1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
|
###
# ============LICENSE_START=======================================================
# ONAP Policy Engine
# ================================================================================
# Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END=========================================================
###
# Default XACML Properties File for PDP RESTful servlet
#
# Standard API Factories
#
xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
# NOT USED SEE BELOW xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
#
# AT&T PDP Implementation Factories
#
xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
xacml.att.functionDefinitionFactory=org.onap.policy.xacml.custom.OnapFunctionDefinitionFactory
# NOT USED SEE BELOW xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory
# creteUpdate Policy Implementation Class details.
createUpdatePolicy.impl.className=org.onap.policy.pdp.rest.api.services.CreateUpdatePolicyServiceImpl
# AAF Implementation class details
aafClient.impl.className=org.onap.policy.utils.AAFPolicyClientImpl
#
# AT&T RESTful PDP Implementation Factories
#
xacml.pipFinderFactory=org.onap.policy.pdp.rest.impl.XACMLPdpPIPFinderFactory
xacml.att.policyFinderFactory=org.onap.policy.pdp.rest.XACMLPdpPolicyFinderFactory
#
# When set to true, this flag tells the StdPolicyFinderFactory to combined all the root policy files into
# into one PolicySet and use the given Policy Algorithm.
#
xacml.att.policyFinderFactory.combineRootPolicies=urn:com:att:xacml:3.0:policy-combining-algorithm:combined-permit-overrides
#
# PDP RESTful API properties
#
# Set this to the address or list of addresses where the XACML-PAP-REST servlet is running
# http://localhost:9090/pap/
xacml.rest.pap.urls=${{REST_PAP_URL}}
#if multiple paps exist, the xacml.rest.pap.url can be removed and they can be defined like this:
#xacml.rest.pap.urls=http://localhost:9090/pap/,http://localhost:9091/pap/
#
# Give the running PDP an ID for the PAP. The url that its running as is a good choice.
# The PAP identifies PDP's using the URL of the PDP.
#
xacml.rest.pdp.id=${{REST_PDP_ID}}
#
# Give the JMX port number used for the PDP
xacml.jmx.port=${{TOMCAT_JMX_PORT}}
#
# Notification Properties
# Notifcation type: websocket, ueb or dmaap... if left blank websocket is the default
NOTIFICATION_TYPE=${{PDP_NOTIFICATION_TYPE}}
NOTIFICATION_SERVERS=${{PDP_UEB_CLUSTER}}
NOTIFICATION_TOPIC=${{PDP_UEB_TOPIC}}
NOTIFICATION_DELAY=${{PDP_UEB_DELAY}}
UEB_API_KEY=${{PDP_UEB_API_KEY}}
UEB_API_SECRET=${{PDP_UEB_API_SECRET}}
DMAAP_AAF_LOGIN=${{PDP_DMAAP_AAF_LOGIN}}
DMAAP_AAF_PASSWORD=${{PDP_DMAAP_AAF_PASSWORD}}
#
# Set the directory where the PDP holds its Policy Cache and PIP Configuration
#
xacml.rest.pdp.config=${{REST_PDP_CONFIG}}
xacml.rest.pdp.webapps=${{REST_PDP_WEBAPPS}}
#
# Initialize register with PAP servlet
#
xacml.rest.pdp.register=${{REST_PDP_REGISTER}}
#
# Sleep period in seconds between register attempts
#
xacml.rest.pdp.register.sleep=${{REST_PDP_REGISTER_SLEEP}}
#
# number of attempts to register. -1 means keep trying forever.
#
xacml.rest.pdp.register.retries=${{REST_PDP_REGISTER_RETRIES}}
#
# max number of bytes in a POST of a XML/JSON request
#
xacml.rest.pdp.maxcontent=${{REST_PDP_MAXCONTENT}}
#
# Set UserID here
xacml.rest.pdp.userid=${{PDP_HTTP_USER_ID}}
# Set Password here
xacml.rest.pdp.password=${{PDP_HTTP_PASSWORD}}
# id PAP
xacml.rest.pap.userid=${{PDP_PAP_PDP_HTTP_USER_ID}}
# pass PAP
xacml.rest.pap.password=${{PDP_PAP_PDP_HTTP_PASSWORD}}
# Delay for Notifications Don't change this. Value in milliSec.
xacml.rest.notification.delay=30
# Client interval to ping notification service.
CLIENT_INTERVAL=15000
# Request Buffer Size.
REQUEST_BUFFER_SIZE=50
#***Properties for IntegrityMonitor integration defined in XACMLRestProperties.java***
#The name of the PDP. Must be unique across the system
xacml.rest.pdp.resource.name=${{resource_name}}
#***Properties for IntegrityMonitor integration defined in IntegrityMonitorProperties.java***
site_name=${{site_name}}
node_type=${{node_type}}
dependency_groups=${{dependency_groups}}
fp_monitor_interval=${{fp_monitor_interval}}
failed_counter_threshold=${{failed_counter_threshold}}
test_trans_interval=${{test_trans_interval}}
write_fpc_interval=${{write_fpc_interval}}
max_fpc_update_interval=${{max_fpc_update_interval}}
test_via_jmx=${{test_via_jmx}}
#database properties needed by IntegrityMonitor
javax.persistence.jdbc.driver=${{JDBC_DRIVER}}
javax.persistence.jdbc.url=${{JDBC_URL}}
javax.persistence.jdbc.user=${{JDBC_USER}}
javax.persistence.jdbc.password=${{JDBC_PASSWORD}}
# Environment should be Set either DEV, TEST or PROD
ENVIRONMENT=${{ENVIRONMENT}}
xacml.rest.pep.idfile = client.properties
#AAF cadi properties
enable_aaf=false
policy.aaf.namespace = ${{AAF_NAMESPACE}}
policy.aaf.root.permission=${{AAF_NAMESPACE}}.pdpx
cm_url=https://${{AAF_HOST}}:8095/AAF_NS.cm:2.1
cadi_latitude=38.000
cadi.longitude=72.000
cadi_alias=policy@policy.onap.org
cadi_loglevel=DEBUG
cadi_keyfile=${{POLICY_HOME}}/etc/ssl/aaf-cadi.keyfile
cadi_protocols=TLSv1.1,TLSv1.2
cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US
cadi_keystore=${{POLICY_HOME}}/etc/ssl/policy-keystore
cadi_keystore_password=${{KEYSTORE_PASSWD}}
cadi_key_password=${{KEYSTORE_PASSWD}}
cadi_truststore=${{POLICY_HOME}}/etc/ssl/policy-truststore
cadi_truststore_password=${{TRUSTSTORE_PASSWD}}
aaf_env=DEV
aaf_url=https://${{AAF_HOST}}:8095/AAF_NS.service:2.1
aaf_fqdn=${{AAF_HOST}}
aaf_oauth2_introspect_url=https://${{AAF_HOST}}:8095/AAF_NS.introspect:2.1/introspect
aaf_oauth2_token_url=https://${{AAF_HOST}}:8095/AAF_NS.token:2.1/token
fs_url=https://${{AAF_HOST}}:8095/AAF_NS.fs.2.1
gui_url=https://${{AAF_HOST}}:8095/AAF_NS.gui.2.1
# Decision Response settings.
# can be either PERMIT or DENY.
decision.indeterminate.response=${{DECISION_INDETERMINATE_RESPONSE}}
msToscaModel.home=${{REST_PDP_WEBAPPS}}
# AES key for password encryption in config files
#org.onap.policy.encryption.aes.key=12345678901234567890123456789012
|
