diff options
Diffstat (limited to 'docs/xacml')
28 files changed, 320 insertions, 1623 deletions
diff --git a/docs/xacml/tutorial/PolicyApplicationTutorial.postman_collection.json b/docs/xacml/tutorial/PolicyApplicationTutorial.postman_collection.json deleted file mode 100644 index 23aa0eb8..00000000 --- a/docs/xacml/tutorial/PolicyApplicationTutorial.postman_collection.json +++ /dev/null @@ -1,723 +0,0 @@ -{ - "info": { - "_postman_id": "20eb42db-f0a7-4b65-8ccd-c3a5f56cb526", - "name": "Policy Application Tutorial", - "description": "Collection of Postman API calls to support the Policy Enforcement Tutorial", - "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json" - }, - "item": [ - { - "name": "Api Healthcheck", - "request": { - "auth": { - "type": "basic", - "basic": [ - { - "key": "password", - "value": "zb!XztG34", - "type": "string" - }, - { - "key": "username", - "value": "healthcheck", - "type": "string" - } - ] - }, - "method": "GET", - "header": [ - { - "key": "Content-Type", - "type": "text", - "value": "application/json" - }, - { - "key": "Accept", - "type": "text", - "value": "application/json" - } - ], - "url": { - "raw": "{{POLICY-API-URL}}/policy/api/v1/healthcheck", - "host": [ - "{{POLICY-API-URL}}" - ], - "path": [ - "policy", - "api", - "v1", - "healthcheck" - ] - } - }, - "response": [] - }, - { - "name": "Create Authorization Policy Type", - "request": { - "auth": { - "type": "basic", - "basic": [ - { - "key": "password", - "value": "zb!XztG34", - "type": "string" - }, - { - "key": "username", - "value": "healthcheck", - "type": "string" - } - ] - }, - "method": "POST", - "header": [ - { - "key": "Accept", - "type": "text", - "value": "application/yaml" - }, - { - "key": "Content-Type", - "type": "text", - "value": "application/yaml" - } - ], - "body": { - "mode": "raw", - "raw": "tosca_definitions_version: tosca_simple_yaml_1_1_0\npolicy_types:\n onap.policies.Authorization:\n derived_from: tosca.policies.Root\n version: 1.0.0\n description: Example tutorial policy type for doing user authorization\n properties:\n user:\n type: string\n required: true\n description: The unique user name\n permissions:\n type: list\n required: true\n description: A list of resource permissions\n entry_schema:\n type: onap.datatypes.Tutorial\ndata_types:\n onap.datatypes.Tutorial:\n derived_from: tosca.datatypes.Root\n version: 1.0.0\n properties:\n entity:\n type: string\n required: true\n description: The resource\n permission:\n type: string\n required: true\n description: The permission level\n constraints:\n - valid_values: [read, write, delete]\n", - "options": { - "raw": { - "language": "text" - } - } - }, - "url": { - "raw": "{{POLICY-API-URL}}/policy/api/v1/policytypes", - "host": [ - "{{POLICY-API-URL}}" - ], - "path": [ - "policy", - "api", - "v1", - "policytypes" - ] - } - }, - "response": [] - }, - { - "name": "Create policies", - "request": { - "auth": { - "type": "basic", - "basic": [ - { - "key": "password", - "value": "zb!XztG34", - "type": "string" - }, - { - "key": "username", - "value": "healthcheck", - "type": "string" - } - ] - }, - "method": "POST", - "header": [ - { - "key": "Accept", - "type": "text", - "value": "application/yaml" - }, - { - "key": "Content-Type", - "type": "text", - "value": "application/yaml" - } - ], - "body": { - "mode": "raw", - "raw": "tosca_definitions_version: tosca_simple_yaml_1_1_0\ntopology_template:\n policies:\n -\n onap.policy.tutorial.demo:\n type: onap.policies.Authorization\n type_version: 1.0.0\n version: 1.0.0\n metadata:\n policy-id: onap.policy.tutorial.demo\n policy-version: 1\n properties:\n user: demo\n permissions:\n -\n entity: foo\n permission: read\n -\n entity: foo\n permission: write\n -\n onap.policy.tutorial.audit:\n type: onap.policies.Authorization\n version: 1.0.0\n type_version: 1.0.0\n metadata:\n policy-id: onap.policy.tutorial.bar\n policy-version: 1\n properties:\n user: audit\n permissions:\n -\n entity: foo\n permission: read\n", - "options": { - "raw": { - "language": "text" - } - } - }, - "url": { - "raw": "{{POLICY-API-URL}}/policy/api/v1/policytypes/onap.policies.Authorization/versions/1.0.0/policies", - "host": [ - "{{POLICY-API-URL}}" - ], - "path": [ - "policy", - "api", - "v1", - "policytypes", - "onap.policies.Authorization", - "versions", - "1.0.0", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "PAP Healthcheck", - "request": { - "auth": { - "type": "basic", - "basic": [ - { - "key": "password", - "value": "zb!XztG34", - "type": "string" - }, - { - "key": "username", - "value": "healthcheck", - "type": "string" - } - ] - }, - "method": "GET", - "header": [ - { - "key": "Content-Type", - "type": "text", - "value": "application/json" - }, - { - "key": "Accept", - "type": "text", - "value": "application/json" - } - ], - "url": { - "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/healthcheck", - "host": [ - "{{POLICY-PAP-URL}}" - ], - "path": [ - "policy", - "pap", - "v1", - "healthcheck" - ] - } - }, - "response": [] - }, - { - "name": "PAP Get PDPs", - "request": { - "auth": { - "type": "basic", - "basic": [ - { - "key": "password", - "value": "zb!XztG34", - "type": "string" - }, - { - "key": "username", - "value": "healthcheck", - "type": "string" - } - ] - }, - "method": "GET", - "header": [ - { - "key": "Accept", - "type": "text", - "value": "application/json" - }, - { - "key": "Content-Type", - "type": "text", - "value": "application/json" - } - ], - "url": { - "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps", - "host": [ - "{{POLICY-PAP-URL}}" - ], - "path": [ - "policy", - "pap", - "v1", - "pdps" - ] - } - }, - "response": [] - }, - { - "name": "PdpGroup State Change PASSIVE", - "request": { - "auth": { - "type": "basic", - "basic": [ - { - "key": "password", - "value": "zb!XztG34", - "type": "string" - }, - { - "key": "username", - "value": "healthcheck", - "type": "string" - } - ] - }, - "method": "PUT", - "header": [ - { - "key": "Content-Type", - "value": "application/json", - "type": "text" - }, - { - "key": "Accept", - "value": "application/json", - "type": "text" - } - ], - "url": { - "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/groups/defaultGroup?state=PASSIVE", - "host": [ - "{{POLICY-PAP-URL}}" - ], - "path": [ - "policy", - "pap", - "v1", - "pdps", - "groups", - "defaultGroup" - ], - "query": [ - { - "key": "state", - "value": "PASSIVE" - } - ] - }, - "description": "This is an API to change the current state of a PdpGroup (example - \"defaultGroup\") resulting in changing state of all the PDP instances registered with the PdpGroup. As of now, the allowed states are ACTIVE and PASSIVE." - }, - "response": [] - }, - { - "name": "Delete PdpGroup", - "request": { - "auth": { - "type": "basic", - "basic": [ - { - "key": "password", - "value": "zb!XztG34", - "type": "string" - }, - { - "key": "username", - "value": "healthcheck", - "type": "string" - } - ] - }, - "method": "DELETE", - "header": [ - { - "key": "Accept", - "type": "text", - "value": "application/json" - }, - { - "key": "Content-Type", - "type": "text", - "value": "application/json" - } - ], - "url": { - "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/groups/defaultGroup", - "host": [ - "{{POLICY-PAP-URL}}" - ], - "path": [ - "policy", - "pap", - "v1", - "pdps", - "groups", - "defaultGroup" - ] - }, - "description": "This is an API to delete a specific PdpGroup (example - \"SampleGroup\") currently available in Policy DB, resulting in removing all the PDP instances registered with the group." - }, - "response": [] - }, - { - "name": "Create/Update PdpGroup", - "request": { - "auth": { - "type": "basic", - "basic": [ - { - "key": "password", - "value": "zb!XztG34", - "type": "string" - }, - { - "key": "username", - "value": "healthcheck", - "type": "string" - } - ] - }, - "method": "POST", - "header": [ - { - "key": "Content-Type", - "type": "text", - "value": "application/json" - }, - { - "key": "Accept", - "type": "text", - "value": "application/json" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"groups\": [\n {\n \"name\": \"defaultGroup\",\n \"pdpGroupState\": \"ACTIVE\",\n \"properties\": {},\n \"pdpSubgroups\": [\n {\n \"pdpType\": \"xacml\",\n \"desiredInstanceCount\": 1,\n \"properties\": {},\n \"supportedPolicyTypes\": [\n {\n \"name\": \"onap.policies.Authorization\",\n \"version\": \"1.0.0\"\n }\n ],\n \"policies\": []\n }\n ]\n }\n ]\n}" - }, - "url": { - "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/groups/batch", - "host": [ - "{{POLICY-PAP-URL}}" - ], - "path": [ - "policy", - "pap", - "v1", - "pdps", - "groups", - "batch" - ] - }, - "description": "This is a generic API to create/update PdpGroups in Policy DB. However, the supportedPolicyTypes field of PdpSubGroup cannot be changed once created." - }, - "response": [] - }, - { - "name": "Simple Deploy Policy - onap.policy.tutorial.demo", - "request": { - "auth": { - "type": "basic", - "basic": [ - { - "key": "password", - "value": "zb!XztG34", - "type": "string" - }, - { - "key": "username", - "value": "healthcheck", - "type": "string" - } - ] - }, - "method": "POST", - "header": [ - { - "key": "Content-Type", - "type": "text", - "value": "application/json" - }, - { - "key": "Accept", - "type": "text", - "value": "application/json" - } - ], - "body": { - "mode": "raw", - "raw": "{\r\n \"policies\" : [\r\n {\r\n \"policy-id\": \"onap.policy.tutorial.demo\",\r\n \"policy-version\": \"1.0.0\"\r\n },\r\n {\r\n \"policy-id\": \"onap.policy.tutorial.audit\",\r\n \"policy-version\": \"1.0.0\"\r\n }\r\n ]\r\n}" - }, - "url": { - "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/policies", - "host": [ - "{{POLICY-PAP-URL}}" - ], - "path": [ - "policy", - "pap", - "v1", - "pdps", - "policies" - ] - } - }, - "response": [] - }, - { - "name": "Dmaap Simulator - Policy Update Notification", - "protocolProfileBehavior": { - "disableBodyPruning": true - }, - "request": { - "auth": { - "type": "noauth" - }, - "method": "GET", - "header": [ - { - "key": "Content-Type", - "type": "text", - "value": "application/json" - }, - { - "key": "Accept", - "type": "text", - "value": "application/json" - } - ], - "body": { - "mode": "raw", - "raw": "" - }, - "url": { - "raw": "{{DMAAP-URL}}/events/POLICY-NOTIFICATION/group/id?timeout=5000", - "host": [ - "{{DMAAP-URL}}" - ], - "path": [ - "events", - "POLICY-NOTIFICATION", - "group", - "id" - ], - "query": [ - { - "key": "timeout", - "value": "5000" - } - ] - } - }, - "response": [] - }, - { - "name": "Xacml Healthcheck", - "request": { - "auth": { - "type": "basic", - "basic": [ - { - "key": "password", - "value": "zb!XztG34", - "type": "string" - }, - { - "key": "username", - "value": "healthcheck", - "type": "string" - } - ] - }, - "method": "GET", - "header": [ - { - "key": "Content-Type", - "type": "text", - "value": "application/json" - }, - { - "key": "Accept", - "type": "text", - "value": "application/json" - } - ], - "url": { - "raw": "{{POLICY-XACML-URL}}/policy/pdpx/v1/healthcheck", - "host": [ - "{{POLICY-XACML-URL}}" - ], - "path": [ - "policy", - "pdpx", - "v1", - "healthcheck" - ] - } - }, - "response": [] - }, - { - "name": "Xacml Statistics", - "request": { - "auth": { - "type": "basic", - "basic": [ - { - "key": "password", - "value": "zb!XztG34", - "type": "string" - }, - { - "key": "username", - "value": "healthcheck", - "type": "string" - } - ] - }, - "method": "GET", - "header": [ - { - "key": "Content-Type", - "type": "text", - "value": "application/json" - }, - { - "key": "Accept", - "type": "text", - "value": "application/json" - } - ], - "url": { - "raw": "{{POLICY-XACML-URL}}/policy/pdpx/v1/statistics", - "host": [ - "{{POLICY-XACML-URL}}" - ], - "path": [ - "policy", - "pdpx", - "v1", - "statistics" - ] - } - }, - "response": [] - }, - { - "name": "Xacml Decision - Authorization policy-type", - "request": { - "auth": { - "type": "basic", - "basic": [ - { - "key": "password", - "value": "zb!XztG34", - "type": "string" - }, - { - "key": "username", - "value": "healthcheck", - "type": "string" - } - ] - }, - "method": "POST", - "header": [ - { - "key": "Content-Type", - "type": "text", - "value": "application/json" - }, - { - "key": "Accept", - "type": "text", - "value": "application/json" - } - ], - "body": { - "mode": "raw", - "raw": "{\n \"ONAPName\": \"TutorialPEP\",\n \"ONAPComponent\": \"TutorialPEPComponent\",\n \"ONAPInstance\": \"TutorialPEPInstance\",\n \"requestId\": \"unique-request-id-tutorial\",\n \"action\": \"authorize\",\n \"resource\": {\n \"user\": \"audit\",\n \"entity\": \"foo\",\n \"permission\" : \"read\"\n }\n}" - }, - "url": { - "raw": "{{POLICY-XACML-URL}}/policy/pdpx/v1/decision", - "host": [ - "{{POLICY-XACML-URL}}" - ], - "path": [ - "policy", - "pdpx", - "v1", - "decision" - ] - } - }, - "response": [] - }, - { - "name": "Simple Undeploy Policy", - "request": { - "auth": { - "type": "basic", - "basic": [ - { - "key": "password", - "value": "zb!XztG34", - "type": "string" - }, - { - "key": "username", - "value": "healthcheck", - "type": "string" - } - ] - }, - "method": "DELETE", - "header": [ - { - "key": "Accept", - "value": "application/json", - "type": "text" - }, - { - "key": "Content-Type", - "value": "application/json", - "type": "text" - } - ], - "url": { - "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/policies/onap.policy.tutorial.demo", - "host": [ - "{{POLICY-PAP-URL}}" - ], - "path": [ - "policy", - "pap", - "v1", - "pdps", - "policies", - "onap.policy.tutorial.demo" - ] - } - }, - "response": [] - } - ], - "auth": { - "type": "basic", - "basic": [ - { - "key": "password", - "value": "", - "type": "string" - }, - { - "key": "username", - "value": "", - "type": "string" - } - ] - }, - "protocolProfileBehavior": {} -}
\ No newline at end of file diff --git a/docs/xacml/tutorial/app/pom.xml b/docs/xacml/tutorial/app/pom.xml deleted file mode 100644 index 380ee512..00000000 --- a/docs/xacml/tutorial/app/pom.xml +++ /dev/null @@ -1,106 +0,0 @@ -<!-- - ============LICENSE_START======================================================= - ONAP Policy Engine - XACML Application Tutorial - ================================================================================ - Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ============LICENSE_END========================================================= - --> - -<project xmlns="http://maven.apache.org/POM/4.0.0" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> - <modelVersion>4.0.0</modelVersion> - - <groupId>org.onap.policy.tutorial</groupId> - <artifactId>tutorial</artifactId> - <version>0.0.1-SNAPSHOT</version> - <packaging>jar</packaging> - - <name>tutorial</name> - - <properties> - <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> - </properties> - - <dependencies> - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <version>4.13</version> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.onap.policy.xacml-pdp.applications</groupId> - <artifactId>common</artifactId> - <version>2.2.2</version> - </dependency> - <dependency> - <groupId>org.onap.policy.xacml-pdp</groupId> - <artifactId>xacml-test</artifactId> - <version>2.2.2</version> - <scope>test</scope> - </dependency> - </dependencies> - - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-compiler-plugin</artifactId> - <version>3.8.0</version> - <configuration> - <release>11</release> - </configuration> - </plugin> - <plugin> - <groupId>io.fabric8</groupId> - <artifactId>docker-maven-plugin</artifactId> - <version>0.33.0</version> - <configuration> - <verbose>true</verbose> - <images> - <image> - <name>onap/policy-xacml-tutorial</name> - <alias>xacml-pdp</alias> - <build> - <contextDir>${project.basedir}/src/main/docker</contextDir> - <assembly> - <descriptorRef>artifact-with-dependencies</descriptorRef> - </assembly> - </build> - </image> - </images> - </configuration> - <executions> - <execution> - <id>clean-images</id> - <phase>pre-clean</phase> - <goals> - <goal>remove</goal> - </goals> - </execution> - - <execution> - <id>generate-images</id> - <phase>package</phase> - <goals> - <goal>build</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - </build> -</project> diff --git a/docs/xacml/tutorial/app/src/main/docker/Dockerfile b/docs/xacml/tutorial/app/src/main/docker/Dockerfile deleted file mode 100644 index 639e94fb..00000000 --- a/docs/xacml/tutorial/app/src/main/docker/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM onap/policy-xacml-pdp:2.2.2 - -ADD maven/${project.build.finalName}.jar /opt/app/policy/pdpx/lib/${project.build.finalName}.jar - -RUN mkdir -p /opt/app/policy/pdpx/apps/tutorial - -COPY --chown=policy:policy xacml.properties /opt/app/policy/pdpx/apps/tutorial
\ No newline at end of file diff --git a/docs/xacml/tutorial/app/src/main/docker/README.txt b/docs/xacml/tutorial/app/src/main/docker/README.txt deleted file mode 100644 index a29a44b2..00000000 --- a/docs/xacml/tutorial/app/src/main/docker/README.txt +++ /dev/null @@ -1,36 +0,0 @@ -docker-compose -f docker-compose.yml run --rm start_dependencies - -docker-compose -f docker-compose.yml run --rm start_all - - -curl -X POST http://0.0.0.0:3904/events/POLICY-PDP-PAP - -Should return JSON similar to this: -{"serverTimeMs":0,"count":0} - - -curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6969/policy/pdpx/v1/healthcheck' - -Should return JSON similar to this: -{"name":"Policy Xacml PDP","url":"self","healthy":true,"code":200,"message":"alive"} - - -curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6767/policy/api/v1/healthcheck' -Should return JSON similar to this: -{ - "name": "Policy API", - "url": "policy-api", - "healthy": true, - "code": 200, - "message": "alive" -} - -curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6868/policy/pap/v1/healthcheck' -Should return JSON similar to this: -{ - "name": "Policy PAP", - "url": "policy-pap", - "healthy": true, - "code": 200, - "message": "alive" -}
\ No newline at end of file diff --git a/docs/xacml/tutorial/app/src/main/docker/config/db/db.conf b/docs/xacml/tutorial/app/src/main/docker/config/db/db.conf deleted file mode 100644 index 42f35844..00000000 --- a/docs/xacml/tutorial/app/src/main/docker/config/db/db.conf +++ /dev/null @@ -1,20 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -MYSQL_ROOT_PASSWORD=secret -MYSQL_USER=policy_user -MYSQL_PASSWORD=policy_user
\ No newline at end of file diff --git a/docs/xacml/tutorial/app/src/main/docker/config/db/db.sh b/docs/xacml/tutorial/app/src/main/docker/config/db/db.sh deleted file mode 100644 index 499764df..00000000 --- a/docs/xacml/tutorial/app/src/main/docker/config/db/db.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -xv -# ============LICENSE_START======================================================= -# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= - -for db in policyadmin operationshistory -do - mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};" - mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;" -done - -mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;" diff --git a/docs/xacml/tutorial/app/src/main/docker/docker-compose.yml b/docs/xacml/tutorial/app/src/main/docker/docker-compose.yml deleted file mode 100644 index b65098c1..00000000 --- a/docs/xacml/tutorial/app/src/main/docker/docker-compose.yml +++ /dev/null @@ -1,102 +0,0 @@ -# ============LICENSE_START======================================================= -# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. -# ================================================================================ -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# ============LICENSE_END========================================================= -version: '2' -services: - mariadb: - image: mariadb:10.2.14 - container_name: mariadb - hostname: mariadb - command: ['--lower-case-table-names=1', '--wait_timeout=28800'] - env_file: config/db/db.conf - volumes: - - ./config/db:/docker-entrypoint-initdb.d - expose: - - 3306 - message-router: - image: dmaap/simulator - container_name: dmaap-simulator - hostname: dmaap-simulator - ports: - - "3904:3904" - expose: - - 3904 - api: - image: nexus3.onap.org:10001/onap/policy-api:2.2.4 - container_name: policy-api - depends_on: - - mariadb - hostname: policy-api - ports: - - "6767:6969" - expose: - - 6767 - pap: - image: nexus3.onap.org:10001/onap/policy-pap:2.2.3 - container_name: policy-pap - depends_on: - - mariadb - - message-router - - api - hostname: policy-pap - ports: - - "6868:6969" - expose: - - 6868 - xacml-pdp: - image: onap/policy-xacml-tutorial - container_name: policy-xacml-pdp - depends_on: - - mariadb - - message-router - - api - - pap - hostname: policy-xacml-pdp - ports: - - "6969:6969" - expose: - - 6969 - start_dependencies: - image: dadarek/wait-for-dependencies - environment: - TIMEOUT_LENGTH: 60 - container_name: policy-wait - depends_on: - - mariadb - - message-router - hostname: policy-wait - command: - mariadb:3306 - message-router:3904 - start_all: - image: dadarek/wait-for-dependencies - environment: - TIMEOUT_LENGTH: 60 - container_name: policy-wait-all - depends_on: - - mariadb - - message-router - - api - - pap - - xacml-pdp - hostname: policy-wait-all - command: - mariadb:3306 - message-router:3904 - api:6969 - pap:6969 - xacml-pdp:6969 diff --git a/docs/xacml/tutorial/app/src/main/docker/xacml.properties b/docs/xacml/tutorial/app/src/main/docker/xacml.properties deleted file mode 100644 index 277b098e..00000000 --- a/docs/xacml/tutorial/app/src/main/docker/xacml.properties +++ /dev/null @@ -1,31 +0,0 @@ -# -# Properties that the embedded PDP engine uses to configure and load -# -# Standard API Factories -# -xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory -xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory -xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory -xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory -xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory -# -# AT&T PDP Implementation Factories -# -xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory -xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory -xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory -# -# ONAP PDP Implementation Factories -# -xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory - -# -# Use a root combining algorithm -# -xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides - -# -# Policies to load -# -xacml.rootPolicies= -xacml.referencedPolicies=
\ No newline at end of file diff --git a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java deleted file mode 100644 index 5727f1c1..00000000 --- a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java +++ /dev/null @@ -1,57 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.tutorial.tutorial; - -import java.util.Arrays; -import java.util.List; -import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicyTypeIdentifier; -import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; -import org.onap.policy.pdp.xacml.application.common.std.StdXacmlApplicationServiceProvider; - -public class TutorialApplication extends StdXacmlApplicationServiceProvider { - - private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier("onap.policies.Authorization", "1.0.0"); - private final TutorialTranslator translator = new TutorialTranslator(); - - @Override - public String applicationName() { - return "tutorial"; - } - - @Override - public List<String> actionDecisionsSupported() { - return Arrays.asList("authorize"); - } - - @Override - public synchronized List<ToscaPolicyTypeIdentifier> supportedPolicyTypes() { - return Arrays.asList(supportedPolicyType); - } - - @Override - public boolean canSupportPolicyType(ToscaPolicyTypeIdentifier policyTypeId) { - return supportedPolicyType.equals(policyTypeId); - } - - @Override - protected ToscaPolicyTranslator getTranslator(String type) { - return translator; - } - -} diff --git a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java deleted file mode 100644 index 31aace69..00000000 --- a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java +++ /dev/null @@ -1,91 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.tutorial.tutorial; - -import java.util.Map; -import java.util.Map.Entry; -import org.onap.policy.models.decisions.concepts.DecisionRequest; -import com.att.research.xacml.std.annotations.XACMLAction; -import com.att.research.xacml.std.annotations.XACMLRequest; -import com.att.research.xacml.std.annotations.XACMLResource; -import com.att.research.xacml.std.annotations.XACMLSubject; -import lombok.Getter; -import lombok.Setter; -import lombok.ToString; - -@Getter -@Setter -@ToString -@XACMLRequest(ReturnPolicyIdList = true) -public class TutorialRequest { - @XACMLSubject(includeInResults = true) - private String onapName; - - @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = true) - private String onapComponent; - - @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = true) - private String onapInstance; - - @XACMLAction() - private String action; - - @XACMLResource(attributeId = "urn:org:onap:tutorial-user", includeInResults = true) - private String user; - - @XACMLResource(attributeId = "urn:org:onap:tutorial-entity", includeInResults = true) - private String entity; - - @XACMLResource(attributeId = "urn:org:onap:tutorial-permission", includeInResults = true) - private String permission; - - public static TutorialRequest createRequest(DecisionRequest decisionRequest) { - // - // Create our object - // - TutorialRequest request = new TutorialRequest(); - // - // Add the subject attributes - // - request.onapName = decisionRequest.getOnapName(); - request.onapComponent = decisionRequest.getOnapComponent(); - request.onapInstance = decisionRequest.getOnapInstance(); - // - // Add the action attribute - // - request.action = decisionRequest.getAction(); - // - // Add the resource attributes - // - Map<String, Object> resources = decisionRequest.getResource(); - for (Entry<String, Object> entrySet : resources.entrySet()) { - if ("user".equals(entrySet.getKey())) { - request.user = entrySet.getValue().toString(); - } - if ("entity".equals(entrySet.getKey())) { - request.entity = entrySet.getValue().toString(); - } - if ("permission".equals(entrySet.getKey())) { - request.permission = entrySet.getValue().toString(); - } - } - - return request; - } -} diff --git a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java b/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java deleted file mode 100644 index 600c6214..00000000 --- a/docs/xacml/tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java +++ /dev/null @@ -1,156 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.tutorial.tutorial; - -import java.util.List; -import java.util.Map; -import org.onap.policy.models.decisions.concepts.DecisionRequest; -import org.onap.policy.models.decisions.concepts.DecisionResponse; -import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy; -import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; -import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; -import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; -import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils; -import com.att.research.xacml.api.DataTypeException; -import com.att.research.xacml.api.Decision; -import com.att.research.xacml.api.Identifier; -import com.att.research.xacml.api.Request; -import com.att.research.xacml.api.Response; -import com.att.research.xacml.api.Result; -import com.att.research.xacml.api.XACML3; -import com.att.research.xacml.std.IdentifierImpl; -import com.att.research.xacml.std.annotations.RequestParser; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType; - -public class TutorialTranslator implements ToscaPolicyTranslator { - - private static final Identifier ID_TUTORIAL_USER = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user"); - private static final Identifier ID_TUTORIAL_ENTITY = - new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-entity"); - private static final Identifier ID_TUTORIAL_PERM = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-permission"); - - @SuppressWarnings("unchecked") - public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException { - // - // Here is our policy with a version and default combining algo - // - PolicyType newPolicyType = new PolicyType(); - newPolicyType.setPolicyId(toscaPolicy.getMetadata().get("policy-id")); - newPolicyType.setVersion(toscaPolicy.getMetadata().get("policy-version")); - // - // When choosing the rule combining algorithm, be sure to be mindful of the - // setting xacml.att.policyFinderFactory.combineRootPolicies in the - // xacml.properties file. As that choice for ALL the policies together may have - // an impact on the decision rendered from each individual policy. - // - // In this case, we will only produce XACML rules for permissions. If no permission - // combo exists, then the default is to deny. - // - newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_DENY_UNLESS_PERMIT.stringValue()); - // - // Create the target for the Policy. - // - // For simplicity, let's just match on the action "authorize" and the user - // - MatchType matchAction = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL, - "authorize", XACML3.ID_DATATYPE_STRING, XACML3.ID_ACTION_ACTION_ID, XACML3.ID_ATTRIBUTE_CATEGORY_ACTION); - Map<String, Object> props = toscaPolicy.getProperties(); - String user = props.get("user").toString(); - MatchType matchUser = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL, user, - XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_USER, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); - AnyOfType anyOf = new AnyOfType(); - // - // Create AllOf (AND) of just Policy Id - // - anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchAction, matchUser)); - TargetType target = new TargetType(); - target.getAnyOf().add(anyOf); - newPolicyType.setTarget(target); - // - // Now add the rule for each permission - // - int ruleNumber = 0; - List<Object> permissions = (List<Object>) props.get("permissions"); - for (Object permission : permissions) { - - MatchType matchEntity = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL, - ((Map<String, String>) permission).get("entity"), XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_ENTITY, - XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); - - MatchType matchPermission = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator( - XACML3.ID_FUNCTION_STRING_EQUAL, ((Map<String, String>) permission).get("permission"), - XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_PERM, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); - anyOf = new AnyOfType(); - anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchEntity, matchPermission)); - target = new TargetType(); - target.getAnyOf().add(anyOf); - - RuleType rule = new RuleType(); - rule.setDescription("Default is to PERMIT if the policy matches."); - rule.setRuleId(newPolicyType.getPolicyId() + ":rule" + ruleNumber); - - rule.setEffect(EffectType.PERMIT); - rule.setTarget(target); - - newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule); - - ruleNumber++; - } - return newPolicyType; - } - - public Request convertRequest(DecisionRequest request) { - try { - return RequestParser.parseRequest(TutorialRequest.createRequest(request)); - } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) { - } - return null; - } - - public DecisionResponse convertResponse(Response xacmlResponse) { - DecisionResponse decisionResponse = new DecisionResponse(); - // - // Iterate through all the results - // - for (Result xacmlResult : xacmlResponse.getResults()) { - // - // Check the result - // - if (xacmlResult.getDecision() == Decision.PERMIT) { - // - // Just simply return a Permit response - // - decisionResponse.setStatus(Decision.PERMIT.toString()); - } else { - // - // Just simply return a Deny response - // - decisionResponse.setStatus(Decision.DENY.toString()); - } - } - - return decisionResponse; - } - -} diff --git a/docs/xacml/tutorial/app/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider b/docs/xacml/tutorial/app/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider deleted file mode 100644 index 942cc596..00000000 --- a/docs/xacml/tutorial/app/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider +++ /dev/null @@ -1 +0,0 @@ -org.onap.policy.tutorial.tutorial.TutorialApplication
\ No newline at end of file diff --git a/docs/xacml/tutorial/app/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java b/docs/xacml/tutorial/app/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java deleted file mode 100644 index d20c1b38..00000000 --- a/docs/xacml/tutorial/app/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java +++ /dev/null @@ -1,120 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.tutorial.tutorial; - -import static org.junit.Assert.assertEquals; - -import java.io.File; -import java.io.IOException; -import java.util.Iterator; -import java.util.Properties; -import java.util.ServiceLoader; - -import org.apache.commons.lang3.tuple.Pair; -import org.junit.BeforeClass; -import org.junit.ClassRule; -import org.junit.Test; -import org.junit.rules.TemporaryFolder; -import org.onap.policy.common.endpoints.parameters.RestServerParameters; -import org.onap.policy.common.utils.coder.CoderException; -import org.onap.policy.common.utils.coder.StandardCoder; -import org.onap.policy.common.utils.resources.TextFileUtils; -import org.onap.policy.models.decisions.concepts.DecisionRequest; -import org.onap.policy.models.decisions.concepts.DecisionResponse; -import org.onap.policy.pdp.xacml.application.common.XacmlApplicationException; -import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider; -import org.onap.policy.pdp.xacml.application.common.XacmlPolicyUtils; -import org.onap.policy.pdp.xacml.xacmltest.TestUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.att.research.xacml.api.Response; - -public class TutorialApplicationTest { - private static final Logger LOGGER = LoggerFactory.getLogger(TutorialApplicationTest.class); - private static Properties properties = new Properties(); - private static File propertiesFile; - private static XacmlApplicationServiceProvider service; - private static StandardCoder gson = new StandardCoder(); - - @ClassRule - public static final TemporaryFolder policyFolder = new TemporaryFolder(); - - @BeforeClass - public static void setup() throws Exception { - // - // Setup our temporary folder - // - XacmlPolicyUtils.FileCreator myCreator = (String filename) -> policyFolder.newFile(filename); - propertiesFile = XacmlPolicyUtils.copyXacmlPropertiesContents("src/test/resources/xacml.properties", - properties, myCreator); - // - // Load XacmlApplicationServiceProvider service - // - ServiceLoader<XacmlApplicationServiceProvider> applicationLoader = - ServiceLoader.load(XacmlApplicationServiceProvider.class); - // - // Look for our class instance and save it - // - Iterator<XacmlApplicationServiceProvider> iterator = applicationLoader.iterator(); - while (iterator.hasNext()) { - XacmlApplicationServiceProvider application = iterator.next(); - // - // Is it our service? - // - if (application instanceof TutorialApplication) { - service = application; - } - } - // - // Tell the application to initialize based on the properties file - // we just built for it. - // - service.initialize(propertiesFile.toPath().getParent(), new RestServerParameters()); - } - - @Test - public void test() throws CoderException, XacmlApplicationException, IOException { - // - // Now load the tutorial policies. - // - TestUtils.loadPolicies("src/test/resources/tutorial-policies.yaml", service); - // - // Load a Decision request - // - DecisionRequest decisionRequest = gson.decode( - TextFileUtils - .getTextFileAsString("src/test/resources/tutorial-decision-request.json"), - DecisionRequest.class); - // - // Test a decision - should start with a permit - // - Pair<DecisionResponse, Response> decision = service.makeDecision(decisionRequest, null); - LOGGER.info(decision.getLeft().toString()); - assertEquals("Permit", decision.getLeft().getStatus()); - // - // This should be a deny - // - decisionRequest.getResource().put("user", "audit"); - decision = service.makeDecision(decisionRequest, null); - LOGGER.info(decision.getLeft().toString()); - assertEquals("Deny", decision.getLeft().getStatus()); - } - -} diff --git a/docs/xacml/tutorial/app/src/test/resources/xacml.properties b/docs/xacml/tutorial/app/src/test/resources/xacml.properties deleted file mode 100644 index 277b098e..00000000 --- a/docs/xacml/tutorial/app/src/test/resources/xacml.properties +++ /dev/null @@ -1,31 +0,0 @@ -# -# Properties that the embedded PDP engine uses to configure and load -# -# Standard API Factories -# -xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory -xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory -xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory -xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory -xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory -# -# AT&T PDP Implementation Factories -# -xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory -xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory -xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory -# -# ONAP PDP Implementation Factories -# -xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory - -# -# Use a root combining algorithm -# -xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides - -# -# Policies to load -# -xacml.rootPolicies= -xacml.referencedPolicies=
\ No newline at end of file diff --git a/docs/xacml/tutorial/images/eclipse-create-junit.png b/docs/xacml/tutorial/images/eclipse-create-junit.png Binary files differdeleted file mode 100644 index 63dc0ab0..00000000 --- a/docs/xacml/tutorial/images/eclipse-create-junit.png +++ /dev/null diff --git a/docs/xacml/tutorial/images/eclipse-create-maven.png b/docs/xacml/tutorial/images/eclipse-create-maven.png Binary files differdeleted file mode 100644 index 4272f069..00000000 --- a/docs/xacml/tutorial/images/eclipse-create-maven.png +++ /dev/null diff --git a/docs/xacml/tutorial/images/eclipse-create-request.png b/docs/xacml/tutorial/images/eclipse-create-request.png Binary files differdeleted file mode 100644 index c8ef5344..00000000 --- a/docs/xacml/tutorial/images/eclipse-create-request.png +++ /dev/null diff --git a/docs/xacml/tutorial/images/eclipse-import.png b/docs/xacml/tutorial/images/eclipse-import.png Binary files differdeleted file mode 100644 index 7c8c5383..00000000 --- a/docs/xacml/tutorial/images/eclipse-import.png +++ /dev/null diff --git a/docs/xacml/tutorial/images/eclipse-inherit-app.png b/docs/xacml/tutorial/images/eclipse-inherit-app.png Binary files differdeleted file mode 100644 index 637cf499..00000000 --- a/docs/xacml/tutorial/images/eclipse-inherit-app.png +++ /dev/null diff --git a/docs/xacml/tutorial/images/eclipse-maven-project.png b/docs/xacml/tutorial/images/eclipse-maven-project.png Binary files differdeleted file mode 100644 index 5e6860fd..00000000 --- a/docs/xacml/tutorial/images/eclipse-maven-project.png +++ /dev/null diff --git a/docs/xacml/tutorial/images/eclipse-meta-inf.png b/docs/xacml/tutorial/images/eclipse-meta-inf.png Binary files differdeleted file mode 100644 index 254349bb..00000000 --- a/docs/xacml/tutorial/images/eclipse-meta-inf.png +++ /dev/null diff --git a/docs/xacml/tutorial/app/src/test/resources/tutorial-decision-request.json b/docs/xacml/tutorial/tutorial-decision-request.json index f3a7f9a2..f3a7f9a2 100644 --- a/docs/xacml/tutorial/app/src/test/resources/tutorial-decision-request.json +++ b/docs/xacml/tutorial/tutorial-decision-request.json diff --git a/docs/xacml/tutorial/app/src/test/resources/tutorial-policies.yaml b/docs/xacml/tutorial/tutorial-policies.yaml index fa353653..fa353653 100644 --- a/docs/xacml/tutorial/app/src/test/resources/tutorial-policies.yaml +++ b/docs/xacml/tutorial/tutorial-policies.yaml diff --git a/docs/xacml/tutorial/app/src/test/resources/tutorial-policy-type.yaml b/docs/xacml/tutorial/tutorial-policy-type.yaml index 7948bd28..7948bd28 100644 --- a/docs/xacml/tutorial/app/src/test/resources/tutorial-policy-type.yaml +++ b/docs/xacml/tutorial/tutorial-policy-type.yaml diff --git a/docs/xacml/tutorial/tutorial.tar b/docs/xacml/tutorial/tutorial.tar Binary files differdeleted file mode 100644 index 329041d4..00000000 --- a/docs/xacml/tutorial/tutorial.tar +++ /dev/null diff --git a/docs/xacml/xacml-tutorial-enforcement.rst b/docs/xacml/xacml-tutorial-enforcement.rst new file mode 100644 index 00000000..0e8efc0d --- /dev/null +++ b/docs/xacml/xacml-tutorial-enforcement.rst @@ -0,0 +1,161 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. + +.. _xacmltutorial-enforcement-label: + +Policy XACML - Policy Enforcement Tutorial +########################################## + +.. toctree:: + :maxdepth: 3 + +This tutorial shows how to build Policy Enforcement into your application. Please be sure to clone the +policy repositories before going through the tutorial. See :ref:`policy-development-tools-label` for details. + +This tutorial can be found in the XACML PDP repository. `See the tutorial <https://github.com/onap/policy-xacml-pdp/tree/master/tutorials/tutorial-enforcement>`_ + +Policy Type being Enforced +************************** + +For this tutorial, we will be enforcing a Policy Type that inherits from the **onap.policies.Monitoring** Policy Type. This Policy Type is +used by DCAE analytics for configuration purposes. Any inherited Policy Type is automatically supported by the XACML PDP for Decisions. + +`See the latest example Policy Type <https://github.com/onap/policy-xacml-pdp/blob/master/tutorials/tutorial-enforcement/src/test/resources/MyAnalytic.yaml>`_ + +.. code-block:: java + :caption: Example Policy Type + + tosca_definitions_version: tosca_simple_yaml_1_1_0 + policy_types: + onap.policies.Monitoring: + derived_from: tosca.policies.Root + version: 1.0.0 + name: onap.policies.Monitoring + description: a base policy type for all policies that govern monitoring provisioning + onap.policies.monitoring.MyAnalytic: + derived_from: onap.policies.Monitoring + type_version: 1.0.0 + version: 1.0.0 + description: Example analytic + properties: + myProperty: + type: string + required: true + +Example Policy +************** + +`See the latest example policy <https://github.com/onap/policy-xacml-pdp/blob/master/tutorials/tutorial-enforcement/src/test/resources/MyPolicies.yaml>`_ + +.. code-block:: java + :caption: Example Policy + + tosca_definitions_version: tosca_simple_yaml_1_1_0 + topology_template: + policies: + - + policy1: + type: onap.policies.monitoring.MyAnalytic + type_version: 1.0.0 + version: 1.0.0 + name: policy1 + metadata: + policy-id: policy1 + policy-version: 1.0.0 + properties: + myProperty: value1 + +Example Decision Requests and Responses +*************************************** + +For **onap.policies.Montoring** Policy Types, the action used will be **configure**. For **configure** actions, you can specify a resource by **policy-id** or **policy-type**. We recommend using **policy-type**, as a policy-id may not necessarily be deployed. In addition, your application should request all the available policies for your policy-type that your application should be enforcing. + +.. code-block:: json + :caption: Example Decision Request + + { + "ONAPName": "myName", + "ONAPComponent": "myComponent", + "ONAPInstance": "myInstanceId", + "requestId": "1", + "action": "configure", + "resource": { + "policy-type": "onap.policies.monitoring.MyAnalytic" + } + } + +The **configure** action will return a payload containing your full policy: + +.. code-block: json + :caption: Example Decision Response + { + "policies": { + "policy1": { + "type": "onap.policies.monitoring.MyAnalytic", + "type_version": "1.0.0", + "properties": { + "myProperty": "value1" + }, + "name": "policy1", + "version": "1.0.0", + "metadata": { + "policy-id": "policy1", + "policy-version": "1.0.0" + } + } + } + } + +Making Decision Call in your Application +**************************************** + +Your application should be able to do a RESTful API call to the XACML PDP Decision API endpoint. If you have code that does this already, then utilize that to do something similar to the following curl command: + +.. code-block: bash + :caption: Example Decision API REST Call using curl + + curl -k -u https://xacml-pdp:6969/policy/pdpx/v1/decision + +If your application does not have REST http client code, you can use some common code available in the policy/common repository for doing HTTP calls. + +.. code-block: java + :caption: Policy Common REST Code Dependency + + <dependency> + <groupId>org.onap.policy.common</groupId> + <artifactId>policy-endpoints</artifactId> + <version>${policy.common.version}</version> + </dependency> + +Also, if your application wants to use common code to serialize/deserialize Decision Requests and Responses, then you can include the following dependency: + +.. code-block: java + :caption: Policy Decision Request and Response Classes + + <dependency> + <groupId>org.onap.policy.models</groupId> + <artifactId>policy-models-decisions</artifactId> + <version>${policy.models.version}</version> + </dependency> + +Responding to Policy Update Notifications +***************************************** + +Your application should also be able to respond to Policy Update Notifications that are published on the Dmaap topic POLICY-NOTIFICATION. This is because if a user pushes an updated Policy, your application should be able to dynamically start enforcing that policy without restart. + +.. code-block: bash + :caption: Example Dmaap REST Call using curl + + curl -k -u https://dmaap:3904/events/POLICY-NOTIFICATION/group/id?timeout=5000 + +If your application does not have Dmaap client code, you can use some available code in policy/common to receive Dmaap events. + +To parse the JSON send over the topic, your application can use the following dependency: + +.. code-block: java + :caption: Policy PAP Update Notification Classes + + <dependency> + <groupId>org.onap.policy.models</groupId> + <artifactId>policy-models-pap</artifactId> + <version>${policy.models.version}</version> + </dependency> diff --git a/docs/xacml/xacml-tutorial.rst b/docs/xacml/xacml-tutorial.rst index e9eee0e2..e50728ab 100644 --- a/docs/xacml/xacml-tutorial.rst +++ b/docs/xacml/xacml-tutorial.rst @@ -11,23 +11,22 @@ Policy XACML - Custom Application Tutorial This tutorial shows how to build a XACML application for a Policy Type. Please be sure to clone the policy repositories before going through the tutorial. See :ref:`policy-development-tools-label` for details. - Design a Policy Type ******************** Follow :ref:`TOSCA Policy Primer <tosca-label>` for more information. For the tutorial, we will use this example Policy Type in which an ONAP PEP client would like to enforce an action **authorize** -for a *user* to execute a *permission* on an *entity*. +for a *user* to execute a *permission* on an *entity*. `See here for latest Tutorial Policy Type <https://github.com/onap/policy-xacml-pdp/blob/master/tutorials/tutorial-xacml-application/src/test/resources/tutorial-policy-type.yaml>`_. -.. literalinclude:: tutorial/app/src/test/resources/tutorial-policy-type.yaml +.. literalinclude:: tutorial/tutorial-policy-type.yaml :language: yaml :caption: Example Tutorial Policy Type :linenos: We would expect then to be able to create the following policies to allow the demo user to Read/Write an entity called foo, while the audit user can only read the entity called foo. Neither user has Delete -permission. +permission. `See here for latest Tutorial Policies <https://github.com/onap/policy-xacml-pdp/blob/master/tutorials/tutorial-xacml-application/src/test/resources/tutorial-policies.yaml>`_. -.. literalinclude:: tutorial/app/src/test/resources/tutorial-policies.yaml +.. literalinclude:: tutorial/tutorial-policies.yaml :language: yaml :caption: Example Policies Derived From Tutorial Policy Type :linenos: @@ -37,7 +36,7 @@ Design Decision Request and expected Decision Response For the PEP (Policy Enforcement Point) client applications that call the Decision API, you need to design how the Decision API Request resource fields will be sent via the PEP. -.. literalinclude:: tutorial/app/src/test/resources/tutorial-decision-request.json +.. literalinclude:: tutorial/tutorial-decision-request.json :language: JSON :caption: Example Decision Request :linenos: @@ -52,19 +51,7 @@ customize the Decision Response object and send back whatever information is des Create A Maven Project ********************** -This part of the tutorial assumes you understand how to use Eclipse to create a Maven -project. Please follow any examples for the Eclipse installation you have to create -an empty application. For the tutorial, use groupId *org.onap.policy.tutorial* and artifactId -*tutorial*. If you wish to go directly to the source code, please see the -:ref:`Download Tutorial Application Example` below to download it. - -.. image:: tutorial/images/eclipse-create-maven.png - -.. image:: tutorial/images/eclipse-maven-project.png - -Be sure to import the policy/xacml-pdp project into Eclipse. - -.. image:: tutorial/images/eclipse-import.png +Use whatever tool or environment to create your application project. This tutorial assumes you use Maven to build it. Add Dependencies Into Application pom.xml ***************************************** @@ -78,12 +65,12 @@ we are importing a testing dependency that has common code for producing a JUnit <dependency> <groupId>org.onap.policy.xacml-pdp.applications</groupId> <artifactId>common</artifactId> - <version>2.2.2</version> + <version>2.3.3</version> </dependency> <dependency> <groupId>org.onap.policy.xacml-pdp</groupId> <artifactId>xacml-test</artifactId> - <version>2.2.2</version> + <version>2.3.3</version> <scope>test</scope> </dependency> @@ -96,7 +83,11 @@ declaring the class that implements the service. The name of the file must match **org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider** and the contents of the file is one line **org.onap.policy.tutorial.tutorial.TutorialApplication**. -.. image:: tutorial/images/eclipse-meta-inf.png +.. code-block:: java + :caption: META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider + + org.onap.policy.tutorial.tutorial.TutorialApplication + Create A Java Class That Extends **StdXacmlApplicationServiceProvider** *********************************************************************** @@ -105,8 +96,6 @@ for simplicity if you just extend **StdXacmlApplicationServiceProvider** you will get a lot of implementation done for your application up front. All that needs to be implemented is providing a custom translator. -.. image:: tutorial/images/eclipse-inherit-app.png - .. code-block:: java :caption: Custom Tutorial Application Service Provider :emphasize-lines: 6 @@ -228,110 +217,159 @@ For the tutorial, we will build code that translates the TOSCA Policy into one X on the user and action. It will then have one or more rules for each entity and permission combination. The default combining algorithm for the XACML Rules are to "Deny Unless Permit". +`See the tutorial example for details on how the translator is implemented <https://github.com/onap/policy-xacml-pdp/blob/master/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java>`_ + .. Note:: There are many ways to build the policy based on the attributes. How to do so is a matter of experience and fine tuning using the many options for combining algorithms, target and/or condition matching and the rich set of functions available. -Here is one implementation example: - -.. literalinclude:: tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialTranslator.java - :caption: Example Translator Implementation - :linenos: - Use the TutorialTranslator in the TutorialApplication ***************************************************** Be sure to go back to the TutorialApplication and create an instance of the translator to return to the StdXacmlApplicationServiceProvider. The StdXacmlApplicationServiceProvider uses the translator to convert -a policy when a new policy is deployed to the ONAP XACML PDP Engine. +a policy when a new policy is deployed to the ONAP XACML PDP Engine. `See the Tutorial Application Example <https://github.com/onap/policy-xacml-pdp/blob/master/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialApplication.java>`_. .. code-block:: java :caption: Final TutorialApplication Class :linenos: - :emphasize-lines: 37 - - package org.onap.policy.tutorial.tutorial; - - import java.util.Arrays; - import java.util.List; - - import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicyTypeIdentifier; - import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; - import org.onap.policy.pdp.xacml.application.common.std.StdXacmlApplicationServiceProvider; - - public class TutorialApplication extends StdXacmlApplicationServiceProvider { - - private final ToscaPolicyTypeIdentifier supportedPolicyType = new ToscaPolicyTypeIdentifier(); - private final TutorialTranslator translator = new TutorialTranslator(); - - @Override - public String applicationName() { - return "tutorial"; - } - - @Override - public List<String> actionDecisionsSupported() { - return Arrays.asList("authorize"); - } - - @Override - public synchronized List<ToscaPolicyTypeIdentifier> supportedPolicyTypes() { - return Arrays.asList(supportedPolicyType); - } - - @Override - public boolean canSupportPolicyType(ToscaPolicyTypeIdentifier policyTypeId) { - return supportedPolicyType.equals(policyTypeId); + :emphasize-lines: 38 + + package org.onap.policy.tutorial.tutorial; + + import java.util.Arrays; + import java.util.List; + import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicyTypeIdentifier; + import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; + import org.onap.policy.pdp.xacml.application.common.std.StdXacmlApplicationServiceProvider; + + public class TutorialApplication extends StdXacmlApplicationServiceProvider { + + private final ToscaPolicyTypeIdentifier supportedPolicyType = + new ToscaPolicyTypeIdentifier("onap.policies.Authorization", "1.0.0"); + private final TutorialTranslator translator = new TutorialTranslator(); + + @Override + public String applicationName() { + return "tutorial"; + } + + @Override + public List<String> actionDecisionsSupported() { + return Arrays.asList("authorize"); + } + + @Override + public synchronized List<ToscaPolicyTypeIdentifier> supportedPolicyTypes() { + return Arrays.asList(supportedPolicyType); + } + + @Override + public boolean canSupportPolicyType(ToscaPolicyTypeIdentifier policyTypeId) { + return supportedPolicyType.equals(policyTypeId); + } + + @Override + protected ToscaPolicyTranslator getTranslator(String type) { + return translator; + } + } - @Override - protected ToscaPolicyTranslator getTranslator(String type) { - return translator; - } - - } - Create a XACML Request from ONAP Decision Request ************************************************* The easiest way to do this is to use the annotations feature from XACML PDP library to create an example XACML request. Then create an instance and simply populate it from an incoming ONAP Decision Request. -.. image: tutorial/images/eclipse-create-request.png - -.. literalinclude:: tutorial/app/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java - :caption: Example Decision Request to Decision Response Implementation +.. code-block:: java + :caption: Final TutorialApplication Class :linenos: + import com.att.research.xacml.std.annotations.XACMLAction; + import com.att.research.xacml.std.annotations.XACMLRequest; + import com.att.research.xacml.std.annotations.XACMLResource; + import com.att.research.xacml.std.annotations.XACMLSubject; + import java.util.Map; + import java.util.Map.Entry; + import lombok.Getter; + import lombok.Setter; + import lombok.ToString; + import org.onap.policy.models.decisions.concepts.DecisionRequest; + + @Getter + @Setter + @ToString + @XACMLRequest(ReturnPolicyIdList = true) + public class TutorialRequest { + @XACMLSubject(includeInResults = true) + private String onapName; + + @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = true) + private String onapComponent; + + @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = true) + private String onapInstance; + + @XACMLAction() + private String action; + + @XACMLResource(attributeId = "urn:org:onap:tutorial-user", includeInResults = true) + private String user; + + @XACMLResource(attributeId = "urn:org:onap:tutorial-entity", includeInResults = true) + private String entity; + + @XACMLResource(attributeId = "urn:org:onap:tutorial-permission", includeInResults = true) + private String permission; + + /** + * createRequest. + * + * @param decisionRequest Incoming + * @return TutorialRequest object + */ + public static TutorialRequest createRequest(DecisionRequest decisionRequest) { + // + // Create our object + // + TutorialRequest request = new TutorialRequest(); + // + // Add the subject attributes + // + request.onapName = decisionRequest.getOnapName(); + request.onapComponent = decisionRequest.getOnapComponent(); + request.onapInstance = decisionRequest.getOnapInstance(); + // + // Add the action attribute + // + request.action = decisionRequest.getAction(); + // + // Add the resource attributes + // + Map<String, Object> resources = decisionRequest.getResource(); + for (Entry<String, Object> entrySet : resources.entrySet()) { + if ("user".equals(entrySet.getKey())) { + request.user = entrySet.getValue().toString(); + } + if ("entity".equals(entrySet.getKey())) { + request.entity = entrySet.getValue().toString(); + } + if ("permission".equals(entrySet.getKey())) { + request.permission = entrySet.getValue().toString(); + } + } + + return request; + } + } - -Create xacml.properties for the XACML PDP engine to use -******************************************************* -In the applications *src/test/resources* directory, create a xacml.properties file that will be used by the embedded -XACML PDP Engine when loading. - -.. literalinclude:: tutorial/app/src/test/resources/xacml.properties - :caption: Example xacml.properties file - :linenos: - :emphasize-lines: 20, 25 +`See the Tutorial Request <https://github.com/onap/policy-xacml-pdp/blob/master/tutorials/tutorial-xacml-application/src/main/java/org/onap/policy/tutorial/tutorial/TutorialRequest.java>`_ Create a JUnit and use the TestUtils.java class in xacml-test dependency ************************************************************************ -Using Eclipse, create a JUnit and be sure to add a setup() method stub. Here you will be utilizing a TestUtils.java +Be sure to create a JUnit that will test your translator and application code. You can utilize a TestUtils.java class from the policy/xamcl-pdp repo's xacml-test submodule to use some utility methods for building the JUnit test. -.. image: tutorial/images/eclipse-junit-create.png - -Copy the TOSCA Policy Type :download:`link <tutorial/app/src/test/resources/tutorial-policy-type.yaml>` and the TOSCA Policies :download:`link <tutorial/app/src/test/resources/tutorial-policies.yaml>` -into the src/test/resources directory. - -We will create a temporary folder which is used by the **StdXacmlApplicationServiceProvider** to store working copies of policies as they are loaded -into the application. - -.. literalinclude:: tutorial/app/src/test/java/org/onap/policy/tutorial/tutorial/TutorialApplicationTest.java - :caption: Example Translator Implementation - :linenos: - -Run the JUnit test. Its easiest to run it via a terminal command line using maven commands. - +Build the code and run the JUnit test. Its easiest to run it via a terminal command line using maven commands. .. code-block:: bash :caption: Running Maven Commands @@ -341,30 +379,36 @@ Run the JUnit test. Its easiest to run it via a terminal command line using mave Building Docker Image ********************* -Once you have created enough JUnit tests that test the TutorialTranslator.java and TutorialRequest.java classes, you are ready to now make your -application build a docker image that incorporates your application with the XACML PDP Engine. The XACML PDP Engine +To build a docker image that incorporates your application with the XACML PDP Engine. The XACML PDP Engine must be able to *find* your Java.Service in the classpath. This is easy to do, just create a jar file for your application and copy into the same directory used to startup the XACML PDP. Here is a Dockerfile as an example: -.. literalinclude:: tutorial/app/src/main/docker/Dockerfile +.. code-block:: bash :caption: Dockerfile :linenos: + FROM onap/policy-xacml-pdp + + ADD maven/${project.build.finalName}.jar /opt/app/policy/pdpx/lib/${project.build.finalName}.jar + + RUN mkdir -p /opt/app/policy/pdpx/apps/tutorial + + COPY --chown=policy:policy xacml.properties /opt/app/policy/pdpx/apps/tutorial + Download Tutorial Application Example ************************************* -If you don't wish to use Eclipse, or go through the steps outlined above. The tutorial is -available for download: +If you clone the XACML-PDP repo, the tutorial is included for local testing without building your own. -:download:`Download tutorial tar <tutorial/tutorial.tar>` +`Tutorial code located in xacml-pdp repo <https://github.com/onap/policy-xacml-pdp/tree/master/tutorials/tutorial-xacml-application>`_ -After you tar xf tutorial.jar, you can import it into Eclipse or your favorite editor. Or simply -use a terminal command line to build, test and run the tutorial. +There is an example Docker compose script that you can use to run the Policy Framework components locally and test the tutorial out. + +`Docker compose script <https://github.com/onap/policy-xacml-pdp/blob/master/tutorials/tutorial-xacml-application/src/main/docker/docker-compose.yml>`_ In addition, there is a POSTMAN collection available for setting up and running tests against a running instance of ONAP Policy Components (api, pap, dmaap-simulator, tutorial-xacml-pdp). -:download:`Download tutorial POSTMAN Collection <tutorial/PolicyApplicationTutorial.postman_collection.json>` - +`POSTMAN collection for testing <https://github.com/onap/policy-xacml-pdp/blob/master/tutorials/tutorial-xacml-application/postman/PolicyApplicationTutorial.postman_collection.json>`_ diff --git a/docs/xacml/xacml.rst b/docs/xacml/xacml.rst index 32949f4a..1b5b5114 100644 --- a/docs/xacml/xacml.rst +++ b/docs/xacml/xacml.rst @@ -310,15 +310,14 @@ See each of the ONAP Policy type application implementations which each have the `Standard Tosca Policy Translator implementation <https://github.com/onap/policy-xacml-pdp/blob/master/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdBaseTranslator.java>`. -XACML Application Tutorial -========================== +XACML Application and Enforcement Tutorials +=========================================== -The following tutorial can be helpful to get started: +The following tutorials can be helpful to get started on building your own decision application as well as building enforcement into your application. .. toctree:: :maxdepth: 1 xacml-tutorial - -Once your application is developed and the ONAP XACML PDP Engine can find your application via setting the classpath appropriately, then use the :ref:`PAP REST API <pap-label>` to ensure the ONAP XACML PDP is registering your custom Policy Type with the PAP. Once successful, then you should be able to start deploying the created policies to the XACML PDP Engine. + xacml-tutorial-enforcement |