summaryrefslogtreecommitdiffstats
path: root/packages/base
diff options
context:
space:
mode:
authorITSERVICES\rb7147 <rb7147@att.com>2017-05-08 22:20:44 -0400
committerITSERVICES\rb7147 <rb7147@att.com>2017-05-09 13:58:03 -0400
commitdda032f8bb161d54eb1f59de2b4a3efb774fc4d1 (patch)
tree9a11825d59434d97bb0c7dcbf00a0b84e7e5f526 /packages/base
parenta330af579866dacbe595e2e4ad1dd29cd3c96945 (diff)
Policy 1707 Second commit
Change-Id: I18f5b142238733d17280cf17c3d1dd28204d34e9 Signed-off-by: ITSERVICES\rb7147 <rb7147@att.com>
Diffstat (limited to 'packages/base')
-rw-r--r--packages/base/src/files/install/mysql/data/170204_downgrade_script.sql1
-rw-r--r--packages/base/src/files/install/mysql/data/170204_upgrade_script.sql14
-rw-r--r--packages/base/src/files/install/servers/brmsgw/config.properties16
-rw-r--r--packages/base/src/files/install/servers/pap/bin/Decision_GuardPolicyTemplate.xml99
-rw-r--r--packages/base/src/files/install/servers/pap/bin/xacml.pap.properties2
-rw-r--r--packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties24
-rw-r--r--packages/base/src/files/install/servers/pypdp/bin/client.properties22
-rw-r--r--packages/base/src/files/install/servers/pypdp/bin/config.properties51
-rw-r--r--packages/base/src/files/install/servers/pypdp/bin/config/policyLogger.properties44
9 files changed, 135 insertions, 138 deletions
diff --git a/packages/base/src/files/install/mysql/data/170204_downgrade_script.sql b/packages/base/src/files/install/mysql/data/170204_downgrade_script.sql
index d33fde5c6..8fead9cce 100644
--- a/packages/base/src/files/install/mysql/data/170204_downgrade_script.sql
+++ b/packages/base/src/files/install/mysql/data/170204_downgrade_script.sql
@@ -20,3 +20,4 @@
use ecomp_sdk;
drop table if exists brmsgroup_info;
drop table if exists brmsgroup_policy;
+drop table if exists operationshistory10;
diff --git a/packages/base/src/files/install/mysql/data/170204_upgrade_script.sql b/packages/base/src/files/install/mysql/data/170204_upgrade_script.sql
index 87b24710d..c474f1b7e 100644
--- a/packages/base/src/files/install/mysql/data/170204_upgrade_script.sql
+++ b/packages/base/src/files/install/mysql/data/170204_upgrade_script.sql
@@ -36,6 +36,20 @@ controllerName VARCHAR(255) NOT NULL references brmsgroup_info(controllerName),
PRIMARY KEY(policyname)
);
+drop table if exists operationshistory10;
+
+create table operationshistory10(
+CLNAME varchar(255) not null,
+requestID varchar(100),
+actor varchar(50) not null,
+operation varchar(50) not null,
+target varchar(50) not null,
+starttime timestamp not null,
+outcome varchar(50) not null,
+message varchar(255) ,
+subrequestId varchar(100),
+endtime timestamp not null default current_timestamp
+);
Insert into fn_role (ROLE_ID,ROLE_NAME,ACTIVE_YN,PRIORITY) values (5002,'Policy Super Admin','Y',10);
Insert into fn_role (ROLE_ID,ROLE_NAME,ACTIVE_YN,PRIORITY) values (5003,'Policy Super Editor','Y',10);
diff --git a/packages/base/src/files/install/servers/brmsgw/config.properties b/packages/base/src/files/install/servers/brmsgw/config.properties
index 4f92a0ac7..30b14b1e2 100644
--- a/packages/base/src/files/install/servers/brmsgw/config.properties
+++ b/packages/base/src/files/install/servers/brmsgw/config.properties
@@ -26,14 +26,14 @@ PDP_URL = ${{REST_PDP_ID}} , ${{PDP_HTTP_USER_ID}} , ${{PDP_HTTP_PASSWORD}}
PAP_URL = ${{REST_PAP_URL}} , ${{PDP_PAP_PDP_HTTP_USER_ID}} , ${{PDP_PAP_PDP_HTTP_PASSWORD}}
#Notification Properties... type can be either websocket, ueb, or dmaap
-NOTIFICATION_TYPE=websocket
-NOTIFICATION_SERVERS=${{UEB_URL}}
-NOTIFICATION_TOPIC=${{UEB_TOPIC}}
-NOTIFICATION_DELAY=
-CLIENT_ID=${{CLIENT_ID}}
-CLIENT_KEY=${{CLIENT_KEY}}
-UEB_API_KEY=${{UEB_API_KEY}}
-UEB_API_SECRET=${{UEB_API_SECRET}}
+NOTIFICATION_TYPE=${{BRMS_NOTIFICATION_TYPE}}
+NOTIFICATION_SERVERS=${{BRMS_UEB_URL}}
+NOTIFICATION_TOPIC=${{BRMS_UEB_TOPIC}}
+NOTIFICATION_DELAY=${{BRMS_UEB_DELAY}}
+CLIENT_ID=${{BRMS_CLIENT_ID}}
+CLIENT_KEY=${{BRMS_CLIENT_KEY}}
+UEB_API_KEY=${{BRMS_UEB_API_KEY}}
+UEB_API_SECRET=${{BRMS_UEB_API_SECRET}}
# Environment should be Set either DEV, TEST or PROD
diff --git a/packages/base/src/files/install/servers/pap/bin/Decision_GuardPolicyTemplate.xml b/packages/base/src/files/install/servers/pap/bin/Decision_GuardPolicyTemplate.xml
new file mode 100644
index 000000000..3a7f25008
--- /dev/null
+++ b/packages/base/src/files/install/servers/pap/bin/Decision_GuardPolicyTemplate.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:d56af069-6cf1-430c-ba07-e26602e06a52" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides">
+ <Description>${description}</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${PolicyName}</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="PolicyName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ <AllOf>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${ECOMPName}</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ECOMPName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="actor" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ <Match MatchId="org.openecomp.function.regex-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="recipe" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:com:xacml:rule:id:284d9393-f861-4250-b62d-fc36640a363a" Effect="Permit">
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DECIDE</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue>
+ </Apply>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-less-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="count" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="org:openecomp:xacml:sql:${timeWindow}" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">${limit}</AttributeValue>
+ </Apply>
+ </Apply>
+ </Condition>
+ </Rule>
+ <Rule RuleId="urn:com:xacml:rule:id:284d9393-f861-4250-b62d-fc36640a363a" Effect="Deny">
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DECIDE</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Condition>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only">
+ <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue>
+ </Apply>
+ </Apply>
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-less-than-or-equal">
+ <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="count" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="org:openecomp:xacml:sql:${timeWindow}" MustBePresent="false"/>
+ </Apply>
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">${limit}</AttributeValue>
+ </Apply>
+ </Apply>
+ </Apply>
+ </Condition>
+ <AdviceExpressions>
+ <AdviceExpression AdviceId="GUARD_YAML" AppliesTo="Deny">
+ <AttributeAssignmentExpression AttributeId="guard.response" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Denied!</AttributeValue>
+ </AttributeAssignmentExpression>
+ </AdviceExpression>
+ </AdviceExpressions>
+ </Rule>
+</Policy> \ No newline at end of file
diff --git a/packages/base/src/files/install/servers/pap/bin/xacml.pap.properties b/packages/base/src/files/install/servers/pap/bin/xacml.pap.properties
index 2a45ad32a..143aeabce 100644
--- a/packages/base/src/files/install/servers/pap/bin/xacml.pap.properties
+++ b/packages/base/src/files/install/servers/pap/bin/xacml.pap.properties
@@ -24,7 +24,7 @@
xacml.PAP.papEngineFactory=org.openecomp.policy.xacml.std.pap.StdEngineFactory
dictionary.impl.className=org.openecomp.policy.pap.xacml.rest.handler.DictionaryHandlerImpl
savePolicy.impl.className=org.openecomp.policy.pap.xacml.rest.handler.SavePolicyHandler
-pushPolicy.impl.className=org.openecomp.policy.pap.xacml.rest.handler.PushPolicyHander
+pushPolicy.impl.className=org.openecomp.policy.pap.xacml.rest.handler.PushPolicyHandler
deletePolicy.impl.className=org.openecomp.policy.pap.xacml.rest.handler.DeleteHandler
#
# Where we store our PAP PDP Group/Node information
diff --git a/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties
index 676eeef31..3b0431958 100644
--- a/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties
+++ b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties
@@ -47,13 +47,13 @@ xacml.att.policyFinderFactory=org.openecomp.policy.pdp.rest.XACMLPdpPolicyFinder
# When set to true, this flag tells the StdPolicyFinderFactory to combined all the root policy files into
# into one PolicySet and use the given Policy Algorithm.
#
-xacml.att.policyFinderFactory.combineRootPolicies=urn:com:att:xacml:3.0:policy-combining-algorithm:combined-deny-overrides
+xacml.att.policyFinderFactory.combineRootPolicies=urn:com:att:xacml:3.0:policy-combining-algorithm:combined-permit-overrides
#
# PDP RESTful API properties
#
-# Set this to the address where the XACML-PAP-REST servlet is running
+# Set this to the address or list of addresses where the XACML-PAP-REST servlet is running
# http://localhost:9090/pap/
-xacml.rest.pap.url=${{REST_PAP_URL}}
+xacml.rest.pap.urls=${{REST_PAP_URL}}
#if multiple paps exist, the xacml.rest.pap.url can be removed and they can be defined like this:
#xacml.rest.pap.urls=http://localhost:9090/pap/,http://localhost:9091/pap/
#
@@ -67,14 +67,14 @@ xacml.jmx.port=${{TOMCAT_JMX_PORT}}
#
# Notification Properties
# Notifcation type: websocket, ueb or dmaap... if left blank websocket is the default
-NOTIFICATION_TYPE=websocket,UEB
-NOTIFICATION_SERVERS=${{UEB_CLUSTER}}
-NOTIFICATION_TOPIC=
-NOTIFICATION_DELAY=
-UEB_API_KEY=${{UEB_API_KEY}}
-UEB_API_SECRET=${{UEB_API_SECRET}}
-DMAAP_AAF_LOGIN=${{DMAAP_AAF_LOGIN}}
-DMAAP_AAF_PASSWORD=${{DMAAP_AAF_PASSWORD}}
+NOTIFICATION_TYPE=${{PDP_NOTIFICATION_TYPE}}
+NOTIFICATION_SERVERS=${{PDP_UEB_CLUSTER}}
+NOTIFICATION_TOPIC=${{PDP_UEB_TOPIC}}
+NOTIFICATION_DELAY=${{PDP_UEB_DELAY}}
+UEB_API_KEY=${{PDP_UEB_API_KEY}}
+UEB_API_SECRET=${{PDP_UEB_API_SECRET}}
+DMAAP_AAF_LOGIN=${{PDP_DMAAP_AAF_LOGIN}}
+DMAAP_AAF_PASSWORD=${{PDP_DMAAP_AAF_PASSWORD}}
#
# Set the directory where the PDP holds its Policy Cache and PIP Configuration
#
@@ -134,6 +134,6 @@ javax.persistence.jdbc.password=${{JDBC_PASSWORD}}
ENVIRONMENT=${{ENVIRONMENT}}
#AAF Policy Name space
-#Not Mandatory for Open Ecomp
+#Required only, when we use AAF
policy.aaf.namespace = ${{POLICY_AAF_NAMESPACE}}
policy.aaf.resource = ${{POLICY_AAF_RESOURCE}}
diff --git a/packages/base/src/files/install/servers/pypdp/bin/client.properties b/packages/base/src/files/install/servers/pypdp/bin/client.properties
deleted file mode 100644
index 0b8dc258e..000000000
--- a/packages/base/src/files/install/servers/pypdp/bin/client.properties
+++ /dev/null
@@ -1,22 +0,0 @@
-###
-# ============LICENSE_START=======================================================
-# ECOMP Policy Engine
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-
-python=test,MASTER
-PyPDPServer=test,MASTER \ No newline at end of file
diff --git a/packages/base/src/files/install/servers/pypdp/bin/config.properties b/packages/base/src/files/install/servers/pypdp/bin/config.properties
deleted file mode 100644
index 93f7b5d41..000000000
--- a/packages/base/src/files/install/servers/pypdp/bin/config.properties
+++ /dev/null
@@ -1,51 +0,0 @@
-###
-# ============LICENSE_START=======================================================
-# ECOMP Policy Engine
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-
-#pypdp properties
-
-PDP_URL=${{PDP_URL}}
-PAP_URL=${{PAP_URL}}
-PYPDP_ID=${{PYPDP_ID}}
-PYPDP_PASSWORD=${{PYPDP_PASSWORD}}
-
-#Integrity Monitor values
-#database driver for Integrity Monitor
-javax.persistence.jdbc.driver=${{JDBC_DRIVER}}
-#database URL for Integrity Monitor
-javax.persistence.jdbc.url=${{JDBC_URL}}
-#database username for Integrity Monitor
-javax.persistence.jdbc.user=${{JDBC_USER}}
-#database password for Integrity Monitor
-javax.persistence.jdbc.password=${{JDBC_PASSWORD}}
-#resource name
-RESOURCE_NAME=${{resource_name}}
-#***Properties for IntegrityMonitor integration defined in IntegrityMonitorProperties.java***
-site_name=${{site_name}}
-node_type=${{node_type}}
-fp_monitor_interval=${{fp_monitor_interval}}
-failed_counter_threshold=${{failed_counter_threshold}}
-test_trans_interval=${{test_trans_interval}}
-write_fpc_interval=${{write_fpc_interval}}
-max_fpc_update_interval=${{max_fpc_update_interval}}
-test_via_jmx=${{test_via_jmx}}
-# Environment should be Set either DEV, TEST or PROD
-ENVIRONMENT=${{ENVIRONMENT}}
-
-CLIENT_FILE=${{CLIENT_FILE}}
diff --git a/packages/base/src/files/install/servers/pypdp/bin/config/policyLogger.properties b/packages/base/src/files/install/servers/pypdp/bin/config/policyLogger.properties
deleted file mode 100644
index 0deb1b3d6..000000000
--- a/packages/base/src/files/install/servers/pypdp/bin/config/policyLogger.properties
+++ /dev/null
@@ -1,44 +0,0 @@
-###
-# ============LICENSE_START=======================================================
-# ECOMP Policy Engine
-# ================================================================================
-# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-###
-
-################################### Set concurrentHashMap and timer info #######################
-#Timer initial delay and the delay between in milliseconds before task is to be execute.
-timer.delay.time=1000
-#Timer scheduleAtFixedRate period - time in milliseconds between successive task executions.
-check.interval= 30000
-#Longest time an event info can be stored in the concurrentHashMap for logging - in seconds.
-event.expired.time=86400
-#Size of the concurrentHashMap which stores the event starting time, etc - when its size reaches this limit, the Timer gets executed
-#to remove all expired records from this concurrentHashMap.
-concurrentHashMap.limit=5000
-#Size of the concurrentHashMap - when its size drops to this point, stop the Timer
-stop.check.point=2500
-################################### Set logging format #############################################
-# set EELF for EELF logging format, set LOG4J for using log4j, set SYSTEMOUT for using system.out.println
-logger.type=EELF
-#################################### Set level for EELF or SYSTEMOUT logging ##################################
-# Set level for debug file. Set DEBUG to enable .info, .warn and .debug; set INFO for enable .info and .warn; set OFF to disable all
-debugLogger.level=INFO
-# Set level for metrics file. Set OFF to disable; set ON to enable
-metricsLogger.level=ON
-# Set level for error file. Set OFF to disable; set ON to enable
-error.level=ON
-# Set level for audit file. Set OFF to disable; set ON to enable
-audit.level=ON