized and combined in a SIP registration failure probability per Customer, per Site and per VM. \n (2) Anomaly detection model operates on counts towards an international destination. \n (3) Anomaly detection consists of an estimated distribution percentile threshold crossing. \n (4) Actions: Send email and/or UEB notification"
+ },
+ {
+ "serviceTypePolicyName": "No dial tone(Trinity)",
+ "verticaMetrics": "INTERVAL_START_TS\n SUM(CALLS_ATTEMPTED)\n SUM(NO_ANSWER_OR_VOICE_MAIL)\n A_SITE or A_SBG or BW or CUSTOMER",
+ "attributes": {
+ "Onset&abatement anomaly detection": {
+ "PtileLimit": "Percentile value used by anomaly detection model",
+ "Threshold": "initial value for the quantile at percentile(PtileLimit) used by the anomaly detection model",
+ "Window": "Number of weeks anomaly detection model keeps in memory to estimate Threshold",
+ "Training": "Number of historical weeks anomaly detection model needs for training ",
+ "FractionSamplePerDay": "This corresponds to the minimum number of samples per day to be used in the daily percentile computation when updating the distribution tail crossing model. When there are less samples than that threshold, the model is not updated with these samples. "
+ },
+ "Onset signature trigger": {
+ "ConsecutiveInterval": "Number of consecutive intervals normalized metric must trigger the anomaly detection model before resulting in an action",
+ "RetryTimer": "Minimum interval between policy triggers"
+ },
+ "Abatement signature trigger": {
+ "Consecutiveinterval": "Number of consecutive intervals normalized metric does not trigger the anomaly detection model after onset signature was triggered"
+ },
+ "Onset & abatement UEB notification ": {
+ "OnsetMessage": "Value of field OnSetMessage sent by Analytics Engine published on UEB",
+ "AbatementMessage": "Value of field AbatementMessage sent by Analytics Engine published on UEB",
+ "PolicyName": "Value of field PolicyName sent by Analytics Engine published on UEB"
+ }
+ },
+ "policyDescription": "Policy to detect ? \n Notes:\n (1) Actions: Send email and/or UEB notification"
+ },
+ {
+ "serviceTypePolicyName": "Call storm(Trinity)",
+ "verticaMetrics": "",
+ "attributes": {
+ "Onset&abatement anomaly detection": {
+ "SeasonLength": "Metric seasonality (5min sampling period with 7 days seasonality: 7*288) used by Holt-Winters model",
+ "TrainLength": "Training length (5min sampling period with 7 days seasonality and 5 cycles training: 7*288*5) used by Holt-Winters",
+ "Alpha": "Smoothing parameter (range 0-1, default 0.2)",
+ "Beta": "Trend parameter (range 0-1, default 0) ",
+ "Gamma": "Seasonality (range 0-1, default 0.05)",
+ "Deviation Threshold": "Approximately a limit on the factor by how much current value has deviated compared to expected variance"
+ },
+ "Onset signature trigger": {
+ "RetryTimer": "Minimum interval between policy triggers"
+ },
+ "Abatement signature trigger": {
+ "Hw-Timeout": "Maximum time for an HealthCheck response (measured from the time a positive App-C response was received)",
+ "OnSetMessage": "Value of field Message sent by Analytics Engine published on UEB "
+ },
+ "Onset & abatement UEB notification ": {
+ "AbatementMessage": "Value of field AbatementMessage sent by Analytics Engine published on UEB",
+ "PolicyName": "Value of field PolicyName sent by Analytics Engine published on UEB"
+ }
+ },
+ "policyDescription": "Policy to detect instances where count of Formatted table ? exceeds a predicted level. \n Notes \n (1) Vertica metrics normalized and combined in ? per Customer, per Site and per VM. \n (2) Anomaly detection model operates on ? \n (3) Anomaly detection consists of detecting deviations from Holt-Winters predictions. \n (4) Actions: Send email and/or UEB notification"
+ },
+ {
+ "serviceTypePolicyName": "Registration storm(Trinity)",
+ "verticaMetrics": "",
+ "attributes": {
+ "Onset&abatement anomaly detection": {
+ "SeasonLength": "Metric seasonality (5min sampling period with 7 days seasonality: 7*288) used by Holt-Winters model",
+ "TrainLength": "Training length (5min sampling period with 7 days seasonality and 5 cycles training: 7*288*5) used by Holt-Winters",
+ "Alpha": "Smoothing parameter (range 0-1, default 0.2)",
+ "Beta": "Trend parameter (range 0-1, default 0) ",
+ "Gamma": "Seasonality (range 0-1, default 0.05)",
+ "Deviation Threshold": "Approximately a limit on the factor by how much current value has deviated compared to expected variance"
+ },
+ "Onset signature trigger": {
+ "RetryTimer": "Minimum interval between policy triggers"
+ },
+ "Abatement signature trigger": {
+ "Hw-Timeout": "Maximum time for an HealthCheck response (measured from the time a positive App-C response was received)",
+ "OnSetMessage": "Value of field Message sent by Analytics Engine published on UEB "
+ },
+ "Onset & abatement UEB notification ": {
+ "AbatementMessage": "Value of field AbatementMessage sent by Analytics Engine published on UEB",
+ "PolicyName": "Value of field PolicyName sent by Analytics Engine published on UEB"
+ }
+ },
+ "policyDescription": "Policy to detect instances where count of Formatted table ? exceeds a predicted level. \n Notes \n (1) Vertica metrics normalized and combined in ? per Customer, per Site and per VM. \n (2) Anomaly detection model operates on ? \n (3) Anomaly detection consists of detecting deviations from Holt-Winters predictions. \n (4) Actions: Send email and/or UEB notification"
+ }
+] \ No newline at end of file
diff --git a/packages/base/src/files/install/servers/console/bin/Policy-Admin.xml b/packages/base/src/files/install/servers/console/bin/Policy-Admin.xml
new file mode 100644
index 000000000..b2d70de9b
--- /dev/null
+++ b/packages/base/src/files/install/servers/console/bin/Policy-Admin.xml
@@ -0,0 +1,565 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+ ============LICENSE_START=======================================================
+ ECOMP Policy Engine
+ ================================================================================
+ Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicySetId="urn:com:att:xacml:policy:id:3db6785b-9343-4d1f-aa87-1470f7c64e42" Version="2" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:first-applicable">
+ <Description>Extremely simple policy for accessing the admin console. If you are &quot;admin&quot; you can do anything. If you are &quot;editor&quot;, you can edit policies and the dictionaries. If you are &quot;guest&quot;, you can only read or view information.</Description>
+ <Target/>
+ <Policy PolicyId="urn:com:att:xacml:policy:id:70a20f17-e538-4d07-8a2a-89bbdb6ca9e3" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description>Admin policy</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">admin</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:com:att:xacml:rule:id:07e4ea58-b2b7-41e4-a600-ebd5fb1c3114" Effect="Permit">
+ <Description>PERMIT - application access.</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">access</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">application</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:e84e5501-0f73-445c-b5de-04f2947e0637" Effect="Permit">
+ <Description>PERMIT - any action on the admin</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">admin</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b66-a23e-f475c41f2d91" Effect="Permit">
+ <Description>PERMIT - any action on the roles</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">workspace</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b66-a23e-f475c41f2d41" Effect="Permit">
+ <Description>PERMIT - any action on the dictionaries</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">dictionaries</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b69-a23e-f475c41f2d51" Effect="Permit">
+ <Description>PERMIT - any action on the pdp</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">pdp_admin</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b69-a23e-f475c41f2d81" Effect="Permit">
+ <Description>PERMIT - any action on the pip</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">pip_admin</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:e4541019-4503-490f-97e0-b94251fdc669" Effect="Permit">
+ <Description>PERMIT - admin can read</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:80422fdf-5094-4609-925e-289ad226e2aa" Effect="Deny">
+ <Description>DENY - default</Description>
+ <Target/>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b66-a23e-f475c41f2d10" Effect="Deny">
+ <Description>DENY- any action on manage scopes</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">manage_scopes</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ </Policy>
+ <Policy PolicyId="urn:com:att:xacml:policy:id:70a20f17-e538-4d07-8a2a-89bbdb6ca9e4" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description>Super Admin policy</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">super-admin</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:com:att:xacml:rule:id:13067c96-14f7-4ab0-bea3-65d8cb0970b2" Effect="Permit">
+ <Description>PERMIT - superadmin can do everything in the admin console.</Description>
+ <Target/>
+ </Rule>
+ </Policy>
+ <Policy PolicyId="urn:com:att:xacml:policy:id:6edb392a-0d8f-4cbo-a965-229292fd1122" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description>Editor Policy</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">editor</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:com:att:xacml:rule:id:07e4ea58-b2b7-41e4-a600-ebd5fb1c3144" Effect="Permit">
+ <Description>PERMIT - application access.</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">access</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">application</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:9c9ce992-196a-4da4-bbf6-4f4a88436635" Effect="Permit">
+ <Description>PERMIT - R/W workspace</Description>
+ <Target/>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Description>The action is read or write AND the resource is the workspace.</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
+ <Description>Action is Read OR Write</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Description>Is action = read?</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <Description>Un-bag</Description>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Description>Is action = write?</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <Description>Un-bag</Description>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
+ </Apply>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Description>resource is workspace</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <Description>Un-bag</Description>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">workspace</AttributeValue>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:e84e5501-0f73-445c-b5de-04f2947e0677" Effect="Permit">
+ <Description>PERMIT - any action on the editor</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">editor</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b66-a23e-f475c41f2d11" Effect="Deny">
+ <Description>PERMIT - any action on the dictionaries</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">dictionaries</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b69-a23e-f475c41f2d11" Effect="Permit">
+ <Description>PERMIT - any action on the dictionaries</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">pdp_admin</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:e4541019-4503-490f-97e0-b94251fdc629" Effect="Permit">
+ <Description>PERMIT - editor can read</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:80422fdf-5094-4609-925e-289ad226e2aa" Effect="Deny">
+ <Description>DENY - default</Description>
+ <Target/>
+ </Rule>
+ </Policy>
+ <Policy PolicyId="urn:com:att:xacml:policy:id:6edb392a-0d8f-4cbo-a965-229292fd1122" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description>Super Editor Policy</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">super-editor</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:com:att:xacml:rule:id:07e4ea58-b2b7-41e4-a600-ebd5fb1c3144" Effect="Permit">
+ <Description>PERMIT - application access.</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">access</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">application</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:9c9ce992-196a-4da4-bbf6-4f4a88436635" Effect="Permit">
+ <Description>PERMIT - R/W workspace</Description>
+ <Target/>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and">
+ <Description>The action is read or write AND the resource is the workspace.</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
+ <Description>Action is Read OR Write</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Description>Is action = read?</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <Description>Un-bag</Description>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Description>Is action = write?</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <Description>Un-bag</Description>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</AttributeValue>
+ </Apply>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Description>resource is workspace</Description>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only">
+ <Description>Un-bag</Description>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">workspace</AttributeValue>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:e84e5501-0f73-445c-b5de-04f2947e0677" Effect="Permit">
+ <Description>PERMIT - any action on the super editor</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">super-editor</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b66-a23e-f475c41f2d11" Effect="Deny">
+ <Description>PERMIT - any action on the dictionaries</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">dictionaries</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b69-a23e-f475c41f2d11" Effect="Permit">
+ <Description>PERMIT - any action on the dictionaries</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">pdp_admin</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:e4541019-4503-490f-97e0-b94251fdc629" Effect="Permit">
+ <Description>PERMIT - super editor can read</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:80422fdf-5094-4609-925e-289ad226e2aa" Effect="Deny">
+ <Description>DENY - default</Description>
+ <Target/>
+ </Rule>
+ </Policy>
+ <Policy PolicyId="urn:com:att:xacml:policy:id:980c728d-fb53-4f2f-ba5f-823e594302eb" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description>Guest policy</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">guest</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:com:att:xacml:rule:id:07e4ea58-b2b7-41e4-a600-ebd5fb1c3144" Effect="Permit">
+ <Description>PERMIT - application access.</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">access</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">application</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:e4541019-4503-490f-97e0-b94251fdc629" Effect="Permit">
+ <Description>PERMIT - guest can access</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">access</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b67-a23e-f475c41f2d12s" Effect="Permit">
+ <Description>PERMIT - guest to access pdp</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">pdp_admin</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b68-a23e-f475c41f2d11" Effect="Permit">
+ <Description>PERMIT - any action on the policymanagement</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">application</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:80004328-a1fc-4238-b2a8-906f6b8ae572" Effect="Deny">
+ <Description>DENY - default</Description>
+ <Target/>
+ </Rule>
+ </Policy>
+ <Policy PolicyId="urn:com:att:xacml:policy:id:980c728d-fb53-4f2f-ba5f-823e594302eb" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description>super guest policy</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">super-guest</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:com:att:xacml:rule:id:07e4ea58-b2b7-41e4-a600-ebd5fb1c3144" Effect="Permit">
+ <Description>PERMIT - application access.</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">access</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">application</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:e4541019-4503-490f-97e0-b94251fdc629" Effect="Permit">
+ <Description>PERMIT - super guest can access</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">access</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b67-a23e-f475c41f2d12s" Effect="Permit">
+ <Description>PERMIT - super guest to access pdp</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">pdp_admin</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:da1cf042-5949-4b68-a23e-f475c41f2d11" Effect="Permit">
+ <Description>PERMIT - any action on the dictionaries</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">application</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ </Rule>
+ <Rule RuleId="urn:com:att:xacml:rule:id:80004328-a1fc-4238-b2a8-906f6b8ae572" Effect="Deny">
+ <Description>DENY - default</Description>
+ <Target/>
+ </Rule>
+ </Policy>
+ <Policy PolicyId="urn:com:att:xacml:policy:id:54702055-e0ce-456b-854b-ffab1ff0c7e9" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+ <Description>Unknown user id</Description>
+ <Target/>
+ <Rule RuleId="urn:com:att:xacml:rule:id:5b6029cf-5c33-4948-8dc9-fd758f85db29" Effect="Deny">
+ <Description>DENY</Description>
+ <Target/>
+ </Rule>
+ </Policy>
+</PolicySet>
diff --git a/packages/base/src/files/install/servers/console/bin/config/policyLogger.properties b/packages/base/src/files/install/servers/console/bin/config/policyLogger.properties
new file mode 100644
index 000000000..0deb1b3d6
--- /dev/null
+++ b/packages/base/src/files/install/servers/console/bin/config/policyLogger.properties
@@ -0,0 +1,44 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+################################### Set concurrentHashMap and timer info #######################
+#Timer initial delay and the delay between in milliseconds before task is to be execute.
+timer.delay.time=1000
+#Timer scheduleAtFixedRate period - time in milliseconds between successive task executions.
+check.interval= 30000
+#Longest time an event info can be stored in the concurrentHashMap for logging - in seconds.
+event.expired.time=86400
+#Size of the concurrentHashMap which stores the event starting time, etc - when its size reaches this limit, the Timer gets executed
+#to remove all expired records from this concurrentHashMap.
+concurrentHashMap.limit=5000
+#Size of the concurrentHashMap - when its size drops to this point, stop the Timer
+stop.check.point=2500
+################################### Set logging format #############################################
+# set EELF for EELF logging format, set LOG4J for using log4j, set SYSTEMOUT for using system.out.println
+logger.type=EELF
+#################################### Set level for EELF or SYSTEMOUT logging ##################################
+# Set level for debug file. Set DEBUG to enable .info, .warn and .debug; set INFO for enable .info and .warn; set OFF to disable all
+debugLogger.level=INFO
+# Set level for metrics file. Set OFF to disable; set ON to enable
+metricsLogger.level=ON
+# Set level for error file. Set OFF to disable; set ON to enable
+error.level=ON
+# Set level for audit file. Set OFF to disable; set ON to enable
+audit.level=ON
diff --git a/packages/base/src/files/install/servers/console/bin/model.properties b/packages/base/src/files/install/servers/console/bin/model.properties
new file mode 100644
index 000000000..ce448b9ed
--- /dev/null
+++ b/packages/base/src/files/install/servers/console/bin/model.properties
@@ -0,0 +1,22 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+ControllerServiceCollectorSdnlService=ControllerServiceCollectorSdnlServiceConfiguration,VirtualMachineServiceInstance
+VirtualMachineTEST=VirtualMachineServiceTest \ No newline at end of file
diff --git a/packages/base/src/files/install/servers/console/bin/sql/log.h2.db b/packages/base/src/files/install/servers/console/bin/sql/log.h2.db
new file mode 100644
index 000000000..d203aec9d
--- /dev/null
+++ b/packages/base/src/files/install/servers/console/bin/sql/log.h2.db
Binary files differ
diff --git a/packages/base/src/files/install/servers/console/bin/sql/xacml.h2.db b/packages/base/src/files/install/servers/console/bin/sql/xacml.h2.db
new file mode 100644
index 000000000..f3d08adad
--- /dev/null
+++ b/packages/base/src/files/install/servers/console/bin/sql/xacml.h2.db
Binary files differ
diff --git a/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.xml b/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.xml
new file mode 100644
index 000000000..d4bc19eaa
--- /dev/null
+++ b/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:708de148-2cfb-4211-930a-44b446c2d781" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides">
+ <Description>vFW Demo Policy@CreatedBy:demo@CreatedBy:@ModifiedBy:demo@ModifiedBy:</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">com.Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.xml</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="PolicyName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ <AllOf>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DROOLS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ECOMPName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">BRMS_PARAM_RULE</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ConfigName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleRiskType</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="RiskType" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="RiskLevel" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">False</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="guard" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NA</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="TTLDate" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:com:xacml:rule:id:817128cd-2880-4e85-997b-1abff0eae822" Effect="Permit">
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="BRMSPARAMID" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="type" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="URLID" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">$URL/Config/com.Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.txt</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="PolicyName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">com.Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.xml</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="VersionNumber" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="matching:ECOMPName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DROOLS</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="matching:ConfigName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">BRMS_PARAM_RULE</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="key:controller" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">vFW</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="RiskType" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleRiskType</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="RiskLevel" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="guard" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">False</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="TTLDate" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NA</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+</Policy>
diff --git a/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.xml b/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.xml
new file mode 100644
index 000000000..f3bb31456
--- /dev/null
+++ b/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:95afb43f-13f2-475c-9501-7e022d15b8a7" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides">
+ <Description>vLB Demo Policy@CreatedBy:demo@CreatedBy:@ModifiedBy:demo@ModifiedBy:</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">com.Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.xml</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="PolicyName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ <AllOf>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DROOLS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ECOMPName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">BRMS_PARAM_RULE</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ConfigName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleRiskType</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="RiskType" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="RiskLevel" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">False</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="guard" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NA</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="TTLDate" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:com:xacml:rule:id:69f687f8-1f6e-485f-a4e8-5cb9beb28ba4" Effect="Permit">
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="BRMSPARAMID" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="type" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="URLID" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">$URL/Config/com.Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.txt</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="PolicyName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">com.Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.xml</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="VersionNumber" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="matching:ECOMPName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DROOLS</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="matching:ConfigName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">BRMS_PARAM_RULE</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="key:controller" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">vDNS</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="RiskType" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleRiskType</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="RiskLevel" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="guard" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">False</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="TTLDate" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NA</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+</Policy>
diff --git a/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_MS_vFirewall.1.xml b/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_MS_vFirewall.1.xml
new file mode 100644
index 000000000..7081ebc67
--- /dev/null
+++ b/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_MS_vFirewall.1.xml
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:a1c91d9b-b5d2-4b04-b3a9-afcac74a8161" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides">
+ <Description>Micro Service vFirewall Demo Policy@CreatedBy:demo@CreatedBy:@ModifiedBy:demo@ModifiedBy:</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">com.Config_MS_vFirewall.1.xml</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="PolicyName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ <AllOf>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DCAE</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ECOMPName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleConfigName</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ConfigName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TcaMetrics-v1.0.0.5</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="service" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/services/cdap-tca-hi-lo/instances/demo/configuration/metricsPerFunctionalRole/vFirewall</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="uuid" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleServiceLocation</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="location" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleRiskType</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="RiskType" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="RiskLevel" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">False</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="guard" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NA</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="TTLDate" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:com:xacml:rule:id:2af7b2a1-6427-4765-ac5f-0d5e3c7d059f" Effect="Permit">
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="MSID" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="type" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="URLID" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">$URL/Config/com.Config_MS_vFirewall.1.json</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="PolicyName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">com.Config_MS_vFirewall.1.xml</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="VersionNumber" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="matching:ECOMPName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DCAE</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="matching:ConfigName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleConfigName</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="matching:service" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TcaMetrics-v1.0.0.5</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="matching:uuid" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/services/cdap-tca-hi-lo/instances/demo/configuration/metricsPerFunctionalRole/vFirewall</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="matching:Location" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleServiceLocation</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="Priority" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="RiskType" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleRiskType</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="RiskLevel" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="guard" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="TTLDate" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NA</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+</Policy>
diff --git a/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_MS_vLoadBalancer.1.xml b/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_MS_vLoadBalancer.1.xml
new file mode 100644
index 000000000..8128ffbbd
--- /dev/null
+++ b/packages/base/src/files/install/servers/console/bin/workspace/admin/repository/com/Config_MS_vLoadBalancer.1.xml
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:4fd0d4bd-729b-42dd-9c39-d63fea7c9655" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides">
+ <Description>Micro Service vLoadBalancer Demo Policy@CreatedBy:demo@CreatedBy:@ModifiedBy:demo@ModifiedBy:</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">com.Config_MS_vLoadBalancer.1.xml</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="PolicyName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ <AllOf>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DCAE</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ECOMPName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleConfigName</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ConfigName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TcaMetrics-v1.0.0.5</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="service" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/services/cdap-tca-hi-lo/instances/demo/configuration/metricsPerFunctionalRole/vLoadBalancer</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="uuid" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleServiceLocation</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="location" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleRiskType</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="RiskType" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="RiskLevel" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">False</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="guard" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NA</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="TTLDate" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:com:xacml:rule:id:69d31737-09d4-429f-9e1d-6bcf39da90a1" Effect="Permit">
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Config</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="MSID" AppliesTo="Permit">
+ <AttributeAssignmentExpression AttributeId="type" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Configuration</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="URLID" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#anyURI">$URL/Config/com.Config_MS_vLoadBalancer.1.json</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="PolicyName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">com.Config_MS_vLoadBalancer.1.xml</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="VersionNumber" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="matching:ECOMPName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DCAE</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="matching:ConfigName" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleConfigName</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="matching:service" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">TcaMetrics-v1.0.0.5</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="matching:uuid" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">/services/cdap-tca-hi-lo/instances/demo/configuration/metricsPerFunctionalRole/vLoadBalancer</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="matching:Location" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleServiceLocation</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="Priority" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="RiskType" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">SampleRiskType</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="RiskLevel" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="guard" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1</AttributeValue>
+ </AttributeAssignmentExpression>
+ <AttributeAssignmentExpression AttributeId="TTLDate" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" Issuer="">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">NA</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+</Policy>
diff --git a/packages/base/src/files/install/servers/console/bin/xacml.admin.properties b/packages/base/src/files/install/servers/console/bin/xacml.admin.properties
new file mode 100644
index 000000000..8a214a8ab
--- /dev/null
+++ b/packages/base/src/files/install/servers/console/bin/xacml.admin.properties
@@ -0,0 +1,203 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+#
+# This file is set to the defaults one can use to run the XACML-PAP-ADMIN for testing and development.
+#
+# It is not recommended to modify this file directly, but rather copy it to another location and make any modifications
+# necessary to run the application in a development or a production environment. You can set the Java VM System
+# property to change where the application can find the file. For example:
+#
+#-Dxacml.properties=/opt/app/xacml/etc/xacml.admin.properties
+#
+#
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+#
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=org.openecomp.policy.xacml.custom.EcompFunctionDefinitionFactory
+xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory
+
+#
+# This is an extremely simple policy to demonstrate authorization
+# within the Admin Console.
+#
+xacml.rootPolicies=${{ROOT_POLICIES}}
+admin.file=${{ADMIN_FILE}}
+
+#
+# PAP Servlet properties
+#
+xacml.PAP.papEngineFactory=org.openecomp.policy.xacml.std.pap.StdEngineFactory
+
+#
+# Admin Console properties
+#
+xacml.AC.papEngineFactory=org.openecomp.policy.xacml.admin.util.RESTfulPAPFactory
+
+# Set your domain here:
+
+xacml.rest.admin.domain=${{REST_ADMIN_DOMAIN}}
+#
+# Location where the GIT repository is located
+#
+xacml.rest.admin.repository=${{REST_ADMIN_REPOSITORY}}
+#
+# Location where all the user workspaces are located.
+#
+xacml.rest.admin.workspace=${{REST_ADMIN_WORKSPACE}}
+
+
+xacml.rest.admin.closedLoopJSON =JSONConfig.json
+xacml.rest.admin.microServiceModel=model.properties
+xacm.restful.interface.file=RESTful.interface.properties
+#
+#
+# Property to declare the max time frame for logs.
+#
+xacml.log.timeframe=${{LOG_TIMEFRAME}}
+
+#Log DB information
+xacml.log.db.driver=${{JDBC_DRIVER}}
+xacml.log.db.url=${{JDBC_LOG_URL}}
+xacml.log.db.user=${{JDBC_USER}}
+xacml.log.db.password=${{JDBC_PASSWORD}}
+
+# Dashboard refresh rate in miliseconds
+xacml.refresh.rate=${{REFRESH_RATE}}
+
+# Number of visable rows for users in MicroService Policy
+xacml.user.column.count=${{COLUMN_COUNT}}
+
+#the page length for the sqlcontainer used on Dashbaord
+xacml.sqlcontainer.page.length=75
+
+#Patter to identify if a attribute is ready. Currently just a place holder
+xacm.xcor.required.pattern=1,1
+
+#The time to hold the cache of values for the attributes retrieved from Remote dictionary
+xacm.cache.live.time=2
+
+#The largest value that priority can be set in on the UI
+xacml.max.priority.count=10
+#The max Model Leve Displayed on the UI
+xacml.model.level=4
+#
+# These can be set so the Admin Console knows who is logged on. Ideally, you can run the console in a J2EE
+# container and setup authentication as you please. Setting HttpSession attribute values will override these
+# values set in the properties files.
+#
+# ((HttpServletRequest) request).getSession().setAttribute("xacml.rest.admin.user.name", "Homer");
+#
+# The default policy: Policy-Admin.xml is extremely simple.
+#
+# You can test authorization within the Admin Console by changing the user id.
+# There are 3 supported user ids:
+# guest - Read only access
+# editor - Read/Write access
+# admin - Read/Write/Admin access
+#
+# An empty or null value for xacml.rest.admin.user.id results in no access to the application at all.
+#
+# This is for development/demonstration purposes only. A production environment should provide authentication which is
+# outside the scope of this application. This application can be used to develop a XACML policy for user authorization
+# within this application.
+#
+
+xacml.rest.admin.user.name=${{REST_ADMIN_USER_NAME}}
+xacml.rest.admin.user.id=${{REST_ADMIN_USER_ID}}
+xacml.rest.admin.user.email=
+
+#
+# URL location for the PAP servlet.
+#
+
+xacml.rest.pap.url=${{REST_PAP_URL}}
+
+xacml.rest.config.home=${{REST_CONFIG_HOME}}
+xacml.rest.action.home=${{REST_ACTION_HOME}}
+xacml.rest.config.url=${{REST_CONFIG_URL}}
+xacml.rest.config.webapps=${{REST_CONFIG_WEBAPPS}}
+
+# PAP account information
+xacml.rest.pap.userid=${{CONSOLE_PAP_HTTP_USER_ID}}
+xacml.rest.pap.password=${{CONSOLE_PAP_HTTP_PASSWORD}}
+
+# pdps file - Needs to have the location of the PDPs File of the PAP-REST
+xacml.rest.pdp.idfile=${{POLICY_HOME}}/servers/pap/bin/test.properties
+
+#Template Versions
+xacml.rest.closedLoopFault=OpenSource.version.1
+xacml.rest.closedLoopPM=OpenSource.version.1
+xacml.rest.microServices=OpenSource.version.1
+xacml.rest.gocPolicy=OpenSource.version.1
+xacml.rest.firewallPolicy=OpenSource.version.1
+
+#***Properties for IntegrityMonitor integration defined in XACMLRestProperties.java***
+#The name of the Admin. Must be unique across the system
+xacml.rest.admin.resource.name=${{resource_name}}
+
+#***Properties for IntegrityMonitor integration defined in IntegrityMonitorProperties.java***
+site_name=${{site_name}}
+node_type=${{node_type}}
+fp_monitor_interval=${{fp_monitor_interval}}
+failed_counter_threshold=${{failed_counter_threshold}}
+test_trans_interval=${{test_trans_interval}}
+write_fpc_interval=${{write_fpc_interval}}
+max_fpc_update_interval=${{max_fpc_update_interval}}
+test_via_jmx=${{test_via_jmx}}
+
+# The (optional) period of time in seconds between executions of the integrity audit.
+# Value < 0 : Audit does not run (default value if property is not present = -1)
+# Value = 0 : Audit runs continuously
+# Value > 0 : The period of time in seconds between execution of the audit on a particular node
+integrity_audit_period_seconds=${{integrity_audit_period_seconds}}
+
+#Automatic Policy Distribution
+xacml.att.automatic.push = ${{automatic_push}}
+
+
+#Dashboard Tab Limit
+xacml.ecomp.dashboard.logTableLimit = 5000
+xacml.ecomp.dashboard.systemAlertTableLimit = 2000
+
+#Diff of policies for Firewall feature
+FW_GETURL=${{FW_GETURL}}
+FW_AUTHOURL=${{FW_AUTHOURL}}
+FW_PROXY=${{FW_PROXY}}
+FW_PORT=${{FW_PORT}}
+
+#SMTP Server Details for Java Mail
+ecomp.smtp.host = ${{ecomp_smtp_host}}
+ecomp.smtp.port = ${{ecomp_smtp_port}}
+ecomp.smtp.userName = ${{ecomp_smtp_userName}}
+ecomp.smtp.password = ${{ecomp_smtp_password}}
+ecomp.smtp.emailExtension=${{ecomp_smtp_emailExtension}}
+ecomp.application.name = ${{ecomp_application_name}}
+
+#Dialect for Database
+ecomp.dialect = org.hibernate.dialect.MySQLDialect
diff --git a/packages/base/src/files/install/servers/console/conf/server.xml b/packages/base/src/files/install/servers/console/conf/server.xml
new file mode 100644
index 000000000..f45c5646c
--- /dev/null
+++ b/packages/base/src/files/install/servers/console/conf/server.xml
@@ -0,0 +1,172 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+ ============LICENSE_START=======================================================
+ ECOMP Policy Engine
+ ================================================================================
+ Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!-- Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/server.html
+ -->
+<Server port="${{TOMCAT_SHUTDOWN_PORT}}" shutdown="SHUTDOWN">
+ <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+ <!-- Security listener. Documentation at /docs/config/listeners.html
+ <Listener className="org.apache.catalina.security.SecurityListener" />
+ -->
+ <!--APR library loader. Documentation at /docs/apr.html -->
+ <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+ <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+ <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+ <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+ <!-- Global JNDI resources
+ Documentation at /docs/jndi-resources-howto.html
+ -->
+ <GlobalNamingResources>
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users
+ -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved"
+ factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+ pathname="conf/tomcat-users.xml" />
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" Note: A "Service" is not itself a "Container",
+ so you may not define subcomponents such as "Valves" at this level.
+ Documentation at /docs/config/service.html
+ -->
+ <Service name="Catalina">
+
+ <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+ <!--
+ <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+ maxThreads="150" minSpareThreads="4"/>
+ -->
+
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Documentation at :
+ Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
+ Java AJP Connector: /docs/config/ajp.html
+ APR (HTTP/AJP) Connector: /docs/apr.html
+ Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+ -->
+ <!--
+ <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="${{SSL_HTTP_CONNECTOR_REDIRECT_PORT}}" />
+ -->
+
+ <!-- A "Connector" using the shared thread pool-->
+ <!--
+ <Connector executor="tomcatThreadPool"
+ port="8080" protocol="HTTP/1.1"
+ connectionTimeout="20000"
+ redirectPort="8443" />
+ -->
+ <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
+ This connector uses the NIO implementation that requires the JSSE
+ style configuration. When using the APR/native implementation, the
+ OpenSSL style configuration is required as described in the APR/native
+ documentation
+ -->
+
+ <!-- ECOMP portal currently using http instead of https
+ <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
+ clientAuth="false" sslEnabledProtocols="TLSv1, TLSv1.1, TLSv1.2"
+ keystoreFile="${{POLICY_HOME}}/etc/ssl/policy-keystore" keystorePass="${{KEYSTORE_PASSWD}}"/>
+ -->
+ <Connector port="${{SSL_HTTP_CONNECTOR_PORT}}" protocol="org.apache.coyote.http11.Http11NioProtocol"
+ maxThreads="150" />
+
+
+
+ <!-- Define an AJP 1.3 Connector on port 8009 -->
+ <Connector port="${{SSL_AJP_CONNECTOR_PORT}}" protocol="AJP/1.3" redirectPort="${{SSL_AJP_CONNECTOR_REDIRECT_PORT}}" />
+
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host).
+ Documentation at /docs/config/engine.html -->
+
+ <!-- You should set jvmRoute to support load-balancing via AJP ie :
+ <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+ -->
+ <Engine name="Catalina" defaultHost="localhost">
+
+ <!--For clustering, please take a look at documentation at:
+ /docs/cluster-howto.html (simple how to)
+ /docs/config/cluster.html (reference documentation) -->
+ <!--
+ <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+ -->
+
+ <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+ via a brute-force attack -->
+ <Realm className="org.apache.catalina.realm.LockOutRealm">
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ resourceName="UserDatabase"/>
+ </Realm>
+
+ <Host name="localhost" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+
+ <!-- SingleSignOn valve, share authentication between web applications
+ Documentation at: /docs/config/valve.html -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+ -->
+
+ <!-- Access log processes all example.
+ Documentation at: /docs/config/valve.html
+ Note: The pattern used is equivalent to using pattern="common" -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+ prefix="localhost_access_log" suffix=".txt"
+ pattern="%h %l %u %t &quot;%r&quot; %s %b" />
+
+ </Host>
+ </Engine>
+ </Service>
+</Server>
diff --git a/packages/base/src/files/install/servers/ecomp/WEB-INF/classes/portal.properties b/packages/base/src/files/install/servers/ecomp/WEB-INF/classes/portal.properties
new file mode 100644
index 000000000..54c5cb1df
--- /dev/null
+++ b/packages/base/src/files/install/servers/ecomp/WEB-INF/classes/portal.properties
@@ -0,0 +1,73 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+# Properties read by ECOMP Framework library, ecompFW.jar
+
+##########################################################################
+# The following properties should NOT be changed by partner applications.
+##########################################################################
+
+portal.api.prefix = /api
+max.idle.time = 5
+user.attribute.name = user_attribute
+
+# CSP settings
+csp_cookie_name = attESSec
+csp_gate_keeper_prod_key = PROD
+testing=testing
+
+#Use REST API instead of UEB to fetch the functional menu data
+use_rest_for_functional_menu=true
+
+##########################################################################
+# The following properties MUST be changed by partner applications.
+##########################################################################
+
+# Name of java class that implements the OnBoardingApiService interface.
+portal.api.impl.class = org.openecomp.portalapp.service.OnBoardingApiServiceImplPolicy
+
+# CSP Global Log On for single sign on
+ecomp_redirect_url = ${{ECOMP_REDIRECT_URL}}
+
+# URL of the ECOMP Portal REST API
+# ecomp.homer.com is a development machine
+ecomp_rest_url = ${{ECOMP_REST_URL}}
+
+# Applications do not need to run a UEB listener in 1610.
+ueb_listeners_enable = false
+
+# UEB Configuration
+# In release 1607, all 6 entries below were required.
+# In release 1610, if key ueb_listeners_enable is set to false,
+# then only the ueb_app_key is required.
+# UEB servers
+ueb_url_list = ${{ECOMP_UEB_URL_LIST}}
+# ECOMP Portal listens on this UEB topic
+ecomp_portal_inbox_name = ${{ECOMP_PORTAL_INBOX_NAME}}
+# Replace these 3 default values with the ones for your specific App,
+# as shown on the on-boarding page on the ECOMP Portal web application.
+ueb_app_key = ${{ECOMP_UEB_APP_KEY}}
+ueb_app_secret = ${{ECOMP_UEB_APP_SECRET}}
+ueb_app_mailbox_name = ${{ECOMP_UEB_APP_MAILBOX_NAME}}
+# Consumer group name for UEB topic.
+# Use the special tag '{UUID}' to generate a unique one for each sdk-app server.
+ueb_app_consumer_group_name = {UUID}
+
+decryption_key = AGLDdG4D04BKm2IxIWEr8o==
diff --git a/packages/base/src/files/install/servers/ecomp/WEB-INF/conf/system.properties b/packages/base/src/files/install/servers/ecomp/WEB-INF/conf/system.properties
new file mode 100644
index 000000000..a6f915783
--- /dev/null
+++ b/packages/base/src/files/install/servers/ecomp/WEB-INF/conf/system.properties
@@ -0,0 +1,84 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+# Properties read by ECOMP Core library, ecompSDK-core.jar
+
+##########################################################################
+# The following properties should NOT be changed by partner applications.
+##########################################################################
+
+application_user_id = 30000
+post_default_role_id = 16
+clustered = true
+
+#Enable Fusion Mobile capabilities for the application
+mobile_enable = false
+
+# Cache config file is needed on the classpath
+cache_config_file_path = /WEB-INF/classes/cache.ccf
+cache_switch = 199
+cache_load_on_startup = false
+
+user_name = fullName
+decryption_key = AGLDdG4D04BKm2IxIWEr8o==
+
+#DB Info
+#mysql
+db.driver = ${{JDBC_DRIVER}}
+db.connectionURL = ${{JDBC_URL}}
+db.userName = ${{JDBC_USER}}
+db.password = ${{JDBC_PASSWORD}}
+db.min_pool_size = 5
+db.max_pool_size = 100
+hb.dialect = org.hibernate.dialect.MySQLDialect
+hb.show_sql = false
+hb.idle_connection_test_period = 3600
+
+app_display_name = ${{APP_DISPLAY_NAME}}
+files_path = /tmp
+
+#element map files
+element_map_file_path = /tmp
+element_map_icon_path = app/fusionapp/icons/
+
+#Cron Schedules
+log_cron = 0 0/1 * * * ?;
+mylogins_feed_cron = 0 0/60 * * * ?;
+#sessiontimeout_feed_cron = 0 * * * * ? *
+my_login_feed_output_dir = /tmp/MyLogins
+
+# ECOMP Portal Shared Context REST API URL
+ecomp_shared_context_rest_url= ${{ECOMP_SHARED_CONTEXT_REST_URL}}
+
+# Link shown in Help menu
+contact_us_link =
+
+# An Unique 128-bit value defined to identify a specific version
+# of an application deployed on a specific virtual machine.
+# This value must be generated and updated by the application
+# which is using the ECOMP SDK at the time of its deployment.
+# Online Unique UUID generator - https://www.uuidgenerator.net/
+instance_uuid=8da691c9-987d-43ed-a358-00ac2f35685d
+
+# R Cloud feature
+guard_notebook_url=
+
+#authenticate user server
+authenticate_user_server=${{AUTHENTICATE_USER_SERVERS}} \ No newline at end of file
diff --git a/packages/base/src/files/install/servers/ecomp/app/policyApp/Properties/config.json b/packages/base/src/files/install/servers/ecomp/app/policyApp/Properties/config.json
new file mode 100644
index 000000000..d16c5c269
--- /dev/null
+++ b/packages/base/src/files/install/servers/ecomp/app/policyApp/Properties/config.json
@@ -0,0 +1,3 @@
+{
+ "PAP_URL" : "${{REST_PAPURL_WITH_AUTH_PASSWORD}}"
+}
diff --git a/packages/base/src/files/install/servers/pap/bin/autopush.properties b/packages/base/src/files/install/servers/pap/bin/autopush.properties
new file mode 100644
index 000000000..8d780842f
--- /dev/null
+++ b/packages/base/src/files/install/servers/pap/bin/autopush.properties
@@ -0,0 +1,22 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+default.policyType=
+default.policyScope= \ No newline at end of file
diff --git a/packages/base/src/files/install/servers/pap/bin/config/policyLogger.properties b/packages/base/src/files/install/servers/pap/bin/config/policyLogger.properties
new file mode 100644
index 000000000..0deb1b3d6
--- /dev/null
+++ b/packages/base/src/files/install/servers/pap/bin/config/policyLogger.properties
@@ -0,0 +1,44 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+################################### Set concurrentHashMap and timer info #######################
+#Timer initial delay and the delay between in milliseconds before task is to be execute.
+timer.delay.time=1000
+#Timer scheduleAtFixedRate period - time in milliseconds between successive task executions.
+check.interval= 30000
+#Longest time an event info can be stored in the concurrentHashMap for logging - in seconds.
+event.expired.time=86400
+#Size of the concurrentHashMap which stores the event starting time, etc - when its size reaches this limit, the Timer gets executed
+#to remove all expired records from this concurrentHashMap.
+concurrentHashMap.limit=5000
+#Size of the concurrentHashMap - when its size drops to this point, stop the Timer
+stop.check.point=2500
+################################### Set logging format #############################################
+# set EELF for EELF logging format, set LOG4J for using log4j, set SYSTEMOUT for using system.out.println
+logger.type=EELF
+#################################### Set level for EELF or SYSTEMOUT logging ##################################
+# Set level for debug file. Set DEBUG to enable .info, .warn and .debug; set INFO for enable .info and .warn; set OFF to disable all
+debugLogger.level=INFO
+# Set level for metrics file. Set OFF to disable; set ON to enable
+metricsLogger.level=ON
+# Set level for error file. Set OFF to disable; set ON to enable
+error.level=ON
+# Set level for audit file. Set OFF to disable; set ON to enable
+audit.level=ON
diff --git a/packages/base/src/files/install/servers/pap/bin/test.properties b/packages/base/src/files/install/servers/pap/bin/test.properties
new file mode 100644
index 000000000..e983c3b7c
--- /dev/null
+++ b/packages/base/src/files/install/servers/pap/bin/test.properties
@@ -0,0 +1,21 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+PDP_URL=${{PAP_PDP_URL}},${{PAP_PDP_HTTP_USER_ID}},${{PAP_PDP_HTTP_PASSWORD}}
diff --git a/packages/base/src/files/install/servers/pap/bin/xacml.pap.properties b/packages/base/src/files/install/servers/pap/bin/xacml.pap.properties
new file mode 100644
index 000000000..0393bdefa
--- /dev/null
+++ b/packages/base/src/files/install/servers/pap/bin/xacml.pap.properties
@@ -0,0 +1,132 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+#
+# This is our factory that will create our engine
+#
+xacml.PAP.papEngineFactory=org.openecomp.policy.xacml.std.pap.StdEngineFactory
+
+#
+# Where we store our PAP PDP Group/Node information
+#
+xacml.pap.pdps=${{PAP_PDPS}}
+
+#
+# Need the PAP's url (how PDPs will reach it) configured here
+# because we need it to generate the URLs of the Policy Files
+# sent to the PDPs in the configuration when the PAP is first brought up.
+# (In other cases, such as the PDP calling the PAP, we could generate this URL,
+# but for startup there is no other way to get it.)
+#
+#
+xacml.rest.pap.url=${{PAP_URL}}
+
+#
+# Upon startup, have the PAP servlet send latest configuration information to all
+# the PDP nodes it knows about.
+#
+xacml.rest.pap.initiate.pdp=${{PAP_INITIATE_PDP}}
+#
+# Heartbeat from PAP to PDPs
+#
+# How much time (in milliseconds) between heartbeats
+# (i.e. the time between completing the heartbeat with all PDPs and starting the next cycle)
+#
+xacml.rest.pap.heartbeat.interval=${{PAP_HEARTBEAT_INTERVAL}}
+#
+# Heartbeat connection timeout (in milliseconds)
+#
+xacml.rest.pap.heartbeat.timeout=${{PAP_HEARTBEAT_TIMEOUT}}
+
+################################################################################################
+# Adding properties for getting properties previously used by PAP-ADMIN for creating Policies
+# THis is part of the Policy Creation API project
+################################################################################################
+
+# Set your domain here:
+xacml.rest.pap.domain=${{REST_ADMIN_DOMAIN}}
+
+# Location where all the user workspaces are located.
+xacml.rest.pap.workspace=${{REST_ADMIN_WORKSPACE}}
+
+# Location where the GIT repository is located
+xacml.rest.pap.repository=${{REST_ADMIN_REPOSITORY}}
+
+# PAP-REST webapps Location here.
+xacml.rest.config.webapps=${{POLICY_HOME}}/servers/pap/webapps
+
+# id
+xacml.rest.pap.userid=${{PAP_HTTP_USER_ID}}
+# pass
+xacml.rest.pap.password=${{PAP_HTTP_PASSWORD}}
+# pdps file
+xacml.rest.pdp.idfile=test.properties
+
+#New values added 10-21-2015
+#database driver for PAP
+javax.persistence.jdbc.driver=${{JDBC_DRIVER}}
+#database URL for PAP
+javax.persistence.jdbc.url=${{JDBC_URL}}
+#database username for PAP
+javax.persistence.jdbc.user=${{JDBC_USER}}
+#database password for PAP
+javax.persistence.jdbc.password=${{JDBC_PASSWORD}}
+#Time in ms which a Policy DB transaction will wait to get the transaction lock object
+xacml.rest.pap.transaction.waitms=${{PROP_PAP_TRANS_WAIT}}
+#Policy DB transaction timeout in ms after it has obtained the transaction lock object
+xacml.rest.pap.transaction.timeoutms=${{PROP_PAP_TRANS_TIMEOUT}}
+#Policy Audit timeout in ms after it has obtained the transaction lock object
+xacml.rest.pap.audit.timeoutms=${{PROP_PAP_AUDIT_TIMEOUT}}
+#Turning audit ON (set to true) will synchronize the policies in the filesystem with those in the database.
+#Turning audit OFF (set to false) will not synchronize policies
+xacml.rest.pap.run.audit.flag=${{PROP_PAP_RUN_AUDIT_FLAG}}
+#The audit can run in two directions.
+# 1.The file system can duplicate the database: database>file system (set property to true)
+# 2.The database can duplicate the file system: file system>database (set property to false)
+xacml.rest.pap.filesystem.audit=${{PROP_PAP_AUDIT_FLAG}}
+#AutoPush Policy Flag
+xacml.rest.pap.autopush.flag=false
+#AutoPush Policy
+xacml.rest.pap.autopush.file=autopush.properties
+#Patter to identify if a attribute is ready. Currently just a place holder
+xacm.xcor.required.pattern=1,1
+
+#***Properties for IntegrityMonitor integration defined in XACMLRestProperties.java***
+#The name of the PAP. Must be unique across the system
+xacml.rest.pap.resource.name=${{resource_name}}
+
+#***Properties for IntegrityMonitor integration defined in IntegrityMonitorProperties.java***
+site_name=${{site_name}}
+node_type=${{node_type}}
+dependency_groups=${{dependency_groups}}
+fp_monitor_interval=${{fp_monitor_interval}}
+failed_counter_threshold=${{failed_counter_threshold}}
+test_trans_interval=${{test_trans_interval}}
+write_fpc_interval=${{write_fpc_interval}}
+max_fpc_update_interval=${{max_fpc_update_interval}}
+test_via_jmx=${{test_via_jmx}}
+
+# The (optional) period of time in seconds between executions of the integrity audit.
+# Value < 0 : Audit does not run (default value if property is not present = -1)
+# Value = 0 : Audit runs continuously
+# Value > 0 : The period of time in seconds between execution of the audit on a particular node
+integrity_audit_period_seconds=${{integrity_audit_period_seconds}}
+# Environment should be Set either DEV, TEST or PROD
+ENVIRONMENT=${{ENVIRONMENT}} \ No newline at end of file
diff --git a/packages/base/src/files/install/servers/pap/webapps/Config/com.Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.txt b/packages/base/src/files/install/servers/pap/webapps/Config/com.Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.txt
new file mode 100644
index 000000000..42b67999f
--- /dev/null
+++ b/packages/base/src/files/install/servers/pap/webapps/Config/com.Config_BRMS_Param_BRMSParamvFWDemoPolicy.1.txt
@@ -0,0 +1,1116 @@
+/* Autogenerated Code Please Don't change/remove this comment section. This is for the UI purpose.
+ <$%BRMSParamTemplate=ControlLoopDemo__closedLoopControlName%$>
+ */
+
+
+/*-
+ * ============LICENSE_START=======================================================
+ * archetype-closed-loop-demo-rules
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.policy.controlloop;
+
+import java.util.LinkedList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.UUID;
+
+import org.openecomp.policy.controlloop.VirtualControlLoopEvent;
+import org.openecomp.policy.controlloop.ControlLoopEventStatus;
+import org.openecomp.policy.controlloop.VirtualControlLoopNotification;
+import org.openecomp.policy.controlloop.ControlLoopNotificationType;
+import org.openecomp.policy.controlloop.ControlLoopOperation;
+import org.openecomp.policy.controlloop.ControlLoopOperationWrapper;
+import org.openecomp.policy.template.demo.ControlLoopException;
+
+import org.openecomp.policy.aai.AAINQF199.AAINQF199CloudRegion;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199ExtraProperties;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199ExtraProperty;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199GenericVNF;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199InstanceFilters;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199InventoryResponseItem;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199InventoryResponseItems;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199Manager;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199NamedQuery;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199QueryParameters;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199Request;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199RequestWrapper;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199Response;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199ResponseWrapper;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199ServiceInstance;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199Tenant;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199VfModule;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199VServer;
+import org.openecomp.policy.aai.util.Serialization;
+
+import org.openecomp.policy.appc.CommonHeader;
+import org.openecomp.policy.appc.Request;
+import org.openecomp.policy.appc.Response;
+import org.openecomp.policy.appc.ResponseCode;
+import org.openecomp.policy.appc.ResponseStatus;
+import org.openecomp.policy.appc.ResponseValue;
+
+import org.openecomp.policy.template.demo.EventManager;
+import org.openecomp.policy.vnf.trafficgenerator.PGRequest;
+import org.openecomp.policy.vnf.trafficgenerator.PGStream;
+import org.openecomp.policy.vnf.trafficgenerator.PGStreams;
+
+import org.openecomp.policy.mso.MSOManager;
+import org.openecomp.policy.mso.MSORequest;
+import org.openecomp.policy.mso.MSORequestStatus;
+import org.openecomp.policy.mso.MSORequestDetails;
+import org.openecomp.policy.mso.MSOModelInfo;
+import org.openecomp.policy.mso.MSOCloudConfiguration;
+import org.openecomp.policy.mso.MSORequestInfo;
+import org.openecomp.policy.mso.MSORequestParameters;
+import org.openecomp.policy.mso.MSORelatedInstanceListElement;
+import org.openecomp.policy.mso.MSORelatedInstance;
+import org.openecomp.policy.mso.MSOResponse;
+
+import org.openecomp.policy.drools.system.PolicyEngine;
+
+//
+// These parameters are required to build the runtime policy
+//
+declare Params
+ closedLoopControlName : String
+ actor : String
+ aaiURL : String
+ aaiUsername : String
+ aaiPassword : String
+ msoURL : String
+ msoUsername : String
+ msoPassword : String
+ aaiNamedQueryUUID : String
+ aaiPatternMatch : int
+ notificationTopic : String
+ appcTopic : String
+end
+
+/*
+*
+* Called once and only once to insert the parameters into working memory for this Closed Loop policy.
+* (Comment SETUP rule out for the first ECOMP opensource release since policy BRMS_GW already puts a Params fact in there)
+*
+*
+*rule "BRMSParamvFWDemoPolicy.SETUP"
+* when
+* then
+* System.out.println("rule SETUP is triggered.");
+* Params params = new Params();
+* params.setClosedLoopControlName("CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8");
+* params.setActor("APPC");
+* params.setAaiURL("null");
+* params.setAaiUsername("null");
+* params.setAaiPassword("null");
+* params.setMsoURL("null");
+* params.setMsoUsername("null");
+* params.setMsoPassword("null");
+* params.setAaiNamedQueryUUID("null");
+* params.setAaiPatternMatch(1);
+* params.setNotificationTopic("POLICY-CL-MGT");
+* params.setAppcTopic("APPC-CL");
+* //
+* // This stays in memory as long as the rule is alive and running
+* //
+* insert(params);
+*end
+*/
+/*
+*
+* This rule responds to DCAE Events
+*
+*/
+rule "BRMSParamvFWDemoPolicy.EVENT"
+ when
+ $params : Params( getClosedLoopControlName() == "CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8" )
+ $event : VirtualControlLoopEvent( closedLoopControlName == $params.getClosedLoopControlName(), closedLoopEventStatus == ControlLoopEventStatus.ONSET )
+ not ( EventManager( closedLoopControlName == $event.closedLoopControlName ))
+ then
+ System.out.println("rule EVENT is triggered.");
+ try {
+ //
+ // Check the requestID in the event to make sure it is not null before we create the EventManager.
+ // The EventManager will do extra syntax checking as well check if the closed loop is disabled/
+ //
+ if ($event.requestID == null) {
+ VirtualControlLoopNotification notification = new VirtualControlLoopNotification($event);
+ notification.notification = ControlLoopNotificationType.REJECTED;
+ notification.from = "policy";
+ notification.message = "Missing requestID from DCAE event";
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ e.printStackTrace();
+ System.out.println("Can't deliver notification: " + notification);
+ }
+ //
+ // Retract it from memory
+ //
+ retract($event);
+ System.out.println("Event with requestID=null has been retracted.");
+ } else {
+ //
+ // Create an EventManager
+ //
+ EventManager manager = new EventManager($params.getClosedLoopControlName(), $event.requestID, $event.target);
+ //
+ // Determine if EventManager can actively process the event (i.e. syntax)
+ //
+ VirtualControlLoopNotification notification = manager.activate($event);
+ notification.from = "policy";
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ //
+ // Are we actively pursuing this event?
+ //
+ if (notification.notification == ControlLoopNotificationType.ACTIVE) {
+ //
+ // Insert Event Manager into memory, this will now kick off processing.
+ //
+ insert(manager);
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ e.printStackTrace();
+ System.out.println("Can't deliver notification: " + notification);
+ }
+ } else {
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ e.printStackTrace();
+ System.out.println("Can't deliver notification: " + notification);
+ }
+ //
+ // Retract it from memory
+ //
+ retract($event);
+ }
+ //
+ // Now that the manager is inserted into Drools working memory, we'll wait for
+ // another rule to fire in order to continue processing. This way we can also
+ // then screen for additional ONSET and ABATED events for this same RequestIDs
+ // and for different RequestIDs but with the same closedLoopControlName and target.
+ //
+ }
+ //
+ } catch (Exception e) {
+ e.printStackTrace();
+ VirtualControlLoopNotification notification = new VirtualControlLoopNotification($event);
+ notification.notification = ControlLoopNotificationType.REJECTED;
+ notification.message = "Exception occurred " + e.getMessage();
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ //
+ //
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e1) {
+ System.out.println("Can't deliver notification: " + notification);
+ e1.printStackTrace();
+ }
+ //
+ // Retract the event
+ //
+ retract($event);
+ }
+end
+
+/*
+*
+* This rule happens when we got a valid ONSET, closed loop is enabled and an Event Manager
+* is created. We can start the operations for this closed loop.
+*
+*/
+rule "BRMSParamvFWDemoPolicy.EVENT.MANAGER"
+ when
+ $params : Params( getClosedLoopControlName() == "CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8" )
+ $event : VirtualControlLoopEvent( closedLoopControlName == $params.getClosedLoopControlName(), closedLoopEventStatus == ControlLoopEventStatus.ONSET )
+ $manager : EventManager( closedLoopControlName == $event.closedLoopControlName, controlLoopResult == null)
+ then
+ System.out.println("rule EVENT.MANAGER is triggered.");
+ //
+ // Check which event this is.
+ //
+ EventManager.NEW_EVENT_STATUS eventStatus = $manager.onNewEvent($event);
+ //
+ // We only want the initial ONSET event in memory,
+ // all the other events need to be retracted to support
+ // cleanup and avoid the other rules being fired for this event.
+ //
+ if (eventStatus != EventManager.NEW_EVENT_STATUS.FIRST_ONSET) {
+ System.out.println("Retracting "+eventStatus+" Event.");
+ retract($event);
+ return;
+ }
+ //
+ // Now the event in memory is first onset event
+ //
+ try {
+ //
+ // Pull the known AAI field from the Event
+ //
+ // generic-vnf is needed for vFirewall case
+ // vserver-name is needed for vLoadBalancer case
+ //
+ String genericVNF = $event.AAI.get("generic-vnf.vnf-id");
+ String vserver = $event.AAI.get("vserver.vserver-name");
+ //
+ // Check if we are implementing a simple pattern match.
+ //
+ if ($params.getAaiPatternMatch() == 1) {
+ //
+ // Yes
+ //
+ //Basic naming characteristics:
+ //VF Name (9 char)+VM name (13 char total)+VFC (19 char total)
+ //Example:
+ //VF Name (9 characters): cscf0001v
+ //VM Name(13 characters): cscf0001vm001
+ //VFC name(19 characters): cscf0001vm001cfg001
+ //
+ // zdfw1fwl01fwl02 or zdfw1fwl01fwl01
+ // replaced with
+ // zdfw1fwl01pgn02 or zdfw1fwl01pgn01
+ //
+ int index = genericVNF.lastIndexOf("fwl");
+ if (index == -1) {
+ System.err.println("The generic-vnf.vnf-id from DCAE Event is not valid.");
+ } else {
+ genericVNF = genericVNF.substring(0, index) + "pgn" + genericVNF.substring(index+"fwl".length());
+ }
+ //
+ // Construct an APPC request
+ //
+ ControlLoopOperation operation = new ControlLoopOperation();
+ operation.actor = $params.getActor();
+ operation.operation = "ModifyConfig";
+ operation.target = $event.target;
+ //
+ // Create operationWrapper
+ //
+ ControlLoopOperationWrapper operationWrapper = new ControlLoopOperationWrapper($event.requestID, operation);
+ //
+ // insert operationWrapper into memory
+ //
+ insert(operationWrapper);
+ //
+ Request request = new Request();
+ request.CommonHeader = new CommonHeader();
+ request.CommonHeader.RequestID = $event.requestID;
+ request.Action = operation.operation;
+ request.Payload = new HashMap<String, Object>();
+ //
+ // Fill in the payload
+ //
+ request.Payload.put("generic-vnf.vnf-id", genericVNF);
+ //
+ PGRequest pgRequest = new PGRequest();
+ pgRequest.pgStreams = new PGStreams();
+
+ PGStream pgStream;
+ for(int i = 0; i < 5; i++){
+ pgStream = new PGStream();
+ pgStream.streamId = "fw_udp"+(i+1);
+ pgStream.isEnabled = "true";
+ pgRequest.pgStreams.pgStream.add(pgStream);
+ }
+ request.Payload.put("pg-streams", pgRequest.pgStreams);
+
+ if (request != null) {
+ //
+ // Insert request into memory
+ //
+ insert(request);
+ //
+ // Tell interested parties we are performing this Operation
+ //
+ VirtualControlLoopNotification notification = new VirtualControlLoopNotification($event);
+ notification.notification = ControlLoopNotificationType.OPERATION;
+ // message and history ??
+ notification.from = "policy";
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ //
+ // Now send the operation request
+ //
+ if (request instanceof Request) {
+ try {
+ System.out.println("APPC request sent:");
+ System.out.println(Serialization.gsonPretty.toJson(request));
+ PolicyEngine.manager.deliver($params.getAppcTopic(), request);
+ } catch (Exception e) {
+ e.printStackTrace();
+ System.out.println("Can't deliver request: " + request);
+ }
+ }
+ } else {
+ //
+ // what happens if it is null
+ //
+ }
+ //
+ } else {
+ //
+ // create AAI named-query request with UUID started with "F199"
+ //
+ AAINQF199Request aainqf199request = new AAINQF199Request();
+ AAINQF199QueryParameters aainqf199queryparam = new AAINQF199QueryParameters();
+ AAINQF199NamedQuery aainqf199namedquery = new AAINQF199NamedQuery();
+ AAINQF199InstanceFilters aainqf199instancefilter = new AAINQF199InstanceFilters();
+ //
+ // queryParameters
+ //
+ aainqf199namedquery.namedQueryUUID = UUID.fromString($params.getAaiNamedQueryUUID());
+ aainqf199queryparam.namedQuery = aainqf199namedquery;
+ aainqf199request.queryParameters = aainqf199queryparam;
+ //
+ // instanceFilters
+ //
+ Map aainqf199instancefiltermap = new HashMap();
+ Map aainqf199instancefiltermapitem = new HashMap();
+ aainqf199instancefiltermapitem.put("vserver-name", vserver);
+ aainqf199instancefiltermap.put("vserver", aainqf199instancefiltermapitem);
+ aainqf199instancefilter.instanceFilter.add(aainqf199instancefiltermap);
+ aainqf199request.instanceFilters = aainqf199instancefilter;
+ //
+ // print aainqf199request for debug
+ //
+ System.out.println("AAI Request sent:");
+ System.out.println(Serialization.gsonPretty.toJson(aainqf199request));
+ //
+ // Create AAINQF199RequestWrapper
+ //
+ AAINQF199RequestWrapper aainqf199RequestWrapper = new AAINQF199RequestWrapper($event.requestID, aainqf199request);
+ //
+ // insert aainqf199request into memory
+ //
+ insert(aainqf199RequestWrapper);
+ }
+ //
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+end
+
+/*
+*
+* This rule happens when we got a valid ONSET, closed loop is enabled, an Event Manager
+* is created, AAI Manager and AAI Request are ready in memory. We can start sending query to AAI and then wait for response.
+*
+*/
+rule "BRMSParamvFWDemoPolicy.EVENT.MANAGER.AAINQF199REQUEST"
+ when
+ $params : Params( getClosedLoopControlName() == "CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8" )
+ $event : VirtualControlLoopEvent( closedLoopControlName == $params.getClosedLoopControlName(), closedLoopEventStatus == ControlLoopEventStatus.ONSET )
+ $manager : EventManager( closedLoopControlName == $event.closedLoopControlName )
+ $aainqf199RequestWrapper : AAINQF199RequestWrapper(requestID == $event.requestID)
+ then
+ System.out.println("rule EVENT.MANAGER.AAINQF199REQUEST is triggered.");
+ //
+ // send the request
+ //
+ AAINQF199Response aainqf199response = AAINQF199Manager.postQuery($params.getAaiURL(), $params.getAaiUsername(), $params.getAaiPassword(),
+ $aainqf199RequestWrapper.aainqf199request, $event.requestID);
+ //
+ // Check AAI response
+ //
+ if (aainqf199response == null) {
+ System.err.println("Failed to get AAI response");
+ //
+ // Fail and retract everything
+ //
+ retract($event);
+ retract($manager);
+ retract($aainqf199RequestWrapper);
+ } else {
+ //
+ // Create AAINQF199ResponseWrapper
+ //
+ AAINQF199ResponseWrapper aainqf199ResponseWrapper = new AAINQF199ResponseWrapper($event.requestID, aainqf199response);
+ //
+ // insert aainqf199ResponseWrapper to memeory
+ //
+ insert(aainqf199ResponseWrapper);
+ }
+end
+
+/*
+*
+* This rule happens when we got a valid AAI response. We can start sending request to APPC or MSO now.
+*
+*/
+rule "BRMSParamvFWDemoPolicy.EVENT.MANAGER.AAINQF199RESPONSE"
+ when
+ $params : Params( getClosedLoopControlName() == "CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8" )
+ $event : VirtualControlLoopEvent( closedLoopControlName == $params.getClosedLoopControlName(), closedLoopEventStatus == ControlLoopEventStatus.ONSET )
+ $manager : EventManager( closedLoopControlName == $event.closedLoopControlName )
+ $aainqf199RequestWrapper : AAINQF199RequestWrapper(requestID == $event.requestID)
+ $aainqf199ResponseWrapper : AAINQF199ResponseWrapper(requestID == $event.requestID)
+ then
+ System.out.println("rule EVENT.MANAGER.AAINQF199RESPONSE is triggered.");
+ //
+ // Extract related fields out of AAINQF199RESPONSE
+ //
+ String vnfItemVnfId, vnfItemVnfType, vnfItemPersonaModelId, vnfItemPersonaModelVersion, vnfItemModelName,
+ vnfItemModelVersion, vnfItemModelNameVersionId, serviceItemServiceInstanceId, serviceItemPersonaModelId,
+ serviceItemModelName, serviceItemModelType, serviceItemModelVersion, serviceItemModelNameVersionId,
+ vfModuleItemVfModuleName, vfModuleItemPersonaModelId, vfModuleItemPersonaModelVersion, vfModuleItemModelName,
+ vfModuleItemModelNameVersionId, tenantItemTenantId, cloudRegionItemCloudRegionId;
+ try {
+ //
+ // vnfItem
+ //
+ vnfItemVnfId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).genericVNF.vnfID;
+ vnfItemVnfType = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).genericVNF.vnfType;
+ vnfItemVnfType = vnfItemVnfType.substring(vnfItemVnfType.lastIndexOf("/")+1);
+ vnfItemPersonaModelId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).genericVNF.personaModelId;
+ vnfItemPersonaModelVersion = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).genericVNF.personaModelVersion;
+ vnfItemModelName = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).extraProperties.extraProperty.get(0).propertyValue;
+ vnfItemModelVersion = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).extraProperties.extraProperty.get(2).propertyValue;
+ vnfItemModelNameVersionId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).extraProperties.extraProperty.get(4).propertyValue;
+ //
+ // serviceItem
+ //
+ serviceItemServiceInstanceId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).serviceInstance.serviceInstanceID;
+ serviceItemPersonaModelId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).serviceInstance.personaModelId;
+ serviceItemModelName = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).extraProperties.extraProperty.get(0).propertyValue;
+ serviceItemModelType = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).extraProperties.extraProperty.get(1).propertyValue;
+ serviceItemModelVersion = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).serviceInstance.personaModelVersion;
+ serviceItemModelNameVersionId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).extraProperties.extraProperty.get(4).propertyValue;
+ //
+ // This comes from the base module
+ //
+ vfModuleItemVfModuleName = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(1).vfModule.vfModuleName;
+ vfModuleItemVfModuleName = vfModuleItemVfModuleName.replace("Vfmodule", "vDNS");
+ //
+ // vfModuleItem - NOT the base module
+ //
+ vfModuleItemPersonaModelId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(2).vfModule.personaModelId;
+ vfModuleItemPersonaModelVersion = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(2).vfModule.personaModelVersion;
+ vfModuleItemModelName = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(2).extraProperties.extraProperty.get(0).propertyValue;
+ vfModuleItemModelNameVersionId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(2).extraProperties.extraProperty.get(4).propertyValue;
+ //
+ // tenantItem
+ //
+ tenantItemTenantId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(1).tenant.tenantId;
+ //
+ // cloudRegionItem
+ //
+ cloudRegionItemCloudRegionId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(1).items.inventoryResponseItems.get(0).cloudRegion.cloudRegionId;
+ //
+ } catch (Exception e) {
+ e.printStackTrace();
+ VirtualControlLoopNotification notification = new VirtualControlLoopNotification($event);
+ notification.notification = ControlLoopNotificationType.REJECTED;
+ notification.message = "Exception occurred " + e.getMessage();
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e1) {
+ System.out.println("Can't deliver notification: " + notification);
+ e1.printStackTrace();
+ }
+ //
+ notification.notification = ControlLoopNotificationType.FINAL_FAILURE;
+ notification.message = "Invalid named-query response from AAI";
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e1) {
+ System.out.println("Can't deliver notification: " + notification);
+ e1.printStackTrace();
+ }
+ //
+ // Retract everything
+ //
+ retract($aainqf199RequestWrapper);
+ retract($aainqf199ResponseWrapper);
+ retract($manager);
+ retract($event);
+ return;
+ }
+ //
+ // Extracted fields should not be null
+ //
+ if ((vnfItemVnfId == null) || (vnfItemVnfType == null) ||
+ (vnfItemPersonaModelId == null) || (vnfItemModelName == null) ||
+ (vnfItemModelVersion == null) || (vnfItemModelNameVersionId == null) ||
+ (serviceItemServiceInstanceId == null) || (serviceItemModelName == null) ||
+ (serviceItemModelType == null) || (serviceItemModelVersion == null) ||
+ (serviceItemModelNameVersionId == null) || (vfModuleItemVfModuleName == null) ||
+ (vfModuleItemPersonaModelId == null) || (vfModuleItemPersonaModelVersion == null) ||
+ (vfModuleItemModelName == null) || (vfModuleItemModelNameVersionId == null) ||
+ (tenantItemTenantId == null) || (cloudRegionItemCloudRegionId == null)) {
+ //
+ System.err.println("some fields are missing from AAI response.");
+ //
+ // Fail and retract everything
+ //
+ retract($aainqf199RequestWrapper);
+ retract($aainqf199ResponseWrapper);
+ retract($manager);
+ retract($event);
+ return;
+ }
+ //
+ // We don't need them any more
+ //
+ retract($aainqf199ResponseWrapper);
+ retract($aainqf199RequestWrapper);
+ //
+ // check the actor of this closed loop
+ //
+ switch ($params.getActor()) {
+ case "APPC":
+ {
+ //
+ // Construct an APPC request
+ //
+ ControlLoopOperation operation = new ControlLoopOperation();
+ operation.actor = $params.getActor();
+ operation.operation = "ModifyConfig";
+ operation.target = $event.target;
+ //
+ // Create operationWrapper
+ //
+ ControlLoopOperationWrapper operationWrapper = new ControlLoopOperationWrapper($event.requestID, operation);
+ //
+ // insert operationWrapper into memory
+ //
+ insert(operationWrapper);
+ //
+ Request request = new Request();
+ request.CommonHeader = new CommonHeader();
+ request.CommonHeader.RequestID = $event.requestID;
+ request.Action = operation.operation;
+ request.Payload = new HashMap<String, Object>();
+ //
+ // Fill in the payload
+ // Hardcode genericVNF for now since AAI has not been ready for vFirewall demo case
+ //
+ String genericVNF = "zdfw1fwl01pgn02";
+ request.Payload.put("generic-vnf.vnf-id", genericVNF);
+ //
+ PGRequest pgRequest = new PGRequest();
+ pgRequest.pgStreams = new PGStreams();
+
+ PGStream pgStream;
+ for(int i = 0; i < 5; i++){
+ pgStream = new PGStream();
+ pgStream.streamId = "fw_udp"+(i+1);
+ pgStream.isEnabled = "true";
+ pgRequest.pgStreams.pgStream.add(pgStream);
+ }
+ request.Payload.put("pg-streams", pgRequest.pgStreams);
+
+ if (request != null) {
+ //
+ // Insert request into memory
+ //
+ insert(request);
+ //
+ // Tell interested parties we are performing this Operation
+ //
+ VirtualControlLoopNotification notification = new VirtualControlLoopNotification($event);
+ notification.notification = ControlLoopNotificationType.OPERATION;
+ // message and history ??
+ notification.from = "policy";
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ //
+ // Now send the operation request
+ //
+ if (request instanceof Request) {
+ try {
+ System.out.println("APPC request sent:");
+ System.out.println(Serialization.gsonPretty.toJson(request));
+ PolicyEngine.manager.deliver($params.getAppcTopic(), request);
+ } catch (Exception e) {
+ e.printStackTrace();
+ System.out.println("Can't deliver request: " + request);
+ }
+ }
+ } else {
+ //
+ // what happens if it is null
+ //
+ }
+ }
+ break;
+ case "MSO":
+ {
+ //
+ // Construct an operation
+ //
+ ControlLoopOperation operation = new ControlLoopOperation();
+ operation.actor = $params.getActor();
+ operation.operation = "createModuleInstance";
+ operation.target = $event.target;
+ //
+ // Create operationWrapper
+ //
+ ControlLoopOperationWrapper operationWrapper = new ControlLoopOperationWrapper($event.requestID, operation);
+ //
+ // Construct an MSO request
+ //
+ MSORequest request = new MSORequest();
+ request.requestDetails = new MSORequestDetails();
+ request.requestDetails.modelInfo = new MSOModelInfo();
+ request.requestDetails.cloudConfiguration = new MSOCloudConfiguration();
+ request.requestDetails.requestInfo = new MSORequestInfo();
+ request.requestDetails.requestParameters = new MSORequestParameters();
+ request.requestDetails.requestParameters.userParams = null;
+ //
+ // cloudConfiguration
+ //
+ request.requestDetails.cloudConfiguration.lcpCloudRegionId = cloudRegionItemCloudRegionId;
+ request.requestDetails.cloudConfiguration.tenantId = tenantItemTenantId;
+ //
+ // modelInfo
+ //
+ request.requestDetails.modelInfo.modelType = "vfModule";
+ request.requestDetails.modelInfo.modelInvariantId = vfModuleItemPersonaModelId;
+ request.requestDetails.modelInfo.modelNameVersionId = vfModuleItemModelNameVersionId;
+ request.requestDetails.modelInfo.modelName = vfModuleItemModelName;
+ request.requestDetails.modelInfo.modelVersion = vfModuleItemPersonaModelVersion;
+ //
+ // requestInfo
+ //
+ request.requestDetails.requestInfo.instanceName = vfModuleItemVfModuleName;
+ request.requestDetails.requestInfo.source = "POLICY";
+ request.requestDetails.requestInfo.suppressRollback = false;
+ //
+ // relatedInstanceList
+ //
+ MSORelatedInstanceListElement relatedInstanceListElement1 = new MSORelatedInstanceListElement();
+ MSORelatedInstanceListElement relatedInstanceListElement2 = new MSORelatedInstanceListElement();
+ relatedInstanceListElement1.relatedInstance = new MSORelatedInstance();
+ relatedInstanceListElement2.relatedInstance = new MSORelatedInstance();
+ //
+ relatedInstanceListElement1.relatedInstance.instanceId = serviceItemServiceInstanceId;
+ relatedInstanceListElement1.relatedInstance.modelInfo = new MSOModelInfo();
+ relatedInstanceListElement1.relatedInstance.modelInfo.modelType = "service";
+ relatedInstanceListElement1.relatedInstance.modelInfo.modelInvariantId = serviceItemPersonaModelId;
+ relatedInstanceListElement1.relatedInstance.modelInfo.modelNameVersionId = serviceItemModelNameVersionId;
+ relatedInstanceListElement1.relatedInstance.modelInfo.modelName = serviceItemModelName;
+ relatedInstanceListElement1.relatedInstance.modelInfo.modelVersion = serviceItemModelVersion;
+ //
+ relatedInstanceListElement2.relatedInstance.instanceId = vnfItemVnfId;
+ relatedInstanceListElement2.relatedInstance.modelInfo = new MSOModelInfo();
+ relatedInstanceListElement2.relatedInstance.modelInfo.modelType = "vnf";
+ relatedInstanceListElement2.relatedInstance.modelInfo.modelInvariantId = vnfItemPersonaModelId;
+ relatedInstanceListElement2.relatedInstance.modelInfo.modelNameVersionId = vnfItemModelNameVersionId;
+ relatedInstanceListElement2.relatedInstance.modelInfo.modelName = vnfItemModelName;
+ relatedInstanceListElement2.relatedInstance.modelInfo.modelVersion = vnfItemModelVersion;
+ relatedInstanceListElement2.relatedInstance.modelInfo.modelCustomizationName = vnfItemVnfType;
+ //
+ request.requestDetails.relatedInstanceList.add(relatedInstanceListElement1);
+ request.requestDetails.relatedInstanceList.add(relatedInstanceListElement2);
+ //
+ // print MSO request for debug
+ //
+ System.out.println("MSO request sent:");
+ System.out.println(Serialization.gsonPretty.toJson(request));
+ //
+ //
+ //
+ if (request != null) {
+ //
+ // Tell interested parties we are performing this Operation
+ //
+ VirtualControlLoopNotification notification = new VirtualControlLoopNotification($event);
+ notification.notification = ControlLoopNotificationType.OPERATION;
+ notification.from = "policy";
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ //
+ // Concatenate serviceItemServiceInstanceId and vnfItemVnfId to msoURL
+ //
+ String MSOUrl = $params.getMsoURL() + "/serviceInstances/v2/" + serviceItemServiceInstanceId + "/vnfs/" + vnfItemVnfId + "/vfModules";
+ //
+ // Call MSO
+ //
+ MSOResponse response = MSOManager.createModuleInstance(MSOUrl, $params.getMsoURL(), $params.getMsoUsername(), $params.getMsoPassword(), request);
+ //
+ if (response != null) {
+ //
+ // Assign requestId
+ //
+ request.requestId = $event.requestID.toString();
+ response.request.requestId = $event.requestID.toString();
+ //
+ // Insert facts
+ //
+ insert(operationWrapper);
+ insert(request);
+ insert(response);
+ } else {
+ //
+ // MSO request not even accepted
+ //
+ notification.message = operationWrapper.operation.toMessage();
+ operationWrapper.operation.message = operationWrapper.operation.toMessage();
+ operationWrapper.operation.outcome = "FAILURE_EXCEPTION";
+ $manager.setControlLoopResult("FAILURE_EXCEPTION");
+ notification.history.add(operationWrapper.operation);
+ notification.notification = ControlLoopNotificationType.OPERATION_FAILURE;
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ notification.notification = ControlLoopNotificationType.FINAL_FAILURE;
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ //
+ // Retract everything
+ //
+ retract($event);
+ retract($manager);
+ }
+ } else {
+ System.err.println("constructed MSO request is invalid.");
+ }
+ }
+ break;
+ }
+end
+
+/*
+*
+* This rule responds to APPC Response Events
+*
+*/
+rule "BRMSParamvFWDemoPolicy.APPC.RESPONSE"
+ when
+ $params : Params( getClosedLoopControlName() == "CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8" )
+ $event : VirtualControlLoopEvent( closedLoopControlName == $params.getClosedLoopControlName(), closedLoopEventStatus == ControlLoopEventStatus.ONSET )
+ $manager : EventManager( closedLoopControlName == $event.closedLoopControlName )
+ $operationWrapper : ControlLoopOperationWrapper( requestID == $event.requestID )
+ $request : Request( getCommonHeader().RequestID == $event.requestID )
+ $response : Response( getCommonHeader().RequestID == $event.requestID )
+ then
+ System.out.println("rule APPC.RESPONSE is triggered.");
+ if ($response.Status == null) {
+ $operationWrapper.operation.outcome = "FAILURE_EXCEPTION";
+ $manager.setControlLoopResult("FAILURE_EXCEPTION");
+ }
+ //
+ // Get the Response Code
+ //
+ ResponseCode code = ResponseCode.toResponseCode($response.Status.Code);
+ if (code == null) {
+ $operationWrapper.operation.outcome = "FAILURE_EXCEPTION";
+ $manager.setControlLoopResult("FAILURE_EXCEPTION");
+ }
+ //
+ // Construct notification
+ //
+ VirtualControlLoopNotification notification = new VirtualControlLoopNotification($event);
+ notification.from = "policy";
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ notification.message = $operationWrapper.operation.toMessage();
+ $operationWrapper.operation.message = $operationWrapper.operation.toMessage();
+ //
+ // Ok, let's figure out what APP-C's response is
+ //
+ switch (code) {
+ case ACCEPT:
+ $operationWrapper.operation.outcome = "PROCESSING";
+ break;
+ case ERROR:
+ case REJECT:
+ $operationWrapper.operation.outcome = "FAILURE_EXCEPTION";
+ $manager.setControlLoopResult("FAILURE_EXCEPTION");
+ break;
+ case SUCCESS:
+ $operationWrapper.operation.outcome = "SUCCESS";
+ $manager.setControlLoopResult("SUCCESS");
+ break;
+ case FAILURE:
+ $operationWrapper.operation.outcome = "FAILURE";
+ $manager.setControlLoopResult("FAILURE");
+ break;
+ }
+ if ($operationWrapper.operation.outcome.equals("SUCCESS")) {
+ notification.history.add($operationWrapper.operation);
+ notification.notification = ControlLoopNotificationType.OPERATION_SUCCESS;
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ notification.notification = ControlLoopNotificationType.FINAL_SUCCESS;
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+
+ //
+ // We are going to retract these objects from memory
+ //
+ System.out.println("Retracting everything");
+ retract($operationWrapper);
+ retract($request);
+ retract($response);
+ retract($event);
+ retract($manager);
+ } else if ($operationWrapper.operation.outcome.equals("PROCESSING")) {
+ retract($response);
+ } else {
+ notification.history.add($operationWrapper.operation);
+ notification.notification = ControlLoopNotificationType.OPERATION_FAILURE;
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ notification.notification = ControlLoopNotificationType.FINAL_FAILURE;
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ //
+ // We are going to retract these objects from memory
+ //
+ System.out.println("Retracting everything");
+ retract($operationWrapper);
+ retract($request);
+ retract($response);
+ retract($event);
+ retract($manager);
+ }
+
+end
+
+/*
+*
+* This rule is used to clean up APPC response
+*
+*/
+rule "BRMSParamvFWDemoPolicy.APPC.RESPONSE.CLEANUP"
+ when
+ $params : Params( getClosedLoopControlName() == "CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8" )
+ $response : Response($id : getCommonHeader().RequestID )
+ not ( VirtualControlLoopEvent( closedLoopControlName == $params.getClosedLoopControlName(), requestID == $id, closedLoopEventStatus == ControlLoopEventStatus.ONSET ) )
+ then
+ System.out.println("rule APPC.RESPONSE.CLEANUP is triggered.");
+ retract($response);
+end
+
+/*
+*
+* This rule responds to MSO Response Events
+*
+*/
+rule "BRMSParamvFWDemoPolicy.MSO.RESPONSE"
+ when
+ $params : Params( getClosedLoopControlName() == "CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8" )
+ $event : VirtualControlLoopEvent( closedLoopControlName == $params.getClosedLoopControlName(), closedLoopEventStatus == ControlLoopEventStatus.ONSET )
+ $manager : EventManager( closedLoopControlName == $event.closedLoopControlName )
+ $operationWrapper : ControlLoopOperationWrapper( requestID == $event.requestID )
+ $request : MSORequest( requestId == $event.requestID.toString() )
+ $response : MSOResponse( request.requestId == $event.requestID.toString() )
+ then
+ System.out.println("rule MSO.RESPONSE is triggered.");
+ //
+ // Construct notification
+ //
+ VirtualControlLoopNotification notification = new VirtualControlLoopNotification($event);
+ notification.from = "policy";
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ notification.message = $operationWrapper.operation.toMessage();
+ $operationWrapper.operation.message = $operationWrapper.operation.toMessage();
+ //
+ // The operation can either be succeeded or failed
+ //
+ if($response.request.requestStatus.requestState.equals("Completed")) {
+ $operationWrapper.operation.outcome = "SUCCESS";
+ $manager.setControlLoopResult("SUCCESS");
+ notification.history.add($operationWrapper.operation);
+ notification.notification = ControlLoopNotificationType.OPERATION_SUCCESS;
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ notification.notification = ControlLoopNotificationType.FINAL_SUCCESS;
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ //
+ // We are going to retract these objects from memory
+ //
+ System.out.println("Retracting everything");
+ retract($operationWrapper);
+ retract($request);
+ retract($response);
+ retract($event);
+ retract($manager);
+ } else {
+ $operationWrapper.operation.outcome = "FAILURE";
+ $manager.setControlLoopResult("FAILURE");
+ notification.history.add($operationWrapper.operation);
+ notification.notification = ControlLoopNotificationType.OPERATION_FAILURE;
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ notification.notification = ControlLoopNotificationType.FINAL_FAILURE;
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ //
+ // We are going to retract these objects from memory
+ //
+ System.out.println("Retracting everything");
+ retract($operationWrapper);
+ retract($request);
+ retract($response);
+ retract($event);
+ retract($manager);
+ }
+
+end
+rule "Params"
+ salience 1000
+ when
+ then
+ Params params = new Params();
+ params.setAaiPatternMatch(1);
+ params.setAppcTopic("APPC-CL");
+ params.setAaiURL("null");
+ params.setMsoPassword("null");
+ params.setClosedLoopControlName("CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8");
+ params.setAaiUsername("null");
+ params.setMsoURL("null");
+ params.setActor("APPC");
+ params.setMsoUsername("null");
+ params.setAaiNamedQueryUUID("null");
+ params.setAaiPassword("null");
+ params.setNotificationTopic("POLICY-CL-MGT");
+ insert(params);
+end
diff --git a/packages/base/src/files/install/servers/pap/webapps/Config/com.Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.txt b/packages/base/src/files/install/servers/pap/webapps/Config/com.Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.txt
new file mode 100644
index 000000000..2fdfa6736
--- /dev/null
+++ b/packages/base/src/files/install/servers/pap/webapps/Config/com.Config_BRMS_Param_BRMSParamvLBDemoPolicy.1.txt
@@ -0,0 +1,1116 @@
+/* Autogenerated Code Please Don't change/remove this comment section. This is for the UI purpose.
+ <$%BRMSParamTemplate=ControlLoopDemo__closedLoopControlName%$>
+ */
+
+
+/*-
+ * ============LICENSE_START=======================================================
+ * archetype-closed-loop-demo-rules
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.openecomp.policy.controlloop;
+
+import java.util.LinkedList;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.UUID;
+
+import org.openecomp.policy.controlloop.VirtualControlLoopEvent;
+import org.openecomp.policy.controlloop.ControlLoopEventStatus;
+import org.openecomp.policy.controlloop.VirtualControlLoopNotification;
+import org.openecomp.policy.controlloop.ControlLoopNotificationType;
+import org.openecomp.policy.controlloop.ControlLoopOperation;
+import org.openecomp.policy.controlloop.ControlLoopOperationWrapper;
+import org.openecomp.policy.template.demo.ControlLoopException;
+
+import org.openecomp.policy.aai.AAINQF199.AAINQF199CloudRegion;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199ExtraProperties;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199ExtraProperty;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199GenericVNF;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199InstanceFilters;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199InventoryResponseItem;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199InventoryResponseItems;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199Manager;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199NamedQuery;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199QueryParameters;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199Request;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199RequestWrapper;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199Response;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199ResponseWrapper;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199ServiceInstance;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199Tenant;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199VfModule;
+import org.openecomp.policy.aai.AAINQF199.AAINQF199VServer;
+import org.openecomp.policy.aai.util.Serialization;
+
+import org.openecomp.policy.appc.CommonHeader;
+import org.openecomp.policy.appc.Request;
+import org.openecomp.policy.appc.Response;
+import org.openecomp.policy.appc.ResponseCode;
+import org.openecomp.policy.appc.ResponseStatus;
+import org.openecomp.policy.appc.ResponseValue;
+
+import org.openecomp.policy.template.demo.EventManager;
+import org.openecomp.policy.vnf.trafficgenerator.PGRequest;
+import org.openecomp.policy.vnf.trafficgenerator.PGStream;
+import org.openecomp.policy.vnf.trafficgenerator.PGStreams;
+
+import org.openecomp.policy.mso.MSOManager;
+import org.openecomp.policy.mso.MSORequest;
+import org.openecomp.policy.mso.MSORequestStatus;
+import org.openecomp.policy.mso.MSORequestDetails;
+import org.openecomp.policy.mso.MSOModelInfo;
+import org.openecomp.policy.mso.MSOCloudConfiguration;
+import org.openecomp.policy.mso.MSORequestInfo;
+import org.openecomp.policy.mso.MSORequestParameters;
+import org.openecomp.policy.mso.MSORelatedInstanceListElement;
+import org.openecomp.policy.mso.MSORelatedInstance;
+import org.openecomp.policy.mso.MSOResponse;
+
+import org.openecomp.policy.drools.system.PolicyEngine;
+
+//
+// These parameters are required to build the runtime policy
+//
+declare Params
+ closedLoopControlName : String
+ actor : String
+ aaiURL : String
+ aaiUsername : String
+ aaiPassword : String
+ msoURL : String
+ msoUsername : String
+ msoPassword : String
+ aaiNamedQueryUUID : String
+ aaiPatternMatch : int
+ notificationTopic : String
+ appcTopic : String
+end
+
+/*
+*
+* Called once and only once to insert the parameters into working memory for this Closed Loop policy.
+* (Comment SETUP rule out for the first ECOMP opensource release since policy BRMS_GW already puts a Params fact in there)
+*
+*
+*rule "BRMSParamvLBDemoPolicy.SETUP"
+* when
+* then
+* System.out.println("rule SETUP is triggered.");
+* Params params = new Params();
+* params.setClosedLoopControlName("CL-DNS-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8");
+* params.setActor("MSO");
+* params.setAaiURL("https://aai.api.simpledemo.openecomp.org:8443");
+* params.setAaiUsername("POLICY");
+* params.setAaiPassword("POLICY");
+* params.setMsoURL("http://vm1.mso.simpledemo.openecomp.org:8080/ecomp/mso/infra");
+* params.setMsoUsername("InfraPortalClient");
+* params.setMsoPassword("password1$");
+* params.setAaiNamedQueryUUID("f199cb88-5e69-4b1f-93e0-6f257877d066");
+* params.setAaiPatternMatch(0);
+* params.setNotificationTopic("POLICY-CL-MGT");
+* params.setAppcTopic("APPC-CL");
+* //
+* // This stays in memory as long as the rule is alive and running
+* //
+* insert(params);
+*end
+*/
+/*
+*
+* This rule responds to DCAE Events
+*
+*/
+rule "BRMSParamvLBDemoPolicy.EVENT"
+ when
+ $params : Params( getClosedLoopControlName() == "CL-DNS-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8" )
+ $event : VirtualControlLoopEvent( closedLoopControlName == $params.getClosedLoopControlName(), closedLoopEventStatus == ControlLoopEventStatus.ONSET )
+ not ( EventManager( closedLoopControlName == $event.closedLoopControlName ))
+ then
+ System.out.println("rule EVENT is triggered.");
+ try {
+ //
+ // Check the requestID in the event to make sure it is not null before we create the EventManager.
+ // The EventManager will do extra syntax checking as well check if the closed loop is disabled/
+ //
+ if ($event.requestID == null) {
+ VirtualControlLoopNotification notification = new VirtualControlLoopNotification($event);
+ notification.notification = ControlLoopNotificationType.REJECTED;
+ notification.from = "policy";
+ notification.message = "Missing requestID from DCAE event";
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ e.printStackTrace();
+ System.out.println("Can't deliver notification: " + notification);
+ }
+ //
+ // Retract it from memory
+ //
+ retract($event);
+ System.out.println("Event with requestID=null has been retracted.");
+ } else {
+ //
+ // Create an EventManager
+ //
+ EventManager manager = new EventManager($params.getClosedLoopControlName(), $event.requestID, $event.target);
+ //
+ // Determine if EventManager can actively process the event (i.e. syntax)
+ //
+ VirtualControlLoopNotification notification = manager.activate($event);
+ notification.from = "policy";
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ //
+ // Are we actively pursuing this event?
+ //
+ if (notification.notification == ControlLoopNotificationType.ACTIVE) {
+ //
+ // Insert Event Manager into memory, this will now kick off processing.
+ //
+ insert(manager);
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ e.printStackTrace();
+ System.out.println("Can't deliver notification: " + notification);
+ }
+ } else {
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ e.printStackTrace();
+ System.out.println("Can't deliver notification: " + notification);
+ }
+ //
+ // Retract it from memory
+ //
+ retract($event);
+ }
+ //
+ // Now that the manager is inserted into Drools working memory, we'll wait for
+ // another rule to fire in order to continue processing. This way we can also
+ // then screen for additional ONSET and ABATED events for this same RequestIDs
+ // and for different RequestIDs but with the same closedLoopControlName and target.
+ //
+ }
+ //
+ } catch (Exception e) {
+ e.printStackTrace();
+ VirtualControlLoopNotification notification = new VirtualControlLoopNotification($event);
+ notification.notification = ControlLoopNotificationType.REJECTED;
+ notification.message = "Exception occurred " + e.getMessage();
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ //
+ //
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e1) {
+ System.out.println("Can't deliver notification: " + notification);
+ e1.printStackTrace();
+ }
+ //
+ // Retract the event
+ //
+ retract($event);
+ }
+end
+
+/*
+*
+* This rule happens when we got a valid ONSET, closed loop is enabled and an Event Manager
+* is created. We can start the operations for this closed loop.
+*
+*/
+rule "BRMSParamvLBDemoPolicy.EVENT.MANAGER"
+ when
+ $params : Params( getClosedLoopControlName() == "CL-DNS-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8" )
+ $event : VirtualControlLoopEvent( closedLoopControlName == $params.getClosedLoopControlName(), closedLoopEventStatus == ControlLoopEventStatus.ONSET )
+ $manager : EventManager( closedLoopControlName == $event.closedLoopControlName, controlLoopResult == null)
+ then
+ System.out.println("rule EVENT.MANAGER is triggered.");
+ //
+ // Check which event this is.
+ //
+ EventManager.NEW_EVENT_STATUS eventStatus = $manager.onNewEvent($event);
+ //
+ // We only want the initial ONSET event in memory,
+ // all the other events need to be retracted to support
+ // cleanup and avoid the other rules being fired for this event.
+ //
+ if (eventStatus != EventManager.NEW_EVENT_STATUS.FIRST_ONSET) {
+ System.out.println("Retracting "+eventStatus+" Event.");
+ retract($event);
+ return;
+ }
+ //
+ // Now the event in memory is first onset event
+ //
+ try {
+ //
+ // Pull the known AAI field from the Event
+ //
+ // generic-vnf is needed for vFirewall case
+ // vserver-name is needed for vLoadBalancer case
+ //
+ String genericVNF = $event.AAI.get("generic-vnf.vnf-id");
+ String vserver = $event.AAI.get("vserver.vserver-name");
+ //
+ // Check if we are implementing a simple pattern match.
+ //
+ if ($params.getAaiPatternMatch() == 1) {
+ //
+ // Yes
+ //
+ //Basic naming characteristics:
+ //VF Name (9 char)+VM name (13 char total)+VFC (19 char total)
+ //Example:
+ //VF Name (9 characters): cscf0001v
+ //VM Name(13 characters): cscf0001vm001
+ //VFC name(19 characters): cscf0001vm001cfg001
+ //
+ // zdfw1fwl01fwl02 or zdfw1fwl01fwl01
+ // replaced with
+ // zdfw1fwl01pgn02 or zdfw1fwl01pgn01
+ //
+ int index = genericVNF.lastIndexOf("fwl");
+ if (index == -1) {
+ System.err.println("The generic-vnf.vnf-id from DCAE Event is not valid.");
+ } else {
+ genericVNF = genericVNF.substring(0, index) + "pgn" + genericVNF.substring(index+"fwl".length());
+ }
+ //
+ // Construct an APPC request
+ //
+ ControlLoopOperation operation = new ControlLoopOperation();
+ operation.actor = $params.getActor();
+ operation.operation = "ModifyConfig";
+ operation.target = $event.target;
+ //
+ // Create operationWrapper
+ //
+ ControlLoopOperationWrapper operationWrapper = new ControlLoopOperationWrapper($event.requestID, operation);
+ //
+ // insert operationWrapper into memory
+ //
+ insert(operationWrapper);
+ //
+ Request request = new Request();
+ request.CommonHeader = new CommonHeader();
+ request.CommonHeader.RequestID = $event.requestID;
+ request.Action = operation.operation;
+ request.Payload = new HashMap<String, Object>();
+ //
+ // Fill in the payload
+ //
+ request.Payload.put("generic-vnf.vnf-id", genericVNF);
+ //
+ PGRequest pgRequest = new PGRequest();
+ pgRequest.pgStreams = new PGStreams();
+
+ PGStream pgStream;
+ for(int i = 0; i < 5; i++){
+ pgStream = new PGStream();
+ pgStream.streamId = "fw_udp"+(i+1);
+ pgStream.isEnabled = "true";
+ pgRequest.pgStreams.pgStream.add(pgStream);
+ }
+ request.Payload.put("pg-streams", pgRequest.pgStreams);
+
+ if (request != null) {
+ //
+ // Insert request into memory
+ //
+ insert(request);
+ //
+ // Tell interested parties we are performing this Operation
+ //
+ VirtualControlLoopNotification notification = new VirtualControlLoopNotification($event);
+ notification.notification = ControlLoopNotificationType.OPERATION;
+ // message and history ??
+ notification.from = "policy";
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ //
+ // Now send the operation request
+ //
+ if (request instanceof Request) {
+ try {
+ System.out.println("APPC request sent:");
+ System.out.println(Serialization.gsonPretty.toJson(request));
+ PolicyEngine.manager.deliver($params.getAppcTopic(), request);
+ } catch (Exception e) {
+ e.printStackTrace();
+ System.out.println("Can't deliver request: " + request);
+ }
+ }
+ } else {
+ //
+ // what happens if it is null
+ //
+ }
+ //
+ } else {
+ //
+ // create AAI named-query request with UUID started with "F199"
+ //
+ AAINQF199Request aainqf199request = new AAINQF199Request();
+ AAINQF199QueryParameters aainqf199queryparam = new AAINQF199QueryParameters();
+ AAINQF199NamedQuery aainqf199namedquery = new AAINQF199NamedQuery();
+ AAINQF199InstanceFilters aainqf199instancefilter = new AAINQF199InstanceFilters();
+ //
+ // queryParameters
+ //
+ aainqf199namedquery.namedQueryUUID = UUID.fromString($params.getAaiNamedQueryUUID());
+ aainqf199queryparam.namedQuery = aainqf199namedquery;
+ aainqf199request.queryParameters = aainqf199queryparam;
+ //
+ // instanceFilters
+ //
+ Map aainqf199instancefiltermap = new HashMap();
+ Map aainqf199instancefiltermapitem = new HashMap();
+ aainqf199instancefiltermapitem.put("vserver-name", vserver);
+ aainqf199instancefiltermap.put("vserver", aainqf199instancefiltermapitem);
+ aainqf199instancefilter.instanceFilter.add(aainqf199instancefiltermap);
+ aainqf199request.instanceFilters = aainqf199instancefilter;
+ //
+ // print aainqf199request for debug
+ //
+ System.out.println("AAI Request sent:");
+ System.out.println(Serialization.gsonPretty.toJson(aainqf199request));
+ //
+ // Create AAINQF199RequestWrapper
+ //
+ AAINQF199RequestWrapper aainqf199RequestWrapper = new AAINQF199RequestWrapper($event.requestID, aainqf199request);
+ //
+ // insert aainqf199request into memory
+ //
+ insert(aainqf199RequestWrapper);
+ }
+ //
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+end
+
+/*
+*
+* This rule happens when we got a valid ONSET, closed loop is enabled, an Event Manager
+* is created, AAI Manager and AAI Request are ready in memory. We can start sending query to AAI and then wait for response.
+*
+*/
+rule "BRMSParamvLBDemoPolicy.EVENT.MANAGER.AAINQF199REQUEST"
+ when
+ $params : Params( getClosedLoopControlName() == "CL-DNS-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8" )
+ $event : VirtualControlLoopEvent( closedLoopControlName == $params.getClosedLoopControlName(), closedLoopEventStatus == ControlLoopEventStatus.ONSET )
+ $manager : EventManager( closedLoopControlName == $event.closedLoopControlName )
+ $aainqf199RequestWrapper : AAINQF199RequestWrapper(requestID == $event.requestID)
+ then
+ System.out.println("rule EVENT.MANAGER.AAINQF199REQUEST is triggered.");
+ //
+ // send the request
+ //
+ AAINQF199Response aainqf199response = AAINQF199Manager.postQuery($params.getAaiURL(), $params.getAaiUsername(), $params.getAaiPassword(),
+ $aainqf199RequestWrapper.aainqf199request, $event.requestID);
+ //
+ // Check AAI response
+ //
+ if (aainqf199response == null) {
+ System.err.println("Failed to get AAI response");
+ //
+ // Fail and retract everything
+ //
+ retract($event);
+ retract($manager);
+ retract($aainqf199RequestWrapper);
+ } else {
+ //
+ // Create AAINQF199ResponseWrapper
+ //
+ AAINQF199ResponseWrapper aainqf199ResponseWrapper = new AAINQF199ResponseWrapper($event.requestID, aainqf199response);
+ //
+ // insert aainqf199ResponseWrapper to memeory
+ //
+ insert(aainqf199ResponseWrapper);
+ }
+end
+
+/*
+*
+* This rule happens when we got a valid AAI response. We can start sending request to APPC or MSO now.
+*
+*/
+rule "BRMSParamvLBDemoPolicy.EVENT.MANAGER.AAINQF199RESPONSE"
+ when
+ $params : Params( getClosedLoopControlName() == "CL-DNS-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8" )
+ $event : VirtualControlLoopEvent( closedLoopControlName == $params.getClosedLoopControlName(), closedLoopEventStatus == ControlLoopEventStatus.ONSET )
+ $manager : EventManager( closedLoopControlName == $event.closedLoopControlName )
+ $aainqf199RequestWrapper : AAINQF199RequestWrapper(requestID == $event.requestID)
+ $aainqf199ResponseWrapper : AAINQF199ResponseWrapper(requestID == $event.requestID)
+ then
+ System.out.println("rule EVENT.MANAGER.AAINQF199RESPONSE is triggered.");
+ //
+ // Extract related fields out of AAINQF199RESPONSE
+ //
+ String vnfItemVnfId, vnfItemVnfType, vnfItemPersonaModelId, vnfItemPersonaModelVersion, vnfItemModelName,
+ vnfItemModelVersion, vnfItemModelNameVersionId, serviceItemServiceInstanceId, serviceItemPersonaModelId,
+ serviceItemModelName, serviceItemModelType, serviceItemModelVersion, serviceItemModelNameVersionId,
+ vfModuleItemVfModuleName, vfModuleItemPersonaModelId, vfModuleItemPersonaModelVersion, vfModuleItemModelName,
+ vfModuleItemModelNameVersionId, tenantItemTenantId, cloudRegionItemCloudRegionId;
+ try {
+ //
+ // vnfItem
+ //
+ vnfItemVnfId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).genericVNF.vnfID;
+ vnfItemVnfType = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).genericVNF.vnfType;
+ vnfItemVnfType = vnfItemVnfType.substring(vnfItemVnfType.lastIndexOf("/")+1);
+ vnfItemPersonaModelId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).genericVNF.personaModelId;
+ vnfItemPersonaModelVersion = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).genericVNF.personaModelVersion;
+ vnfItemModelName = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).extraProperties.extraProperty.get(0).propertyValue;
+ vnfItemModelVersion = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).extraProperties.extraProperty.get(2).propertyValue;
+ vnfItemModelNameVersionId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).extraProperties.extraProperty.get(4).propertyValue;
+ //
+ // serviceItem
+ //
+ serviceItemServiceInstanceId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).serviceInstance.serviceInstanceID;
+ serviceItemPersonaModelId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).serviceInstance.personaModelId;
+ serviceItemModelName = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).extraProperties.extraProperty.get(0).propertyValue;
+ serviceItemModelType = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).extraProperties.extraProperty.get(1).propertyValue;
+ serviceItemModelVersion = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).serviceInstance.personaModelVersion;
+ serviceItemModelNameVersionId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).extraProperties.extraProperty.get(4).propertyValue;
+ //
+ // This comes from the base module
+ //
+ vfModuleItemVfModuleName = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(1).vfModule.vfModuleName;
+ vfModuleItemVfModuleName = vfModuleItemVfModuleName.replace("Vfmodule", "vDNS");
+ //
+ // vfModuleItem - NOT the base module
+ //
+ vfModuleItemPersonaModelId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(2).vfModule.personaModelId;
+ vfModuleItemPersonaModelVersion = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(2).vfModule.personaModelVersion;
+ vfModuleItemModelName = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(2).extraProperties.extraProperty.get(0).propertyValue;
+ vfModuleItemModelNameVersionId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(0).items.inventoryResponseItems.get(2).extraProperties.extraProperty.get(4).propertyValue;
+ //
+ // tenantItem
+ //
+ tenantItemTenantId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(1).tenant.tenantId;
+ //
+ // cloudRegionItem
+ //
+ cloudRegionItemCloudRegionId = $aainqf199ResponseWrapper.aainqf199response.inventoryResponseItems.get(0).items.inventoryResponseItems.get(1).items.inventoryResponseItems.get(0).cloudRegion.cloudRegionId;
+ //
+ } catch (Exception e) {
+ e.printStackTrace();
+ VirtualControlLoopNotification notification = new VirtualControlLoopNotification($event);
+ notification.notification = ControlLoopNotificationType.REJECTED;
+ notification.message = "Exception occurred " + e.getMessage();
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e1) {
+ System.out.println("Can't deliver notification: " + notification);
+ e1.printStackTrace();
+ }
+ //
+ notification.notification = ControlLoopNotificationType.FINAL_FAILURE;
+ notification.message = "Invalid named-query response from AAI";
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e1) {
+ System.out.println("Can't deliver notification: " + notification);
+ e1.printStackTrace();
+ }
+ //
+ // Retract everything
+ //
+ retract($aainqf199RequestWrapper);
+ retract($aainqf199ResponseWrapper);
+ retract($manager);
+ retract($event);
+ return;
+ }
+ //
+ // Extracted fields should not be null
+ //
+ if ((vnfItemVnfId == null) || (vnfItemVnfType == null) ||
+ (vnfItemPersonaModelId == null) || (vnfItemModelName == null) ||
+ (vnfItemModelVersion == null) || (vnfItemModelNameVersionId == null) ||
+ (serviceItemServiceInstanceId == null) || (serviceItemModelName == null) ||
+ (serviceItemModelType == null) || (serviceItemModelVersion == null) ||
+ (serviceItemModelNameVersionId == null) || (vfModuleItemVfModuleName == null) ||
+ (vfModuleItemPersonaModelId == null) || (vfModuleItemPersonaModelVersion == null) ||
+ (vfModuleItemModelName == null) || (vfModuleItemModelNameVersionId == null) ||
+ (tenantItemTenantId == null) || (cloudRegionItemCloudRegionId == null)) {
+ //
+ System.err.println("some fields are missing from AAI response.");
+ //
+ // Fail and retract everything
+ //
+ retract($aainqf199RequestWrapper);
+ retract($aainqf199ResponseWrapper);
+ retract($manager);
+ retract($event);
+ return;
+ }
+ //
+ // We don't need them any more
+ //
+ retract($aainqf199ResponseWrapper);
+ retract($aainqf199RequestWrapper);
+ //
+ // check the actor of this closed loop
+ //
+ switch ($params.getActor()) {
+ case "APPC":
+ {
+ //
+ // Construct an APPC request
+ //
+ ControlLoopOperation operation = new ControlLoopOperation();
+ operation.actor = $params.getActor();
+ operation.operation = "ModifyConfig";
+ operation.target = $event.target;
+ //
+ // Create operationWrapper
+ //
+ ControlLoopOperationWrapper operationWrapper = new ControlLoopOperationWrapper($event.requestID, operation);
+ //
+ // insert operationWrapper into memory
+ //
+ insert(operationWrapper);
+ //
+ Request request = new Request();
+ request.CommonHeader = new CommonHeader();
+ request.CommonHeader.RequestID = $event.requestID;
+ request.Action = operation.operation;
+ request.Payload = new HashMap<String, Object>();
+ //
+ // Fill in the payload
+ // Hardcode genericVNF for now since AAI has not been ready for vFirewall demo case
+ //
+ String genericVNF = "zdfw1fwl01pgn02";
+ request.Payload.put("generic-vnf.vnf-id", genericVNF);
+ //
+ PGRequest pgRequest = new PGRequest();
+ pgRequest.pgStreams = new PGStreams();
+
+ PGStream pgStream;
+ for(int i = 0; i < 5; i++){
+ pgStream = new PGStream();
+ pgStream.streamId = "fw_udp"+(i+1);
+ pgStream.isEnabled = "true";
+ pgRequest.pgStreams.pgStream.add(pgStream);
+ }
+ request.Payload.put("pg-streams", pgRequest.pgStreams);
+
+ if (request != null) {
+ //
+ // Insert request into memory
+ //
+ insert(request);
+ //
+ // Tell interested parties we are performing this Operation
+ //
+ VirtualControlLoopNotification notification = new VirtualControlLoopNotification($event);
+ notification.notification = ControlLoopNotificationType.OPERATION;
+ // message and history ??
+ notification.from = "policy";
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ //
+ // Now send the operation request
+ //
+ if (request instanceof Request) {
+ try {
+ System.out.println("APPC request sent:");
+ System.out.println(Serialization.gsonPretty.toJson(request));
+ PolicyEngine.manager.deliver($params.getAppcTopic(), request);
+ } catch (Exception e) {
+ e.printStackTrace();
+ System.out.println("Can't deliver request: " + request);
+ }
+ }
+ } else {
+ //
+ // what happens if it is null
+ //
+ }
+ }
+ break;
+ case "MSO":
+ {
+ //
+ // Construct an operation
+ //
+ ControlLoopOperation operation = new ControlLoopOperation();
+ operation.actor = $params.getActor();
+ operation.operation = "createModuleInstance";
+ operation.target = $event.target;
+ //
+ // Create operationWrapper
+ //
+ ControlLoopOperationWrapper operationWrapper = new ControlLoopOperationWrapper($event.requestID, operation);
+ //
+ // Construct an MSO request
+ //
+ MSORequest request = new MSORequest();
+ request.requestDetails = new MSORequestDetails();
+ request.requestDetails.modelInfo = new MSOModelInfo();
+ request.requestDetails.cloudConfiguration = new MSOCloudConfiguration();
+ request.requestDetails.requestInfo = new MSORequestInfo();
+ request.requestDetails.requestParameters = new MSORequestParameters();
+ request.requestDetails.requestParameters.userParams = null;
+ //
+ // cloudConfiguration
+ //
+ request.requestDetails.cloudConfiguration.lcpCloudRegionId = cloudRegionItemCloudRegionId;
+ request.requestDetails.cloudConfiguration.tenantId = tenantItemTenantId;
+ //
+ // modelInfo
+ //
+ request.requestDetails.modelInfo.modelType = "vfModule";
+ request.requestDetails.modelInfo.modelInvariantId = vfModuleItemPersonaModelId;
+ request.requestDetails.modelInfo.modelNameVersionId = vfModuleItemModelNameVersionId;
+ request.requestDetails.modelInfo.modelName = vfModuleItemModelName;
+ request.requestDetails.modelInfo.modelVersion = vfModuleItemPersonaModelVersion;
+ //
+ // requestInfo
+ //
+ request.requestDetails.requestInfo.instanceName = vfModuleItemVfModuleName;
+ request.requestDetails.requestInfo.source = "POLICY";
+ request.requestDetails.requestInfo.suppressRollback = false;
+ //
+ // relatedInstanceList
+ //
+ MSORelatedInstanceListElement relatedInstanceListElement1 = new MSORelatedInstanceListElement();
+ MSORelatedInstanceListElement relatedInstanceListElement2 = new MSORelatedInstanceListElement();
+ relatedInstanceListElement1.relatedInstance = new MSORelatedInstance();
+ relatedInstanceListElement2.relatedInstance = new MSORelatedInstance();
+ //
+ relatedInstanceListElement1.relatedInstance.instanceId = serviceItemServiceInstanceId;
+ relatedInstanceListElement1.relatedInstance.modelInfo = new MSOModelInfo();
+ relatedInstanceListElement1.relatedInstance.modelInfo.modelType = "service";
+ relatedInstanceListElement1.relatedInstance.modelInfo.modelInvariantId = serviceItemPersonaModelId;
+ relatedInstanceListElement1.relatedInstance.modelInfo.modelNameVersionId = serviceItemModelNameVersionId;
+ relatedInstanceListElement1.relatedInstance.modelInfo.modelName = serviceItemModelName;
+ relatedInstanceListElement1.relatedInstance.modelInfo.modelVersion = serviceItemModelVersion;
+ //
+ relatedInstanceListElement2.relatedInstance.instanceId = vnfItemVnfId;
+ relatedInstanceListElement2.relatedInstance.modelInfo = new MSOModelInfo();
+ relatedInstanceListElement2.relatedInstance.modelInfo.modelType = "vnf";
+ relatedInstanceListElement2.relatedInstance.modelInfo.modelInvariantId = vnfItemPersonaModelId;
+ relatedInstanceListElement2.relatedInstance.modelInfo.modelNameVersionId = vnfItemModelNameVersionId;
+ relatedInstanceListElement2.relatedInstance.modelInfo.modelName = vnfItemModelName;
+ relatedInstanceListElement2.relatedInstance.modelInfo.modelVersion = vnfItemModelVersion;
+ relatedInstanceListElement2.relatedInstance.modelInfo.modelCustomizationName = vnfItemVnfType;
+ //
+ request.requestDetails.relatedInstanceList.add(relatedInstanceListElement1);
+ request.requestDetails.relatedInstanceList.add(relatedInstanceListElement2);
+ //
+ // print MSO request for debug
+ //
+ System.out.println("MSO request sent:");
+ System.out.println(Serialization.gsonPretty.toJson(request));
+ //
+ //
+ //
+ if (request != null) {
+ //
+ // Tell interested parties we are performing this Operation
+ //
+ VirtualControlLoopNotification notification = new VirtualControlLoopNotification($event);
+ notification.notification = ControlLoopNotificationType.OPERATION;
+ notification.from = "policy";
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ //
+ // Concatenate serviceItemServiceInstanceId and vnfItemVnfId to msoURL
+ //
+ String MSOUrl = $params.getMsoURL() + "/serviceInstances/v2/" + serviceItemServiceInstanceId + "/vnfs/" + vnfItemVnfId + "/vfModules";
+ //
+ // Call MSO
+ //
+ MSOResponse response = MSOManager.createModuleInstance(MSOUrl, $params.getMsoURL(), $params.getMsoUsername(), $params.getMsoPassword(), request);
+ //
+ if (response != null) {
+ //
+ // Assign requestId
+ //
+ request.requestId = $event.requestID.toString();
+ response.request.requestId = $event.requestID.toString();
+ //
+ // Insert facts
+ //
+ insert(operationWrapper);
+ insert(request);
+ insert(response);
+ } else {
+ //
+ // MSO request not even accepted
+ //
+ notification.message = operationWrapper.operation.toMessage();
+ operationWrapper.operation.message = operationWrapper.operation.toMessage();
+ operationWrapper.operation.outcome = "FAILURE_EXCEPTION";
+ $manager.setControlLoopResult("FAILURE_EXCEPTION");
+ notification.history.add(operationWrapper.operation);
+ notification.notification = ControlLoopNotificationType.OPERATION_FAILURE;
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ notification.notification = ControlLoopNotificationType.FINAL_FAILURE;
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ //
+ // Retract everything
+ //
+ retract($event);
+ retract($manager);
+ }
+ } else {
+ System.err.println("constructed MSO request is invalid.");
+ }
+ }
+ break;
+ }
+end
+
+/*
+*
+* This rule responds to APPC Response Events
+*
+*/
+rule "BRMSParamvLBDemoPolicy.APPC.RESPONSE"
+ when
+ $params : Params( getClosedLoopControlName() == "CL-DNS-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8" )
+ $event : VirtualControlLoopEvent( closedLoopControlName == $params.getClosedLoopControlName(), closedLoopEventStatus == ControlLoopEventStatus.ONSET )
+ $manager : EventManager( closedLoopControlName == $event.closedLoopControlName )
+ $operationWrapper : ControlLoopOperationWrapper( requestID == $event.requestID )
+ $request : Request( getCommonHeader().RequestID == $event.requestID )
+ $response : Response( getCommonHeader().RequestID == $event.requestID )
+ then
+ System.out.println("rule APPC.RESPONSE is triggered.");
+ if ($response.Status == null) {
+ $operationWrapper.operation.outcome = "FAILURE_EXCEPTION";
+ $manager.setControlLoopResult("FAILURE_EXCEPTION");
+ }
+ //
+ // Get the Response Code
+ //
+ ResponseCode code = ResponseCode.toResponseCode($response.Status.Code);
+ if (code == null) {
+ $operationWrapper.operation.outcome = "FAILURE_EXCEPTION";
+ $manager.setControlLoopResult("FAILURE_EXCEPTION");
+ }
+ //
+ // Construct notification
+ //
+ VirtualControlLoopNotification notification = new VirtualControlLoopNotification($event);
+ notification.from = "policy";
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ notification.message = $operationWrapper.operation.toMessage();
+ $operationWrapper.operation.message = $operationWrapper.operation.toMessage();
+ //
+ // Ok, let's figure out what APP-C's response is
+ //
+ switch (code) {
+ case ACCEPT:
+ $operationWrapper.operation.outcome = "PROCESSING";
+ break;
+ case ERROR:
+ case REJECT:
+ $operationWrapper.operation.outcome = "FAILURE_EXCEPTION";
+ $manager.setControlLoopResult("FAILURE_EXCEPTION");
+ break;
+ case SUCCESS:
+ $operationWrapper.operation.outcome = "SUCCESS";
+ $manager.setControlLoopResult("SUCCESS");
+ break;
+ case FAILURE:
+ $operationWrapper.operation.outcome = "FAILURE";
+ $manager.setControlLoopResult("FAILURE");
+ break;
+ }
+ if ($operationWrapper.operation.outcome.equals("SUCCESS")) {
+ notification.history.add($operationWrapper.operation);
+ notification.notification = ControlLoopNotificationType.OPERATION_SUCCESS;
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ notification.notification = ControlLoopNotificationType.FINAL_SUCCESS;
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+
+ //
+ // We are going to retract these objects from memory
+ //
+ System.out.println("Retracting everything");
+ retract($operationWrapper);
+ retract($request);
+ retract($response);
+ retract($event);
+ retract($manager);
+ } else if ($operationWrapper.operation.outcome.equals("PROCESSING")) {
+ retract($response);
+ } else {
+ notification.history.add($operationWrapper.operation);
+ notification.notification = ControlLoopNotificationType.OPERATION_FAILURE;
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ notification.notification = ControlLoopNotificationType.FINAL_FAILURE;
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ //
+ // We are going to retract these objects from memory
+ //
+ System.out.println("Retracting everything");
+ retract($operationWrapper);
+ retract($request);
+ retract($response);
+ retract($event);
+ retract($manager);
+ }
+
+end
+
+/*
+*
+* This rule is used to clean up APPC response
+*
+*/
+rule "BRMSParamvLBDemoPolicy.APPC.RESPONSE.CLEANUP"
+ when
+ $params : Params( getClosedLoopControlName() == "CL-DNS-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8" )
+ $response : Response($id : getCommonHeader().RequestID )
+ not ( VirtualControlLoopEvent( closedLoopControlName == $params.getClosedLoopControlName(), requestID == $id, closedLoopEventStatus == ControlLoopEventStatus.ONSET ) )
+ then
+ System.out.println("rule APPC.RESPONSE.CLEANUP is triggered.");
+ retract($response);
+end
+
+/*
+*
+* This rule responds to MSO Response Events
+*
+*/
+rule "BRMSParamvLBDemoPolicy.MSO.RESPONSE"
+ when
+ $params : Params( getClosedLoopControlName() == "CL-DNS-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8" )
+ $event : VirtualControlLoopEvent( closedLoopControlName == $params.getClosedLoopControlName(), closedLoopEventStatus == ControlLoopEventStatus.ONSET )
+ $manager : EventManager( closedLoopControlName == $event.closedLoopControlName )
+ $operationWrapper : ControlLoopOperationWrapper( requestID == $event.requestID )
+ $request : MSORequest( requestId == $event.requestID.toString() )
+ $response : MSOResponse( request.requestId == $event.requestID.toString() )
+ then
+ System.out.println("rule MSO.RESPONSE is triggered.");
+ //
+ // Construct notification
+ //
+ VirtualControlLoopNotification notification = new VirtualControlLoopNotification($event);
+ notification.from = "policy";
+ notification.policyName = drools.getRule().getName();
+ notification.policyScope = "com";
+ notification.policyVersion = "1";
+ notification.message = $operationWrapper.operation.toMessage();
+ $operationWrapper.operation.message = $operationWrapper.operation.toMessage();
+ //
+ // The operation can either be succeeded or failed
+ //
+ if($response.request.requestStatus.requestState.equals("Completed")) {
+ $operationWrapper.operation.outcome = "SUCCESS";
+ $manager.setControlLoopResult("SUCCESS");
+ notification.history.add($operationWrapper.operation);
+ notification.notification = ControlLoopNotificationType.OPERATION_SUCCESS;
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ notification.notification = ControlLoopNotificationType.FINAL_SUCCESS;
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ //
+ // We are going to retract these objects from memory
+ //
+ System.out.println("Retracting everything");
+ retract($operationWrapper);
+ retract($request);
+ retract($response);
+ retract($event);
+ retract($manager);
+ } else {
+ $operationWrapper.operation.outcome = "FAILURE";
+ $manager.setControlLoopResult("FAILURE");
+ notification.history.add($operationWrapper.operation);
+ notification.notification = ControlLoopNotificationType.OPERATION_FAILURE;
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ notification.notification = ControlLoopNotificationType.FINAL_FAILURE;
+ //
+ // Let interested parties know
+ //
+ try {
+ System.out.println(Serialization.gsonPretty.toJson(notification));
+ PolicyEngine.manager.deliver($params.getNotificationTopic(), notification);
+ } catch (Exception e) {
+ System.out.println("Can't deliver notification: " + notification);
+ e.printStackTrace();
+ }
+ //
+ // We are going to retract these objects from memory
+ //
+ System.out.println("Retracting everything");
+ retract($operationWrapper);
+ retract($request);
+ retract($response);
+ retract($event);
+ retract($manager);
+ }
+
+end
+rule "Params"
+ salience 1000
+ when
+ then
+ Params params = new Params();
+ params.setAaiPatternMatch(0);
+ params.setAppcTopic("APPC-CL");
+ params.setAaiURL("https://aai.api.simpledemo.openecomp.org:8443");
+ params.setMsoPassword("password1$");
+ params.setClosedLoopControlName("CL-DNS-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8");
+ params.setAaiUsername("POLICY");
+ params.setMsoURL("http://vm1.mso.simpledemo.openecomp.org:8080/ecomp/mso/infra");
+ params.setActor("MSO");
+ params.setMsoUsername("InfraPortalClient");
+ params.setAaiNamedQueryUUID("f199cb88-5e69-4b1f-93e0-6f257877d066");
+ params.setAaiPassword("POLICY");
+ params.setNotificationTopic("POLICY-CL-MGT");
+ insert(params);
+end
diff --git a/packages/base/src/files/install/servers/pap/webapps/Config/com.Config_MS_vFirewall.1.json b/packages/base/src/files/install/servers/pap/webapps/Config/com.Config_MS_vFirewall.1.json
new file mode 100644
index 000000000..800c87a93
--- /dev/null
+++ b/packages/base/src/files/install/servers/pap/webapps/Config/com.Config_MS_vFirewall.1.json
@@ -0,0 +1 @@
+{"service":"TcaMetrics","location":"SampleServiceLocation","uuid":"/services/cdap-tca-hi-lo/instances/demo/configuration/metricsPerFunctionalRole/vFirewall","policyName":"vFirewall","description":"Micro Service vFirewall Demo Policy@CreatedBy:demo@CreatedBy:@ModifiedBy:demo@ModifiedBy:","configName":"SampleConfigName","templateVersion":"OpenSource.version.1","version":"1.0.0.5","priority":"1","policyScope":"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=SampleClosedLoop","content":{"thresholds":[{"severity":"MAJOR","fieldPath":"$.event.measurementsForVfScalingFields.vNicUsageArray[*].packetsIn","thresholdValue":"300","closedLoopControlName":"CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8","version":"1.0.2","direction":"LESS_OR_EQUAL"},{"severity":"CRITICAL","fieldPath":"$.event.measurementsForVfScalingFields.vNicUsageArray[*].packetsIn","thresholdValue":"700","closedLoopControlName":"CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8","version":"1.0.2","direction":"GREATER_OR_EQUAL"}],"functionalRole":"vFirewall","name":"0"}}
diff --git a/packages/base/src/files/install/servers/pap/webapps/Config/com.Config_MS_vLoadBalancer.1.json b/packages/base/src/files/install/servers/pap/webapps/Config/com.Config_MS_vLoadBalancer.1.json
new file mode 100644
index 000000000..d03206fc1
--- /dev/null
+++ b/packages/base/src/files/install/servers/pap/webapps/Config/com.Config_MS_vLoadBalancer.1.json
@@ -0,0 +1 @@
+{"service":"TcaMetrics","location":"SampleServiceLocation","uuid":"/services/cdap-tca-hi-lo/instances/demo/configuration/metricsPerFunctionalRole/vLoadBalancer","policyName":"vLoadBalancer","description":"Micro Service vLoadBalancer Demo Policy@CreatedBy:demo@CreatedBy:@ModifiedBy:demo@ModifiedBy:","configName":"SampleConfigName","templateVersion":"OpenSource.version.1","version":"1.0.0.5","priority":"1","policyScope":"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=SampleClosedLoop","content":{"thresholds":[{"severity":"MAJOR","fieldPath":"$.event.measurementsForVfScalingFields.vNicUsageArray[*].packetsIn","thresholdValue":"200","closedLoopControlName":"CL-DNS-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8","version":"1.0.2","direction":"GREATER_OR_EQUAL"}],"functionalRole":"vLoadBalancer","name":"0"}}
diff --git a/packages/base/src/files/install/servers/paplp/bin/config/policyLogger.properties b/packages/base/src/files/install/servers/paplp/bin/config/policyLogger.properties
new file mode 100644
index 000000000..0deb1b3d6
--- /dev/null
+++ b/packages/base/src/files/install/servers/paplp/bin/config/policyLogger.properties
@@ -0,0 +1,44 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+################################### Set concurrentHashMap and timer info #######################
+#Timer initial delay and the delay between in milliseconds before task is to be execute.
+timer.delay.time=1000
+#Timer scheduleAtFixedRate period - time in milliseconds between successive task executions.
+check.interval= 30000
+#Longest time an event info can be stored in the concurrentHashMap for logging - in seconds.
+event.expired.time=86400
+#Size of the concurrentHashMap which stores the event starting time, etc - when its size reaches this limit, the Timer gets executed
+#to remove all expired records from this concurrentHashMap.
+concurrentHashMap.limit=5000
+#Size of the concurrentHashMap - when its size drops to this point, stop the Timer
+stop.check.point=2500
+################################### Set logging format #############################################
+# set EELF for EELF logging format, set LOG4J for using log4j, set SYSTEMOUT for using system.out.println
+logger.type=EELF
+#################################### Set level for EELF or SYSTEMOUT logging ##################################
+# Set level for debug file. Set DEBUG to enable .info, .warn and .debug; set INFO for enable .info and .warn; set OFF to disable all
+debugLogger.level=INFO
+# Set level for metrics file. Set OFF to disable; set ON to enable
+metricsLogger.level=ON
+# Set level for error file. Set OFF to disable; set ON to enable
+error.level=ON
+# Set level for audit file. Set OFF to disable; set ON to enable
+audit.level=ON
diff --git a/packages/base/src/files/install/servers/paplp/bin/parserlog.properties b/packages/base/src/files/install/servers/paplp/bin/parserlog.properties
new file mode 100644
index 000000000..8dbd70e9b
--- /dev/null
+++ b/packages/base/src/files/install/servers/paplp/bin/parserlog.properties
@@ -0,0 +1,57 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+# PAP LogParser properties
+
+# JVM specific parameters
+LOGPARSER_JMX_PORT=${{LOGPARSER_JMX_PORT}}
+LOGPARSER_X_MS_MB=${{LOGPARSER_X_MS_MB}}
+LOGPARSER_X_MX_MB=${{LOGPARSER_X_MX_MB}}
+
+SERVER=${{SERVER}}
+LOGTYPE=PAP
+LOGPATH=${{LOGPATH}}
+JDBC_DRIVER=${{JDBC_DRIVER}}
+JDBC_URL='${{JDBC_LOG_URL}}'
+JDBC_USER=${{JDBC_USER}}
+JDBC_PASSWORD=${{JDBC_PASSWORD}}
+PARSERLOGPATH=IntegrityMonitor.log
+
+
+#Integrity Monitor values
+#database driver for Integrity Monitor
+javax.persistence.jdbc.driver=${{JDBC_DRIVER}}
+#database URL for Integrity Monitor
+javax.persistence.jdbc.url=${{JDBC_URL}}
+#database username for Integrity Monitor
+javax.persistence.jdbc.user=${{JDBC_USER}}
+#database password for Integrity Monitor
+javax.persistence.jdbc.password=${{JDBC_PASSWORD}}
+#resource name
+RESOURCE_NAME=${{resource_name}}
+#***Properties for IntegrityMonitor integration defined in IntegrityMonitorProperties.java***
+site_name=${{site_name}}
+node_type=${{node_type}}
+fp_monitor_interval=${{fp_monitor_interval}}
+failed_counter_threshold=${{failed_counter_threshold}}
+test_trans_interval=${{test_trans_interval}}
+write_fpc_interval=${{write_fpc_interval}}
+max_fpc_update_interval=${{max_fpc_update_interval}}
+test_via_jmx=${{test_via_jmx}}
diff --git a/packages/base/src/files/install/servers/pdp/bin/config/policyLogger.properties b/packages/base/src/files/install/servers/pdp/bin/config/policyLogger.properties
new file mode 100644
index 000000000..0deb1b3d6
--- /dev/null
+++ b/packages/base/src/files/install/servers/pdp/bin/config/policyLogger.properties
@@ -0,0 +1,44 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+################################### Set concurrentHashMap and timer info #######################
+#Timer initial delay and the delay between in milliseconds before task is to be execute.
+timer.delay.time=1000
+#Timer scheduleAtFixedRate period - time in milliseconds between successive task executions.
+check.interval= 30000
+#Longest time an event info can be stored in the concurrentHashMap for logging - in seconds.
+event.expired.time=86400
+#Size of the concurrentHashMap which stores the event starting time, etc - when its size reaches this limit, the Timer gets executed
+#to remove all expired records from this concurrentHashMap.
+concurrentHashMap.limit=5000
+#Size of the concurrentHashMap - when its size drops to this point, stop the Timer
+stop.check.point=2500
+################################### Set logging format #############################################
+# set EELF for EELF logging format, set LOG4J for using log4j, set SYSTEMOUT for using system.out.println
+logger.type=EELF
+#################################### Set level for EELF or SYSTEMOUT logging ##################################
+# Set level for debug file. Set DEBUG to enable .info, .warn and .debug; set INFO for enable .info and .warn; set OFF to disable all
+debugLogger.level=INFO
+# Set level for metrics file. Set OFF to disable; set ON to enable
+metricsLogger.level=ON
+# Set level for error file. Set OFF to disable; set ON to enable
+error.level=ON
+# Set level for audit file. Set OFF to disable; set ON to enable
+audit.level=ON
diff --git a/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties
new file mode 100644
index 000000000..860107ff9
--- /dev/null
+++ b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties
@@ -0,0 +1,125 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+# Default XACML Properties File for PDP RESTful servlet
+#
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+# NOT USED SEE BELOW xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
+#
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=org.openecomp.policy.xacml.custom.EcompFunctionDefinitionFactory
+# NOT USED SEE BELOW xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory
+
+#
+# AT&T RESTful PDP Implementation Factories
+#
+xacml.pipFinderFactory=org.openecomp.policy.pdp.rest.impl.XACMLPdpPIPFinderFactory
+xacml.att.policyFinderFactory=org.openecomp.policy.pdp.rest.XACMLPdpPolicyFinderFactory
+#
+# When set to true, this flag tells the StdPolicyFinderFactory to combined all the root policy files into
+# into one PolicySet and use the given Policy Algorithm.
+#
+xacml.att.policyFinderFactory.combineRootPolicies=urn:com:att:xacml:3.0:policy-combining-algorithm:combined-deny-overrides
+#
+# PDP RESTful API properties
+#
+# Set this to the address where the XACML-PAP-REST servlet is running
+# http://localhost:9090/pap/
+xacml.rest.pap.url=${{REST_PAP_URL}}
+#if multiple paps exist, the xacml.rest.pap.url can be removed and they can be defined like this:
+#xacml.rest.pap.urls=http://localhost:9090/pap/,http://localhost:9091/pap/
+#
+# Give the running PDP an ID for the PAP. The url that its running as is a good choice.
+# The PAP identifies PDP's using the URL of the PDP.
+#
+xacml.rest.pdp.id=${{REST_PDP_ID}}
+#
+# Give the JMX port number used for the PDP
+xacml.jmx.port=${{TOMCAT_JMX_PORT}}
+#
+# Notifcation type: websocket or ueb
+#
+xacml.notification.type=websocket,UEB
+xacml.ueb.cluster=${{UEB_CLUSTER}}
+#
+# Set the directory where the PDP holds its Policy Cache and PIP Configuration
+#
+xacml.rest.pdp.config=${{REST_PDP_CONFIG}}
+
+xacml.rest.pdp.webapps=${{REST_PDP_WEBAPPS}}
+#
+# Initialize register with PAP servlet
+#
+xacml.rest.pdp.register=${{REST_PDP_REGISTER}}
+#
+# Sleep period in seconds between register attempts
+#
+xacml.rest.pdp.register.sleep=${{REST_PDP_REGISTER_SLEEP}}
+#
+# number of attempts to register. -1 means keep trying forever.
+#
+xacml.rest.pdp.register.retries=${{REST_PDP_REGISTER_RETRIES}}
+#
+# max number of bytes in a POST of a XML/JSON request
+#
+xacml.rest.pdp.maxcontent=${{REST_PDP_MAXCONTENT}}
+#
+# Set UserID here
+xacml.rest.pdp.userid=${{PDP_HTTP_USER_ID}}
+# Set Password here
+xacml.rest.pdp.password=${{PDP_HTTP_PASSWORD}}
+# id PAP
+xacml.rest.pap.userid=${{PDP_PAP_PDP_HTTP_USER_ID}}
+# pass PAP
+xacml.rest.pap.password=${{PDP_PAP_PDP_HTTP_PASSWORD}}
+# Delay for Notifications Don't change this. Value in milliSec.
+xacml.rest.notification.delay=30
+# Request Buffer Size.
+REQUEST_BUFFER_SIZE=5
+#***Properties for IntegrityMonitor integration defined in XACMLRestProperties.java***
+#The name of the PDP. Must be unique across the system
+xacml.rest.pdp.resource.name=${{resource_name}}
+
+#***Properties for IntegrityMonitor integration defined in IntegrityMonitorProperties.java***
+site_name=${{site_name}}
+node_type=${{node_type}}
+dependency_groups=${{dependency_groups}}
+fp_monitor_interval=${{fp_monitor_interval}}
+failed_counter_threshold=${{failed_counter_threshold}}
+test_trans_interval=${{test_trans_interval}}
+write_fpc_interval=${{write_fpc_interval}}
+max_fpc_update_interval=${{max_fpc_update_interval}}
+test_via_jmx=${{test_via_jmx}}
+
+#database properties needed by IntegrityMonitor
+javax.persistence.jdbc.driver=${{JDBC_DRIVER}}
+javax.persistence.jdbc.url=${{JDBC_URL}}
+javax.persistence.jdbc.user=${{JDBC_USER}}
+javax.persistence.jdbc.password=${{JDBC_PASSWORD}}
+# Environment should be Set either DEV, TEST or PROD
+ENVIRONMENT=${{ENVIRONMENT}}
diff --git a/packages/base/src/files/install/servers/pdplp/bin/config/policyLogger.properties b/packages/base/src/files/install/servers/pdplp/bin/config/policyLogger.properties
new file mode 100644
index 000000000..0deb1b3d6
--- /dev/null
+++ b/packages/base/src/files/install/servers/pdplp/bin/config/policyLogger.properties
@@ -0,0 +1,44 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+################################### Set concurrentHashMap and timer info #######################
+#Timer initial delay and the delay between in milliseconds before task is to be execute.
+timer.delay.time=1000
+#Timer scheduleAtFixedRate period - time in milliseconds between successive task executions.
+check.interval= 30000
+#Longest time an event info can be stored in the concurrentHashMap for logging - in seconds.
+event.expired.time=86400
+#Size of the concurrentHashMap which stores the event starting time, etc - when its size reaches this limit, the Timer gets executed
+#to remove all expired records from this concurrentHashMap.
+concurrentHashMap.limit=5000
+#Size of the concurrentHashMap - when its size drops to this point, stop the Timer
+stop.check.point=2500
+################################### Set logging format #############################################
+# set EELF for EELF logging format, set LOG4J for using log4j, set SYSTEMOUT for using system.out.println
+logger.type=EELF
+#################################### Set level for EELF or SYSTEMOUT logging ##################################
+# Set level for debug file. Set DEBUG to enable .info, .warn and .debug; set INFO for enable .info and .warn; set OFF to disable all
+debugLogger.level=INFO
+# Set level for metrics file. Set OFF to disable; set ON to enable
+metricsLogger.level=ON
+# Set level for error file. Set OFF to disable; set ON to enable
+error.level=ON
+# Set level for audit file. Set OFF to disable; set ON to enable
+audit.level=ON
diff --git a/packages/base/src/files/install/servers/pdplp/bin/parserlog.properties b/packages/base/src/files/install/servers/pdplp/bin/parserlog.properties
new file mode 100755
index 000000000..42c3ade32
--- /dev/null
+++ b/packages/base/src/files/install/servers/pdplp/bin/parserlog.properties
@@ -0,0 +1,57 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+# PDP LogParser properties
+
+# JVM specific parameters
+LOGPARSER_JMX_PORT=${{LOGPARSER_JMX_PORT}}
+LOGPARSER_X_MS_MB=${{LOGPARSER_X_MS_MB}}
+LOGPARSER_X_MX_MB=${{LOGPARSER_X_MX_MB}}
+
+SERVER=${{SERVER}}
+LOGTYPE=PDP
+LOGPATH=${{LOGPATH}}
+JDBC_DRIVER=${{JDBC_DRIVER}}
+JDBC_URL='${{JDBC_LOG_URL}}'
+JDBC_USER=${{JDBC_USER}}
+JDBC_PASSWORD=${{JDBC_PASSWORD}}
+PARSERLOGPATH=IntegrityMonitor.log
+
+
+#Integrity Monitor values
+#database driver for Integrity Monitor
+javax.persistence.jdbc.driver=${{JDBC_DRIVER}}
+#database URL for Integrity Monitor
+javax.persistence.jdbc.url=${{JDBC_URL}}
+#database username for Integrity Monitor
+javax.persistence.jdbc.user=${{JDBC_USER}}
+#database password for Integrity Monitor
+javax.persistence.jdbc.password=${{JDBC_PASSWORD}}
+#resource name
+RESOURCE_NAME=${{resource_name}}
+#***Properties for IntegrityMonitor integration defined in IntegrityMonitorProperties.java***
+site_name=${{site_name}}
+node_type=${{node_type}}
+fp_monitor_interval=${{fp_monitor_interval}}
+failed_counter_threshold=${{failed_counter_threshold}}
+test_trans_interval=${{test_trans_interval}}
+write_fpc_interval=${{write_fpc_interval}}
+max_fpc_update_interval=${{max_fpc_update_interval}}
+test_via_jmx=${{test_via_jmx}}
diff --git a/packages/base/src/files/install/servers/pypdp/bin/client.properties b/packages/base/src/files/install/servers/pypdp/bin/client.properties
new file mode 100644
index 000000000..0b8dc258e
--- /dev/null
+++ b/packages/base/src/files/install/servers/pypdp/bin/client.properties
@@ -0,0 +1,22 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+python=test,MASTER
+PyPDPServer=test,MASTER \ No newline at end of file
diff --git a/packages/base/src/files/install/servers/pypdp/bin/config.properties b/packages/base/src/files/install/servers/pypdp/bin/config.properties
new file mode 100644
index 000000000..93f7b5d41
--- /dev/null
+++ b/packages/base/src/files/install/servers/pypdp/bin/config.properties
@@ -0,0 +1,51 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+#pypdp properties
+
+PDP_URL=${{PDP_URL}}
+PAP_URL=${{PAP_URL}}
+PYPDP_ID=${{PYPDP_ID}}
+PYPDP_PASSWORD=${{PYPDP_PASSWORD}}
+
+#Integrity Monitor values
+#database driver for Integrity Monitor
+javax.persistence.jdbc.driver=${{JDBC_DRIVER}}
+#database URL for Integrity Monitor
+javax.persistence.jdbc.url=${{JDBC_URL}}
+#database username for Integrity Monitor
+javax.persistence.jdbc.user=${{JDBC_USER}}
+#database password for Integrity Monitor
+javax.persistence.jdbc.password=${{JDBC_PASSWORD}}
+#resource name
+RESOURCE_NAME=${{resource_name}}
+#***Properties for IntegrityMonitor integration defined in IntegrityMonitorProperties.java***
+site_name=${{site_name}}
+node_type=${{node_type}}
+fp_monitor_interval=${{fp_monitor_interval}}
+failed_counter_threshold=${{failed_counter_threshold}}
+test_trans_interval=${{test_trans_interval}}
+write_fpc_interval=${{write_fpc_interval}}
+max_fpc_update_interval=${{max_fpc_update_interval}}
+test_via_jmx=${{test_via_jmx}}
+# Environment should be Set either DEV, TEST or PROD
+ENVIRONMENT=${{ENVIRONMENT}}
+
+CLIENT_FILE=${{CLIENT_FILE}}
diff --git a/packages/base/src/files/install/servers/pypdp/bin/config/policyLogger.properties b/packages/base/src/files/install/servers/pypdp/bin/config/policyLogger.properties
new file mode 100644
index 000000000..0deb1b3d6
--- /dev/null
+++ b/packages/base/src/files/install/servers/pypdp/bin/config/policyLogger.properties
@@ -0,0 +1,44 @@
+###
+# ============LICENSE_START=======================================================
+# ECOMP Policy Engine
+# ================================================================================
+# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+
+################################### Set concurrentHashMap and timer info #######################
+#Timer initial delay and the delay between in milliseconds before task is to be execute.
+timer.delay.time=1000
+#Timer scheduleAtFixedRate period - time in milliseconds between successive task executions.
+check.interval= 30000
+#Longest time an event info can be stored in the concurrentHashMap for logging - in seconds.
+event.expired.time=86400
+#Size of the concurrentHashMap which stores the event starting time, etc - when its size reaches this limit, the Timer gets executed
+#to remove all expired records from this concurrentHashMap.
+concurrentHashMap.limit=5000
+#Size of the concurrentHashMap - when its size drops to this point, stop the Timer
+stop.check.point=2500
+################################### Set logging format #############################################
+# set EELF for EELF logging format, set LOG4J for using log4j, set SYSTEMOUT for using system.out.println
+logger.type=EELF
+#################################### Set level for EELF or SYSTEMOUT logging ##################################
+# Set level for debug file. Set DEBUG to enable .info, .warn and .debug; set INFO for enable .info and .warn; set OFF to disable all
+debugLogger.level=INFO
+# Set level for metrics file. Set OFF to disable; set ON to enable
+metricsLogger.level=ON
+# Set level for error file. Set OFF to disable; set ON to enable
+error.level=ON
+# Set level for audit file. Set OFF to disable; set ON to enable
+audit.level=ON