Started with test decision JSON objects.

Added new Policy Finder Factory that ONAP will use and got the code working with new policy/models (see other review which will have to be merged first). Added some new conversion methods to convert from a Xacml request to an Onap request. Added some property methods for XACML Properties objects and JUnit tests. Started filling in some Guard application details and combining code. Issue-ID: POLICY-1602 Change-Id: I5235b74f3b036dcf05779b655a03ac290d594354 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
author: Pamela Dragosh <pdragosh@research.att.com> 2019-03-15 14:30:00 -0400
committer: Pamela Dragosh <pdragosh@research.att.com> 2019-03-18 12:25:32 -0400
commit: 59c38b6b3dfbd43c876f85ffb1e4b484951ced44 (patch)
tree: 99120b17e967d8497c03fb038c664fa0063b3871 /applications/guard/src/main
parent: 934c39bcdb5ff9a095331f60ef1b279ec91875a9 (diff)
3 files changed, 197 insertions, 4 deletions
diff --git a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java
index e8a51136..2717c279 100644
--- a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java
+++ b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java
@@ -22,18 +22,36 @@
 
 package org.onap.policy.xacml.pdp.application.guard;
 
+import com.att.research.xacml.api.Request;
+import com.att.research.xacml.api.Response;
+import com.att.research.xacml.api.pdp.PDPEngine;
+import com.att.research.xacml.api.pdp.PDPException;
+import com.att.research.xacml.util.XACMLPolicyWriter;
 import com.google.common.collect.Lists;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
 import java.nio.file.Path;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Properties;
 
-import org.json.JSONObject;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
+
+import org.onap.policy.models.decisions.concepts.DecisionRequest;
+import org.onap.policy.models.decisions.concepts.DecisionResponse;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConverter;
 import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider;
+import org.onap.policy.pdp.xacml.application.common.XacmlPolicyUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.yaml.snakeyaml.Yaml;
 
 /**
  * This class implements the onap.policies.controlloop.Guard policy implementations.
@@ -41,12 +59,14 @@ import org.slf4j.LoggerFactory;
  * @author pameladragosh
  *
  */
-public class GuardPdpApplication implements XacmlApplicationServiceProvider {
+public class GuardPdpApplication implements ToscaPolicyConverter, XacmlApplicationServiceProvider {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(GuardPdpApplication.class);
     private static final String STRING_VERSION100 = "1.0.0";
     private Map<String, String> supportedPolicyTypes = new HashMap<>();
     private Path pathForData;
+    private Properties pdpProperties = null;
+    private PDPEngine pdpEngine = null;
 
     /** Constructor.
      *
@@ -69,10 +89,26 @@ public class GuardPdpApplication implements XacmlApplicationServiceProvider {
     @Override
     public void initialize(Path pathForData) {
         //
-        // Save the path
+        // Save our path
         //
         this.pathForData = pathForData;
         LOGGER.debug("New Path is {}", this.pathForData.toAbsolutePath());
+        //
+        // Look for and load the properties object
+        //
+        try {
+            pdpProperties = XacmlPolicyUtils.loadXacmlProperties(XacmlPolicyUtils.getPropertiesPath(pathForData));
+            LOGGER.debug("{}", pdpProperties);
+        } catch (IOException e) {
+            LOGGER.error("{}", e);
+        }
+        //
+        // Create an engine
+        //
+        PDPEngine newEngine = XacmlPolicyUtils.createEngine(pdpProperties);
+        if (newEngine != null) {
+            pdpEngine = newEngine;
+        }
     }
 
     @Override
@@ -97,11 +133,139 @@ public class GuardPdpApplication implements XacmlApplicationServiceProvider {
 
     @Override
     public void loadPolicies(Map<String, Object> toscaPolicies) {
+        try {
+            //
+            // Convert the policies first
+            //
+            List<PolicyType> listPolicies = this.convertPolicies(toscaPolicies);
+            if (listPolicies.isEmpty()) {
+                throw new ToscaPolicyConversionException("Converted 0 policies");
+            }
+        } catch (ToscaPolicyConversionException e) {
+            LOGGER.error("Failed to loadPolicies {}", e);
+        }
+    }
+
+    @Override
+    public DecisionResponse makeDecision(DecisionRequest request) {
+        //
+        // Convert to a XacmlRequest
+        //
+        Request xacmlRequest = this.convertRequest(request);
+        //
+        // Now get a decision
+        //
+        Response xacmlResponse = this.xacmlDecision(xacmlRequest);
+        //
+        // Convert to a DecisionResponse
+        //
+        return this.convertResponse(xacmlResponse);
+    }
+
+    @Override
+    public List<PolicyType> convertPolicies(InputStream isToscaPolicy) throws ToscaPolicyConversionException {
+        //
+        // Have snakeyaml parse the object
+        //
+        Yaml yaml = new Yaml();
+        Map<String, Object> toscaObject = yaml.load(isToscaPolicy);
+        //
+        // Return the policies
+        //
+        return scanAndConvertPolicies(toscaObject);
+    }
+
+    @Override
+    public List<PolicyType> convertPolicies(Map<String, Object> toscaObject) throws ToscaPolicyConversionException {
+        //
+        // Return the policies
+        //
+        return scanAndConvertPolicies(toscaObject);
     }
 
     @Override
-    public JSONObject makeDecision(JSONObject jsonSchema) {
+    public Request convertRequest(DecisionRequest request) {
+        // TODO Auto-generated method stub
         return null;
     }
 
+    @Override
+    public DecisionResponse convertResponse(Response response) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @SuppressWarnings("unchecked")
+    private List<PolicyType> scanAndConvertPolicies(Map<String, Object> toscaObject)
+            throws ToscaPolicyConversionException {
+        //
+        // Our return object
+        //
+        List<PolicyType> scannedPolicies = new ArrayList<>();
+        //
+        // Iterate each of the Policies
+        //
+        List<Object> policies = (List<Object>) toscaObject.get("policies");
+        for (Object policyObject : policies) {
+            //
+            // Get the contents
+            //
+            LOGGER.debug("Found policy {}", policyObject.getClass());
+            Map<String, Object> policyContents = (Map<String, Object>) policyObject;
+            for (Entry<String, Object> entrySet : policyContents.entrySet()) {
+                LOGGER.debug("Entry set {}", entrySet);
+                //
+                // Convert this policy
+                //
+                PolicyType policy = this.convertPolicy(entrySet);
+                try (ByteArrayOutputStream os = new ByteArrayOutputStream()) {
+                    XACMLPolicyWriter.writePolicyFile(os, policy);
+                    LOGGER.debug("{}", os);
+                } catch (IOException e) {
+                    LOGGER.error("Failed to convert {}", e);
+                }
+                //
+                // Convert and add in the new policy
+                //
+                scannedPolicies.add(policy);
+            }
+        }
+
+        return scannedPolicies;
+    }
+
+    private PolicyType convertPolicy(Entry<String, Object> entrySet) throws ToscaPolicyConversionException {
+
+        return null;
+    }
+
+    /**
+     * Make a decision call.
+     *
+     * @param request Incoming request object
+     * @return Response object
+     */
+    private synchronized Response xacmlDecision(Request request) {
+        //
+        // This is what we need to return
+        //
+        Response response = null;
+        //
+        // Track some timing
+        //
+        long timeStart = System.currentTimeMillis();
+        try {
+            response = this.pdpEngine.decide(request);
+        } catch (PDPException e) {
+            LOGGER.error("Xacml PDP Engine failed {}", e);
+        } finally {
+            //
+            // Track the end of timing
+            //
+            long timeEnd = System.currentTimeMillis();
+            LOGGER.info("Elapsed Time: {}ms", (timeEnd - timeStart));
+        }
+        return response;
+    }
+
 }
diff --git a/applications/guard/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider b/applications/guard/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider
new file mode 100644
index 00000000..93084459
--- /dev/null
+++ b/applications/guard/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider
@@ -0,0 +1 @@
+org.onap.policy.xacml.pdp.application.guard.GuardPdpApplication
+\ No newline at end of file
diff --git a/applications/guard/src/main/resources/RootGuardPolicy.xml b/applications/guard/src/main/resources/RootGuardPolicy.xml
new file mode 100644
index 00000000..f9f47265
--- /dev/null
+++ b/applications/guard/src/main/resources/RootGuardPolicy.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides" PolicySetId="urn:org:onap:guard:policy:id" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+    <Description>The root policy for supporting onap.Guard policies.</Description>
+    <Target>
+        <AnyOf>
+            <AllOf>
+                <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+                    <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">guard</AttributeValue>
+                    <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+                </Match>
+            </AllOf>
+        </AnyOf>
+    </Target>
+    <!--
+
+    New Policies created from TOSCA policies can be stored like this.
+    
+    <PolicyIdReference>onap.scaleout.tca</PolicyIdReference>
+    <PolicySetIdReference>urn:oasis:names:tc:xacml:2.0:conformance-test:IIE001:policyset1</PolicySetIdReference>
+    -->
+    <Policy PolicyId="default" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny" >
+        <Description>Default is to allow a permit - returning 0 obligations</Description>
+        <Target/>
+        <Rule RuleId="default" Effect="Permit">
+            <Target/>
+        </Rule>
+    </Policy>
+</PolicySet>
+\ No newline at end of file
author	Pamela Dragosh <pdragosh@research.att.com>	2019-03-15 14:30:00 -0400
committer	Pamela Dragosh <pdragosh@research.att.com>	2019-03-18 12:25:32 -0400
commit	59c38b6b3dfbd43c876f85ffb1e4b484951ced44 (patch)
tree	99120b17e967d8497c03fb038c664fa0063b3871 /applications/guard/src/main
parent	934c39bcdb5ff9a095331f60ef1b279ec91875a9 (diff)