summaryrefslogtreecommitdiffstats
path: root/docs/xacml/tutorial
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2020-08-07 14:03:31 -0400
committerPamela Dragosh <pdragosh@research.att.com>2020-08-12 14:23:12 -0400
commita242769ab10a570c7452023dcaa59d8ecefccc49 (patch)
treec86b99b8bfb748421fc6bdf34499b27689394a28 /docs/xacml/tutorial
parent078d92c0c0f4d4be3aa8e0b6808380159bd7d9f2 (diff)
Update XACML Tutorial
More code fixes and pointing to src/test/resources artifacts vs separate yaml/json files. Added instructions on how to incorporate as Docker image. Can download the example and import into Eclipse or other tool. Made sure links point to Master branch. Added POSTMAN Collection Issue-ID: POLICY-2565 Change-Id: I65c596b8c89cd87a72660a3d4dfa1085a60a41d2 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com> (cherry picked from commit 82c1a1040666d1ba33b37ae520076eb8b3bbaa41) Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'docs/xacml/tutorial')
-rw-r--r--docs/xacml/tutorial/PolicyApplicationTutorial.postman_collection.json723
-rw-r--r--docs/xacml/tutorial/app/pom.xml58
-rw-r--r--docs/xacml/tutorial/app/src/main/docker/Dockerfile7
-rw-r--r--docs/xacml/tutorial/app/src/main/docker/README.txt36
-rw-r--r--docs/xacml/tutorial/app/src/main/docker/config/db/db.conf20
-rw-r--r--docs/xacml/tutorial/app/src/main/docker/config/db/db.sh26
-rw-r--r--docs/xacml/tutorial/app/src/main/docker/docker-compose.yml102
-rw-r--r--docs/xacml/tutorial/app/src/main/docker/xacml.properties (renamed from docs/xacml/tutorial/tutorial-xacml.properties)2
-rw-r--r--docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java2
-rw-r--r--docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java27
-rw-r--r--docs/xacml/tutorial/app/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java12
-rw-r--r--docs/xacml/tutorial/app/src/test/resources/tutorial-decision-request.json2
-rw-r--r--docs/xacml/tutorial/app/src/test/resources/tutorial-policy-type.yaml28
-rw-r--r--docs/xacml/tutorial/tutorial-decision-request.json12
-rw-r--r--docs/xacml/tutorial/tutorial-policies.yaml30
-rw-r--r--docs/xacml/tutorial/tutorial-policy-type.yaml34
-rw-r--r--docs/xacml/tutorial/tutorial.tarbin0 -> 9949 bytes
17 files changed, 1010 insertions, 111 deletions
diff --git a/docs/xacml/tutorial/PolicyApplicationTutorial.postman_collection.json b/docs/xacml/tutorial/PolicyApplicationTutorial.postman_collection.json
new file mode 100644
index 00000000..23aa0eb8
--- /dev/null
+++ b/docs/xacml/tutorial/PolicyApplicationTutorial.postman_collection.json
@@ -0,0 +1,723 @@
+{
+ "info": {
+ "_postman_id": "20eb42db-f0a7-4b65-8ccd-c3a5f56cb526",
+ "name": "Policy Application Tutorial",
+ "description": "Collection of Postman API calls to support the Policy Enforcement Tutorial",
+ "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
+ },
+ "item": [
+ {
+ "name": "Api Healthcheck",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-API-URL}}/policy/api/v1/healthcheck",
+ "host": [
+ "{{POLICY-API-URL}}"
+ ],
+ "path": [
+ "policy",
+ "api",
+ "v1",
+ "healthcheck"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Create Authorization Policy Type",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/yaml"
+ },
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/yaml"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "tosca_definitions_version: tosca_simple_yaml_1_1_0\npolicy_types:\n onap.policies.Authorization:\n derived_from: tosca.policies.Root\n version: 1.0.0\n description: Example tutorial policy type for doing user authorization\n properties:\n user:\n type: string\n required: true\n description: The unique user name\n permissions:\n type: list\n required: true\n description: A list of resource permissions\n entry_schema:\n type: onap.datatypes.Tutorial\ndata_types:\n onap.datatypes.Tutorial:\n derived_from: tosca.datatypes.Root\n version: 1.0.0\n properties:\n entity:\n type: string\n required: true\n description: The resource\n permission:\n type: string\n required: true\n description: The permission level\n constraints:\n - valid_values: [read, write, delete]\n",
+ "options": {
+ "raw": {
+ "language": "text"
+ }
+ }
+ },
+ "url": {
+ "raw": "{{POLICY-API-URL}}/policy/api/v1/policytypes",
+ "host": [
+ "{{POLICY-API-URL}}"
+ ],
+ "path": [
+ "policy",
+ "api",
+ "v1",
+ "policytypes"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Create policies",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/yaml"
+ },
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/yaml"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "tosca_definitions_version: tosca_simple_yaml_1_1_0\ntopology_template:\n policies:\n -\n onap.policy.tutorial.demo:\n type: onap.policies.Authorization\n type_version: 1.0.0\n version: 1.0.0\n metadata:\n policy-id: onap.policy.tutorial.demo\n policy-version: 1\n properties:\n user: demo\n permissions:\n -\n entity: foo\n permission: read\n -\n entity: foo\n permission: write\n -\n onap.policy.tutorial.audit:\n type: onap.policies.Authorization\n version: 1.0.0\n type_version: 1.0.0\n metadata:\n policy-id: onap.policy.tutorial.bar\n policy-version: 1\n properties:\n user: audit\n permissions:\n -\n entity: foo\n permission: read\n",
+ "options": {
+ "raw": {
+ "language": "text"
+ }
+ }
+ },
+ "url": {
+ "raw": "{{POLICY-API-URL}}/policy/api/v1/policytypes/onap.policies.Authorization/versions/1.0.0/policies",
+ "host": [
+ "{{POLICY-API-URL}}"
+ ],
+ "path": [
+ "policy",
+ "api",
+ "v1",
+ "policytypes",
+ "onap.policies.Authorization",
+ "versions",
+ "1.0.0",
+ "policies"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "PAP Healthcheck",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/healthcheck",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "healthcheck"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "PAP Get PDPs",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "PdpGroup State Change PASSIVE",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "PUT",
+ "header": [
+ {
+ "key": "Content-Type",
+ "value": "application/json",
+ "type": "text"
+ },
+ {
+ "key": "Accept",
+ "value": "application/json",
+ "type": "text"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/groups/defaultGroup?state=PASSIVE",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps",
+ "groups",
+ "defaultGroup"
+ ],
+ "query": [
+ {
+ "key": "state",
+ "value": "PASSIVE"
+ }
+ ]
+ },
+ "description": "This is an API to change the current state of a PdpGroup (example - \"defaultGroup\") resulting in changing state of all the PDP instances registered with the PdpGroup. As of now, the allowed states are ACTIVE and PASSIVE."
+ },
+ "response": []
+ },
+ {
+ "name": "Delete PdpGroup",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "DELETE",
+ "header": [
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/groups/defaultGroup",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps",
+ "groups",
+ "defaultGroup"
+ ]
+ },
+ "description": "This is an API to delete a specific PdpGroup (example - \"SampleGroup\") currently available in Policy DB, resulting in removing all the PDP instances registered with the group."
+ },
+ "response": []
+ },
+ {
+ "name": "Create/Update PdpGroup",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "{\n \"groups\": [\n {\n \"name\": \"defaultGroup\",\n \"pdpGroupState\": \"ACTIVE\",\n \"properties\": {},\n \"pdpSubgroups\": [\n {\n \"pdpType\": \"xacml\",\n \"desiredInstanceCount\": 1,\n \"properties\": {},\n \"supportedPolicyTypes\": [\n {\n \"name\": \"onap.policies.Authorization\",\n \"version\": \"1.0.0\"\n }\n ],\n \"policies\": []\n }\n ]\n }\n ]\n}"
+ },
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/groups/batch",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps",
+ "groups",
+ "batch"
+ ]
+ },
+ "description": "This is a generic API to create/update PdpGroups in Policy DB. However, the supportedPolicyTypes field of PdpSubGroup cannot be changed once created."
+ },
+ "response": []
+ },
+ {
+ "name": "Simple Deploy Policy - onap.policy.tutorial.demo",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "{\r\n \"policies\" : [\r\n {\r\n \"policy-id\": \"onap.policy.tutorial.demo\",\r\n \"policy-version\": \"1.0.0\"\r\n },\r\n {\r\n \"policy-id\": \"onap.policy.tutorial.audit\",\r\n \"policy-version\": \"1.0.0\"\r\n }\r\n ]\r\n}"
+ },
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/policies",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps",
+ "policies"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Dmaap Simulator - Policy Update Notification",
+ "protocolProfileBehavior": {
+ "disableBodyPruning": true
+ },
+ "request": {
+ "auth": {
+ "type": "noauth"
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": ""
+ },
+ "url": {
+ "raw": "{{DMAAP-URL}}/events/POLICY-NOTIFICATION/group/id?timeout=5000",
+ "host": [
+ "{{DMAAP-URL}}"
+ ],
+ "path": [
+ "events",
+ "POLICY-NOTIFICATION",
+ "group",
+ "id"
+ ],
+ "query": [
+ {
+ "key": "timeout",
+ "value": "5000"
+ }
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Xacml Healthcheck",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-XACML-URL}}/policy/pdpx/v1/healthcheck",
+ "host": [
+ "{{POLICY-XACML-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pdpx",
+ "v1",
+ "healthcheck"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Xacml Statistics",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-XACML-URL}}/policy/pdpx/v1/statistics",
+ "host": [
+ "{{POLICY-XACML-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pdpx",
+ "v1",
+ "statistics"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Xacml Decision - Authorization policy-type",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "{\n \"ONAPName\": \"TutorialPEP\",\n \"ONAPComponent\": \"TutorialPEPComponent\",\n \"ONAPInstance\": \"TutorialPEPInstance\",\n \"requestId\": \"unique-request-id-tutorial\",\n \"action\": \"authorize\",\n \"resource\": {\n \"user\": \"audit\",\n \"entity\": \"foo\",\n \"permission\" : \"read\"\n }\n}"
+ },
+ "url": {
+ "raw": "{{POLICY-XACML-URL}}/policy/pdpx/v1/decision",
+ "host": [
+ "{{POLICY-XACML-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pdpx",
+ "v1",
+ "decision"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Simple Undeploy Policy",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "DELETE",
+ "header": [
+ {
+ "key": "Accept",
+ "value": "application/json",
+ "type": "text"
+ },
+ {
+ "key": "Content-Type",
+ "value": "application/json",
+ "type": "text"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/policies/onap.policy.tutorial.demo",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps",
+ "policies",
+ "onap.policy.tutorial.demo"
+ ]
+ }
+ },
+ "response": []
+ }
+ ],
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "",
+ "type": "string"
+ }
+ ]
+ },
+ "protocolProfileBehavior": {}
+} \ No newline at end of file
diff --git a/docs/xacml/tutorial/app/pom.xml b/docs/xacml/tutorial/app/pom.xml
index f8afc552..380ee512 100644
--- a/docs/xacml/tutorial/app/pom.xml
+++ b/docs/xacml/tutorial/app/pom.xml
@@ -1,3 +1,23 @@
+<!--
+ ============LICENSE_START=======================================================
+ ONAP Policy Engine - XACML Application Tutorial
+ ================================================================================
+ Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
@@ -33,6 +53,7 @@
<scope>test</scope>
</dependency>
</dependencies>
+
<build>
<plugins>
<plugin>
@@ -43,6 +64,43 @@
<release>11</release>
</configuration>
</plugin>
+ <plugin>
+ <groupId>io.fabric8</groupId>
+ <artifactId>docker-maven-plugin</artifactId>
+ <version>0.33.0</version>
+ <configuration>
+ <verbose>true</verbose>
+ <images>
+ <image>
+ <name>onap/policy-xacml-tutorial</name>
+ <alias>xacml-pdp</alias>
+ <build>
+ <contextDir>${project.basedir}/src/main/docker</contextDir>
+ <assembly>
+ <descriptorRef>artifact-with-dependencies</descriptorRef>
+ </assembly>
+ </build>
+ </image>
+ </images>
+ </configuration>
+ <executions>
+ <execution>
+ <id>clean-images</id>
+ <phase>pre-clean</phase>
+ <goals>
+ <goal>remove</goal>
+ </goals>
+ </execution>
+
+ <execution>
+ <id>generate-images</id>
+ <phase>package</phase>
+ <goals>
+ <goal>build</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
</build>
</project>
diff --git a/docs/xacml/tutorial/app/src/main/docker/Dockerfile b/docs/xacml/tutorial/app/src/main/docker/Dockerfile
new file mode 100644
index 00000000..639e94fb
--- /dev/null
+++ b/docs/xacml/tutorial/app/src/main/docker/Dockerfile
@@ -0,0 +1,7 @@
+FROM onap/policy-xacml-pdp:2.2.2
+
+ADD maven/${project.build.finalName}.jar /opt/app/policy/pdpx/lib/${project.build.finalName}.jar
+
+RUN mkdir -p /opt/app/policy/pdpx/apps/tutorial
+
+COPY --chown=policy:policy xacml.properties /opt/app/policy/pdpx/apps/tutorial \ No newline at end of file
diff --git a/docs/xacml/tutorial/app/src/main/docker/README.txt b/docs/xacml/tutorial/app/src/main/docker/README.txt
new file mode 100644
index 00000000..a29a44b2
--- /dev/null
+++ b/docs/xacml/tutorial/app/src/main/docker/README.txt
@@ -0,0 +1,36 @@
+docker-compose -f docker-compose.yml run --rm start_dependencies
+
+docker-compose -f docker-compose.yml run --rm start_all
+
+
+curl -X POST http://0.0.0.0:3904/events/POLICY-PDP-PAP
+
+Should return JSON similar to this:
+{"serverTimeMs":0,"count":0}
+
+
+curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6969/policy/pdpx/v1/healthcheck'
+
+Should return JSON similar to this:
+{"name":"Policy Xacml PDP","url":"self","healthy":true,"code":200,"message":"alive"}
+
+
+curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6767/policy/api/v1/healthcheck'
+Should return JSON similar to this:
+{
+ "name": "Policy API",
+ "url": "policy-api",
+ "healthy": true,
+ "code": 200,
+ "message": "alive"
+}
+
+curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6868/policy/pap/v1/healthcheck'
+Should return JSON similar to this:
+{
+ "name": "Policy PAP",
+ "url": "policy-pap",
+ "healthy": true,
+ "code": 200,
+ "message": "alive"
+} \ No newline at end of file
diff --git a/docs/xacml/tutorial/app/src/main/docker/config/db/db.conf b/docs/xacml/tutorial/app/src/main/docker/config/db/db.conf
new file mode 100644
index 00000000..42f35844
--- /dev/null
+++ b/docs/xacml/tutorial/app/src/main/docker/config/db/db.conf
@@ -0,0 +1,20 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+MYSQL_ROOT_PASSWORD=secret
+MYSQL_USER=policy_user
+MYSQL_PASSWORD=policy_user \ No newline at end of file
diff --git a/docs/xacml/tutorial/app/src/main/docker/config/db/db.sh b/docs/xacml/tutorial/app/src/main/docker/config/db/db.sh
new file mode 100644
index 00000000..499764df
--- /dev/null
+++ b/docs/xacml/tutorial/app/src/main/docker/config/db/db.sh
@@ -0,0 +1,26 @@
+#!/bin/bash -xv
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+for db in policyadmin operationshistory
+do
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
+done
+
+mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
diff --git a/docs/xacml/tutorial/app/src/main/docker/docker-compose.yml b/docs/xacml/tutorial/app/src/main/docker/docker-compose.yml
new file mode 100644
index 00000000..b65098c1
--- /dev/null
+++ b/docs/xacml/tutorial/app/src/main/docker/docker-compose.yml
@@ -0,0 +1,102 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+version: '2'
+services:
+ mariadb:
+ image: mariadb:10.2.14
+ container_name: mariadb
+ hostname: mariadb
+ command: ['--lower-case-table-names=1', '--wait_timeout=28800']
+ env_file: config/db/db.conf
+ volumes:
+ - ./config/db:/docker-entrypoint-initdb.d
+ expose:
+ - 3306
+ message-router:
+ image: dmaap/simulator
+ container_name: dmaap-simulator
+ hostname: dmaap-simulator
+ ports:
+ - "3904:3904"
+ expose:
+ - 3904
+ api:
+ image: nexus3.onap.org:10001/onap/policy-api:2.2.4
+ container_name: policy-api
+ depends_on:
+ - mariadb
+ hostname: policy-api
+ ports:
+ - "6767:6969"
+ expose:
+ - 6767
+ pap:
+ image: nexus3.onap.org:10001/onap/policy-pap:2.2.3
+ container_name: policy-pap
+ depends_on:
+ - mariadb
+ - message-router
+ - api
+ hostname: policy-pap
+ ports:
+ - "6868:6969"
+ expose:
+ - 6868
+ xacml-pdp:
+ image: onap/policy-xacml-tutorial
+ container_name: policy-xacml-pdp
+ depends_on:
+ - mariadb
+ - message-router
+ - api
+ - pap
+ hostname: policy-xacml-pdp
+ ports:
+ - "6969:6969"
+ expose:
+ - 6969
+ start_dependencies:
+ image: dadarek/wait-for-dependencies
+ environment:
+ TIMEOUT_LENGTH: 60
+ container_name: policy-wait
+ depends_on:
+ - mariadb
+ - message-router
+ hostname: policy-wait
+ command:
+ mariadb:3306
+ message-router:3904
+ start_all:
+ image: dadarek/wait-for-dependencies
+ environment:
+ TIMEOUT_LENGTH: 60
+ container_name: policy-wait-all
+ depends_on:
+ - mariadb
+ - message-router
+ - api
+ - pap
+ - xacml-pdp
+ hostname: policy-wait-all
+ command:
+ mariadb:3306
+ message-router:3904
+ api:6969
+ pap:6969
+ xacml-pdp:6969
diff --git a/docs/xacml/tutorial/tutorial-xacml.properties b/docs/xacml/tutorial/app/src/main/docker/xacml.properties
index e10ad63f..277b098e 100644
--- a/docs/xacml/tutorial/tutorial-xacml.properties
+++ b/docs/xacml/tutorial/app/src/main/docker/xacml.properties
@@ -28,4 +28,4 @@ xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:p
# Policies to load
#
xacml.rootPolicies=
-xacml.referencedPolicies=
+xacml.referencedPolicies= \ No newline at end of file
diff --git a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java
index 7f0c2b99..5727f1c1 100644
--- a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java
+++ b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java
@@ -26,7 +26,7 @@ import org.onap.policy.pdp.xacml.application.common.std.StdXacmlApplicationServi
public class TutorialApplication extends StdXacmlApplicationServiceProvider {
- private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier();
+ private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier("onap.policies.Authorization", "1.0.0");
private final TutorialTranslator translator = new TutorialTranslator();
@Override
diff --git a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java
index 1dd6186e..600c6214 100644
--- a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java
+++ b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java
@@ -48,10 +48,10 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
private static final Identifier ID_TUTORIAL_USER = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user");
private static final Identifier ID_TUTORIAL_ENTITY =
new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-entity");
- private static final Identifier ID_TUTORIAL_PERM = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-perm");
+ private static final Identifier ID_TUTORIAL_PERM = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-permission");
@SuppressWarnings("unchecked")
- public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
+ public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
//
// Here is our policy with a version and default combining algo
//
@@ -74,7 +74,7 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
// For simplicity, let's just match on the action "authorize" and the user
//
MatchType matchAction = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL,
- "authorize", XACML3.ID_DATATYPE_STRING, XACML3.ID_ACTION, XACML3.ID_ATTRIBUTE_CATEGORY_ACTION);
+ "authorize", XACML3.ID_DATATYPE_STRING, XACML3.ID_ACTION_ACTION_ID, XACML3.ID_ATTRIBUTE_CATEGORY_ACTION);
Map<String, Object> props = toscaPolicy.getProperties();
String user = props.get("user").toString();
MatchType matchUser = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL, user,
@@ -83,14 +83,14 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
//
// Create AllOf (AND) of just Policy Id
//
- anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchAction));
- anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchUser));
+ anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchAction, matchUser));
TargetType target = new TargetType();
target.getAnyOf().add(anyOf);
newPolicyType.setTarget(target);
//
// Now add the rule for each permission
//
+ int ruleNumber = 0;
List<Object> permissions = (List<Object>) props.get("permissions");
for (Object permission : permissions) {
@@ -102,18 +102,20 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
XACML3.ID_FUNCTION_STRING_EQUAL, ((Map<String, String>) permission).get("permission"),
XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_PERM, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
anyOf = new AnyOfType();
- anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchEntity));
- anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPermission));
+ anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchEntity, matchPermission));
target = new TargetType();
target.getAnyOf().add(anyOf);
RuleType rule = new RuleType();
rule.setDescription("Default is to PERMIT if the policy matches.");
- rule.setRuleId(newPolicyType.getPolicyId() + ":rule");
+ rule.setRuleId(newPolicyType.getPolicyId() + ":rule" + ruleNumber);
+
rule.setEffect(EffectType.PERMIT);
rule.setTarget(target);
newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
+
+ ruleNumber++;
}
return newPolicyType;
}
@@ -140,19 +142,12 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
// Just simply return a Permit response
//
decisionResponse.setStatus(Decision.PERMIT.toString());
- }
- if (xacmlResult.getDecision() == Decision.DENY) {
+ } else {
//
// Just simply return a Deny response
//
decisionResponse.setStatus(Decision.DENY.toString());
}
- if (xacmlResult.getDecision() == Decision.NOTAPPLICABLE) {
- //
- // There is no guard policy, so we return a permit
- //
- decisionResponse.setStatus(Decision.PERMIT.toString());
- }
}
return decisionResponse;
diff --git a/docs/xacml/tutorial/app/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java b/docs/xacml/tutorial/app/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java
index 65685236..d20c1b38 100644
--- a/docs/xacml/tutorial/app/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java
+++ b/docs/xacml/tutorial/app/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java
@@ -18,6 +18,8 @@
package org.onap.policy.tutorial.tutorial;
+import static org.junit.Assert.assertEquals;
+
import java.io.File;
import java.io.IOException;
import java.util.Iterator;
@@ -101,10 +103,18 @@ public class TutorialApplicationTest {
.getTextFileAsString("src/test/resources/tutorial-decision-request.json"),
DecisionRequest.class);
//
- // Test a decision
+ // Test a decision - should start with a permit
//
Pair<DecisionResponse, Response> decision = service.makeDecision(decisionRequest, null);
LOGGER.info(decision.getLeft().toString());
+ assertEquals("Permit", decision.getLeft().getStatus());
+ //
+ // This should be a deny
+ //
+ decisionRequest.getResource().put("user", "audit");
+ decision = service.makeDecision(decisionRequest, null);
+ LOGGER.info(decision.getLeft().toString());
+ assertEquals("Deny", decision.getLeft().getStatus());
}
}
diff --git a/docs/xacml/tutorial/app/src/test/resources/tutorial-decision-request.json b/docs/xacml/tutorial/app/src/test/resources/tutorial-decision-request.json
index 8c1ec10c..f3a7f9a2 100644
--- a/docs/xacml/tutorial/app/src/test/resources/tutorial-decision-request.json
+++ b/docs/xacml/tutorial/app/src/test/resources/tutorial-decision-request.json
@@ -7,6 +7,6 @@
"resource": {
"user": "demo",
"entity": "foo",
- "permission" : "read"
+ "permission" : "write"
}
}
diff --git a/docs/xacml/tutorial/app/src/test/resources/tutorial-policy-type.yaml b/docs/xacml/tutorial/app/src/test/resources/tutorial-policy-type.yaml
index c742cf3e..7948bd28 100644
--- a/docs/xacml/tutorial/app/src/test/resources/tutorial-policy-type.yaml
+++ b/docs/xacml/tutorial/app/src/test/resources/tutorial-policy-type.yaml
@@ -1,6 +1,5 @@
tosca_definitions_version: tosca_simple_yaml_1_1_0
policy_types:
- -
onap.policies.Authorization:
derived_from: tosca.policies.Root
version: 1.0.0
@@ -17,18 +16,17 @@ policy_types:
entry_schema:
type: onap.datatypes.Tutorial
data_types:
- -
onap.datatypes.Tutorial:
- derived_from: tosca.datatypes.Root
- version: 1.0.0
- properties:
- entity:
- type: string
- required: true
- description: The resource
- permission:
- type: string
- required: true
- description: The permission level
- constraints:
- - valid_values: [read, write, delete]
+ derived_from: tosca.datatypes.Root
+ version: 1.0.0
+ properties:
+ entity:
+ type: string
+ required: true
+ description: The resource
+ permission:
+ type: string
+ required: true
+ description: The permission level
+ constraints:
+ - valid_values: [read, write, delete]
diff --git a/docs/xacml/tutorial/tutorial-decision-request.json b/docs/xacml/tutorial/tutorial-decision-request.json
deleted file mode 100644
index 8c1ec10c..00000000
--- a/docs/xacml/tutorial/tutorial-decision-request.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "ONAPName": "TutorialPEP",
- "ONAPComponent": "TutorialPEPComponent",
- "ONAPInstance": "TutorialPEPInstance",
- "requestId": "unique-request-id-tutorial",
- "action": "authorize",
- "resource": {
- "user": "demo",
- "entity": "foo",
- "permission" : "read"
- }
-}
diff --git a/docs/xacml/tutorial/tutorial-policies.yaml b/docs/xacml/tutorial/tutorial-policies.yaml
deleted file mode 100644
index 45769ead..00000000
--- a/docs/xacml/tutorial/tutorial-policies.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-tosca_definitions_version: tosca_simple_yaml_1_0_0
-topology_template:
- policies:
- -
- onap.policy.tutorial.demo:
- type: onap.policies.Authorization
- version: 1.0.0
- metadata:
- policy-id: onap.policy.tutorial.demo
- properties:
- user: demo
- permissions:
- -
- entity: foo
- permission: read
- -
- entity: foo
- permission: write
- -
- onap.policy.tutorial.audit:
- type: onap.policies.Authorization
- version: 1.0.0
- metadata:
- policy-id: onap.policy.tutorial.bar
- properties:
- user: audit
- permissions:
- -
- entity: foo
- permission: read
diff --git a/docs/xacml/tutorial/tutorial-policy-type.yaml b/docs/xacml/tutorial/tutorial-policy-type.yaml
deleted file mode 100644
index 181a73c5..00000000
--- a/docs/xacml/tutorial/tutorial-policy-type.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-tosca_definitions_version: tosca_simple_yaml_1_0_0
-policy_types:
- -
- onap.policies.Authorization:
- derived_from: tosca.policies.Root
- version: 1.0.0
- description: Example tutorial policy type for doing user authorization
- properties:
- user:
- type: string
- required: true
- description: The unique user name
- permissions:
- type: list
- required: true
- description: A list of resource permissions
- entry_schema:
- type: onap.datatypes.Tutorial
-data_types:
- -
- onap.datatypes.Tutorial:
- derived_from: tosca.datatypes.Root
- version: 1.0.0
- properties:
- entity:
- type: string
- required: true
- description: The resource
- permission:
- type: string
- required: true
- description: The permission level
- constraints:
- - valid_values: [read, write, delete]
diff --git a/docs/xacml/tutorial/tutorial.tar b/docs/xacml/tutorial/tutorial.tar
new file mode 100644
index 00000000..329041d4
--- /dev/null
+++ b/docs/xacml/tutorial/tutorial.tar
Binary files differ