diff options
| author |   ITSERVICES\rb7147 <rb7147@att.com> | 2017-05-08 22:20:44 -0400 |
|---|---|---|
| committer | ITSERVICES\rb7147 <rb7147@att.com> | 2017-05-09 13:58:03 -0400 |
| commit | dda032f8bb161d54eb1f59de2b4a3efb774fc4d1 (patch) | |
| tree | 9a11825d59434d97bb0c7dcbf00a0b84e7e5f526 /packages | |
| parent | a330af579866dacbe595e2e4ad1dd29cd3c96945 (diff) | |
Policy 1707 Second commit
Change-Id: I18f5b142238733d17280cf17c3d1dd28204d34e9
Signed-off-by: ITSERVICES\rb7147 <rb7147@att.com>
Diffstat (limited to 'packages')
9 files changed, 135 insertions, 138 deletions
diff --git a/packages/base/src/files/install/mysql/data/170204_downgrade_script.sql b/packages/base/src/files/install/mysql/data/170204_downgrade_script.sql index d33fde5c6..8fead9cce 100644 --- a/packages/base/src/files/install/mysql/data/170204_downgrade_script.sql +++ b/packages/base/src/files/install/mysql/data/170204_downgrade_script.sql @@ -20,3 +20,4 @@ use ecomp_sdk; drop table if exists brmsgroup_info; drop table if exists brmsgroup_policy; +drop table if exists operationshistory10; diff --git a/packages/base/src/files/install/mysql/data/170204_upgrade_script.sql b/packages/base/src/files/install/mysql/data/170204_upgrade_script.sql index 87b24710d..c474f1b7e 100644 --- a/packages/base/src/files/install/mysql/data/170204_upgrade_script.sql +++ b/packages/base/src/files/install/mysql/data/170204_upgrade_script.sql @@ -36,6 +36,20 @@ controllerName VARCHAR(255) NOT NULL references brmsgroup_info(controllerName), PRIMARY KEY(policyname) ); +drop table if exists operationshistory10; + +create table operationshistory10( +CLNAME varchar(255) not null, +requestID varchar(100), +actor varchar(50) not null, +operation varchar(50) not null, +target varchar(50) not null, +starttime timestamp not null, +outcome varchar(50) not null, +message varchar(255) , +subrequestId varchar(100), +endtime timestamp not null default current_timestamp +); Insert into fn_role (ROLE_ID,ROLE_NAME,ACTIVE_YN,PRIORITY) values (5002,'Policy Super Admin','Y',10); Insert into fn_role (ROLE_ID,ROLE_NAME,ACTIVE_YN,PRIORITY) values (5003,'Policy Super Editor','Y',10); diff --git a/packages/base/src/files/install/servers/brmsgw/config.properties b/packages/base/src/files/install/servers/brmsgw/config.properties index 4f92a0ac7..30b14b1e2 100644 --- a/packages/base/src/files/install/servers/brmsgw/config.properties +++ b/packages/base/src/files/install/servers/brmsgw/config.properties @@ -26,14 +26,14 @@ PDP_URL = ${{REST_PDP_ID}} , ${{PDP_HTTP_USER_ID}} , ${{PDP_HTTP_PASSWORD}} PAP_URL = ${{REST_PAP_URL}} , ${{PDP_PAP_PDP_HTTP_USER_ID}} , ${{PDP_PAP_PDP_HTTP_PASSWORD}} #Notification Properties... type can be either websocket, ueb, or dmaap -NOTIFICATION_TYPE=websocket -NOTIFICATION_SERVERS=${{UEB_URL}} -NOTIFICATION_TOPIC=${{UEB_TOPIC}} -NOTIFICATION_DELAY= -CLIENT_ID=${{CLIENT_ID}} -CLIENT_KEY=${{CLIENT_KEY}} -UEB_API_KEY=${{UEB_API_KEY}} -UEB_API_SECRET=${{UEB_API_SECRET}} +NOTIFICATION_TYPE=${{BRMS_NOTIFICATION_TYPE}} +NOTIFICATION_SERVERS=${{BRMS_UEB_URL}} +NOTIFICATION_TOPIC=${{BRMS_UEB_TOPIC}} +NOTIFICATION_DELAY=${{BRMS_UEB_DELAY}} +CLIENT_ID=${{BRMS_CLIENT_ID}} +CLIENT_KEY=${{BRMS_CLIENT_KEY}} +UEB_API_KEY=${{BRMS_UEB_API_KEY}} +UEB_API_SECRET=${{BRMS_UEB_API_SECRET}} # Environment should be Set either DEV, TEST or PROD diff --git a/packages/base/src/files/install/servers/pap/bin/Decision_GuardPolicyTemplate.xml b/packages/base/src/files/install/servers/pap/bin/Decision_GuardPolicyTemplate.xml new file mode 100644 index 000000000..3a7f25008 --- /dev/null +++ b/packages/base/src/files/install/servers/pap/bin/Decision_GuardPolicyTemplate.xml @@ -0,0 +1,99 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:d56af069-6cf1-430c-ba07-e26602e06a52" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides"> + <Description>${description}</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${PolicyName}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="PolicyName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + <AllOf> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${ECOMPName}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ECOMPName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="actor" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="recipe" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:xacml:rule:id:284d9393-f861-4250-b62d-fc36640a363a" Effect="Permit"> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DECIDE</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> + <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> + </Apply> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-less-than-or-equal"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="count" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="org:openecomp:xacml:sql:${timeWindow}" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">${limit}</AttributeValue> + </Apply> + </Apply> + </Condition> + </Rule> + <Rule RuleId="urn:com:xacml:rule:id:284d9393-f861-4250-b62d-fc36640a363a" Effect="Deny"> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DECIDE</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> + <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> + </Apply> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-less-than-or-equal"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="count" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="org:openecomp:xacml:sql:${timeWindow}" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">${limit}</AttributeValue> + </Apply> + </Apply> + </Apply> + </Condition> + <AdviceExpressions> + <AdviceExpression AdviceId="GUARD_YAML" AppliesTo="Deny"> + <AttributeAssignmentExpression AttributeId="guard.response" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Denied!</AttributeValue> + </AttributeAssignmentExpression> + </AdviceExpression> + </AdviceExpressions> + </Rule> +</Policy>
\ No newline at end of file diff --git a/packages/base/src/files/install/servers/pap/bin/xacml.pap.properties b/packages/base/src/files/install/servers/pap/bin/xacml.pap.properties index 2a45ad32a..143aeabce 100644 --- a/packages/base/src/files/install/servers/pap/bin/xacml.pap.properties +++ b/packages/base/src/files/install/servers/pap/bin/xacml.pap.properties @@ -24,7 +24,7 @@ xacml.PAP.papEngineFactory=org.openecomp.policy.xacml.std.pap.StdEngineFactory dictionary.impl.className=org.openecomp.policy.pap.xacml.rest.handler.DictionaryHandlerImpl savePolicy.impl.className=org.openecomp.policy.pap.xacml.rest.handler.SavePolicyHandler -pushPolicy.impl.className=org.openecomp.policy.pap.xacml.rest.handler.PushPolicyHander +pushPolicy.impl.className=org.openecomp.policy.pap.xacml.rest.handler.PushPolicyHandler deletePolicy.impl.className=org.openecomp.policy.pap.xacml.rest.handler.DeleteHandler # # Where we store our PAP PDP Group/Node information diff --git a/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties index 676eeef31..3b0431958 100644 --- a/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties +++ b/packages/base/src/files/install/servers/pdp/bin/xacml.pdp.properties @@ -47,13 +47,13 @@ xacml.att.policyFinderFactory=org.openecomp.policy.pdp.rest.XACMLPdpPolicyFinder # When set to true, this flag tells the StdPolicyFinderFactory to combined all the root policy files into # into one PolicySet and use the given Policy Algorithm. # -xacml.att.policyFinderFactory.combineRootPolicies=urn:com:att:xacml:3.0:policy-combining-algorithm:combined-deny-overrides +xacml.att.policyFinderFactory.combineRootPolicies=urn:com:att:xacml:3.0:policy-combining-algorithm:combined-permit-overrides # # PDP RESTful API properties # -# Set this to the address where the XACML-PAP-REST servlet is running +# Set this to the address or list of addresses where the XACML-PAP-REST servlet is running # http://localhost:9090/pap/ -xacml.rest.pap.url=${{REST_PAP_URL}} +xacml.rest.pap.urls=${{REST_PAP_URL}} #if multiple paps exist, the xacml.rest.pap.url can be removed and they can be defined like this: #xacml.rest.pap.urls=http://localhost:9090/pap/,http://localhost:9091/pap/ # @@ -67,14 +67,14 @@ xacml.jmx.port=${{TOMCAT_JMX_PORT}} # # Notification Properties # Notifcation type: websocket, ueb or dmaap... if left blank websocket is the default -NOTIFICATION_TYPE=websocket,UEB -NOTIFICATION_SERVERS=${{UEB_CLUSTER}} -NOTIFICATION_TOPIC= -NOTIFICATION_DELAY= -UEB_API_KEY=${{UEB_API_KEY}} -UEB_API_SECRET=${{UEB_API_SECRET}} -DMAAP_AAF_LOGIN=${{DMAAP_AAF_LOGIN}} -DMAAP_AAF_PASSWORD=${{DMAAP_AAF_PASSWORD}} +NOTIFICATION_TYPE=${{PDP_NOTIFICATION_TYPE}} +NOTIFICATION_SERVERS=${{PDP_UEB_CLUSTER}} +NOTIFICATION_TOPIC=${{PDP_UEB_TOPIC}} +NOTIFICATION_DELAY=${{PDP_UEB_DELAY}} +UEB_API_KEY=${{PDP_UEB_API_KEY}} +UEB_API_SECRET=${{PDP_UEB_API_SECRET}} +DMAAP_AAF_LOGIN=${{PDP_DMAAP_AAF_LOGIN}} +DMAAP_AAF_PASSWORD=${{PDP_DMAAP_AAF_PASSWORD}} # # Set the directory where the PDP holds its Policy Cache and PIP Configuration # @@ -134,6 +134,6 @@ javax.persistence.jdbc.password=${{JDBC_PASSWORD}} ENVIRONMENT=${{ENVIRONMENT}} #AAF Policy Name space -#Not Mandatory for Open Ecomp +#Required only, when we use AAF policy.aaf.namespace = ${{POLICY_AAF_NAMESPACE}} policy.aaf.resource = ${{POLICY_AAF_RESOURCE}} diff --git a/packages/base/src/files/install/servers/pypdp/bin/client.properties b/packages/base/src/files/install/servers/pypdp/bin/client.properties deleted file mode 100644 index 0b8dc258e..000000000 --- a/packages/base/src/files/install/servers/pypdp/bin/client.properties +++ /dev/null @@ -1,22 +0,0 @@ -### -# ============LICENSE_START======================================================= -# ECOMP Policy Engine -# ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -### - -python=test,MASTER -PyPDPServer=test,MASTER
\ No newline at end of file diff --git a/packages/base/src/files/install/servers/pypdp/bin/config.properties b/packages/base/src/files/install/servers/pypdp/bin/config.properties deleted file mode 100644 index 93f7b5d41..000000000 --- a/packages/base/src/files/install/servers/pypdp/bin/config.properties +++ /dev/null @@ -1,51 +0,0 @@ -### -# ============LICENSE_START======================================================= -# ECOMP Policy Engine -# ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -### - -#pypdp properties - -PDP_URL=${{PDP_URL}} -PAP_URL=${{PAP_URL}} -PYPDP_ID=${{PYPDP_ID}} -PYPDP_PASSWORD=${{PYPDP_PASSWORD}} - -#Integrity Monitor values -#database driver for Integrity Monitor -javax.persistence.jdbc.driver=${{JDBC_DRIVER}} -#database URL for Integrity Monitor -javax.persistence.jdbc.url=${{JDBC_URL}} -#database username for Integrity Monitor -javax.persistence.jdbc.user=${{JDBC_USER}} -#database password for Integrity Monitor -javax.persistence.jdbc.password=${{JDBC_PASSWORD}} -#resource name -RESOURCE_NAME=${{resource_name}} -#***Properties for IntegrityMonitor integration defined in IntegrityMonitorProperties.java*** -site_name=${{site_name}} -node_type=${{node_type}} -fp_monitor_interval=${{fp_monitor_interval}} -failed_counter_threshold=${{failed_counter_threshold}} -test_trans_interval=${{test_trans_interval}} -write_fpc_interval=${{write_fpc_interval}} -max_fpc_update_interval=${{max_fpc_update_interval}} -test_via_jmx=${{test_via_jmx}} -# Environment should be Set either DEV, TEST or PROD -ENVIRONMENT=${{ENVIRONMENT}} - -CLIENT_FILE=${{CLIENT_FILE}} diff --git a/packages/base/src/files/install/servers/pypdp/bin/config/policyLogger.properties b/packages/base/src/files/install/servers/pypdp/bin/config/policyLogger.properties deleted file mode 100644 index 0deb1b3d6..000000000 --- a/packages/base/src/files/install/servers/pypdp/bin/config/policyLogger.properties +++ /dev/null @@ -1,44 +0,0 @@ -### -# ============LICENSE_START======================================================= -# ECOMP Policy Engine -# ================================================================================ -# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ============LICENSE_END========================================================= -### - -################################### Set concurrentHashMap and timer info ####################### -#Timer initial delay and the delay between in milliseconds before task is to be execute. -timer.delay.time=1000 -#Timer scheduleAtFixedRate period - time in milliseconds between successive task executions. -check.interval= 30000 -#Longest time an event info can be stored in the concurrentHashMap for logging - in seconds. -event.expired.time=86400 -#Size of the concurrentHashMap which stores the event starting time, etc - when its size reaches this limit, the Timer gets executed -#to remove all expired records from this concurrentHashMap. -concurrentHashMap.limit=5000 -#Size of the concurrentHashMap - when its size drops to this point, stop the Timer -stop.check.point=2500 -################################### Set logging format ############################################# -# set EELF for EELF logging format, set LOG4J for using log4j, set SYSTEMOUT for using system.out.println -logger.type=EELF -#################################### Set level for EELF or SYSTEMOUT logging ################################## -# Set level for debug file. Set DEBUG to enable .info, .warn and .debug; set INFO for enable .info and .warn; set OFF to disable all -debugLogger.level=INFO -# Set level for metrics file. Set OFF to disable; set ON to enable -metricsLogger.level=ON -# Set level for error file. Set OFF to disable; set ON to enable -error.level=ON -# Set level for audit file. Set OFF to disable; set ON to enable -audit.level=ON |