diff options
Diffstat (limited to 'ECOMP-PAP-REST/src/main')
18 files changed, 511 insertions, 345 deletions
diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/XACMLPapServlet.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/XACMLPapServlet.java index 685582e29..edbc2acb7 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/XACMLPapServlet.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/XACMLPapServlet.java @@ -1343,7 +1343,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList loggingContext.transactionEnded(); auditLogger.info("Success"); - if ((policy.getId().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param"))) { + if (policy != null && (policy.getId().contains("Config_MS_")) || (policy.getId().contains("BRMS_Param"))) { PushPolicyHandler pushPolicyHandler = PushPolicyHandler.getInstance(); if (pushPolicyHandler.preSafetyCheck(policy, CONFIG_HOME)) { LOGGER.debug("Precheck Successful."); @@ -1801,10 +1801,12 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList if (papEngine.getPDP(pdpId) == null) { // this is a request to create a new PDP object try{ - acPutTransaction.addPdpToGroup(pdp.getId(), group.getId(), pdp.getName(), pdp.getDescription(), pdp.getJmxPort(),"XACMLPapServlet.doACPut"); + acPutTransaction.addPdpToGroup(pdp == null ? "PDP is null" : pdp.getId(), group.getId(), pdp == null ? "PDP is null" : pdp.getName(), + pdp == null ? "PDP is null" : pdp.getDescription(), + pdp == null ? 0 : pdp.getJmxPort(),"XACMLPapServlet.doACPut"); } catch(Exception e){ PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while adding pdp to group in the database: " - +"pdp="+pdp.getId()+",to group="+group.getId()); + +"pdp="+ (pdp == null ? "PDP is null" : pdp.getId()) +",to group="+group.getId()); throw new PAPException(e.getMessage()); } papEngine.newPDP(pdp.getId(), group, pdp.getName(), pdp.getDescription(), pdp.getJmxPort()); @@ -1813,7 +1815,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList acPutTransaction.updatePdp(pdp, "XACMLPapServlet.doACPut"); } catch(Exception e){ PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating pdp in the database: " - +"pdp="+pdp.getId()); + +"pdp="+(pdp == null ? "PDP is null" : pdp.getId())); throw new PAPException(e.getMessage()); } // this is a request to update the pdp @@ -1867,7 +1869,9 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList // The Path on the PAP side is not carried on the RESTful interface with the AC // (because it is local to the PAP) // so we need to fill that in before submitting the group for update - ((StdPDPGroup)objectFromJSON).setDirectory(((StdPDPGroup)group).getDirectory()); + if(objectFromJSON != null){ + ((StdPDPGroup)objectFromJSON).setDirectory(((StdPDPGroup)group).getDirectory()); + } try{ acPutTransaction.updateGroup((StdPDPGroup)objectFromJSON, "XACMLPapServlet.doACPut"); } catch(Exception e){ @@ -2138,26 +2142,28 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList HttpURLConnection connection = null; try { // Open up the connection - connection = (HttpURLConnection)pdpURL.openConnection(); - // Setup our method and headers - connection.setRequestMethod("GET"); - connection.setConnectTimeout(heartbeatTimeout); - // Authentication - String encoding = CheckPDP.getEncoding(pdp.getId()); - if(encoding !=null){ - connection.setRequestProperty("Authorization", "Basic " + encoding); - } - // Do the connect - connection.connect(); - if (connection.getResponseCode() == 204) { - newStatus = connection.getHeaderField(XACMLRestProperties.PROP_PDP_HTTP_HEADER_HB); - if (LOGGER.isDebugEnabled()) { - LOGGER.debug("Heartbeat '" + pdp.getId() + "' status='" + newStatus + "'"); + if(pdpURL != null){ + connection = (HttpURLConnection)pdpURL.openConnection(); + // Setup our method and headers + connection.setRequestMethod("GET"); + connection.setConnectTimeout(heartbeatTimeout); + // Authentication + String encoding = CheckPDP.getEncoding(pdp.getId()); + if(encoding !=null){ + connection.setRequestProperty("Authorization", "Basic " + encoding); } - } else { - // anything else is an unexpected result - newStatus = PDPStatus.Status.UNKNOWN.toString(); - PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat connect response code " + connection.getResponseCode() + ": " + pdp.getId()); + // Do the connect + connection.connect(); + if (connection.getResponseCode() == 204) { + newStatus = connection.getHeaderField(XACMLRestProperties.PROP_PDP_HTTP_HEADER_HB); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("Heartbeat '" + pdp.getId() + "' status='" + newStatus + "'"); + } + } else { + // anything else is an unexpected result + newStatus = PDPStatus.Status.UNKNOWN.toString(); + PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR + " Heartbeat connect response code " + connection.getResponseCode() + ": " + pdp.getId()); + } } } catch (UnknownHostException e) { newStatus = PDPStatus.Status.NO_SUCH_HOST.toString(); @@ -2173,7 +2179,8 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList PolicyLogger.error(MessageCodes.ERROR_SYSTEM_ERROR, e, "XACMLPapServlet", "Heartbeat '" + pdp.getId() + "' connect exception"); } finally { // cleanup the connection - connection.disconnect(); + if(connection != null) + connection.disconnect(); } if ( ! pdp.getStatus().getStatus().toString().equals(newStatus)) { if (LOGGER.isDebugEnabled()) { @@ -2372,7 +2379,9 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList } } finally { // cleanup the connection - connection.disconnect(); + if(connection != null){ + connection.disconnect(); + } // tell the AC to update it's status info notifyAC(); } @@ -2436,7 +2445,8 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList disconnectedACs.add(acURL); } finally { // cleanup the connection - connection.disconnect(); + if(connection != null) + connection.disconnect(); } } // remove any ACs that are no longer connected diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/ActionPolicy.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/ActionPolicy.java index 1884aab62..45ef01f6e 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/ActionPolicy.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/ActionPolicy.java @@ -328,8 +328,7 @@ public class ActionPolicy extends Policy { // Add JSON_URL Assignment: String actionBody = getActionPolicyDict(comboDictValue).getBody(); - if (!actionBody.equals(null)) { - //if(!(actionBody==null || "".equals(actionBody))){ + if (actionBody != null) { AttributeAssignmentExpressionType assignmentJsonURL = new AttributeAssignmentExpressionType(); assignmentJsonURL.setAttributeId(BODY_ATTRIBUTEID); assignmentJsonURL.setCategory(CATEGORY_RESOURCE); @@ -342,7 +341,7 @@ public class ActionPolicy extends Policy { obligation.getAttributeAssignmentExpression().add(assignmentJsonURL); } - if(!getActionPolicyDict(comboDictValue).getHeader().equals(null)){ + if(getActionPolicyDict(comboDictValue).getHeader() != null){ String headerVal = getActionPolicyDict(comboDictValue).getHeader(); if(headerVal != null && !headerVal.equals("")){ // parse it on : to get number of headers @@ -484,21 +483,23 @@ public class ActionPolicy extends Policy { private Map<String,String> createDropDownMap(){ JPAUtils jpaUtils = null; + Map<String, String> dropDownMap = new HashMap<>(); try { jpaUtils = JPAUtils.getJPAUtilsInstance(XACMLPapServlet.getEmf()); } catch (Exception e) { LOGGER.error("Exception Occured"+e); } - Map<Datatype, List<FunctionDefinition>> functionMap = jpaUtils.getFunctionDatatypeMap(); - Map<String, String> dropDownMap = new HashMap<>(); - for (Datatype id : functionMap.keySet()) { - List<FunctionDefinition> functionDefinitions = (List<FunctionDefinition>) functionMap - .get(id); - for (FunctionDefinition functionDef : functionDefinitions) { - dropDownMap.put(functionDef.getShortname(),functionDef.getXacmlid()); + if(jpaUtils != null){ + Map<Datatype, List<FunctionDefinition>> functionMap = jpaUtils.getFunctionDatatypeMap(); + + for (Datatype id : functionMap.keySet()) { + List<FunctionDefinition> functionDefinitions = (List<FunctionDefinition>) functionMap + .get(id); + for (FunctionDefinition functionDef : functionDefinitions) { + dropDownMap.put(functionDef.getShortname(),functionDef.getXacmlid()); + } } } - return dropDownMap; } diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/AutoPushPolicy.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/AutoPushPolicy.java index b9ed78ef6..b658483d2 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/AutoPushPolicy.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/AutoPushPolicy.java @@ -136,9 +136,7 @@ public class AutoPushPolicy { //Get the current policies from the Group and Add the new one Set<PDPPolicy> currentPoliciesInGroup = pdpGroup.getPolicies(); Set<PDPPolicy> policies = new HashSet<>(); - if(policy!=null){ - policies.add(policy); - } + policies.add(policy); pdpGroup.copyPolicyToFile(policyId, new FileInputStream(Paths.get(policyToCreateUpdate).toFile())); //If the selected policy is in the group we must remove it because the name is default Iterator<PDPPolicy> policyIterator = policies.iterator(); diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/CreateBrmsParamPolicy.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/CreateBrmsParamPolicy.java index 535b2edd3..b9dc039fc 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/CreateBrmsParamPolicy.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/CreateBrmsParamPolicy.java @@ -29,17 +29,11 @@ import java.nio.charset.Charset; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Statement; import java.util.ArrayList; import java.util.HashMap; -import java.util.HashSet; import java.util.Iterator; +import java.util.List; import java.util.Map; -import java.util.Set; import java.util.UUID; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -50,11 +44,11 @@ import org.openecomp.policy.common.logging.eelf.PolicyLogger; import org.openecomp.policy.common.logging.flexlogger.FlexLogger; import org.openecomp.policy.common.logging.flexlogger.Logger; import org.openecomp.policy.pap.xacml.rest.controller.BRMSDictionaryController; -import org.openecomp.policy.rest.XACMLRestProperties; +import org.openecomp.policy.pap.xacml.rest.daoimpl.CommonClassDaoImpl; import org.openecomp.policy.rest.adapter.PolicyRestAdapter; +import org.openecomp.policy.rest.jpa.BRMSParamTemplate; import com.att.research.xacml.std.IdentifierImpl; -import com.att.research.xacml.util.XACMLProperties; import oasis.names.tc.xacml._3_0.core.schema.wd_17.AdviceExpressionType; import oasis.names.tc.xacml._3_0.core.schema.wd_17.AdviceExpressionsType; @@ -74,14 +68,6 @@ public class CreateBrmsParamPolicy extends Policy { private static final Logger LOGGER = FlexLogger.getLogger(CreateBrmsParamPolicy.class); - /* - * These are the parameters needed for DB access from the PAP - */ - private static String papDbDriver = null; - private static String papDbUrl = null; - private static String papDbUser = null; - private static String papDbPassword = null; - public CreateBrmsParamPolicy() { super(); } @@ -92,38 +78,35 @@ public class CreateBrmsParamPolicy extends Policy { } - public String expandConfigBody(String ruleContents, Map<String, String> brmsParamBody) { - - Set<String> keySet= new HashSet<>(); - - Map<String,String> copyMap=new HashMap<>(); - copyMap.putAll(brmsParamBody); - copyMap.put("policyName", policyName.substring(0, policyName.replace(".xml", "").lastIndexOf("."))); - copyMap.put("policyScope", policyAdapter.getDomainDir()); - copyMap.put("policyVersion",policyAdapter.getHighestVersion().toString()); - copyMap.put("unique", ("p"+policyName+UUID.randomUUID().toString()).replaceAll("[^A-Za-z0-9]", "")); - - //Finding all the keys in the Map data-structure. - keySet= copyMap.keySet(); - Iterator<String> iterator = keySet.iterator(); - Pattern p; - Matcher m; - while(iterator.hasNext()) { - //Converting the first character of the key into a lower case. - String input= iterator.next(); - String output = Character.toLowerCase(input.charAt(0)) + - (input.length() > 1 ? input.substring(1) : ""); - //Searching for a pattern in the String using the key. - p=Pattern.compile("\\$\\{"+output+"\\}"); - m=p.matcher(ruleContents); - //Replacing the value with the inputs provided by the user in the editor. - String finalInput = copyMap.get(input); - if(finalInput.contains("$")){ - finalInput = finalInput.replace("$", "\\$"); - } - ruleContents=m.replaceAll(finalInput); + public String expandConfigBody(String ruleContents, Map<String, String> brmsParamBody) { + + Map<String,String> copyMap=new HashMap<>(); + copyMap.putAll(brmsParamBody); + copyMap.put("policyName", policyName.substring(0, policyName.replace(".xml", "").lastIndexOf("."))); + copyMap.put("policyScope", policyAdapter.getDomainDir()); + copyMap.put("policyVersion",policyAdapter.getHighestVersion().toString()); + copyMap.put("unique", ("p"+policyName+UUID.randomUUID().toString()).replaceAll("[^A-Za-z0-9]", "")); + + //Finding all the keys in the Map data-structure. + Iterator<String> iterator = copyMap.keySet().iterator(); + Pattern p; + Matcher m; + while(iterator.hasNext()) { + //Converting the first character of the key into a lower case. + String input= iterator.next(); + String output = Character.toLowerCase(input.charAt(0)) + + (input.length() > 1 ? input.substring(1) : ""); + //Searching for a pattern in the String using the key. + p=Pattern.compile("\\$\\{"+output+"\\}"); + m=p.matcher(ruleContents); + //Replacing the value with the inputs provided by the user in the editor. + String finalInput = copyMap.get(input); + if(finalInput.contains("$")){ + finalInput = finalInput.replace("$", "\\$"); } - return ruleContents; + ruleContents=m.replaceAll(finalInput); + } + return ruleContents; } @@ -194,13 +177,9 @@ public class CreateBrmsParamPolicy extends Policy { // xml. Path newPolicyPath = null; newPolicyPath = Paths.get(policyAdapter.getNewFileName()); - - Boolean dbIsUpdated = true; - - successMap = new HashMap<>(); - if (dbIsUpdated) { - successMap = createPolicy(newPolicyPath,getCorrectPolicyDataObject()); - } else { + successMap = createPolicy(newPolicyPath,getCorrectPolicyDataObject()); + if(successMap == null){ + successMap = new HashMap<>(); PolicyLogger.error("Failed to Update the Database Dictionary Tables."); successMap.put("error", "DB UPDATE"); } @@ -208,50 +187,15 @@ public class CreateBrmsParamPolicy extends Policy { } private String getValueFromDictionary(String templateName){ - - Connection con = null; - Statement st = null; - ResultSet rs = null; - - /* - * Retrieve the property values for db access from the xacml.pap.properties - */ - papDbDriver = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_DRIVER); - papDbUrl = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_URL); - papDbUser = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_USER); - papDbPassword = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD); - - String ruleTemplate=null; - - try { - //Get DB Connection - Class.forName(papDbDriver); - con = DriverManager.getConnection(papDbUrl,papDbUser,papDbPassword); - st = con.createStatement(); - - String queryString="select rule from BRMSParamTemplate where param_template_name=\""; - queryString=queryString+templateName+"\""; - - rs = st.executeQuery(queryString); - if(rs.next()){ - ruleTemplate=rs.getString("rule"); - } - rs.close(); - }catch (ClassNotFoundException e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "CreateBrmsParamPolicy", "Exception querying BRMSParamTemplate"); - } catch (SQLException e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "CreateBrmsParamPolicy", "Exception querying BRMSParamTemplate"); - } finally { - try{ - if (con!=null) con.close(); - if (rs!=null) rs.close(); - if (st!=null) st.close(); - } catch (Exception ex){ - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, ex, "CreateBrmsParamPolicy", "Exception querying BRMSParamTemplate"); - } + String ruleTemplate = null; + CommonClassDaoImpl dbConnection = new CommonClassDaoImpl(); + String queryString="from BRMSParamTemplate where param_template_name= '"+templateName+"'"; + List<Object> result = dbConnection.getDataByQuery(queryString); + if(!result.isEmpty()){ + BRMSParamTemplate template = (BRMSParamTemplate) result.get(0); + ruleTemplate = template.getRule(); } return ruleTemplate; - } protected Map<String, String> findType(String rule) { diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/CreateBrmsRawPolicy.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/CreateBrmsRawPolicy.java index 350bbc4ff..a0f13ec02 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/CreateBrmsRawPolicy.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/CreateBrmsRawPolicy.java @@ -131,13 +131,9 @@ public class CreateBrmsRawPolicy extends Policy { Path newPolicyPath = null; newPolicyPath = Paths.get(policyAdapter.getNewFileName()); - Boolean dbIsUpdated = true; - - successMap = new HashMap<String, String>(); - if (dbIsUpdated) { - successMap = createPolicy(newPolicyPath, - getCorrectPolicyDataObject()); - } else { + successMap = createPolicy(newPolicyPath, getCorrectPolicyDataObject()); + if (successMap == null) { + successMap = new HashMap<>(); PolicyLogger.error("Failed to Update the Database Dictionary Tables."); successMap.put("error", "DB UPDATE"); } diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/CreateNewMicroSerivceModel.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/CreateNewMicroServiceModel.java index 0e4e409d3..e801a459d 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/CreateNewMicroSerivceModel.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/CreateNewMicroServiceModel.java @@ -25,11 +25,6 @@ import java.io.BufferedOutputStream; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Statement; import java.util.ArrayList; import java.util.Arrays; import java.util.Enumeration; @@ -46,38 +41,28 @@ import org.openecomp.policy.common.logging.eelf.PolicyLogger; import org.openecomp.policy.common.logging.flexlogger.FlexLogger; import org.openecomp.policy.common.logging.flexlogger.Logger; import org.openecomp.policy.pap.xacml.rest.XACMLPapServlet; -import org.openecomp.policy.rest.XACMLRestProperties; +import org.openecomp.policy.pap.xacml.rest.daoimpl.CommonClassDaoImpl; import org.openecomp.policy.rest.jpa.MicroServiceModels; import org.openecomp.policy.rest.jpa.UserInfo; import org.openecomp.policy.rest.util.MSAttributeObject; import org.openecomp.policy.rest.util.MSModelUtils; import org.openecomp.policy.rest.util.MSModelUtils.MODEL_TYPE; -import com.att.research.xacml.util.XACMLProperties; - -public class CreateNewMicroSerivceModel { - private static final Logger logger = FlexLogger.getLogger(CreateNewMicroSerivceModel.class); +public class CreateNewMicroServiceModel { + private static final Logger logger = FlexLogger.getLogger(CreateNewMicroServiceModel.class); private MicroServiceModels newModel = null; private HashMap<String,MSAttributeObject > classMap = new HashMap<>(); - /* - * These are the parameters needed for DB access from the PAP - */ - private static String papDbDriver = null; - private static String papDbUrl = null; - private static String papDbUser = null; - private static String papDbPassword = null; MSModelUtils utils = new MSModelUtils(XACMLPapServlet.getMsEcompName(), XACMLPapServlet.getMsPolicyName()); - public CreateNewMicroSerivceModel(String fileName, String serviceName, String string, String version) { + public CreateNewMicroServiceModel(String fileName, String serviceName, String string, String version) { super(); } - public CreateNewMicroSerivceModel(String importFile, String modelName, String description, String version, String randomID) { + public CreateNewMicroServiceModel(String importFile, String modelName, String description, String version, String randomID) { this.newModel = new MicroServiceModels(); - this.newModel.setDescription(description); this.newModel.setVersion(version); this.newModel.setModelName(modelName); UserInfo userInfo = new UserInfo(); @@ -135,7 +120,7 @@ public class CreateNewMicroSerivceModel { int BUFFER = 2048; File file = new File(zipFile); - ZipFile zip; + ZipFile zip = null; try { zip = new ZipFile("ExtractDir" + File.separator +file); String newPath = zipFile.substring(0, zipFile.length() - 4); @@ -143,8 +128,7 @@ public class CreateNewMicroSerivceModel { Enumeration zipFileEntries = zip.entries(); // Process each entry - while (zipFileEntries.hasMoreElements()) - { + while (zipFileEntries.hasMoreElements()){ // grab a zip file entry ZipEntry entry = (ZipEntry) zipFileEntries.nextElement(); String currentEntry = entry.getName(); @@ -153,8 +137,7 @@ public class CreateNewMicroSerivceModel { destinationParent.mkdirs(); - if (!entry.isDirectory()) - { + if (!entry.isDirectory()){ BufferedInputStream is = new BufferedInputStream(zip .getInputStream(entry)); int currentByte; @@ -173,13 +156,20 @@ public class CreateNewMicroSerivceModel { is.close(); } - if (currentEntry.endsWith(".zip")) - { + if (currentEntry.endsWith(".zip")){ extractFolder(destFile.getAbsolutePath()); } } } catch (IOException e) { - logger.error("Failed to unzip model file " + zipFile); + logger.error("Failed to unzip model file " + zipFile + e); + }finally{ + if(zip != null){ + try { + zip.close(); + } catch (Exception e) { + logger.error("Exception Occured while closing the zip file"+e); + } + } } } @@ -225,70 +215,34 @@ public class CreateNewMicroSerivceModel { } - @SuppressWarnings("resource") public Map<String, String> saveImportService(){ - Map<String, String> successMap = new HashMap<>(); - - Connection con = null; - Statement st = null; - ResultSet rs = null; String modelName = this.newModel.getModelName(); String imported_by = "API"; String version = this.newModel.getVersion(); - String insertQuery = null; - int ID = 0; - - /* - * Retrieve the property values for db access from the xacml.pap.properties - */ - papDbDriver = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_DRIVER); - papDbUrl = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_URL); - papDbUser = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_USER); - papDbPassword = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_DB_PASSWORD); - - try { - //Get DB Connection - Class.forName(papDbDriver); - con = DriverManager.getConnection(papDbUrl,papDbUser,papDbPassword); - st = con.createStatement(); - String queryString ="SELECT * FROM MicroServiceModels WHERE modelName='" + modelName + "' AND version='" + version+ "';"; - rs = st.executeQuery(queryString); - - if(rs.next()){ - successMap.put("DBError", "EXISTS"); - logger.error("Import new service failed. Service already exists"); - }else{ - rs = st.executeQuery("SELECT MAX(ID) AS ID FROM MicroServiceModels;"); - if(rs.next()){ - ID = rs.getInt("ID"); - ID++; - } - - String newDependency = "[" + this.newModel.getDependency() + "]"; - this.newModel.setDependency(newDependency); - insertQuery = "INSERT INTO MicroServiceModels (ID, modelName, Dependency, DESCRIPTION, attributes, ref_attributes, sub_attributes, version, imported_by, enumValues, annotation) " - + "VALUES("+ID+",'"+modelName+"','"+ this.newModel.getDependency()+"','"+this.newModel.getDescription()+"','"+this.newModel.getAttributes()+ - "','"+this.newModel.getRef_attributes()+"','"+this.newModel.getSub_attributes()+"','"+version+"','"+imported_by+"','"+this.newModel.getEnumValues()+"','"+this.newModel.getAnnotation()+"')"; - st.executeUpdate(insertQuery); - successMap.put("success", "success"); - } - rs.close(); - }catch (ClassNotFoundException e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "saveImportService", "Exception querying MicroServiceModels"); - successMap.put("DBError", "Error Query"); - } catch (SQLException e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "saveImportService", "Exception querying MicroServiceModels"); - successMap.put("DBError", "Error Query"); - } finally { - try{ - if (con!=null) con.close(); - if (rs!=null) rs.close(); - if (st!=null) st.close(); - } catch (Exception ex){ - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, ex, "saveImportService", "Exception querying MicroServiceModels"); - } - } - + Map<String, String> successMap = new HashMap<>(); + CommonClassDaoImpl dbConnection = new CommonClassDaoImpl(); + List<Object> result = dbConnection.getDataById(MicroServiceModels.class, "modelName:version", modelName+":"+version); + if(result.isEmpty()){ + MicroServiceModels model = new MicroServiceModels(); + model.setModelName(modelName); + model.setVersion(version); + model.setAttributes(this.newModel.getAttributes()); + model.setAnnotation(this.newModel.getAnnotation()); + model.setDependency(this.newModel.getDependency()); + model.setDescription(this.newModel.getDescription()); + model.setEnumValues(this.newModel.getEnumValues()); + model.setRef_attributes(this.newModel.getRef_attributes()); + model.setSub_attributes(this.newModel.getSub_attributes()); + UserInfo userInfo = new UserInfo(); + userInfo.setUserLoginId(imported_by); + userInfo.setUserName(imported_by); + model.setUserCreatedBy(userInfo); + dbConnection.save(model); + successMap.put("success", "success"); + }else{ + successMap.put("DBError", "EXISTS"); + logger.error("Import new service failed. Service already exists"); + } return successMap; } } diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/DecisionPolicy.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/DecisionPolicy.java index 8d2617ce2..02ea630a6 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/DecisionPolicy.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/DecisionPolicy.java @@ -21,6 +21,7 @@ package org.openecomp.policy.pap.xacml.rest.components; import java.io.ByteArrayInputStream; +import java.io.File; import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; @@ -28,6 +29,8 @@ import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import java.util.ArrayList; +import java.util.Arrays; import java.util.HashMap; import java.util.LinkedList; import java.util.List; @@ -85,7 +88,13 @@ public class DecisionPolicy extends Policy { public static final String FUNCTION_NOT = "urn:oasis:names:tc:xacml:1.0:function:not"; private static final String AAFProvider = "AAF"; public static final String GUARD_YAML = "GUARD_YAML"; - private static final String XACMLTEMPLATE = "Decision_GuardPolicyTemplate.xml"; + public static final String GUARD_BL_YAML = "GUARD_BL_YAML"; + private static final String XACML_GUARD_TEMPLATE = "Decision_GuardPolicyTemplate.xml"; + private static final String XACML_BLGUARD_TEMPLATE = "Decision_GuardBLPolicyTemplate.xml"; + + private static final String ECOMPNAME = "ECOMPName"; + private static final String POLICY_NAME = "PolicyName"; + private static final String DESCRIPTION = "description"; List<String> dynamicLabelRuleAlgorithms = new LinkedList<>(); @@ -142,7 +151,7 @@ public class DecisionPolicy extends Policy { version = policyAdapter.getHighestVersion(); // Create the Instance for pojo, PolicyType object is used in marshalling. - if (policyAdapter.getPolicyType().equals("Decision")) { + if ("Decision".equals(policyAdapter.getPolicyType())) { PolicyType policyConfig = new PolicyType(); policyConfig.setVersion(Integer.toString(version)); @@ -152,20 +161,20 @@ public class DecisionPolicy extends Policy { } policyName = policyAdapter.getNewFileName(); - if(policyAdapter.getRuleProvider().equals(GUARD_YAML)){ + if(policyAdapter.getRuleProvider().equals(GUARD_YAML) || policyAdapter.getRuleProvider().equals(GUARD_BL_YAML)){ Map<String, String> yamlParams = new HashMap<>(); - yamlParams.put("description", (policyAdapter.getPolicyDescription()!=null)? policyAdapter.getPolicyDescription(): "YAML Guard Policy"); + yamlParams.put(DESCRIPTION, (policyAdapter.getPolicyDescription()!=null)? policyAdapter.getPolicyDescription(): "YAML Guard Policy"); String fileName = policyAdapter.getNewFileName(); - String name = fileName.substring(fileName.lastIndexOf("\\") + 1, fileName.length()); - if ((name == null) || (name.equals(""))) { - name = fileName.substring(fileName.lastIndexOf("/") + 1, fileName.length()); + String name = fileName.substring(fileName.lastIndexOf('\\') + 1, fileName.length()); + if ((name == null) || ("".equals(name))) { + name = fileName.substring(fileName.lastIndexOf('/') + 1, fileName.length()); } - yamlParams.put("PolicyName", name); - yamlParams.put("ECOMPName", policyAdapter.getEcompName()); + yamlParams.put(POLICY_NAME, name); + yamlParams.put(ECOMPNAME, policyAdapter.getEcompName()); Map<String, String> params = policyAdapter.getDynamicFieldConfigAttributes(); yamlParams.putAll(params); // Call YAML to XACML - PolicyType decisionPolicy = getGuardPolicy(yamlParams); + PolicyType decisionPolicy = getGuardPolicy(yamlParams, policyAdapter.getRuleProvider()); decisionPolicy.setRuleCombiningAlgId(policyAdapter.getRuleCombiningAlgId()); decisionPolicy.setVersion(Integer.toString(version)); policyAdapter.setPolicyData(decisionPolicy); @@ -178,16 +187,16 @@ public class DecisionPolicy extends Policy { decisionPolicy.setRuleCombiningAlgId(policyAdapter.getRuleCombiningAlgId()); AllOfType allOfOne = new AllOfType(); String fileName = policyAdapter.getNewFileName(); - String name = fileName.substring(fileName.lastIndexOf("\\") + 1, fileName.length()); - if ((name == null) || (name.equals(""))) { - name = fileName.substring(fileName.lastIndexOf("/") + 1, fileName.length()); + String name = fileName.substring(fileName.lastIndexOf('\\') + 1, fileName.length()); + if ((name == null) || ("".equals(name))) { + name = fileName.substring(fileName.lastIndexOf('/') + 1, fileName.length()); } - allOfOne.getMatch().add(createMatch("PolicyName", name)); + allOfOne.getMatch().add(createMatch(POLICY_NAME, name)); AllOfType allOf = new AllOfType(); // Match for Ecomp - allOf.getMatch().add(createMatch("ECOMPName", (policyAdapter.getEcompName()))); + allOf.getMatch().add(createMatch(ECOMPNAME, (policyAdapter.getEcompName()))); Map<String, String> dynamicFieldComponentAttributes = policyAdapter.getDynamicFieldConfigAttributes(); if(policyAdapter.getRuleProvider()!=null && policyAdapter.getRuleProvider().equals(AAFProvider)){ @@ -235,44 +244,73 @@ public class DecisionPolicy extends Policy { return true; } - public PolicyType getGuardPolicy(Map<String, String> yamlParams) { + public PolicyType getGuardPolicy(Map<String, String> yamlParams, String ruleProvider) { try { ControlLoopGuardBuilder builder = ControlLoopGuardBuilder.Factory.buildControlLoopGuard(new Guard()); - GuardPolicy policy1 = new GuardPolicy((policyAdapter.getUuid()!=null? policyAdapter.getUuid(): UUID.randomUUID().toString()) ,yamlParams.get("PolicyName"), yamlParams.get("description"), yamlParams.get("actor"), yamlParams.get("recipe")); + GuardPolicy policy1 = new GuardPolicy((policyAdapter.getUuid()!=null? policyAdapter.getUuid(): UUID.randomUUID().toString()) ,yamlParams.get(POLICY_NAME), yamlParams.get(DESCRIPTION), yamlParams.get("actor"), yamlParams.get("recipe")); builder = builder.addGuardPolicy(policy1); Map<String, String> time_in_range = new HashMap<>(); time_in_range.put("arg2", yamlParams.get("guardActiveStart")); time_in_range.put("arg3", yamlParams.get("guardActiveEnd")); - Constraint cons = new Constraint(Integer.parseInt(yamlParams.get("limit")), yamlParams.get("timeWindow")); - cons.setTime_in_range(time_in_range); + String blackListString = yamlParams.get("blackList"); + List<String> blackList = null; + if(blackListString!=null){ + if (blackListString.contains(",")){ + blackList = Arrays.asList(blackListString.split(",")); + } + else{ + blackList = new ArrayList<>(); + blackList.add(blackListString); + } + } + File templateFile; + Path xacmlTemplatePath; + Constraint cons; + ClassLoader classLoader = getClass().getClassLoader(); + switch (ruleProvider){ + case GUARD_BL_YAML: + templateFile = new File(classLoader.getResource(XACML_BLGUARD_TEMPLATE).getFile()); + xacmlTemplatePath = templateFile.toPath(); + cons = new Constraint(time_in_range,blackList); + break; + default: + templateFile = new File(classLoader.getResource(XACML_GUARD_TEMPLATE).getFile()); + xacmlTemplatePath = templateFile.toPath(); + cons = new Constraint(Integer.parseInt(yamlParams.get("limit")), yamlParams.get("timeWindow"), time_in_range); + break; + } builder = builder.addLimitConstraint(policy1.getId(), cons); // Build the specification Results results = builder.buildSpecification(); // YAML TO XACML ControlLoopGuard yamlGuardObject = SafePolicyBuilder.loadYamlGuard(results.getSpecification()); - Path xacmlTemplatePath = Paths.get(XACMLTEMPLATE); + String xacmlTemplateContent; try { xacmlTemplateContent = new String(Files.readAllBytes(xacmlTemplatePath)); - HashMap<String, String> yamlSpecs = new HashMap<String, String>(); - yamlSpecs.put("PolicyName", yamlParams.get("PolicyName")); - yamlSpecs.put("description", yamlParams.get("description")); - yamlSpecs.put("ECOMPName", yamlParams.get("ECOMPName")); - yamlSpecs.put("actor", ((LinkedList<GuardPolicy>)yamlGuardObject.getGuards()).getFirst().getActor()); - yamlSpecs.put("recipe", ((LinkedList<GuardPolicy>)yamlGuardObject.getGuards()).getFirst().getRecipe()); - yamlSpecs.put("limit", ((LinkedList<Constraint>)((LinkedList<GuardPolicy>)yamlGuardObject.getGuards()).getFirst().getLimit_constraints()).getFirst().getNum().toString()); - yamlSpecs.put("timeWindow", ((LinkedList<Constraint>)((LinkedList<GuardPolicy>)yamlGuardObject.getGuards()).getFirst().getLimit_constraints()).getFirst().getDuration()); - yamlSpecs.put("guardActiveStart", ((LinkedList<Constraint>)((LinkedList<GuardPolicy>)yamlGuardObject.getGuards()).getFirst().getLimit_constraints()).getFirst().getTime_in_range().get("arg2")); - yamlSpecs.put("guardActiveEnd", ((LinkedList<Constraint>)((LinkedList<GuardPolicy>)yamlGuardObject.getGuards()).getFirst().getLimit_constraints()).getFirst().getTime_in_range().get("arg3")); - String xacmlPolicyContent = SafePolicyBuilder.generateXacmlGuard(xacmlTemplateContent,yamlSpecs); - // Convert the Policy into Stream input to Policy Adapter. + HashMap<String, String> yamlSpecs = new HashMap<>(); + yamlSpecs.put(POLICY_NAME, yamlParams.get(POLICY_NAME)); + yamlSpecs.put(DESCRIPTION, yamlParams.get(DESCRIPTION)); + yamlSpecs.put(ECOMPNAME, yamlParams.get(ECOMPNAME)); + yamlSpecs.put("actor", yamlGuardObject.getGuards().getFirst().getActor()); + yamlSpecs.put("recipe", yamlGuardObject.getGuards().getFirst().getRecipe()); + if(yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getNum()!=null){ + yamlSpecs.put("limit", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getNum().toString()); + } + if(yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getDuration()!=null){ + yamlSpecs.put("timeWindow", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getDuration()); + } + yamlSpecs.put("guardActiveStart", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getTime_in_range().get("arg2")); + yamlSpecs.put("guardActiveEnd", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getTime_in_range().get("arg3")); + String xacmlPolicyContent = SafePolicyBuilder.generateXacmlGuard(xacmlTemplateContent,yamlSpecs, yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getBlacklist()); + // Convert the Policy into Stream input to Policy Adapter. Object policy = XACMLPolicyScanner.readPolicy(new ByteArrayInputStream(xacmlPolicyContent.getBytes(StandardCharsets.UTF_8))); return (PolicyType) policy; } catch (IOException e) { - PolicyLogger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage()); + LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage() + e); } } catch (BuilderException e) { - PolicyLogger.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage()); + LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage() +e); } return null; } @@ -394,19 +432,19 @@ public class DecisionPolicy extends Policy { decisionPolicy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule); policyAdapter.setPolicyData(decisionPolicy); - }else if (dynamicLabelRuleAlgorithms != null && dynamicLabelRuleAlgorithms.size() > 0) { + }else if (dynamicLabelRuleAlgorithms != null && !dynamicLabelRuleAlgorithms.isEmpty()) { boolean isCompound = false; ConditionType condition = new ConditionType(); int index = dynamicFieldOneRuleAlgorithms.size() - 1; for (String labelAttr : dynamicLabelRuleAlgorithms) { // if the rule algorithm as a label means it is a compound - if (dynamicFieldOneRuleAlgorithms.get(index).toString().equals(labelAttr)) { + if (dynamicFieldOneRuleAlgorithms.get(index).equals(labelAttr)) { ApplyType decisionApply = new ApplyType(); - String selectedFunction = (String) dynamicFieldComboRuleAlgorithms.get(index).toString(); - String value1 = (String) dynamicFieldOneRuleAlgorithms.get(index).toString(); - String value2 = dynamicFieldTwoRuleAlgorithms.get(index).toString(); + String selectedFunction = dynamicFieldComboRuleAlgorithms.get(index); + String value1 = dynamicFieldOneRuleAlgorithms.get(index); + String value2 = dynamicFieldTwoRuleAlgorithms.get(index); decisionApply.setFunctionId(dropDownMap.get(selectedFunction)); decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value1))); decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value2))); @@ -416,7 +454,7 @@ public class DecisionPolicy extends Policy { // if rule algorithm not a compound if (!isCompound) { - condition.setExpression(new ObjectFactory().createApply(getInnerDecisionApply(dynamicLabelRuleAlgorithms.get(index).toString()))); + condition.setExpression(new ObjectFactory().createApply(getInnerDecisionApply(dynamicLabelRuleAlgorithms.get(index)))); } } if (!permitRule) { @@ -452,7 +490,7 @@ public class DecisionPolicy extends Policy { // check the index for the label. for (String labelAttr : dynamicLabelRuleAlgorithms) { if (labelAttr.equals(value1Label)) { - String value1 = (String) dynamicFieldOneRuleAlgorithms.get(index).toString(); + String value1 = dynamicFieldOneRuleAlgorithms.get(index); populateDataTypeList(value1); // check if the row contains label again @@ -463,8 +501,8 @@ public class DecisionPolicy extends Policy { } // Getting the values from the form. - String functionKey = (String) dynamicFieldComboRuleAlgorithms.get(index).toString(); - String value2 = dynamicFieldTwoRuleAlgorithms.get(index).toString(); + String functionKey = dynamicFieldComboRuleAlgorithms.get(index); + String value2 = dynamicFieldTwoRuleAlgorithms.get(index); decisionApply.setFunctionId(dropDownMap.get(functionKey)); // if two text field are rule attributes. if ((value1.contains(RULE_VARIABLE)) && (value2.contains(RULE_VARIABLE))) { @@ -550,9 +588,9 @@ public class DecisionPolicy extends Policy { // if the rule algorithm is multiple compound one setting the apply protected ApplyType getCompoundDecisionApply(int index) { ApplyType decisionApply = new ApplyType(); - String selectedFunction = dynamicFieldComboRuleAlgorithms.get(index).toString(); - String value1 = dynamicFieldOneRuleAlgorithms.get(index).toString(); - String value2 = dynamicFieldTwoRuleAlgorithms.get(index).toString(); + String selectedFunction = dynamicFieldComboRuleAlgorithms.get(index); + String value1 = dynamicFieldOneRuleAlgorithms.get(index); + String value2 = dynamicFieldTwoRuleAlgorithms.get(index); decisionApply.setFunctionId(dropDownMap.get(selectedFunction)); decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value1))); decisionApply.getExpression().add(new ObjectFactory().createApply(getInnerDecisionApply(value2))); @@ -574,16 +612,14 @@ public class DecisionPolicy extends Policy { } private void populateDataTypeList(String value1) { - - ///String value1 = dynamicFieldDecisionOneRuleAlgorithms.get(index).getValue().toString(); String dataType = null; if(value1.contains("S_")) { value1 = value1.substring(2, value1.length()); - DecisionSettings decisionSettings = findDecisionSettingsBySettingId(value1); - if (decisionSettings != null && decisionSettings.getDatatypeBean().getShortName().equals("string")) { + DecisionSettings decisionSettings = findDecisionSettingsBySettingId(value1.substring(2, value1.length())); + if (decisionSettings != null && "string".equals(decisionSettings.getDatatypeBean().getShortName())) { dataType = STRING_DATATYPE; - } else if (decisionSettings != null && decisionSettings.getDatatypeBean().getShortName().equals("boolean")) { + } else if (decisionSettings != null && "boolean".equals(decisionSettings.getDatatypeBean().getShortName())) { dataType = BOOLEAN_DATATYPE; } else { dataType = INTEGER_DATATYPE; @@ -602,13 +638,13 @@ public class DecisionPolicy extends Policy { } catch (Exception e) { LOGGER.error("Exception Occured"+e); } - Map<Datatype, List<FunctionDefinition>> functionMap = jpaUtils.getFunctionDatatypeMap(); - Map<String, String> dropDownMap = new HashMap<String, String>(); - for (Datatype id : functionMap.keySet()) { - List<FunctionDefinition> functionDefinitions = (List<FunctionDefinition>) functionMap - .get(id); - for (FunctionDefinition functionDef : functionDefinitions) { - dropDownMap.put(functionDef.getShortname(),functionDef.getXacmlid()); + Map<String, String> dropDownMap = new HashMap<>(); + if(jpaUtils!=null){ + Map<Datatype, List<FunctionDefinition>> functionMap = jpaUtils.getFunctionDatatypeMap(); + for (Map.Entry<Datatype,List<FunctionDefinition>> map: functionMap.entrySet()) { + for (FunctionDefinition functionDef : map.getValue()) { + dropDownMap.put(functionDef.getShortname(),functionDef.getXacmlid()); + } } } @@ -620,9 +656,9 @@ public class DecisionPolicy extends Policy { DecisionSettings decisionSettings = findDecisionSettingsBySettingId(key); String dataType = null; - if (decisionSettings != null && decisionSettings.getDatatypeBean().getShortName().equals("string")) { + if (decisionSettings != null && "string".equals(decisionSettings.getDatatypeBean().getShortName())) { dataType = STRING_DATATYPE; - } else if (decisionSettings != null && decisionSettings.getDatatypeBean().getShortName().equals("boolean")) { + } else if (decisionSettings != null && "boolean".equals(decisionSettings.getDatatypeBean().getShortName())) { dataType = BOOLEAN_DATATYPE; } else { dataType = INTEGER_DATATYPE; diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/Policy.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/Policy.java index 48431fe93..536f8e6b3 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/Policy.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/Policy.java @@ -210,13 +210,17 @@ public abstract class Policy { // Validation for json. protected static boolean isJSONValid(String data) { + JsonReader jsonReader = null; try { new JSONObject(data); InputStream stream = new ByteArrayInputStream(data.getBytes(StandardCharsets.UTF_8)); - JsonReader jsonReader = Json.createReader(stream); + jsonReader = Json.createReader(stream); System.out.println("Json Value is: " + jsonReader.read().toString() ); } catch (Exception e) { + LOGGER.error("Exception Occured while reading json"+e); return false; + }finally{ + jsonReader.close(); } return true; } @@ -308,6 +312,12 @@ public abstract class Policy { } } catch (Exception e) { success.put("error", "Validation Failed"); + }finally{ + try { + inputStream.close(); + } catch (IOException e) { + LOGGER.error("Exception Occured while closing the input stream"+e); + } } } else { PolicyLogger.error("Unknown data type sent back."); diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/PolicyDBDao.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/PolicyDBDao.java index 51fcb3d09..b65557e05 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/PolicyDBDao.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/PolicyDBDao.java @@ -35,7 +35,6 @@ import java.net.MalformedURLException; import java.net.ProtocolException; import java.net.URL; import java.nio.charset.StandardCharsets; -import java.nio.file.FileSystems; import java.nio.file.Files; import java.nio.file.InvalidPathException; import java.nio.file.Path; @@ -69,8 +68,6 @@ import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.xpath.XPath; import javax.xml.xpath.XPathFactory; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; - import org.apache.commons.io.FileUtils; import org.apache.commons.io.FilenameUtils; import org.apache.commons.io.IOUtils; @@ -105,6 +102,8 @@ import com.att.research.xacml.api.pap.PDP; import com.att.research.xacml.api.pap.PDPPolicy; import com.att.research.xacml.util.XACMLProperties; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; + public class PolicyDBDao { private static final Logger logger = FlexLogger.getLogger(PolicyDBDao.class); private List<?> otherServers; @@ -871,6 +870,7 @@ public class PolicyDBDao { try { policyStream.close(); } catch (IOException e) { + didUpdate = false; PolicyLogger.error(e.getMessage()); } } @@ -1031,7 +1031,7 @@ public class PolicyDBDao { String action = "unknown action"; try { - if(policy.isDeleted()){ + if(policy != null && policy.isDeleted()){ logger.debug("Deleting Policy: " + policy.getPolicyName()); action = "delete"; Path newPath = Paths.get(policyPath.toString(), policy.getPolicyName()); @@ -1098,7 +1098,7 @@ public class PolicyDBDao { } } catch (IOException e1) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e1, "PolicyDBDao", "Error occurred while performing [" + action + "] of Policy File: " + policy.getPolicyName()); + PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e1, "PolicyDBDao", "Error occurred while performing [" + action + "] of Policy File: " + policy != null ? policy.getPolicyName() : "null"); } } @@ -1315,11 +1315,12 @@ public class PolicyDBDao { String repo = buildPolicyDirectory(); String policyScope = policy.getScope(); + if(policyScope == null){ policyScope = ""; PolicyLogger.error("buildPolicyScopeDirectory("+policy+") computed null policyScope. Using blank."); } else { - policyScope = policyScope.replace(".", FileSystems.getDefault().getSeparator()); + policyScope = policyScope.replace(".", File.separator); } if(policyScope == null){ policyScope = ""; @@ -1329,7 +1330,7 @@ public class PolicyDBDao { PolicyLogger.error("buildPolicyScopeDirectory("+policy+") received null repo. Using blank."); repo = ""; } - Path returnPath = Paths.get(repo + FileSystems.getDefault().getSeparator() + policyScope); + Path returnPath = Paths.get(repo + File.separator + policyScope); if(returnPath != null){ return returnPath.toString(); } else { @@ -1341,9 +1342,7 @@ public class PolicyDBDao { } private String buildPolicyScopeDirectory(String policyScope){ String repo = buildPolicyDirectory(); - policyScope = policyScope.replace(".", FileSystems.getDefault().getSeparator()); - return repo + FileSystems.getDefault().getSeparator() + policyScope; - + return repo + File.separator + policyScope.replace(".", File.separator); } private static String buildPolicyDirectory(){ @@ -1628,7 +1627,13 @@ public class PolicyDBDao { } catch(Exception e){ PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "PolicyDBDao", "auditLocalDatabase() error"); logger.error("Exception Occured"+e); - } + }finally{ + try { + Files.walk(webappsPath).close(); + } catch (IOException e) { + logger.error("Exception Occured while closing File Stream"+e); + } + } } /** @@ -1980,7 +1985,7 @@ public class PolicyDBDao { for(int j=i;j<gitPathParts.size();j++){ testGitPath = Paths.get(testGitPath.toString(),gitPathParts.get(j)); } - if(path.contains(testGitPath.toString())){ + if(path != null && path.contains(testGitPath.toString())){ gitPath = testGitPath.toString(); break; } @@ -1989,7 +1994,7 @@ public class PolicyDBDao { logger.debug("gitPath is null. Returning"); return null; } - if(gitPath.length() >= path.length()){ + if(path != null && (gitPath.length() >= path.length())){ logger.debug("gitPath length(): " + gitPath.length() + ">= path.length(): " + path.length() + ". Returning null"); return null; } @@ -2996,6 +3001,13 @@ public class PolicyDBDao { } } } + if(policyXmlStream != null){ + try { + policyXmlStream.close(); + } catch (IOException e) { + logger.error("Exception Occured while closing input stream"+e); + } + } createPolicy(policy.policyAdapter, username, policyScope,finalName,policyDataString); } diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/SafePolicyBuilder.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/SafePolicyBuilder.java index 7637719b1..c4f53582b 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/SafePolicyBuilder.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/components/SafePolicyBuilder.java @@ -19,6 +19,7 @@ */ package org.openecomp.policy.pap.xacml.rest.components; +import java.util.List; import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -30,6 +31,10 @@ import org.yaml.snakeyaml.constructor.Constructor; public class SafePolicyBuilder { + private SafePolicyBuilder(){ + //Private Constructor. + } + public static ControlLoopGuard loadYamlGuard(String specification) { // // Read the yaml into our Java Object @@ -40,18 +45,29 @@ public class SafePolicyBuilder { return (ControlLoopGuard) obj; } - public static String generateXacmlGuard(String xacmlFileContent,Map<String, String> generateMap) { - for(String key: generateMap.keySet()){ - Pattern p = Pattern.compile("\\$\\{" +key +"\\}"); + public static String generateXacmlGuard(String xacmlFileContent,Map<String, String> generateMap, List<String> blacklist) { + for(Map.Entry<String,String> map: generateMap.entrySet()){ + Pattern p = Pattern.compile("\\$\\{" +map.getKey() +"\\}"); Matcher m = p.matcher(xacmlFileContent); - String finalInput = generateMap.get(key); + String finalInput = map.getValue(); if(finalInput.contains("$")){ finalInput = finalInput.replace("$", "\\$"); } xacmlFileContent=m.replaceAll(finalInput); } + if(blacklist!=null && !blacklist.isEmpty()){ + StringBuilder rule = new StringBuilder(); + for(String blackListName : blacklist){ + if(blackListName.contains("$")){ + blackListName = blackListName.replace("$", "\\$"); + } + rule.append("<AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">"+blackListName+"</AttributeValue>"); + } + Pattern p = Pattern.compile("\\$\\{blackListElement\\}"); + Matcher m = p.matcher(xacmlFileContent); + xacmlFileContent=m.replaceAll(rule.toString()); + } PolicyLogger.info("Generated XACML from the YAML Spec: \n" + xacmlFileContent); - return xacmlFileContent; } } diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/MicroServiceDictionaryController.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/MicroServiceDictionaryController.java index 8d253d385..108d33c25 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/MicroServiceDictionaryController.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/MicroServiceDictionaryController.java @@ -1010,7 +1010,7 @@ public class MicroServiceDictionaryController { this.newModel.setDependency(""); } - if (mainClass.getDependency()==null){ + if (mainClass != null && mainClass.getDependency()==null){ mainClass.setDependency(""); } diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/PushPolicyController.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/PushPolicyController.java index f468b374d..3f86378ab 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/PushPolicyController.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/controller/PushPolicyController.java @@ -109,30 +109,6 @@ public class PushPolicyController { } } - /*private void safetyChecker(String policyName) { - if (XACMLProperties.getProperty("xacml.rest.pap.safetychecker").equals("on")) { - if (policyName.contains("Config_MS_") || policyName.contains("BRMS_Param")) { - SafetyCheckerService service = new SafetyCheckerService(); - PolicySafetyChecker safetyChecker = new PolicySafetyChecker(); - boolean isEntered = false; - try { - JSONObject policyDataObj = service.getConfigByPolicyName(policyName, XACMLPapServlet.getConfigHome()); - isEntered = safetyChecker.addItem(policyDataObj); - } catch (Exception e) { - PolicyLogger.warn(MessageCodes.ERROR_PROCESS_FLOW, "XACMLPapServlet", e, "Error while adding ClosedLoop in the database: " - + "This is a PolicySafetyChecker warning, the push execution may proceed normally."); - } - if (isEntered) { - LOGGER.info("SafetyChecker successfully added the closedLoop to the DB table."); - } else { - LOGGER.info("SafetyChecker failed to add the closedLoop to the DB table."); - } - } - } else { - LOGGER.info("PolicySafetyChecker is turned off."); - } - }*/ - private void addPolicyToGroup(String policyScope, String policyID, String policyName, String pdpGroup, HttpServletResponse response) { StdPDPGroup selectedPDPGroup = null; StdPDPPolicy selectedPolicy = null; diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/elk/client/ElkConnectorImpl.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/elk/client/ElkConnectorImpl.java index 75bd725f0..4dd48adfd 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/elk/client/ElkConnectorImpl.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/elk/client/ElkConnectorImpl.java @@ -194,7 +194,7 @@ public class ElkConnectorImpl implements ElkConnector{ LOGGER.trace("ENTER: " + text); } - if (filter_s == null || filter_s.size() <= 0) { + if (filter_s == null || filter_s.size() == 0) { return search(type, text); } diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/handler/DeleteHandler.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/handler/DeleteHandler.java index ff454ade9..88548ffa4 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/handler/DeleteHandler.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/handler/DeleteHandler.java @@ -308,7 +308,9 @@ public class DeleteHandler { return true; } }finally{ - st.close(); + if(st != null){ + st.close(); + } } } return false; diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/policycontroller/PolicyCreation.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/policycontroller/PolicyCreation.java index dde2a0d3b..3437dab03 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/policycontroller/PolicyCreation.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/policycontroller/PolicyCreation.java @@ -29,6 +29,7 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringUtils; import org.openecomp.policy.common.logging.eelf.PolicyLogger; import org.openecomp.policy.common.logging.flexlogger.FlexLogger; import org.openecomp.policy.common.logging.flexlogger.Logger; @@ -363,13 +364,17 @@ public class PolicyCreation extends AbstractPolicyCreation{ } } } - if(policyData.getRuleProvider()!=null && policyData.getRuleProvider().equals(DecisionPolicy.GUARD_YAML) && policyData.getYamlparams()!=null){ - attributeMap.put("actor", policyData.getYamlparams().getActor()); + if(policyData.getRuleProvider()!=null && (policyData.getRuleProvider().equals(DecisionPolicy.GUARD_YAML)|| policyData.getRuleProvider().equals(DecisionPolicy.GUARD_BL_YAML)) + && policyData.getYamlparams()!=null){ attributeMap.put("actor", policyData.getYamlparams().getActor()); attributeMap.put("recipe", policyData.getYamlparams().getRecipe()); attributeMap.put("limit", policyData.getYamlparams().getLimit()); attributeMap.put("timeWindow", policyData.getYamlparams().getTimeWindow()); attributeMap.put("guardActiveStart", policyData.getYamlparams().getGuardActiveStart()); attributeMap.put("guardActiveEnd", policyData.getYamlparams().getGuardActiveEnd()); + if(policyData.getYamlparams().getBlackList()!=null){ + String blackList = StringUtils.join(policyData.getYamlparams().getBlackList(), ","); + attributeMap.put("blackList", blackList); + } } policyData.setDynamicRuleAlgorithmLabels(dynamicRuleAlgorithmLabels); policyData.setDynamicRuleAlgorithmCombo(dynamicRuleAlgorithmCombo); diff --git a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/service/ImportService.java b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/service/ImportService.java index 3ff279d8d..d70332edf 100644 --- a/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/service/ImportService.java +++ b/ECOMP-PAP-REST/src/main/java/org/openecomp/policy/pap/xacml/rest/service/ImportService.java @@ -35,7 +35,7 @@ import javax.servlet.http.HttpServletResponse; import org.openecomp.policy.common.logging.eelf.PolicyLogger; import org.openecomp.policy.pap.xacml.rest.components.CreateBRMSRuleTemplate; -import org.openecomp.policy.pap.xacml.rest.components.CreateNewMicroSerivceModel; +import org.openecomp.policy.pap.xacml.rest.components.CreateNewMicroServiceModel; public class ImportService { @@ -65,7 +65,7 @@ public class ImportService { successMap = brmsRuleTemplate.addRule(builder.toString(), serviceName, description, "API"); break; case "MICROSERVICE": - CreateNewMicroSerivceModel newMS = null; + CreateNewMicroServiceModel newMS = null; String randomID = UUID.randomUUID().toString(); if ( fileName != null) { File extracDir = new File("ExtractDir"); @@ -105,7 +105,7 @@ public class ImportService { outputStream.write(buffer, 0, bytesRead) ; } } catch (IOException e) { - PolicyLogger.error("Error in reading in Zip File from API call"); + PolicyLogger.error("Error in reading in Zip File from API call"+e); return; }finally{ try { @@ -120,7 +120,7 @@ public class ImportService { } } } - newMS = new CreateNewMicroSerivceModel(fileName, serviceName, "API", version, randomID); + newMS = new CreateNewMicroServiceModel(fileName, serviceName, "API", version, randomID); successMap = newMS.addValuesToNewModel(); if (successMap.containsKey("success")) { successMap.clear(); diff --git a/ECOMP-PAP-REST/src/main/resources/Decision_GuardBLPolicyTemplate.xml b/ECOMP-PAP-REST/src/main/resources/Decision_GuardBLPolicyTemplate.xml new file mode 100644 index 000000000..1e428ff34 --- /dev/null +++ b/ECOMP-PAP-REST/src/main/resources/Decision_GuardBLPolicyTemplate.xml @@ -0,0 +1,107 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:d56af069-6cf1-430c-ba07-e26602e06a52" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny"> + <Description>${description}</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${PolicyName}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="PolicyName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + <AllOf> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${ECOMPName}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ECOMPName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="actor" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="recipe" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:xacml:rule:id:284d9393-f861-4250-b62d-fc36640a363a" Effect="Permit"> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DECIDE</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> + <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of"> + <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="target" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"> + <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">vserver.vserver-name</AttributeValue>--> + ${blackListElement} + </Apply> + </Apply> + </Apply> + </Apply> + </Condition> + </Rule> + <Rule RuleId="urn:com:xacml:rule:id:284d9393-f861-4250-b62d-fc36640a363a" Effect="Deny"> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DECIDE</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> + <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:3.0:function:any-of"> + <Function FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"/> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="target" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"> + <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">vserver.vserver-name</AttributeValue>--> + ${blackListElement} + </Apply> + </Apply> + </Apply> + </Apply> + </Apply> + </Condition> + <AdviceExpressions> + <AdviceExpression AdviceId="GUARD_BL_YAML" AppliesTo="Deny"> + <AttributeAssignmentExpression AttributeId="guard.response" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Denied!</AttributeValue> + </AttributeAssignmentExpression> + </AdviceExpression> + </AdviceExpressions> + </Rule> +</Policy>
\ No newline at end of file diff --git a/ECOMP-PAP-REST/src/main/resources/Decision_GuardPolicyTemplate.xml b/ECOMP-PAP-REST/src/main/resources/Decision_GuardPolicyTemplate.xml new file mode 100644 index 000000000..6701a0848 --- /dev/null +++ b/ECOMP-PAP-REST/src/main/resources/Decision_GuardPolicyTemplate.xml @@ -0,0 +1,99 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:d56af069-6cf1-430c-ba07-e26602e06a52" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-overrides"> + <Description>${description}</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${PolicyName}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="PolicyName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + <AllOf> + <Match MatchId="org.openecomp.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${ECOMPName}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ECOMPName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="actor" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="recipe" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:xacml:rule:id:284d9393-f861-4250-b62d-fc36640a363a" Effect="Permit"> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DECIDE</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> + <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> + </Apply> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-less-than-or-equal"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="count" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="org:openecomp:xacml:sql:${timeWindow}" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">${limit}</AttributeValue> + </Apply> + </Apply> + </Condition> + </Rule> + <Rule RuleId="urn:com:xacml:rule:id:284d9393-f861-4250-b62d-fc36640a363a" Effect="Deny"> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DECIDE</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:or"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> + <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> + </Apply> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-less-than-or-equal"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="count" DataType="http://www.w3.org/2001/XMLSchema#integer" Issuer="org:openecomp:xacml:sql:${timeWindow}" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">${limit}</AttributeValue> + </Apply> + </Apply> + </Apply> + </Condition> + <AdviceExpressions> + <AdviceExpression AdviceId="GUARD_YAML" AppliesTo="Deny"> + <AttributeAssignmentExpression AttributeId="guard.response" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Denied!</AttributeValue> + </AttributeAssignmentExpression> + </AdviceExpression> + </AdviceExpressions> + </Rule> +</Policy>
\ No newline at end of file |