diff options
author | Jorge Hernandez <jorge.hernandez-herrero@att.com> | 2020-10-30 14:54:46 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2020-10-30 14:54:46 +0000 |
commit | 6fe177587d9b37de19a1013c2fada56146e8a017 (patch) | |
tree | b349328a0b16b2222ea46fc62f5aec08b27f52f4 /docs/xacml/tutorial/app | |
parent | 04cafa43d8a6502b1c0d57d8f72819820e0633f9 (diff) | |
parent | 027d34b558876f78681c79715466b5b612004339 (diff) |
Merge "Update Tutorial Documentation"
Diffstat (limited to 'docs/xacml/tutorial/app')
16 files changed, 0 insertions, 862 deletions
diff --git a/docs/xacml/tutorial/app/pom.xml b/docs/xacml/tutorial/app/pom.xml deleted file mode 100644 index 380ee512..00000000 --- a/docs/xacml/tutorial/app/pom.xml +++ /dev/null @@ -1,106 +0,0 @@ -<!-- - ============LICENSE_START======================================================= - ONAP Policy Engine - XACML Application Tutorial - ================================================================================ - Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ============LICENSE_END========================================================= - --> - -<project xmlns="http://maven.apache.org/POM/4.0.0" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - <modelVersion>4.0.0</modelVersion> - - <groupId>org.onap.policy.tutorial</groupId> - <artifactId>tutorial</artifactId> - <version>0.0.1-SNAPSHOT</version> - <packaging>jar</packaging> - - <name>tutorial</name> - - <properties> - <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> - </properties> - - <dependencies> - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <version>4.13</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.onap.policy.xacml-pdp.applications</groupId> - <artifactId>common</artifactId> - <version>2.2.2</version> - </dependency> - <dependency> - <groupId>org.onap.policy.xacml-pdp</groupId> - <artifactId>xacml-test</artifactId> - <version>2.2.2</version> - <scope>test</scope> - </dependency> - </dependencies> - - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-compiler-plugin</artifactId> - <version>3.8.0</version> - <configuration> - <release>11</release> - </configuration> - </plugin> - <plugin> - <groupId>io.fabric8</groupId> - <artifactId>docker-maven-plugin</artifactId> - <version>0.33.0</version> - <configuration> - <verbose>true</verbose> - <images> - <image> - <name>onap/policy-xacml-tutorial</name> - <alias>xacml-pdp</alias> - <build> - <contextDir>${project.basedir}/src/main/docker</contextDir> - <assembly> - <descriptorRef>artifact-with-dependencies</descriptorRef> - </assembly> - </build> - </image> - </images> - </configuration> - <executions> - <execution> - <id>clean-images</id> - <phase>pre-clean</phase> - <goals> - <goal>remove</goal> - </goals> - </execution> - - <execution> - <id>generate-images</id> - <phase>package</phase> - <goals> - <goal>build</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - </build> -</project> diff --git a/docs/xacml/tutorial/app/src/main/docker/Dockerfile b/docs/xacml/tutorial/app/src/main/docker/Dockerfile deleted file mode 100644 index 639e94fb..00000000 --- a/docs/xacml/tutorial/app/src/main/docker/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM onap/policy-xacml-pdp:2.2.2 - -ADD maven/${project.build.finalName}.jar /opt/app/policy/pdpx/lib/${project.build.finalName}.jar - -RUN mkdir -p /opt/app/policy/pdpx/apps/tutorial - -COPY --chown=policy:policy xacml.properties /opt/app/policy/pdpx/apps/tutorial
\ No newline at end of file diff --git a/docs/xacml/tutorial/app/src/main/docker/README.txt b/docs/xacml/tutorial/app/src/main/docker/README.txt deleted file mode 100644 index a29a44b2..00000000 --- a/docs/xacml/tutorial/app/src/main/docker/README.txt +++ /dev/null @@ -1,36 +0,0 @@ -docker-compose -f docker-compose.yml run --rm start_dependencies - -docker-compose -f docker-compose.yml run --rm start_all - - -curl -X POST http://0.0.0.0:3904/events/POLICY-PDP-PAP - -Should return JSON similar to this: -{"serverTimeMs":0,"count":0} - - -curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6969/policy/pdpx/v1/healthcheck' - -Should return JSON similar to this: -{"name":"Policy Xacml PDP","url":"self","healthy":true,"code":200,"message":"alive"} - - -curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6767/policy/api/v1/healthcheck' -Should return JSON similar to this: -{ - "name": "Policy API", - "url": "policy-api", - "healthy": true, - "code": 200, - "message": "alive" -} - -curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6868/policy/pap/v1/healthcheck' -Should return JSON similar to this: -{ - "name": "Policy PAP", - "url": "policy-pap", - "healthy": true, - "code": 200, - "message": "alive" -}
\ No newline at end of file diff --git a/docs/xacml/tutorial/app/src/main/docker/config/db/db.conf b/docs/xacml/tutorial/app/src/main/docker/config/db/db.conf deleted file mode 100644 index 42f35844..00000000 --- a/docs/xacml/tutorial/app/src/main/docker/config/db/db.conf +++ /dev/null @@ -1,20 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -MYSQL_ROOT_PASSWORD=secret -MYSQL_USER=policy_user -MYSQL_PASSWORD=policy_user
\ No newline at end of file diff --git a/docs/xacml/tutorial/app/src/main/docker/config/db/db.sh b/docs/xacml/tutorial/app/src/main/docker/config/db/db.sh deleted file mode 100644 index 499764df..00000000 --- a/docs/xacml/tutorial/app/src/main/docker/config/db/db.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -xv -# ============LICENSE_START======================================================= -# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -for db in policyadmin operationshistory -do - mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" - mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;" -done - -mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;" diff --git a/docs/xacml/tutorial/app/src/main/docker/docker-compose.yml b/docs/xacml/tutorial/app/src/main/docker/docker-compose.yml deleted file mode 100644 index b65098c1..00000000 --- a/docs/xacml/tutorial/app/src/main/docker/docker-compose.yml +++ /dev/null @@ -1,102 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -version: '2' -services: - mariadb: - image: mariadb:10.2.14 - container_name: mariadb - hostname: mariadb - command: ['--lower-case-table-names=1', '--wait_timeout=28800'] - env_file: config/db/db.conf - volumes: - - ./config/db:/docker-entrypoint-initdb.d - expose: - - 3306 - message-router: - image: dmaap/simulator - container_name: dmaap-simulator - hostname: dmaap-simulator - ports: - - "3904:3904" - expose: - - 3904 - api: - image: nexus3.onap.org:10001/onap/policy-api:2.2.4 - container_name: policy-api - depends_on: - - mariadb - hostname: policy-api - ports: - - "6767:6969" - expose: - - 6767 - pap: - image: nexus3.onap.org:10001/onap/policy-pap:2.2.3 - container_name: policy-pap - depends_on: - - mariadb - - message-router - - api - hostname: policy-pap - ports: - - "6868:6969" - expose: - - 6868 - xacml-pdp: - image: onap/policy-xacml-tutorial - container_name: policy-xacml-pdp - depends_on: - - mariadb - - message-router - - api - - pap - hostname: policy-xacml-pdp - ports: - - "6969:6969" - expose: - - 6969 - start_dependencies: - image: dadarek/wait-for-dependencies - environment: - TIMEOUT_LENGTH: 60 - container_name: policy-wait - depends_on: - - mariadb - - message-router - hostname: policy-wait - command: - mariadb:3306 - message-router:3904 - start_all: - image: dadarek/wait-for-dependencies - environment: - TIMEOUT_LENGTH: 60 - container_name: policy-wait-all - depends_on: - - mariadb - - message-router - - api - - pap - - xacml-pdp - hostname: policy-wait-all - command: - mariadb:3306 - message-router:3904 - api:6969 - pap:6969 - xacml-pdp:6969 diff --git a/docs/xacml/tutorial/app/src/main/docker/xacml.properties b/docs/xacml/tutorial/app/src/main/docker/xacml.properties deleted file mode 100644 index 277b098e..00000000 --- a/docs/xacml/tutorial/app/src/main/docker/xacml.properties +++ /dev/null @@ -1,31 +0,0 @@ -# -# Properties that the embedded PDP engine uses to configure and load -# -# Standard API Factories -# -xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory -xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory -xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory -xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory -xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory -# -# AT&T PDP Implementation Factories -# -xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory -xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory -xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory -# -# ONAP PDP Implementation Factories -# -xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory - -# -# Use a root combining algorithm -# -xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides - -# -# Policies to load -# -xacml.rootPolicies= -xacml.referencedPolicies=
\ No newline at end of file diff --git a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java deleted file mode 100644 index 5727f1c1..00000000 --- a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java +++ /dev/null @@ -1,57 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.tutorial.tutorial; - -import java.util.Arrays; -import java.util.List; -import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicyTypeIdentifier; -import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; -import org.onap.policy.pdp.xacml.application.common.std.StdXacmlApplicationServiceProvider; - -public class TutorialApplication extends StdXacmlApplicationServiceProvider { - - private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier("onap.policies.Authorization", "1.0.0"); - private final TutorialTranslator translator = new TutorialTranslator(); - - @Override - public String applicationName() { - return "tutorial"; - } - - @Override - public List<String> actionDecisionsSupported() { - return Arrays.asList("authorize"); - } - - @Override - public synchronized List<ToscaPolicyTypeIdentifier> supportedPolicyTypes() { - return Arrays.asList(supportedPolicyType); - } - - @Override - public boolean canSupportPolicyType(ToscaPolicyTypeIdentifier policyTypeId) { - return supportedPolicyType.equals(policyTypeId); - } - - @Override - protected ToscaPolicyTranslator getTranslator(String type) { - return translator; - } - -} diff --git a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java deleted file mode 100644 index 31aace69..00000000 --- a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java +++ /dev/null @@ -1,91 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.tutorial.tutorial; - -import java.util.Map; -import java.util.Map.Entry; -import org.onap.policy.models.decisions.concepts.DecisionRequest; -import com.att.research.xacml.std.annotations.XACMLAction; -import com.att.research.xacml.std.annotations.XACMLRequest; -import com.att.research.xacml.std.annotations.XACMLResource; -import com.att.research.xacml.std.annotations.XACMLSubject; -import lombok.Getter; -import lombok.Setter; -import lombok.ToString; - -@Getter -@Setter -@ToString -@XACMLRequest(ReturnPolicyIdList = true) -public class TutorialRequest { - @XACMLSubject(includeInResults = true) - private String onapName; - - @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = true) - private String onapComponent; - - @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = true) - private String onapInstance; - - @XACMLAction() - private String action; - - @XACMLResource(attributeId = "urn:org:onap:tutorial-user", includeInResults = true) - private String user; - - @XACMLResource(attributeId = "urn:org:onap:tutorial-entity", includeInResults = true) - private String entity; - - @XACMLResource(attributeId = "urn:org:onap:tutorial-permission", includeInResults = true) - private String permission; - - public static TutorialRequest createRequest(DecisionRequest decisionRequest) { - // - // Create our object - // - TutorialRequest request = new TutorialRequest(); - // - // Add the subject attributes - // - request.onapName = decisionRequest.getOnapName(); - request.onapComponent = decisionRequest.getOnapComponent(); - request.onapInstance = decisionRequest.getOnapInstance(); - // - // Add the action attribute - // - request.action = decisionRequest.getAction(); - // - // Add the resource attributes - // - Map<String, Object> resources = decisionRequest.getResource(); - for (Entry<String, Object> entrySet : resources.entrySet()) { - if ("user".equals(entrySet.getKey())) { - request.user = entrySet.getValue().toString(); - } - if ("entity".equals(entrySet.getKey())) { - request.entity = entrySet.getValue().toString(); - } - if ("permission".equals(entrySet.getKey())) { - request.permission = entrySet.getValue().toString(); - } - } - - return request; - } -} diff --git a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java deleted file mode 100644 index 600c6214..00000000 --- a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java +++ /dev/null @@ -1,156 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.tutorial.tutorial; - -import java.util.List; -import java.util.Map; -import org.onap.policy.models.decisions.concepts.DecisionRequest; -import org.onap.policy.models.decisions.concepts.DecisionResponse; -import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy; -import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; -import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; -import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; -import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils; -import com.att.research.xacml.api.DataTypeException; -import com.att.research.xacml.api.Decision; -import com.att.research.xacml.api.Identifier; -import com.att.research.xacml.api.Request; -import com.att.research.xacml.api.Response; -import com.att.research.xacml.api.Result; -import com.att.research.xacml.api.XACML3; -import com.att.research.xacml.std.IdentifierImpl; -import com.att.research.xacml.std.annotations.RequestParser; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType; - -public class TutorialTranslator implements ToscaPolicyTranslator { - - private static final Identifier ID_TUTORIAL_USER = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user"); - private static final Identifier ID_TUTORIAL_ENTITY = - new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-entity"); - private static final Identifier ID_TUTORIAL_PERM = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-permission"); - - @SuppressWarnings("unchecked") - public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException { - // - // Here is our policy with a version and default combining algo - // - PolicyType newPolicyType = new PolicyType(); - newPolicyType.setPolicyId(toscaPolicy.getMetadata().get("policy-id")); - newPolicyType.setVersion(toscaPolicy.getMetadata().get("policy-version")); - // - // When choosing the rule combining algorithm, be sure to be mindful of the - // setting xacml.att.policyFinderFactory.combineRootPolicies in the - // xacml.properties file. As that choice for ALL the policies together may have - // an impact on the decision rendered from each individual policy. - // - // In this case, we will only produce XACML rules for permissions. If no permission - // combo exists, then the default is to deny. - // - newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_DENY_UNLESS_PERMIT.stringValue()); - // - // Create the target for the Policy. - // - // For simplicity, let's just match on the action "authorize" and the user - // - MatchType matchAction = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL, - "authorize", XACML3.ID_DATATYPE_STRING, XACML3.ID_ACTION_ACTION_ID, XACML3.ID_ATTRIBUTE_CATEGORY_ACTION); - Map<String, Object> props = toscaPolicy.getProperties(); - String user = props.get("user").toString(); - MatchType matchUser = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL, user, - XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_USER, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); - AnyOfType anyOf = new AnyOfType(); - // - // Create AllOf (AND) of just Policy Id - // - anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchAction, matchUser)); - TargetType target = new TargetType(); - target.getAnyOf().add(anyOf); - newPolicyType.setTarget(target); - // - // Now add the rule for each permission - // - int ruleNumber = 0; - List<Object> permissions = (List<Object>) props.get("permissions"); - for (Object permission : permissions) { - - MatchType matchEntity = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL, - ((Map<String, String>) permission).get("entity"), XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_ENTITY, - XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); - - MatchType matchPermission = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator( - XACML3.ID_FUNCTION_STRING_EQUAL, ((Map<String, String>) permission).get("permission"), - XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_PERM, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); - anyOf = new AnyOfType(); - anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchEntity, matchPermission)); - target = new TargetType(); - target.getAnyOf().add(anyOf); - - RuleType rule = new RuleType(); - rule.setDescription("Default is to PERMIT if the policy matches."); - rule.setRuleId(newPolicyType.getPolicyId() + ":rule" + ruleNumber); - - rule.setEffect(EffectType.PERMIT); - rule.setTarget(target); - - newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule); - - ruleNumber++; - } - return newPolicyType; - } - - public Request convertRequest(DecisionRequest request) { - try { - return RequestParser.parseRequest(TutorialRequest.createRequest(request)); - } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) { - } - return null; - } - - public DecisionResponse convertResponse(Response xacmlResponse) { - DecisionResponse decisionResponse = new DecisionResponse(); - // - // Iterate through all the results - // - for (Result xacmlResult : xacmlResponse.getResults()) { - // - // Check the result - // - if (xacmlResult.getDecision() == Decision.PERMIT) { - // - // Just simply return a Permit response - // - decisionResponse.setStatus(Decision.PERMIT.toString()); - } else { - // - // Just simply return a Deny response - // - decisionResponse.setStatus(Decision.DENY.toString()); - } - } - - return decisionResponse; - } - -} diff --git a/docs/xacml/tutorial/app/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider b/docs/xacml/tutorial/app/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider deleted file mode 100644 index 942cc596..00000000 --- a/docs/xacml/tutorial/app/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider +++ /dev/null @@ -1 +0,0 @@ -org.onap.policy.tutorial.tutorial.TutorialApplication
\ No newline at end of file diff --git a/docs/xacml/tutorial/app/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java b/docs/xacml/tutorial/app/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java deleted file mode 100644 index d20c1b38..00000000 --- a/docs/xacml/tutorial/app/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java +++ /dev/null @@ -1,120 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.tutorial.tutorial; - -import static org.junit.Assert.assertEquals; - -import java.io.File; -import java.io.IOException; -import java.util.Iterator; -import java.util.Properties; -import java.util.ServiceLoader; - -import org.apache.commons.lang3.tuple.Pair; -import org.junit.BeforeClass; -import org.junit.ClassRule; -import org.junit.Test; -import org.junit.rules.TemporaryFolder; -import org.onap.policy.common.endpoints.parameters.RestServerParameters; -import org.onap.policy.common.utils.coder.CoderException; -import org.onap.policy.common.utils.coder.StandardCoder; -import org.onap.policy.common.utils.resources.TextFileUtils; -import org.onap.policy.models.decisions.concepts.DecisionRequest; -import org.onap.policy.models.decisions.concepts.DecisionResponse; -import org.onap.policy.pdp.xacml.application.common.XacmlApplicationException; -import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider; -import org.onap.policy.pdp.xacml.application.common.XacmlPolicyUtils; -import org.onap.policy.pdp.xacml.xacmltest.TestUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.att.research.xacml.api.Response; - -public class TutorialApplicationTest { - private static final Logger LOGGER = LoggerFactory.getLogger(TutorialApplicationTest.class); - private static Properties properties = new Properties(); - private static File propertiesFile; - private static XacmlApplicationServiceProvider service; - private static StandardCoder gson = new StandardCoder(); - - @ClassRule - public static final TemporaryFolder policyFolder = new TemporaryFolder(); - - @BeforeClass - public static void setup() throws Exception { - // - // Setup our temporary folder - // - XacmlPolicyUtils.FileCreator myCreator = (String filename) -> policyFolder.newFile(filename); - propertiesFile = XacmlPolicyUtils.copyXacmlPropertiesContents("src/test/resources/xacml.properties", - properties, myCreator); - // - // Load XacmlApplicationServiceProvider service - // - ServiceLoader<XacmlApplicationServiceProvider> applicationLoader = - ServiceLoader.load(XacmlApplicationServiceProvider.class); - // - // Look for our class instance and save it - // - Iterator<XacmlApplicationServiceProvider> iterator = applicationLoader.iterator(); - while (iterator.hasNext()) { - XacmlApplicationServiceProvider application = iterator.next(); - // - // Is it our service? - // - if (application instanceof TutorialApplication) { - service = application; - } - } - // - // Tell the application to initialize based on the properties file - // we just built for it. - // - service.initialize(propertiesFile.toPath().getParent(), new RestServerParameters()); - } - - @Test - public void test() throws CoderException, XacmlApplicationException, IOException { - // - // Now load the tutorial policies. - // - TestUtils.loadPolicies("src/test/resources/tutorial-policies.yaml", service); - // - // Load a Decision request - // - DecisionRequest decisionRequest = gson.decode( - TextFileUtils - .getTextFileAsString("src/test/resources/tutorial-decision-request.json"), - DecisionRequest.class); - // - // Test a decision - should start with a permit - // - Pair<DecisionResponse, Response> decision = service.makeDecision(decisionRequest, null); - LOGGER.info(decision.getLeft().toString()); - assertEquals("Permit", decision.getLeft().getStatus()); - // - // This should be a deny - // - decisionRequest.getResource().put("user", "audit"); - decision = service.makeDecision(decisionRequest, null); - LOGGER.info(decision.getLeft().toString()); - assertEquals("Deny", decision.getLeft().getStatus()); - } - -} diff --git a/docs/xacml/tutorial/app/src/test/resources/tutorial-decision-request.json b/docs/xacml/tutorial/app/src/test/resources/tutorial-decision-request.json deleted file mode 100644 index f3a7f9a2..00000000 --- a/docs/xacml/tutorial/app/src/test/resources/tutorial-decision-request.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "ONAPName": "TutorialPEP", - "ONAPComponent": "TutorialPEPComponent", - "ONAPInstance": "TutorialPEPInstance", - "requestId": "unique-request-id-tutorial", - "action": "authorize", - "resource": { - "user": "demo", - "entity": "foo", - "permission" : "write" - } -} diff --git a/docs/xacml/tutorial/app/src/test/resources/tutorial-policies.yaml b/docs/xacml/tutorial/app/src/test/resources/tutorial-policies.yaml deleted file mode 100644 index fa353653..00000000 --- a/docs/xacml/tutorial/app/src/test/resources/tutorial-policies.yaml +++ /dev/null @@ -1,34 +0,0 @@ -tosca_definitions_version: tosca_simple_yaml_1_1_0 -topology_template: - policies: - - - onap.policy.tutorial.demo: - type: onap.policies.Authorization - type_version: 1.0.0 - version: 1.0.0 - metadata: - policy-id: onap.policy.tutorial.demo - policy-version: 1 - properties: - user: demo - permissions: - - - entity: foo - permission: read - - - entity: foo - permission: write - - - onap.policy.tutorial.audit: - type: onap.policies.Authorization - version: 1.0.0 - type_version: 1.0.0 - metadata: - policy-id: onap.policy.tutorial.bar - policy-version: 1 - properties: - user: audit - permissions: - - - entity: foo - permission: read diff --git a/docs/xacml/tutorial/app/src/test/resources/tutorial-policy-type.yaml b/docs/xacml/tutorial/app/src/test/resources/tutorial-policy-type.yaml deleted file mode 100644 index 7948bd28..00000000 --- a/docs/xacml/tutorial/app/src/test/resources/tutorial-policy-type.yaml +++ /dev/null @@ -1,32 +0,0 @@ -tosca_definitions_version: tosca_simple_yaml_1_1_0 -policy_types: - onap.policies.Authorization: - derived_from: tosca.policies.Root - version: 1.0.0 - description: Example tutorial policy type for doing user authorization - properties: - user: - type: string - required: true - description: The unique user name - permissions: - type: list - required: true - description: A list of resource permissions - entry_schema: - type: onap.datatypes.Tutorial -data_types: - onap.datatypes.Tutorial: - derived_from: tosca.datatypes.Root - version: 1.0.0 - properties: - entity: - type: string - required: true - description: The resource - permission: - type: string - required: true - description: The permission level - constraints: - - valid_values: [read, write, delete] diff --git a/docs/xacml/tutorial/app/src/test/resources/xacml.properties b/docs/xacml/tutorial/app/src/test/resources/xacml.properties deleted file mode 100644 index 277b098e..00000000 --- a/docs/xacml/tutorial/app/src/test/resources/xacml.properties +++ /dev/null @@ -1,31 +0,0 @@ -# -# Properties that the embedded PDP engine uses to configure and load -# -# Standard API Factories -# -xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory -xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory -xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory -xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory -xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory -# -# AT&T PDP Implementation Factories -# -xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory -xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory -xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory -# -# ONAP PDP Implementation Factories -# -xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory - -# -# Use a root combining algorithm -# -xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides - -# -# Policies to load -# -xacml.rootPolicies= -xacml.referencedPolicies=
\ No newline at end of file |