aboutsummaryrefslogtreecommitdiffstats
path: root/docs/xacml/tutorial
diff options
context:
space:
mode:
Diffstat (limited to 'docs/xacml/tutorial')
-rw-r--r--docs/xacml/tutorial/PolicyApplicationTutorial.postman_collection.json723
-rw-r--r--docs/xacml/tutorial/app/pom.xml58
-rw-r--r--docs/xacml/tutorial/app/src/main/docker/Dockerfile7
-rw-r--r--docs/xacml/tutorial/app/src/main/docker/README.txt36
-rw-r--r--docs/xacml/tutorial/app/src/main/docker/config/db/db.conf20
-rw-r--r--docs/xacml/tutorial/app/src/main/docker/config/db/db.sh26
-rw-r--r--docs/xacml/tutorial/app/src/main/docker/docker-compose.yml102
-rw-r--r--docs/xacml/tutorial/app/src/main/docker/xacml.properties (renamed from docs/xacml/tutorial/tutorial-xacml.properties)2
-rw-r--r--docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java2
-rw-r--r--docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java27
-rw-r--r--docs/xacml/tutorial/app/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java12
-rw-r--r--docs/xacml/tutorial/app/src/test/resources/tutorial-decision-request.json2
-rw-r--r--docs/xacml/tutorial/app/src/test/resources/tutorial-policy-type.yaml28
-rw-r--r--docs/xacml/tutorial/tutorial-decision-request.json12
-rw-r--r--docs/xacml/tutorial/tutorial-policies.yaml30
-rw-r--r--docs/xacml/tutorial/tutorial-policy-type.yaml34
-rw-r--r--docs/xacml/tutorial/tutorial.tarbin0 -> 9949 bytes
17 files changed, 1010 insertions, 111 deletions
diff --git a/docs/xacml/tutorial/PolicyApplicationTutorial.postman_collection.json b/docs/xacml/tutorial/PolicyApplicationTutorial.postman_collection.json
new file mode 100644
index 00000000..23aa0eb8
--- /dev/null
+++ b/docs/xacml/tutorial/PolicyApplicationTutorial.postman_collection.json
@@ -0,0 +1,723 @@
+{
+ "info": {
+ "_postman_id": "20eb42db-f0a7-4b65-8ccd-c3a5f56cb526",
+ "name": "Policy Application Tutorial",
+ "description": "Collection of Postman API calls to support the Policy Enforcement Tutorial",
+ "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
+ },
+ "item": [
+ {
+ "name": "Api Healthcheck",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-API-URL}}/policy/api/v1/healthcheck",
+ "host": [
+ "{{POLICY-API-URL}}"
+ ],
+ "path": [
+ "policy",
+ "api",
+ "v1",
+ "healthcheck"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Create Authorization Policy Type",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/yaml"
+ },
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/yaml"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "tosca_definitions_version: tosca_simple_yaml_1_1_0\npolicy_types:\n onap.policies.Authorization:\n derived_from: tosca.policies.Root\n version: 1.0.0\n description: Example tutorial policy type for doing user authorization\n properties:\n user:\n type: string\n required: true\n description: The unique user name\n permissions:\n type: list\n required: true\n description: A list of resource permissions\n entry_schema:\n type: onap.datatypes.Tutorial\ndata_types:\n onap.datatypes.Tutorial:\n derived_from: tosca.datatypes.Root\n version: 1.0.0\n properties:\n entity:\n type: string\n required: true\n description: The resource\n permission:\n type: string\n required: true\n description: The permission level\n constraints:\n - valid_values: [read, write, delete]\n",
+ "options": {
+ "raw": {
+ "language": "text"
+ }
+ }
+ },
+ "url": {
+ "raw": "{{POLICY-API-URL}}/policy/api/v1/policytypes",
+ "host": [
+ "{{POLICY-API-URL}}"
+ ],
+ "path": [
+ "policy",
+ "api",
+ "v1",
+ "policytypes"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Create policies",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/yaml"
+ },
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/yaml"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "tosca_definitions_version: tosca_simple_yaml_1_1_0\ntopology_template:\n policies:\n -\n onap.policy.tutorial.demo:\n type: onap.policies.Authorization\n type_version: 1.0.0\n version: 1.0.0\n metadata:\n policy-id: onap.policy.tutorial.demo\n policy-version: 1\n properties:\n user: demo\n permissions:\n -\n entity: foo\n permission: read\n -\n entity: foo\n permission: write\n -\n onap.policy.tutorial.audit:\n type: onap.policies.Authorization\n version: 1.0.0\n type_version: 1.0.0\n metadata:\n policy-id: onap.policy.tutorial.bar\n policy-version: 1\n properties:\n user: audit\n permissions:\n -\n entity: foo\n permission: read\n",
+ "options": {
+ "raw": {
+ "language": "text"
+ }
+ }
+ },
+ "url": {
+ "raw": "{{POLICY-API-URL}}/policy/api/v1/policytypes/onap.policies.Authorization/versions/1.0.0/policies",
+ "host": [
+ "{{POLICY-API-URL}}"
+ ],
+ "path": [
+ "policy",
+ "api",
+ "v1",
+ "policytypes",
+ "onap.policies.Authorization",
+ "versions",
+ "1.0.0",
+ "policies"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "PAP Healthcheck",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/healthcheck",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "healthcheck"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "PAP Get PDPs",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "PdpGroup State Change PASSIVE",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "PUT",
+ "header": [
+ {
+ "key": "Content-Type",
+ "value": "application/json",
+ "type": "text"
+ },
+ {
+ "key": "Accept",
+ "value": "application/json",
+ "type": "text"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/groups/defaultGroup?state=PASSIVE",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps",
+ "groups",
+ "defaultGroup"
+ ],
+ "query": [
+ {
+ "key": "state",
+ "value": "PASSIVE"
+ }
+ ]
+ },
+ "description": "This is an API to change the current state of a PdpGroup (example - \"defaultGroup\") resulting in changing state of all the PDP instances registered with the PdpGroup. As of now, the allowed states are ACTIVE and PASSIVE."
+ },
+ "response": []
+ },
+ {
+ "name": "Delete PdpGroup",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "DELETE",
+ "header": [
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/groups/defaultGroup",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps",
+ "groups",
+ "defaultGroup"
+ ]
+ },
+ "description": "This is an API to delete a specific PdpGroup (example - \"SampleGroup\") currently available in Policy DB, resulting in removing all the PDP instances registered with the group."
+ },
+ "response": []
+ },
+ {
+ "name": "Create/Update PdpGroup",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "{\n \"groups\": [\n {\n \"name\": \"defaultGroup\",\n \"pdpGroupState\": \"ACTIVE\",\n \"properties\": {},\n \"pdpSubgroups\": [\n {\n \"pdpType\": \"xacml\",\n \"desiredInstanceCount\": 1,\n \"properties\": {},\n \"supportedPolicyTypes\": [\n {\n \"name\": \"onap.policies.Authorization\",\n \"version\": \"1.0.0\"\n }\n ],\n \"policies\": []\n }\n ]\n }\n ]\n}"
+ },
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/groups/batch",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps",
+ "groups",
+ "batch"
+ ]
+ },
+ "description": "This is a generic API to create/update PdpGroups in Policy DB. However, the supportedPolicyTypes field of PdpSubGroup cannot be changed once created."
+ },
+ "response": []
+ },
+ {
+ "name": "Simple Deploy Policy - onap.policy.tutorial.demo",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "{\r\n \"policies\" : [\r\n {\r\n \"policy-id\": \"onap.policy.tutorial.demo\",\r\n \"policy-version\": \"1.0.0\"\r\n },\r\n {\r\n \"policy-id\": \"onap.policy.tutorial.audit\",\r\n \"policy-version\": \"1.0.0\"\r\n }\r\n ]\r\n}"
+ },
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/policies",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps",
+ "policies"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Dmaap Simulator - Policy Update Notification",
+ "protocolProfileBehavior": {
+ "disableBodyPruning": true
+ },
+ "request": {
+ "auth": {
+ "type": "noauth"
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": ""
+ },
+ "url": {
+ "raw": "{{DMAAP-URL}}/events/POLICY-NOTIFICATION/group/id?timeout=5000",
+ "host": [
+ "{{DMAAP-URL}}"
+ ],
+ "path": [
+ "events",
+ "POLICY-NOTIFICATION",
+ "group",
+ "id"
+ ],
+ "query": [
+ {
+ "key": "timeout",
+ "value": "5000"
+ }
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Xacml Healthcheck",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-XACML-URL}}/policy/pdpx/v1/healthcheck",
+ "host": [
+ "{{POLICY-XACML-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pdpx",
+ "v1",
+ "healthcheck"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Xacml Statistics",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-XACML-URL}}/policy/pdpx/v1/statistics",
+ "host": [
+ "{{POLICY-XACML-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pdpx",
+ "v1",
+ "statistics"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Xacml Decision - Authorization policy-type",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "{\n \"ONAPName\": \"TutorialPEP\",\n \"ONAPComponent\": \"TutorialPEPComponent\",\n \"ONAPInstance\": \"TutorialPEPInstance\",\n \"requestId\": \"unique-request-id-tutorial\",\n \"action\": \"authorize\",\n \"resource\": {\n \"user\": \"audit\",\n \"entity\": \"foo\",\n \"permission\" : \"read\"\n }\n}"
+ },
+ "url": {
+ "raw": "{{POLICY-XACML-URL}}/policy/pdpx/v1/decision",
+ "host": [
+ "{{POLICY-XACML-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pdpx",
+ "v1",
+ "decision"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Simple Undeploy Policy",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "DELETE",
+ "header": [
+ {
+ "key": "Accept",
+ "value": "application/json",
+ "type": "text"
+ },
+ {
+ "key": "Content-Type",
+ "value": "application/json",
+ "type": "text"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/policies/onap.policy.tutorial.demo",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps",
+ "policies",
+ "onap.policy.tutorial.demo"
+ ]
+ }
+ },
+ "response": []
+ }
+ ],
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "",
+ "type": "string"
+ }
+ ]
+ },
+ "protocolProfileBehavior": {}
+} \ No newline at end of file
diff --git a/docs/xacml/tutorial/app/pom.xml b/docs/xacml/tutorial/app/pom.xml
index f8afc552..380ee512 100644
--- a/docs/xacml/tutorial/app/pom.xml
+++ b/docs/xacml/tutorial/app/pom.xml
@@ -1,3 +1,23 @@
+<!--
+ ============LICENSE_START=======================================================
+ ONAP Policy Engine - XACML Application Tutorial
+ ================================================================================
+ Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
@@ -33,6 +53,7 @@
<scope>test</scope>
</dependency>
</dependencies>
+
<build>
<plugins>
<plugin>
@@ -43,6 +64,43 @@
<release>11</release>
</configuration>
</plugin>
+ <plugin>
+ <groupId>io.fabric8</groupId>
+ <artifactId>docker-maven-plugin</artifactId>
+ <version>0.33.0</version>
+ <configuration>
+ <verbose>true</verbose>
+ <images>
+ <image>
+ <name>onap/policy-xacml-tutorial</name>
+ <alias>xacml-pdp</alias>
+ <build>
+ <contextDir>${project.basedir}/src/main/docker</contextDir>
+ <assembly>
+ <descriptorRef>artifact-with-dependencies</descriptorRef>
+ </assembly>
+ </build>
+ </image>
+ </images>
+ </configuration>
+ <executions>
+ <execution>
+ <id>clean-images</id>
+ <phase>pre-clean</phase>
+ <goals>
+ <goal>remove</goal>
+ </goals>
+ </execution>
+
+ <execution>
+ <id>generate-images</id>
+ <phase>package</phase>
+ <goals>
+ <goal>build</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
</build>
</project>
diff --git a/docs/xacml/tutorial/app/src/main/docker/Dockerfile b/docs/xacml/tutorial/app/src/main/docker/Dockerfile
new file mode 100644
index 00000000..639e94fb
--- /dev/null
+++ b/docs/xacml/tutorial/app/src/main/docker/Dockerfile
@@ -0,0 +1,7 @@
+FROM onap/policy-xacml-pdp:2.2.2
+
+ADD maven/${project.build.finalName}.jar /opt/app/policy/pdpx/lib/${project.build.finalName}.jar
+
+RUN mkdir -p /opt/app/policy/pdpx/apps/tutorial
+
+COPY --chown=policy:policy xacml.properties /opt/app/policy/pdpx/apps/tutorial \ No newline at end of file
diff --git a/docs/xacml/tutorial/app/src/main/docker/README.txt b/docs/xacml/tutorial/app/src/main/docker/README.txt
new file mode 100644
index 00000000..a29a44b2
--- /dev/null
+++ b/docs/xacml/tutorial/app/src/main/docker/README.txt
@@ -0,0 +1,36 @@
+docker-compose -f docker-compose.yml run --rm start_dependencies
+
+docker-compose -f docker-compose.yml run --rm start_all
+
+
+curl -X POST http://0.0.0.0:3904/events/POLICY-PDP-PAP
+
+Should return JSON similar to this:
+{"serverTimeMs":0,"count":0}
+
+
+curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6969/policy/pdpx/v1/healthcheck'
+
+Should return JSON similar to this:
+{"name":"Policy Xacml PDP","url":"self","healthy":true,"code":200,"message":"alive"}
+
+
+curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6767/policy/api/v1/healthcheck'
+Should return JSON similar to this:
+{
+ "name": "Policy API",
+ "url": "policy-api",
+ "healthy": true,
+ "code": 200,
+ "message": "alive"
+}
+
+curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6868/policy/pap/v1/healthcheck'
+Should return JSON similar to this:
+{
+ "name": "Policy PAP",
+ "url": "policy-pap",
+ "healthy": true,
+ "code": 200,
+ "message": "alive"
+} \ No newline at end of file
diff --git a/docs/xacml/tutorial/app/src/main/docker/config/db/db.conf b/docs/xacml/tutorial/app/src/main/docker/config/db/db.conf
new file mode 100644
index 00000000..42f35844
--- /dev/null
+++ b/docs/xacml/tutorial/app/src/main/docker/config/db/db.conf
@@ -0,0 +1,20 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+MYSQL_ROOT_PASSWORD=secret
+MYSQL_USER=policy_user
+MYSQL_PASSWORD=policy_user \ No newline at end of file
diff --git a/docs/xacml/tutorial/app/src/main/docker/config/db/db.sh b/docs/xacml/tutorial/app/src/main/docker/config/db/db.sh
new file mode 100644
index 00000000..499764df
--- /dev/null
+++ b/docs/xacml/tutorial/app/src/main/docker/config/db/db.sh
@@ -0,0 +1,26 @@
+#!/bin/bash -xv
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+for db in policyadmin operationshistory
+do
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
+done
+
+mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
diff --git a/docs/xacml/tutorial/app/src/main/docker/docker-compose.yml b/docs/xacml/tutorial/app/src/main/docker/docker-compose.yml
new file mode 100644
index 00000000..b65098c1
--- /dev/null
+++ b/docs/xacml/tutorial/app/src/main/docker/docker-compose.yml
@@ -0,0 +1,102 @@
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+version: '2'
+services:
+ mariadb:
+ image: mariadb:10.2.14
+ container_name: mariadb
+ hostname: mariadb
+ command: ['--lower-case-table-names=1', '--wait_timeout=28800']
+ env_file: config/db/db.conf
+ volumes:
+ - ./config/db:/docker-entrypoint-initdb.d
+ expose:
+ - 3306
+ message-router:
+ image: dmaap/simulator
+ container_name: dmaap-simulator
+ hostname: dmaap-simulator
+ ports:
+ - "3904:3904"
+ expose:
+ - 3904
+ api:
+ image: nexus3.onap.org:10001/onap/policy-api:2.2.4
+ container_name: policy-api
+ depends_on:
+ - mariadb
+ hostname: policy-api
+ ports:
+ - "6767:6969"
+ expose:
+ - 6767
+ pap:
+ image: nexus3.onap.org:10001/onap/policy-pap:2.2.3
+ container_name: policy-pap
+ depends_on:
+ - mariadb
+ - message-router
+ - api
+ hostname: policy-pap
+ ports:
+ - "6868:6969"
+ expose:
+ - 6868
+ xacml-pdp:
+ image: onap/policy-xacml-tutorial
+ container_name: policy-xacml-pdp
+ depends_on:
+ - mariadb
+ - message-router
+ - api
+ - pap
+ hostname: policy-xacml-pdp
+ ports:
+ - "6969:6969"
+ expose:
+ - 6969
+ start_dependencies:
+ image: dadarek/wait-for-dependencies
+ environment:
+ TIMEOUT_LENGTH: 60
+ container_name: policy-wait
+ depends_on:
+ - mariadb
+ - message-router
+ hostname: policy-wait
+ command:
+ mariadb:3306
+ message-router:3904
+ start_all:
+ image: dadarek/wait-for-dependencies
+ environment:
+ TIMEOUT_LENGTH: 60
+ container_name: policy-wait-all
+ depends_on:
+ - mariadb
+ - message-router
+ - api
+ - pap
+ - xacml-pdp
+ hostname: policy-wait-all
+ command:
+ mariadb:3306
+ message-router:3904
+ api:6969
+ pap:6969
+ xacml-pdp:6969
diff --git a/docs/xacml/tutorial/tutorial-xacml.properties b/docs/xacml/tutorial/app/src/main/docker/xacml.properties
index e10ad63f..277b098e 100644
--- a/docs/xacml/tutorial/tutorial-xacml.properties
+++ b/docs/xacml/tutorial/app/src/main/docker/xacml.properties
@@ -28,4 +28,4 @@ xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:p
# Policies to load
#
xacml.rootPolicies=
-xacml.referencedPolicies=
+xacml.referencedPolicies= \ No newline at end of file
diff --git a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java
index 7f0c2b99..5727f1c1 100644
--- a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java
+++ b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java
@@ -26,7 +26,7 @@ import org.onap.policy.pdp.xacml.application.common.std.StdXacmlApplicationServi
public class TutorialApplication extends StdXacmlApplicationServiceProvider {
- private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier();
+ private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier("onap.policies.Authorization", "1.0.0");
private final TutorialTranslator translator = new TutorialTranslator();
@Override
diff --git a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java
index 1dd6186e..600c6214 100644
--- a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java
+++ b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java
@@ -48,10 +48,10 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
private static final Identifier ID_TUTORIAL_USER = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user");
private static final Identifier ID_TUTORIAL_ENTITY =
new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-entity");
- private static final Identifier ID_TUTORIAL_PERM = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-perm");
+ private static final Identifier ID_TUTORIAL_PERM = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-permission");
@SuppressWarnings("unchecked")
- public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
+ public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
//
// Here is our policy with a version and default combining algo
//
@@ -74,7 +74,7 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
// For simplicity, let's just match on the action "authorize" and the user
//
MatchType matchAction = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL,
- "authorize", XACML3.ID_DATATYPE_STRING, XACML3.ID_ACTION, XACML3.ID_ATTRIBUTE_CATEGORY_ACTION);
+ "authorize", XACML3.ID_DATATYPE_STRING, XACML3.ID_ACTION_ACTION_ID, XACML3.ID_ATTRIBUTE_CATEGORY_ACTION);
Map<String, Object> props = toscaPolicy.getProperties();
String user = props.get("user").toString();
MatchType matchUser = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL, user,
@@ -83,14 +83,14 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
//
// Create AllOf (AND) of just Policy Id
//
- anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchAction));
- anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchUser));
+ anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchAction, matchUser));
TargetType target = new TargetType();
target.getAnyOf().add(anyOf);
newPolicyType.setTarget(target);
//
// Now add the rule for each permission
//
+ int ruleNumber = 0;
List<Object> permissions = (List<Object>) props.get("permissions");
for (Object permission : permissions) {
@@ -102,18 +102,20 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
XACML3.ID_FUNCTION_STRING_EQUAL, ((Map<String, String>) permission).get("permission"),
XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_PERM, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
anyOf = new AnyOfType();
- anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchEntity));
- anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchPermission));
+ anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchEntity, matchPermission));
target = new TargetType();
target.getAnyOf().add(anyOf);
RuleType rule = new RuleType();
rule.setDescription("Default is to PERMIT if the policy matches.");
- rule.setRuleId(newPolicyType.getPolicyId() + ":rule");
+ rule.setRuleId(newPolicyType.getPolicyId() + ":rule" + ruleNumber);
+
rule.setEffect(EffectType.PERMIT);
rule.setTarget(target);
newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
+
+ ruleNumber++;
}
return newPolicyType;
}
@@ -140,19 +142,12 @@ public class TutorialTranslator implements ToscaPolicyTranslator {
// Just simply return a Permit response
//
decisionResponse.setStatus(Decision.PERMIT.toString());
- }
- if (xacmlResult.getDecision() == Decision.DENY) {
+ } else {
//
// Just simply return a Deny response
//
decisionResponse.setStatus(Decision.DENY.toString());
}
- if (xacmlResult.getDecision() == Decision.NOTAPPLICABLE) {
- //
- // There is no guard policy, so we return a permit
- //
- decisionResponse.setStatus(Decision.PERMIT.toString());
- }
}
return decisionResponse;
diff --git a/docs/xacml/tutorial/app/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java b/docs/xacml/tutorial/app/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java
index 65685236..d20c1b38 100644
--- a/docs/xacml/tutorial/app/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java
+++ b/docs/xacml/tutorial/app/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java
@@ -18,6 +18,8 @@
package org.onap.policy.tutorial.tutorial;
+import static org.junit.Assert.assertEquals;
+
import java.io.File;
import java.io.IOException;
import java.util.Iterator;
@@ -101,10 +103,18 @@ public class TutorialApplicationTest {
.getTextFileAsString("src/test/resources/tutorial-decision-request.json"),
DecisionRequest.class);
//
- // Test a decision
+ // Test a decision - should start with a permit
//
Pair<DecisionResponse, Response> decision = service.makeDecision(decisionRequest, null);
LOGGER.info(decision.getLeft().toString());
+ assertEquals("Permit", decision.getLeft().getStatus());
+ //
+ // This should be a deny
+ //
+ decisionRequest.getResource().put("user", "audit");
+ decision = service.makeDecision(decisionRequest, null);
+ LOGGER.info(decision.getLeft().toString());
+ assertEquals("Deny", decision.getLeft().getStatus());
}
}
diff --git a/docs/xacml/tutorial/app/src/test/resources/tutorial-decision-request.json b/docs/xacml/tutorial/app/src/test/resources/tutorial-decision-request.json
index 8c1ec10c..f3a7f9a2 100644
--- a/docs/xacml/tutorial/app/src/test/resources/tutorial-decision-request.json
+++ b/docs/xacml/tutorial/app/src/test/resources/tutorial-decision-request.json
@@ -7,6 +7,6 @@
"resource": {
"user": "demo",
"entity": "foo",
- "permission" : "read"
+ "permission" : "write"
}
}
diff --git a/docs/xacml/tutorial/app/src/test/resources/tutorial-policy-type.yaml b/docs/xacml/tutorial/app/src/test/resources/tutorial-policy-type.yaml
index c742cf3e..7948bd28 100644
--- a/docs/xacml/tutorial/app/src/test/resources/tutorial-policy-type.yaml
+++ b/docs/xacml/tutorial/app/src/test/resources/tutorial-policy-type.yaml
@@ -1,6 +1,5 @@
tosca_definitions_version: tosca_simple_yaml_1_1_0
policy_types:
- -
onap.policies.Authorization:
derived_from: tosca.policies.Root
version: 1.0.0
@@ -17,18 +16,17 @@ policy_types:
entry_schema:
type: onap.datatypes.Tutorial
data_types:
- -
onap.datatypes.Tutorial:
- derived_from: tosca.datatypes.Root
- version: 1.0.0
- properties:
- entity:
- type: string
- required: true
- description: The resource
- permission:
- type: string
- required: true
- description: The permission level
- constraints:
- - valid_values: [read, write, delete]
+ derived_from: tosca.datatypes.Root
+ version: 1.0.0
+ properties:
+ entity:
+ type: string
+ required: true
+ description: The resource
+ permission:
+ type: string
+ required: true
+ description: The permission level
+ constraints:
+ - valid_values: [read, write, delete]
diff --git a/docs/xacml/tutorial/tutorial-decision-request.json b/docs/xacml/tutorial/tutorial-decision-request.json
deleted file mode 100644
index 8c1ec10c..00000000
--- a/docs/xacml/tutorial/tutorial-decision-request.json
+++ /dev/null
@@ -1,12 +0,0 @@
-{
- "ONAPName": "TutorialPEP",
- "ONAPComponent": "TutorialPEPComponent",
- "ONAPInstance": "TutorialPEPInstance",
- "requestId": "unique-request-id-tutorial",
- "action": "authorize",
- "resource": {
- "user": "demo",
- "entity": "foo",
- "permission" : "read"
- }
-}
diff --git a/docs/xacml/tutorial/tutorial-policies.yaml b/docs/xacml/tutorial/tutorial-policies.yaml
deleted file mode 100644
index 45769ead..00000000
--- a/docs/xacml/tutorial/tutorial-policies.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-tosca_definitions_version: tosca_simple_yaml_1_0_0
-topology_template:
- policies:
- -
- onap.policy.tutorial.demo:
- type: onap.policies.Authorization
- version: 1.0.0
- metadata:
- policy-id: onap.policy.tutorial.demo
- properties:
- user: demo
- permissions:
- -
- entity: foo
- permission: read
- -
- entity: foo
- permission: write
- -
- onap.policy.tutorial.audit:
- type: onap.policies.Authorization
- version: 1.0.0
- metadata:
- policy-id: onap.policy.tutorial.bar
- properties:
- user: audit
- permissions:
- -
- entity: foo
- permission: read
diff --git a/docs/xacml/tutorial/tutorial-policy-type.yaml b/docs/xacml/tutorial/tutorial-policy-type.yaml
deleted file mode 100644
index 181a73c5..00000000
--- a/docs/xacml/tutorial/tutorial-policy-type.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-tosca_definitions_version: tosca_simple_yaml_1_0_0
-policy_types:
- -
- onap.policies.Authorization:
- derived_from: tosca.policies.Root
- version: 1.0.0
- description: Example tutorial policy type for doing user authorization
- properties:
- user:
- type: string
- required: true
- description: The unique user name
- permissions:
- type: list
- required: true
- description: A list of resource permissions
- entry_schema:
- type: onap.datatypes.Tutorial
-data_types:
- -
- onap.datatypes.Tutorial:
- derived_from: tosca.datatypes.Root
- version: 1.0.0
- properties:
- entity:
- type: string
- required: true
- description: The resource
- permission:
- type: string
- required: true
- description: The permission level
- constraints:
- - valid_values: [read, write, delete]
diff --git a/docs/xacml/tutorial/tutorial.tar b/docs/xacml/tutorial/tutorial.tar
new file mode 100644
index 00000000..329041d4
--- /dev/null
+++ b/docs/xacml/tutorial/tutorial.tar
Binary files differ