aboutsummaryrefslogtreecommitdiffstats
path: root/applications/guard/src/main
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2019-03-15 14:30:00 -0400
committerPamela Dragosh <pdragosh@research.att.com>2019-03-18 12:25:32 -0400
commit59c38b6b3dfbd43c876f85ffb1e4b484951ced44 (patch)
tree99120b17e967d8497c03fb038c664fa0063b3871 /applications/guard/src/main
parent934c39bcdb5ff9a095331f60ef1b279ec91875a9 (diff)
Started with test decision JSON objects.
Added new Policy Finder Factory that ONAP will use and got the code working with new policy/models (see other review which will have to be merged first). Added some new conversion methods to convert from a Xacml request to an Onap request. Added some property methods for XACML Properties objects and JUnit tests. Started filling in some Guard application details and combining code. Issue-ID: POLICY-1602 Change-Id: I5235b74f3b036dcf05779b655a03ac290d594354 Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'applications/guard/src/main')
-rw-r--r--applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java172
-rw-r--r--applications/guard/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider1
-rw-r--r--applications/guard/src/main/resources/RootGuardPolicy.xml28
3 files changed, 197 insertions, 4 deletions
diff --git a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java
index e8a51136..2717c279 100644
--- a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java
+++ b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java
@@ -22,18 +22,36 @@
package org.onap.policy.xacml.pdp.application.guard;
+import com.att.research.xacml.api.Request;
+import com.att.research.xacml.api.Response;
+import com.att.research.xacml.api.pdp.PDPEngine;
+import com.att.research.xacml.api.pdp.PDPException;
+import com.att.research.xacml.util.XACMLPolicyWriter;
import com.google.common.collect.Lists;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
import java.nio.file.Path;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Properties;
-import org.json.JSONObject;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
+
+import org.onap.policy.models.decisions.concepts.DecisionRequest;
+import org.onap.policy.models.decisions.concepts.DecisionResponse;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConverter;
import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider;
+import org.onap.policy.pdp.xacml.application.common.XacmlPolicyUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.yaml.snakeyaml.Yaml;
/**
* This class implements the onap.policies.controlloop.Guard policy implementations.
@@ -41,12 +59,14 @@ import org.slf4j.LoggerFactory;
* @author pameladragosh
*
*/
-public class GuardPdpApplication implements XacmlApplicationServiceProvider {
+public class GuardPdpApplication implements ToscaPolicyConverter, XacmlApplicationServiceProvider {
private static final Logger LOGGER = LoggerFactory.getLogger(GuardPdpApplication.class);
private static final String STRING_VERSION100 = "1.0.0";
private Map<String, String> supportedPolicyTypes = new HashMap<>();
private Path pathForData;
+ private Properties pdpProperties = null;
+ private PDPEngine pdpEngine = null;
/** Constructor.
*
@@ -69,10 +89,26 @@ public class GuardPdpApplication implements XacmlApplicationServiceProvider {
@Override
public void initialize(Path pathForData) {
//
- // Save the path
+ // Save our path
//
this.pathForData = pathForData;
LOGGER.debug("New Path is {}", this.pathForData.toAbsolutePath());
+ //
+ // Look for and load the properties object
+ //
+ try {
+ pdpProperties = XacmlPolicyUtils.loadXacmlProperties(XacmlPolicyUtils.getPropertiesPath(pathForData));
+ LOGGER.debug("{}", pdpProperties);
+ } catch (IOException e) {
+ LOGGER.error("{}", e);
+ }
+ //
+ // Create an engine
+ //
+ PDPEngine newEngine = XacmlPolicyUtils.createEngine(pdpProperties);
+ if (newEngine != null) {
+ pdpEngine = newEngine;
+ }
}
@Override
@@ -97,11 +133,139 @@ public class GuardPdpApplication implements XacmlApplicationServiceProvider {
@Override
public void loadPolicies(Map<String, Object> toscaPolicies) {
+ try {
+ //
+ // Convert the policies first
+ //
+ List<PolicyType> listPolicies = this.convertPolicies(toscaPolicies);
+ if (listPolicies.isEmpty()) {
+ throw new ToscaPolicyConversionException("Converted 0 policies");
+ }
+ } catch (ToscaPolicyConversionException e) {
+ LOGGER.error("Failed to loadPolicies {}", e);
+ }
+ }
+
+ @Override
+ public DecisionResponse makeDecision(DecisionRequest request) {
+ //
+ // Convert to a XacmlRequest
+ //
+ Request xacmlRequest = this.convertRequest(request);
+ //
+ // Now get a decision
+ //
+ Response xacmlResponse = this.xacmlDecision(xacmlRequest);
+ //
+ // Convert to a DecisionResponse
+ //
+ return this.convertResponse(xacmlResponse);
+ }
+
+ @Override
+ public List<PolicyType> convertPolicies(InputStream isToscaPolicy) throws ToscaPolicyConversionException {
+ //
+ // Have snakeyaml parse the object
+ //
+ Yaml yaml = new Yaml();
+ Map<String, Object> toscaObject = yaml.load(isToscaPolicy);
+ //
+ // Return the policies
+ //
+ return scanAndConvertPolicies(toscaObject);
+ }
+
+ @Override
+ public List<PolicyType> convertPolicies(Map<String, Object> toscaObject) throws ToscaPolicyConversionException {
+ //
+ // Return the policies
+ //
+ return scanAndConvertPolicies(toscaObject);
}
@Override
- public JSONObject makeDecision(JSONObject jsonSchema) {
+ public Request convertRequest(DecisionRequest request) {
+ // TODO Auto-generated method stub
return null;
}
+ @Override
+ public DecisionResponse convertResponse(Response response) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @SuppressWarnings("unchecked")
+ private List<PolicyType> scanAndConvertPolicies(Map<String, Object> toscaObject)
+ throws ToscaPolicyConversionException {
+ //
+ // Our return object
+ //
+ List<PolicyType> scannedPolicies = new ArrayList<>();
+ //
+ // Iterate each of the Policies
+ //
+ List<Object> policies = (List<Object>) toscaObject.get("policies");
+ for (Object policyObject : policies) {
+ //
+ // Get the contents
+ //
+ LOGGER.debug("Found policy {}", policyObject.getClass());
+ Map<String, Object> policyContents = (Map<String, Object>) policyObject;
+ for (Entry<String, Object> entrySet : policyContents.entrySet()) {
+ LOGGER.debug("Entry set {}", entrySet);
+ //
+ // Convert this policy
+ //
+ PolicyType policy = this.convertPolicy(entrySet);
+ try (ByteArrayOutputStream os = new ByteArrayOutputStream()) {
+ XACMLPolicyWriter.writePolicyFile(os, policy);
+ LOGGER.debug("{}", os);
+ } catch (IOException e) {
+ LOGGER.error("Failed to convert {}", e);
+ }
+ //
+ // Convert and add in the new policy
+ //
+ scannedPolicies.add(policy);
+ }
+ }
+
+ return scannedPolicies;
+ }
+
+ private PolicyType convertPolicy(Entry<String, Object> entrySet) throws ToscaPolicyConversionException {
+
+ return null;
+ }
+
+ /**
+ * Make a decision call.
+ *
+ * @param request Incoming request object
+ * @return Response object
+ */
+ private synchronized Response xacmlDecision(Request request) {
+ //
+ // This is what we need to return
+ //
+ Response response = null;
+ //
+ // Track some timing
+ //
+ long timeStart = System.currentTimeMillis();
+ try {
+ response = this.pdpEngine.decide(request);
+ } catch (PDPException e) {
+ LOGGER.error("Xacml PDP Engine failed {}", e);
+ } finally {
+ //
+ // Track the end of timing
+ //
+ long timeEnd = System.currentTimeMillis();
+ LOGGER.info("Elapsed Time: {}ms", (timeEnd - timeStart));
+ }
+ return response;
+ }
+
}
diff --git a/applications/guard/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider b/applications/guard/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider
new file mode 100644
index 00000000..93084459
--- /dev/null
+++ b/applications/guard/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider
@@ -0,0 +1 @@
+org.onap.policy.xacml.pdp.application.guard.GuardPdpApplication \ No newline at end of file
diff --git a/applications/guard/src/main/resources/RootGuardPolicy.xml b/applications/guard/src/main/resources/RootGuardPolicy.xml
new file mode 100644
index 00000000..f9f47265
--- /dev/null
+++ b/applications/guard/src/main/resources/RootGuardPolicy.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyCombiningAlgId="urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides" PolicySetId="urn:org:onap:guard:policy:id" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
+ <Description>The root policy for supporting onap.Guard policies.</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">guard</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <!--
+
+ New Policies created from TOSCA policies can be stored like this.
+
+ <PolicyIdReference>onap.scaleout.tca</PolicyIdReference>
+ <PolicySetIdReference>urn:oasis:names:tc:xacml:2.0:conformance-test:IIE001:policyset1</PolicySetIdReference>
+ -->
+ <Policy PolicyId="default" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny" >
+ <Description>Default is to allow a permit - returning 0 obligations</Description>
+ <Target/>
+ <Rule RuleId="default" Effect="Permit">
+ <Target/>
+ </Rule>
+ </Policy>
+</PolicySet> \ No newline at end of file