diff options
author | Pamela Dragosh <pdragosh@research.att.com> | 2019-03-15 14:30:00 -0400 |
---|---|---|
committer | Pamela Dragosh <pdragosh@research.att.com> | 2019-03-18 12:25:32 -0400 |
commit | 59c38b6b3dfbd43c876f85ffb1e4b484951ced44 (patch) | |
tree | 99120b17e967d8497c03fb038c664fa0063b3871 /applications/guard/src/main | |
parent | 934c39bcdb5ff9a095331f60ef1b279ec91875a9 (diff) |
Started with test decision JSON objects.
Added new Policy Finder Factory that ONAP will use and
got the code working with new policy/models (see other
review which will have to be merged first).
Added some new conversion methods to convert from a
Xacml request to an Onap request.
Added some property methods for XACML Properties objects
and JUnit tests.
Started filling in some Guard application details and
combining code.
Issue-ID: POLICY-1602
Change-Id: I5235b74f3b036dcf05779b655a03ac290d594354
Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'applications/guard/src/main')
3 files changed, 197 insertions, 4 deletions
diff --git a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java index e8a51136..2717c279 100644 --- a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java +++ b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java @@ -22,18 +22,36 @@ package org.onap.policy.xacml.pdp.application.guard; +import com.att.research.xacml.api.Request; +import com.att.research.xacml.api.Response; +import com.att.research.xacml.api.pdp.PDPEngine; +import com.att.research.xacml.api.pdp.PDPException; +import com.att.research.xacml.util.XACMLPolicyWriter; import com.google.common.collect.Lists; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; import java.nio.file.Path; +import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Map.Entry; +import java.util.Properties; -import org.json.JSONObject; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; + +import org.onap.policy.models.decisions.concepts.DecisionRequest; +import org.onap.policy.models.decisions.concepts.DecisionResponse; +import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; +import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConverter; import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider; +import org.onap.policy.pdp.xacml.application.common.XacmlPolicyUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.yaml.snakeyaml.Yaml; /** * This class implements the onap.policies.controlloop.Guard policy implementations. @@ -41,12 +59,14 @@ import org.slf4j.LoggerFactory; * @author pameladragosh * */ -public class GuardPdpApplication implements XacmlApplicationServiceProvider { +public class GuardPdpApplication implements ToscaPolicyConverter, XacmlApplicationServiceProvider { private static final Logger LOGGER = LoggerFactory.getLogger(GuardPdpApplication.class); private static final String STRING_VERSION100 = "1.0.0"; private Map<String, String> supportedPolicyTypes = new HashMap<>(); private Path pathForData; + private Properties pdpProperties = null; + private PDPEngine pdpEngine = null; /** Constructor. * @@ -69,10 +89,26 @@ public class GuardPdpApplication implements XacmlApplicationServiceProvider { @Override public void initialize(Path pathForData) { // - // Save the path + // Save our path // this.pathForData = pathForData; LOGGER.debug("New Path is {}", this.pathForData.toAbsolutePath()); + // + // Look for and load the properties object + // + try { + pdpProperties = XacmlPolicyUtils.loadXacmlProperties(XacmlPolicyUtils.getPropertiesPath(pathForData)); + LOGGER.debug("{}", pdpProperties); + } catch (IOException e) { + LOGGER.error("{}", e); + } + // + // Create an engine + // + PDPEngine newEngine = XacmlPolicyUtils.createEngine(pdpProperties); + if (newEngine != null) { + pdpEngine = newEngine; + } } @Override @@ -97,11 +133,139 @@ public class GuardPdpApplication implements XacmlApplicationServiceProvider { @Override public void loadPolicies(Map<String, Object> toscaPolicies) { + try { + // + // Convert the policies first + // + List<PolicyType> listPolicies = this.convertPolicies(toscaPolicies); + if (listPolicies.isEmpty()) { + throw new ToscaPolicyConversionException("Converted 0 policies"); + } + } catch (ToscaPolicyConversionException e) { + LOGGER.error("Failed to loadPolicies {}", e); + } + } + + @Override + public DecisionResponse makeDecision(DecisionRequest request) { + // + // Convert to a XacmlRequest + // + Request xacmlRequest = this.convertRequest(request); + // + // Now get a decision + // + Response xacmlResponse = this.xacmlDecision(xacmlRequest); + // + // Convert to a DecisionResponse + // + return this.convertResponse(xacmlResponse); + } + + @Override + public List<PolicyType> convertPolicies(InputStream isToscaPolicy) throws ToscaPolicyConversionException { + // + // Have snakeyaml parse the object + // + Yaml yaml = new Yaml(); + Map<String, Object> toscaObject = yaml.load(isToscaPolicy); + // + // Return the policies + // + return scanAndConvertPolicies(toscaObject); + } + + @Override + public List<PolicyType> convertPolicies(Map<String, Object> toscaObject) throws ToscaPolicyConversionException { + // + // Return the policies + // + return scanAndConvertPolicies(toscaObject); } @Override - public JSONObject makeDecision(JSONObject jsonSchema) { + public Request convertRequest(DecisionRequest request) { + // TODO Auto-generated method stub return null; } + @Override + public DecisionResponse convertResponse(Response response) { + // TODO Auto-generated method stub + return null; + } + + @SuppressWarnings("unchecked") + private List<PolicyType> scanAndConvertPolicies(Map<String, Object> toscaObject) + throws ToscaPolicyConversionException { + // + // Our return object + // + List<PolicyType> scannedPolicies = new ArrayList<>(); + // + // Iterate each of the Policies + // + List<Object> policies = (List<Object>) toscaObject.get("policies"); + for (Object policyObject : policies) { + // + // Get the contents + // + LOGGER.debug("Found policy {}", policyObject.getClass()); + Map<String, Object> policyContents = (Map<String, Object>) policyObject; + for (Entry<String, Object> entrySet : policyContents.entrySet()) { + LOGGER.debug("Entry set {}", entrySet); + // + // Convert this policy + // + PolicyType policy = this.convertPolicy(entrySet); + try (ByteArrayOutputStream os = new ByteArrayOutputStream()) { + XACMLPolicyWriter.writePolicyFile(os, policy); + LOGGER.debug("{}", os); + } catch (IOException e) { + LOGGER.error("Failed to convert {}", e); + } + // + // Convert and add in the new policy + // + scannedPolicies.add(policy); + } + } + + return scannedPolicies; + } + + private PolicyType convertPolicy(Entry<String, Object> entrySet) throws ToscaPolicyConversionException { + + return null; + } + + /** + * Make a decision call. + * + * @param request Incoming request object + * @return Response object + */ + private synchronized Response xacmlDecision(Request request) { + // + // This is what we need to return + // + Response response = null; + // + // Track some timing + // + long timeStart = System.currentTimeMillis(); + try { + response = this.pdpEngine.decide(request); + } catch (PDPException e) { + LOGGER.error("Xacml PDP Engine failed {}", e); + } finally { + // + // Track the end of timing + // + long timeEnd = System.currentTimeMillis(); + LOGGER.info("Elapsed Time: {}ms", (timeEnd - timeStart)); + } + return response; + } + } diff --git a/applications/guard/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider b/applications/guard/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider new file mode 100644 index 00000000..93084459 --- /dev/null +++ b/applications/guard/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider @@ -0,0 +1 @@ +org.onap.policy.xacml.pdp.application.guard.GuardPdpApplication
\ No newline at end of file diff --git a/applications/guard/src/main/resources/RootGuardPolicy.xml b/applications/guard/src/main/resources/RootGuardPolicy.xml new file mode 100644 index 00000000..f9f47265 --- /dev/null +++ b/applications/guard/src/main/resources/RootGuardPolicy.xml @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides" PolicySetId="urn:org:onap:guard:policy:id" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd"> + <Description>The root policy for supporting onap.Guard policies.</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">guard</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <!-- + + New Policies created from TOSCA policies can be stored like this. + + <PolicyIdReference>onap.scaleout.tca</PolicyIdReference> + <PolicySetIdReference>urn:oasis:names:tc:xacml:2.0:conformance-test:IIE001:policyset1</PolicySetIdReference> + --> + <Policy PolicyId="default" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny" > + <Description>Default is to allow a permit - returning 0 obligations</Description> + <Target/> + <Rule RuleId="default" Effect="Permit"> + <Target/> + </Rule> + </Policy> +</PolicySet>
\ No newline at end of file |