diff options
Diffstat (limited to 'ONAP-PAP-REST/src/main')
3 files changed, 189 insertions, 16 deletions
diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/DecisionPolicy.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/DecisionPolicy.java index 47ab45894..03fbe0763 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/DecisionPolicy.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/DecisionPolicy.java @@ -90,9 +90,11 @@ public class DecisionPolicy extends Policy { private static final String AAFPROVIDER = "AAF"; public static final String GUARD_YAML = "GUARD_YAML"; public static final String GUARD_BL_YAML = "GUARD_BL_YAML"; + public static final String GUARD_MIN_MAX = "GUARD_MIN_MAX"; public static final String RAINY_DAY = "Rainy_Day"; private static final String XACML_GUARD_TEMPLATE = "Decision_GuardPolicyTemplate.xml"; private static final String XACML_BLGUARD_TEMPLATE = "Decision_GuardBLPolicyTemplate.xml"; + private static final String XACML_GUARD_MIN_MAX_TEMPLATE = "Decision_GuardMinMaxPolicyTemplate.xml"; private static final String ONAPNAME = "ONAPName"; private static final String POLICY_NAME = "PolicyName"; @@ -194,8 +196,10 @@ public class DecisionPolicy extends Policy { } policyName = policyAdapter.getNewFileName(); - if (policyAdapter.getRuleProvider().equals(GUARD_YAML) - || policyAdapter.getRuleProvider().equals(GUARD_BL_YAML)) { + if(policyAdapter.getRuleProvider().equals(GUARD_YAML) || + policyAdapter.getRuleProvider().equals(GUARD_BL_YAML) || + policyAdapter.getRuleProvider().equals(GUARD_MIN_MAX)){ + Map<String, String> yamlParams = new HashMap<>(); String blackListEntryType = policyAdapter.getBlackListEntryType() != null ? policyAdapter.getBlackListEntryType() : "Use Manual Entry"; @@ -353,6 +357,12 @@ public class DecisionPolicy extends Policy { } cons.setBlacklist(blackList); break; + case GUARD_MIN_MAX: + templateFile = new File(classLoader.getResource(XACML_GUARD_MIN_MAX_TEMPLATE).getFile()); + xacmlTemplatePath = templateFile.toPath(); + cons = new Constraint(Integer.parseInt(yamlParams.get("min")), + Integer.parseInt(yamlParams.get("max")), activeTimeRange); + break; default: templateFile = new File(classLoader.getResource(XACML_GUARD_TEMPLATE).getFile()); xacmlTemplatePath = templateFile.toPath(); @@ -372,6 +382,7 @@ public class DecisionPolicy extends Policy { cons = new Constraint(Integer.parseInt(yamlParams.get("limit")), timeWindow, activeTimeRange); break; } + builder = builder.addLimitConstraint(policy1.getId(), cons); // Build the specification Results results = builder.buildSpecification(); @@ -399,6 +410,18 @@ public class DecisionPolicy extends Policy { yamlSpecs.put("twUnits", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst() .getTime_window().get("units")); } + + if (yamlGuardObject.getGuards().getFirst().getLimit_constraints(). + getFirst().getMaxVnfCount() != null) { + yamlSpecs.put("max", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst() + .getMaxVnfCount().toString()); + } + if (yamlGuardObject.getGuards().getFirst().getLimit_constraints(). + getFirst().getMinVnfCount() != null) { + yamlSpecs.put("min", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst() + .getMinVnfCount().toString()); + } + yamlSpecs.put("guardActiveStart", yamlGuardObject.getGuards().getFirst().getLimit_constraints() .getFirst().getActive_time_range().get("start")); yamlSpecs.put("guardActiveEnd", yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst() @@ -406,9 +429,11 @@ public class DecisionPolicy extends Policy { String xacmlPolicyContent = SafePolicyBuilder.generateXacmlGuard(xacmlTemplateContent, yamlSpecs, yamlGuardObject.getGuards().getFirst().getLimit_constraints().getFirst().getBlacklist(), yamlGuardObject.getGuards().getFirst().getMatch_parameters().getTargets()); + // Convert the Policy into Stream input to Policy Adapter. Object policy = XACMLPolicyScanner .readPolicy(new ByteArrayInputStream(xacmlPolicyContent.getBytes(StandardCharsets.UTF_8))); + return (PolicyType) policy; } catch (IOException e) { LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "Error while creating the policy " + e.getMessage(), diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/policycontroller/PolicyCreation.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/policycontroller/PolicyCreation.java index 951f25c25..de5d1cf49 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/policycontroller/PolicyCreation.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/policycontroller/PolicyCreation.java @@ -402,46 +402,56 @@ public class PolicyCreation extends AbstractPolicyCreation{ } } } - if(policyData.getRuleProvider()!=null && (policyData.getRuleProvider().equals(DecisionPolicy.GUARD_YAML)|| policyData.getRuleProvider().equals(DecisionPolicy.GUARD_BL_YAML)) - && policyData.getYamlparams()!=null){ + if (policyData.getRuleProvider() != null + && (policyData.getRuleProvider().equals(DecisionPolicy.GUARD_YAML) + || policyData.getRuleProvider().equals(DecisionPolicy.GUARD_BL_YAML) + || policyData.getRuleProvider().equals(DecisionPolicy.GUARD_MIN_MAX)) + && policyData.getYamlparams() != null) { attributeMap.put("actor", policyData.getYamlparams().getActor()); attributeMap.put("recipe", policyData.getYamlparams().getRecipe()); attributeMap.put("clname", policyData.getYamlparams().getClname()); attributeMap.put("limit", policyData.getYamlparams().getLimit()); + attributeMap.put("min", policyData.getYamlparams().getMin()); + attributeMap.put("max", policyData.getYamlparams().getMax()); attributeMap.put("timeWindow", policyData.getYamlparams().getTimeWindow()); attributeMap.put("timeUnits", policyData.getYamlparams().getTimeUnits()); attributeMap.put("guardActiveStart", policyData.getYamlparams().getGuardActiveStart()); attributeMap.put("guardActiveEnd", policyData.getYamlparams().getGuardActiveEnd()); - if(policyData.getYamlparams().getBlackList()!=null){ + if (policyData.getYamlparams().getBlackList() != null) { String blackList = StringUtils.join(policyData.getYamlparams().getBlackList(), ","); attributeMap.put("blackList", blackList); } - if(DecisionPolicy.GUARD_BL_YAML.equals(policyData.getRuleProvider()) && "Use File Upload".equals(policyData.getBlackListEntryType())){ - if(policyData.getBlackListEntries() != null && !policyData.getBlackListEntries().isEmpty()){ + if (DecisionPolicy.GUARD_BL_YAML.equals(policyData.getRuleProvider()) + && "Use File Upload".equals(policyData.getBlackListEntryType())) { + if (policyData.getBlackListEntries() != null + && !policyData.getBlackListEntries().isEmpty()) { String blackList = StringUtils.join(policyData.getBlackListEntries(), ","); attributeMap.put("blackList", blackList); } - if(policyData.getAppendBlackListEntries() != null && !policyData.getAppendBlackListEntries().isEmpty()){ + if (policyData.getAppendBlackListEntries() != null + && !policyData.getAppendBlackListEntries().isEmpty()) { String blackList = StringUtils.join(policyData.getAppendBlackListEntries(), ","); attributeMap.put("appendBlackList", blackList); } } - if(policyData.getYamlparams().getTargets()!=null){ - String targets = StringUtils.join(policyData.getYamlparams().getTargets(),","); + if (policyData.getYamlparams().getTargets() != null) { + String targets = StringUtils.join(policyData.getYamlparams().getTargets(), ","); attributeMap.put("targets", targets); } } - if(policyData.getRuleProvider()!=null && policyData.getRuleProvider().equals(DecisionPolicy.RAINY_DAY)){ + if (policyData.getRuleProvider() != null + && policyData.getRuleProvider().equals(DecisionPolicy.RAINY_DAY)) { attributeMap.put("ServiceType", policyData.getRainyday().getServiceType()); attributeMap.put("VNFType", policyData.getRainyday().getVnfType()); attributeMap.put("BB_ID", policyData.getRainyday().getBbid()); attributeMap.put("WorkStep", policyData.getRainyday().getWorkstep()); - if(policyData.getRainyday().getTreatmentTableChoices()!=null && policyData.getRainyday().getTreatmentTableChoices().size() > 0){ - for (Object table : policyData.getRainyday().getTreatmentTableChoices()){ - if(table instanceof LinkedHashMap<?,?>){ - String errorcode = ((LinkedHashMap<?,?>) table).get("errorcode").toString(); - String treatment = ((LinkedHashMap<?,?>) table).get("treatment").toString(); + if (policyData.getRainyday().getTreatmentTableChoices() != null + && policyData.getRainyday().getTreatmentTableChoices().isEmpty()) { + for (Object table : policyData.getRainyday().getTreatmentTableChoices()) { + if (table instanceof LinkedHashMap<?, ?>) { + String errorcode = ((LinkedHashMap<?, ?>) table).get("errorcode").toString(); + String treatment = ((LinkedHashMap<?, ?>) table).get("treatment").toString(); treatmentMap.put(errorcode, treatment); } } diff --git a/ONAP-PAP-REST/src/main/resources/Decision_GuardMinMaxPolicyTemplate.xml b/ONAP-PAP-REST/src/main/resources/Decision_GuardMinMaxPolicyTemplate.xml new file mode 100644 index 000000000..afb118aa5 --- /dev/null +++ b/ONAP-PAP-REST/src/main/resources/Decision_GuardMinMaxPolicyTemplate.xml @@ -0,0 +1,138 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + ============LICENSE_START================================================== + ONAP Policy Engine + =========================================================================== + Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. + =========================================================================== + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END==================================================== + --> +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:com:xacml:policy:id:d56af069-6cf1-430c-ba07-e26602e06a52" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny"> + <Description>${description}</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="org.onap.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${PolicyName}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="PolicyName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + <AllOf> + <Match MatchId="org.onap.function.regex-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${ONAPName}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="ONAPName" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">(?i)${actor}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="actor" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">(?i)${recipe}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="recipe" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${targets}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="target" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="clname" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Rule RuleId="urn:com:xacml:rule:id:284d9393-f861-4250-b62d-fc36640a363a" Effect="Permit"> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DECIDE</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> + <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="vfCount" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">${min}</AttributeValue> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-less-than-or-equal"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="vfCount" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">${max}</AttributeValue> + </Apply> + </Apply> + </Apply> + </Condition> + </Rule> + <Rule RuleId="urn:com:xacml:rule:id:284d9393-f861-4250-b62d-fc36640a363a" Effect="Deny"> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DECIDE</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <Condition> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:not"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:and"> + <Apply FunctionId="urn:oasis:names:tc:xacml:2.0:function:time-in-range"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:time-one-and-only"> + <AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:environment:current-time" DataType="http://www.w3.org/2001/XMLSchema#time" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveStart}</AttributeValue> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#time">${guardActiveEnd}</AttributeValue> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-greater-than-or-equal"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="vfCount" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">${min}</AttributeValue> + </Apply> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-less-than-or-equal"> + <Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only"> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="vfCount" DataType="http://www.w3.org/2001/XMLSchema#integer" MustBePresent="false"/> + </Apply> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">${max}</AttributeValue> + </Apply> + </Apply> + </Apply> + </Apply> + </Condition> + <AdviceExpressions> + <AdviceExpression AdviceId="GUARD_MIN_MAX" AppliesTo="Deny"> + <AttributeAssignmentExpression AttributeId="guard.response" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Denied By Guard</AttributeValue> + </AttributeAssignmentExpression> + </AdviceExpression> + </AdviceExpressions> + </Rule> +</Policy>
\ No newline at end of file |