summaryrefslogtreecommitdiffstats
path: root/applications/monitoring/src
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2019-03-09 11:48:44 -0500
committerPamela Dragosh <pdragosh@research.att.com>2019-03-15 08:54:05 -0400
commitb909b14fe88c5fe8f096cf8b471a2aa799d84739 (patch)
tree19de65fff7618bfad91acb0b803210a93dbb86cd /applications/monitoring/src
parent4b2ef1a5a9bf92aeb7edc1512f7a6cd8e1be99d8 (diff)
Monitoring policy creation foundation
Upgrde to xacml v2.0.0 release artifact. Some re-arrangement of classes. New class to support a common dictionary among the monitoring applications. I may move it to a common under the main since some of the values are shareable. Created application service provider, so the XACML main knows what policy types are pre-loaded and can report them back to the PAP. struggled with cucumber, which does not create TemporaryFolder although the documentation says its supported. Added a new Policy Finder specific to ONAP which does quicker job to load policies. Issue-ID: POLICY-1273 Change-Id: I4af15a64da3b42d48f29809710421b1649625adc Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'applications/monitoring/src')
-rw-r--r--applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java514
-rw-r--r--applications/monitoring/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider1
-rw-r--r--applications/monitoring/src/main/resources/RootMonitoringPolicy.xml40
-rw-r--r--applications/monitoring/src/test/java/cucumber/Stepdefs.java203
-rw-r--r--applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngineTest.java296
-rw-r--r--applications/monitoring/src/test/resources/cucumber/decisions.feature14
-rw-r--r--applications/monitoring/src/test/resources/cucumber/load_policy.feature35
-rw-r--r--applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.1.yaml10
-rw-r--r--applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.2.yaml10
-rw-r--r--applications/monitoring/src/test/resources/test.monitoring.policy.missingmetadata.yaml9
-rw-r--r--applications/monitoring/src/test/resources/test.monitoring.policy.missingproperties.yaml9
-rw-r--r--applications/monitoring/src/test/resources/test.monitoring.policy.missingtype.yaml11
-rw-r--r--applications/monitoring/src/test/resources/test.monitoring.policy.missingversion.yaml11
-rw-r--r--applications/monitoring/src/test/resources/unsupportedpolicytype.yaml11
-rw-r--r--applications/monitoring/src/test/resources/vDNS.policy.decision.payload.json0
-rw-r--r--applications/monitoring/src/test/resources/vDNS.policy.input.yaml1
-rw-r--r--applications/monitoring/src/test/resources/vDNS.policy.xml44
-rw-r--r--applications/monitoring/src/test/resources/xacml.properties34
18 files changed, 1209 insertions, 44 deletions
diff --git a/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java b/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java
index c6719ecb..6c53566a 100644
--- a/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java
+++ b/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java
@@ -22,6 +22,518 @@
package org.onap.policy.xacml.pdp.engine;
-public class OnapXacmlPdpEngine {
+import com.att.research.xacml.api.Request;
+import com.att.research.xacml.api.Response;
+import com.att.research.xacml.api.XACML3;
+import com.att.research.xacml.api.pdp.PDPEngine;
+import com.att.research.xacml.api.pdp.PDPEngineFactory;
+import com.att.research.xacml.api.pdp.PDPException;
+import com.att.research.xacml.util.FactoryException;
+import com.att.research.xacml.util.XACMLPolicyScanner;
+import com.att.research.xacml.util.XACMLProperties;
+import com.google.common.collect.Lists;
+
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Properties;
+import java.util.Set;
+
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpressionType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionsType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
+
+import org.json.JSONObject;
+import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConverter;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConverterUtils;
+import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider;
+import org.onap.policy.pdp.xacml.application.common.XacmlUpdatePolicyUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.yaml.snakeyaml.Yaml;
+
+/**
+ * This is the engine class that manages the instance of the XACML PDP engine.
+ *
+ * <p>It is responsible for initializing it and shutting it down properly in a thread-safe manner.
+ *
+ *
+ * @author pameladragosh
+ *
+ */
+public class OnapXacmlPdpEngine implements ToscaPolicyConverter, XacmlApplicationServiceProvider {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(OnapXacmlPdpEngine.class);
+ private static final String ONAP_MONITORING_BASE_POLICY_TYPE = "onap.Monitoring";
+ private static final String ONAP_MONITORING_DERIVED_POLICY_TYPE = "onap.policies.monitoring";
+
+
+ private Path pathForData = null;
+ private Properties pdpProperties = null;
+ private PDPEngine pdpEngine = null;
+ private Map<String, String> supportedPolicyTypes = new HashMap<>();
+
+ /**
+ * Constructor.
+ */
+ public OnapXacmlPdpEngine() {
+ //
+ // By default this supports just Monitoring policy types
+ //
+ supportedPolicyTypes.put(ONAP_MONITORING_BASE_POLICY_TYPE, "1.0.0");
+ }
+
+ /**
+ * Load properties from given file.
+ *
+ * @param location Path and filename
+ * @throws IOException If unable to read file
+ */
+ public synchronized void loadXacmlProperties(String location) throws IOException {
+ try (InputStream is = new FileInputStream(location)) {
+ pdpProperties.load(is);
+ }
+ }
+
+ /**
+ * Stores the XACML Properties to the given file location.
+ *
+ * @param location File location including name
+ * @throws IOException If unable to store the file.
+ */
+ public synchronized void storeXacmlProperties(String location) throws IOException {
+ try (OutputStream os = new FileOutputStream(location)) {
+ String strComments = "#";
+ pdpProperties.store(os, strComments);
+ }
+ }
+
+ /**
+ * Make a decision call.
+ *
+ * @param request Incoming request object
+ * @return Response object
+ */
+ public synchronized Response decision(Request request) {
+ //
+ // This is what we need to return
+ //
+ Response response = null;
+ //
+ // Track some timing
+ //
+ long timeStart = System.currentTimeMillis();
+ try {
+ response = this.pdpEngine.decide(request);
+ } catch (PDPException e) {
+ LOGGER.error("{}", e);
+ } finally {
+ //
+ // Track the end of timing
+ //
+ long timeEnd = System.currentTimeMillis();
+ LOGGER.info("Elapsed Time: {}ms", (timeEnd - timeStart));
+ }
+ return response;
+ }
+
+ @Override
+ public String applicationName() {
+ return "Monitoring Application";
+ }
+
+ @Override
+ public List<String> actionDecisionsSupported() {
+ return Arrays.asList("configure");
+ }
+
+ @Override
+ public synchronized void initialize(Path pathForData) {
+ //
+ // Save our path
+ //
+ this.pathForData = pathForData;
+ LOGGER.debug("New Path is {}", this.pathForData.toAbsolutePath());
+ //
+ // Look for and load the properties object
+ //
+ Path propertyPath = Paths.get(this.pathForData.toAbsolutePath().toString(), "xacml.properties");
+ LOGGER.debug("Looking for {}", propertyPath.toAbsolutePath());
+ try (InputStream is = new FileInputStream(propertyPath.toAbsolutePath().toString()) ) {
+ //
+ // Create a new properties object
+ //
+ pdpProperties = new Properties();
+ //
+ // Load it with our values
+ //
+ pdpProperties.load(is);
+ LOGGER.debug("{}", pdpProperties);
+ } catch (IOException e) {
+ LOGGER.error("{}", e);
+ }
+ //
+ // Now initialize the XACML PDP Engine
+ //
+ try {
+ PDPEngineFactory factory = PDPEngineFactory.newInstance();
+ this.pdpEngine = factory.newEngine(pdpProperties);
+ } catch (FactoryException e) {
+ LOGGER.error("{}", e);
+ }
+ }
+
+ @Override
+ public synchronized List<String> supportedPolicyTypes() {
+ return Lists.newArrayList(supportedPolicyTypes.keySet());
+ }
+
+ @Override
+ public boolean canSupportPolicyType(String policyType, String policyTypeVersion) {
+ //
+ // For Monitoring, we will attempt to support all versions
+ // of the policy type. Since we are only packaging a decision
+ // back with a JSON payload of the property contents.
+ //
+ return (policyType.equals(ONAP_MONITORING_BASE_POLICY_TYPE)
+ || policyType.startsWith(ONAP_MONITORING_DERIVED_POLICY_TYPE));
+ }
+
+ @Override
+ public synchronized void loadPolicies(Map<String, Object> toscaPolicies) {
+ //
+ //
+ //
+ try {
+ //
+ // Convert the policies first
+ //
+ List<PolicyType> listPolicies = this.convertPolicies(toscaPolicies);
+ if (listPolicies.isEmpty()) {
+ throw new ToscaPolicyConversionException("Converted 0 policies");
+ }
+ //
+ // Read in our Root Policy
+ //
+ Set<String> roots = XACMLProperties.getRootPolicyIDs(pdpProperties);
+ if (roots.isEmpty()) {
+ throw new ToscaPolicyConversionException("There are NO root policies defined");
+ }
+ //
+ // Really only should be one
+ //
+ String rootFile = pdpProperties.getProperty(roots.iterator().next() + ".file");
+ try (InputStream is = new FileInputStream(rootFile)) {
+ Object policyData = XACMLPolicyScanner.readPolicy(is);
+ //
+ // Should be a PolicySet
+ //
+ if (policyData instanceof PolicySetType) {
+ PolicyType[] newPolicies = listPolicies.toArray(new PolicyType[listPolicies.size()]);
+ PolicySetType newRootPolicy =
+ XacmlUpdatePolicyUtils.updateXacmlRootPolicy((PolicySetType) policyData, newPolicies);
+ //
+ // Save the new Policies to disk
+ //
+
+ //
+ // Save the root policy to disk
+ //
+
+ //
+ // Update properties to declare the referenced policies
+ //
+
+ //
+ // Write the policies to disk
+ //
+
+ } else {
+ throw new ToscaPolicyConversionException("Root policy isn't a PolicySet");
+ }
+ }
+ //
+ // Add to the root policy
+ //
+ } catch (IOException | ToscaPolicyConversionException e) {
+ LOGGER.error("Failed to loadPolicies {}", e);
+ }
+ }
+
+ @Override
+ public synchronized JSONObject makeDecision(JSONObject jsonSchema) {
+ return null;
+ }
+
+ @Override
+ public List<PolicyType> convertPolicies(Map<String, Object> toscaObject) throws ToscaPolicyConversionException {
+ //
+ // Return the policies
+ //
+ return scanAndConvertPolicies(toscaObject);
+ }
+
+ @Override
+ public List<PolicyType> convertPolicies(InputStream isToscaPolicy) throws ToscaPolicyConversionException {
+ //
+ // Have snakeyaml parse the object
+ //
+ Yaml yaml = new Yaml();
+ Map<String, Object> toscaObject = yaml.load(isToscaPolicy);
+ //
+ // Return the policies
+ //
+ return scanAndConvertPolicies(toscaObject);
+ }
+
+ @SuppressWarnings("unchecked")
+ private List<PolicyType> scanAndConvertPolicies(Map<String, Object> toscaObject)
+ throws ToscaPolicyConversionException {
+ //
+ // Our return object
+ //
+ List<PolicyType> scannedPolicies = new ArrayList<>();
+ //
+ // Iterate each of the Policies
+ //
+ List<Object> policies = (List<Object>) toscaObject.get("policies");
+ for (Object policyObject : policies) {
+ //
+ // Get the contents
+ //
+ LOGGER.debug("Found policy {}", policyObject.getClass());
+ Map<String, Object> policyContents = (Map<String, Object>) policyObject;
+ for (Entry<String, Object> entrySet : policyContents.entrySet()) {
+ LOGGER.info("Entry set {}", entrySet);
+ //
+ // Convert this policy
+ //
+ PolicyType policy = this.convertPolicy(entrySet);
+ //
+ // Convert and add in the new policy
+ //
+ scannedPolicies.add(policy);
+ }
+ }
+
+ return scannedPolicies;
+ }
+
+ @SuppressWarnings("unchecked")
+ private PolicyType convertPolicy(Entry<String, Object> entrySet) throws ToscaPolicyConversionException {
+ //
+ // Policy name should be at the root
+ //
+ String policyName = entrySet.getKey();
+ Map<String, Object> policyDefinition = (Map<String, Object>) entrySet.getValue();
+ //
+ // Set it as the policy ID
+ //
+ PolicyType newPolicyType = new PolicyType();
+ newPolicyType.setPolicyId(policyName);
+ //
+ // Optional description
+ //
+ if (policyDefinition.containsKey("description")) {
+ newPolicyType.setDescription(policyDefinition.get("description").toString());
+ }
+ //
+ // There should be a metadata section
+ //
+ if (! policyDefinition.containsKey("metadata")) {
+ throw new ToscaPolicyConversionException(policyName + " missing metadata section");
+ }
+ this.fillMetadataSection(newPolicyType,
+ (Map<String, Object>) policyDefinition.get("metadata"));
+ //
+ // Set the combining rule
+ //
+ newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_FIRST_APPLICABLE.stringValue());
+ //
+ // Generate the TargetType
+ //
+ //
+ // There should be a metadata section
+ //
+ if (! policyDefinition.containsKey("type")) {
+ throw new ToscaPolicyConversionException(policyName + " missing type value");
+ }
+ if (! policyDefinition.containsKey("version")) {
+ throw new ToscaPolicyConversionException(policyName + " missing version value");
+ }
+ TargetType target = this.generateTargetType(policyName,
+ policyDefinition.get("type").toString(),
+ policyDefinition.get("version").toString());
+ newPolicyType.setTarget(target);
+ //
+ // Now create the Permit Rule
+ // No target since the policy has a target
+ // With obligations.
+ //
+ RuleType rule = new RuleType();
+ rule.setDescription("Default is to PERMIT if the policy matches.");
+ rule.setRuleId(policyName + ":rule");
+ rule.setEffect(EffectType.PERMIT);
+ rule.setTarget(new TargetType());
+ //
+ // There should be properties section - this data ends up as a
+ // JSON BLOB that is returned back to calling application.
+ //
+ if (! policyDefinition.containsKey("properties")) {
+ throw new ToscaPolicyConversionException(policyName + " missing properties section");
+ }
+ addObligation(rule,
+ (Map<String, Object>) policyDefinition.get("properties"));
+ //
+ // Add the rule to the policy
+ //
+ newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
+ //
+ // Return our new policy
+ //
+ return newPolicyType;
+ }
+
+ /**
+ * From the TOSCA metadata section, pull in values that are needed into the XACML policy.
+ *
+ * @param policy Policy Object to store the metadata
+ * @param metadata The Metadata TOSCA Map
+ * @return Same Policy Object
+ * @throws ToscaPolicyConversionException If there is something missing from the metadata
+ */
+ private PolicyType fillMetadataSection(PolicyType policy,
+ Map<String, Object> metadata) throws ToscaPolicyConversionException {
+ if (! metadata.containsKey("policy-id")) {
+ throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-id");
+ } else {
+ //
+ // Do nothing here - the XACML PolicyId is used from TOSCA Policy Name field
+ //
+ }
+ if (! metadata.containsKey("policy-version")) {
+ throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-version");
+ } else {
+ //
+ // Add in the Policy Version
+ //
+ policy.setVersion(metadata.get("policy-version").toString());
+ }
+ return policy;
+ }
+
+ private TargetType generateTargetType(String policyId, String policyType, String policyTypeVersion) {
+ //
+ // Create all the match's that are possible
+ //
+ // This is for the Policy Id
+ //
+ MatchType matchPolicyId = ToscaPolicyConverterUtils.buildMatchTypeDesignator(
+ XACML3.ID_FUNCTION_STRING_EQUAL,
+ policyId,
+ XACML3.ID_DATATYPE_STRING,
+ ToscaDictionary.ID_RESOURCE_POLICY_ID,
+ XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
+ //
+ // This is for the Policy Type
+ //
+ MatchType matchPolicyType = ToscaPolicyConverterUtils.buildMatchTypeDesignator(
+ XACML3.ID_FUNCTION_STRING_EQUAL,
+ policyType,
+ XACML3.ID_DATATYPE_STRING,
+ ToscaDictionary.ID_RESOURCE_POLICY_TYPE,
+ XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
+ //
+ // This is for the Policy Type version
+ //
+ MatchType matchPolicyTypeVersion = ToscaPolicyConverterUtils.buildMatchTypeDesignator(
+ XACML3.ID_FUNCTION_STRING_EQUAL,
+ policyTypeVersion,
+ XACML3.ID_DATATYPE_STRING,
+ ToscaDictionary.ID_RESOURCE_POLICY_TYPE_VERSION,
+ XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
+ //
+ // This is our outer AnyOf - which is an OR
+ //
+ AnyOfType anyOf = new AnyOfType();
+ //
+ // Create AllOf (AND) of just Policy Id
+ //
+ anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyId));
+ //
+ // Create AllOf (AND) of just Policy Type
+ //
+ anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyType));
+ //
+ // Create AllOf (AND) of Policy Type and Policy Type Version
+ //
+ anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyType, matchPolicyTypeVersion));
+ //
+ // Now we can create the TargetType, add the top-level anyOf (OR),
+ // and return the value.
+ //
+ TargetType target = new TargetType();
+ target.getAnyOf().add(anyOf);
+ return target;
+ }
+
+ private RuleType addObligation(RuleType rule, Map<String, Object> properties) {
+ //
+ // Convert the YAML Policy to JSON Object
+ //
+ JSONObject jsonObject = new JSONObject(properties);
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug("JSON conversion {}{}", System.lineSeparator(), jsonObject);
+ }
+ //
+ // Create an AttributeValue for it
+ //
+ AttributeValueType value = new AttributeValueType();
+ value.setDataType(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_DATATYPE.stringValue());
+ value.getContent().add(jsonObject.toString());
+ //
+ // Create our AttributeAssignmentExpression where we will
+ // store the contents of the policy in JSON format.
+ //
+ AttributeAssignmentExpressionType expressionType = new AttributeAssignmentExpressionType();
+ expressionType.setAttributeId(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS.stringValue());
+ ObjectFactory factory = new ObjectFactory();
+ expressionType.setExpression(factory.createAttributeValue(value));
+ //
+ // Create an ObligationExpression for it
+ //
+ ObligationExpressionType obligation = new ObligationExpressionType();
+ obligation.setFulfillOn(EffectType.PERMIT);
+ obligation.setObligationId(ToscaDictionary.ID_OBLIGATION_REST_BODY.stringValue());
+ obligation.getAttributeAssignmentExpression().add(expressionType);
+ //
+ // Now we can add it into the rule
+ //
+ ObligationExpressionsType obligations = new ObligationExpressionsType();
+ obligations.getObligationExpression().add(obligation);
+ rule.setObligationExpressions(obligations);
+ return rule;
+ }
}
diff --git a/applications/monitoring/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider b/applications/monitoring/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider
new file mode 100644
index 00000000..5c8dd5e6
--- /dev/null
+++ b/applications/monitoring/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider
@@ -0,0 +1 @@
+org.onap.policy.xacml.pdp.engine.OnapXacmlPdpEngine \ No newline at end of file
diff --git a/applications/monitoring/src/main/resources/RootMonitoringPolicy.xml b/applications/monitoring/src/main/resources/RootMonitoringPolicy.xml
index 3ac716e8..33b28815 100644
--- a/applications/monitoring/src/main/resources/RootMonitoringPolicy.xml
+++ b/applications/monitoring/src/main/resources/RootMonitoringPolicy.xml
@@ -1,5 +1,5 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:org:onap:monitoring:policy:id" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyCombiningAlgId="urn:com:att:xacml:3.0:policy-combining-algorithm:combined-deny-overrides" PolicySetId="urn:org:onap:monitoring:policy:id" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
<Description>The root policy for supporting in-memory onap.Monitoring policy-type policies.</Description>
<Target>
<AnyOf>
@@ -19,24 +19,18 @@
</AllOf>
</AnyOf>
</Target>
- <Rule RuleId="urn:org:onap:xacml:rule:id:da3338f3-8a9d-4bc7-8266-35b886516354" Effect="Permit">
- <Description>PERMIT - TO BE FILLED IN</Description>
- <Target>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">John</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- </Target>
- </Rule>
- <Rule RuleId="urn:org:onap:xacml:rule:id:74caee98-bd05-4bb5-917c-a26ef80bb0f4" Effect="Deny">
- <Description>Default is DENY</Description>
- </Rule>
-</Policy>
+ <!--
+
+ New Policies created from TOSCA policies can be stored like this.
+
+ <PolicyIdReference>onap.scaleout.tca</PolicyIdReference>
+ <PolicySetIdReference>urn:oasis:names:tc:xacml:2.0:conformance-test:IIE001:policyset1</PolicySetIdReference>
+ -->
+ <Policy PolicyId="default" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny" >
+ <Description>Default is to allow a permit - returning 0 obligations</Description>
+ <Target/>
+ <Rule RuleId="default" Effect="Permit">
+ <Target/>
+ </Rule>
+ </Policy>
+</PolicySet> \ No newline at end of file
diff --git a/applications/monitoring/src/test/java/cucumber/Stepdefs.java b/applications/monitoring/src/test/java/cucumber/Stepdefs.java
index 6915afdb..ca5efa46 100644
--- a/applications/monitoring/src/test/java/cucumber/Stepdefs.java
+++ b/applications/monitoring/src/test/java/cucumber/Stepdefs.java
@@ -22,27 +22,204 @@
package cucumber;
+import com.att.research.xacml.std.annotations.XACMLAction;
+import com.att.research.xacml.std.annotations.XACMLRequest;
+import com.att.research.xacml.std.annotations.XACMLResource;
+import com.att.research.xacml.std.annotations.XACMLSubject;
+
import cucumber.api.java.en.Given;
import cucumber.api.java.en.Then;
import cucumber.api.java.en.When;
+import org.junit.ClassRule;
+import org.junit.rules.TemporaryFolder;
+
public class Stepdefs {
- @Given("TCA Policy is loaded")
- public void tca_Policy_is_loaded() {
- // Write code here that turns the phrase above into concrete actions
- throw new cucumber.api.PendingException();
+ /*
+
+ private static final Logger logger = LoggerFactory.getLogger(Stepdefs.class);
+
+ public static OnapXacmlPdpEngine onapPdpEngine;
+ public static Properties properties;
+ public static Map<String, Object> tcaPolicy;
+ public static Request request;
+ public static File pathProperties;
+ public static File pathRootPolicy;
+
+ /**
+ * Temporary folder where we will store newly created policies.
+ */
+ @ClassRule
+ public TemporaryFolder policyFolder = new TemporaryFolder();
+
+ /**
+ * This is a simple annotation class to simulate
+ * requests coming in.
+ */
+ @XACMLRequest(ReturnPolicyIdList = true)
+ public class MyXacmlRequest {
+
+ @XACMLSubject(includeInResults = true)
+ String onapName = "DCAE";
+
+ @XACMLResource(includeInResults = true)
+ String resource = "onap.policies.Monitoring";
+
+ @XACMLAction()
+ String action = "configure";
+ }
+
+ /**
+ * Initialization.
+ */
+ @Given("Initialization")
+ public void initialization() {
+ /*
+ //
+ // Everything initializes upon startup
+ //
+ assertThatCode(() -> {
+ //
+ // Assume XACML REST Controller loads PDP engine
+ //
+ onapPdpEngine = new OnapXacmlPdpEngine();
+ //
+ // Come up with defaults
+ //
+ File path = Paths.get("src/test/resources").toFile();
+ /*
+ // try (InputStream is = new FileInputStream("src/test/resources/xacml.properties")) {
+ // properties = new Properties();
+ // properties.load(is);
+ // onapPdpEngine.initializeEngine(properties);
+// }
+ onapPdpEngine.initialize(path.toPath());
+ //
+ // Store the properties in new path
+ //
+ // JUNIT IS CRASHING - THE TEMP FOLDER NOT CREATED -->
+ //pathProperties = policyFolder.newFile("xacml.properties");
+ //
+ // Store the root policies
+ //
+ for (String rootPolicyId : XACMLProperties.getRootPolicyIDs(properties)) {
+ logger.debug("Root policy id: " + rootPolicyId);
+ }
+
+ }).doesNotThrowAnyException();
+ */
+ }
+
+ /**
+ * Initialization.
+ */
+ @When("Decision Requested")
+ public void decision_Requested() {
+ /*
+ //
+ // Simulate a request coming in from Xacml REST server
+ //
+ assertThatCode(() -> {
+ request = RequestParser.parseRequest(new MyXacmlRequest());
+ }).doesNotThrowAnyException();
+ */
+ }
+
+ /**
+ * Initialization.
+ */
+ @Then("Decision Permit {int} Obligations")
+ public void decision_Permit_Obligations(Integer int1) {
+ /*
+ Response response = onapPdpEngine.decision(request);
+ for (Result result : response.getResults()) {
+ logger.debug(result.getDecision().toString());
+ assertEquals(Decision.PERMIT, result.getDecision());
+ assertThat(result.getObligations().size()).isEqualTo(int1);
+ }
+ */
+ }
+
+ /**
+ * Initialization.
+ */
+ @When("The application gets new Tosca Policy")
+ public void the_application_gets_new_Tosca_Policy() {
+ /*
+ //
+ // The Xacml PDP REST controller Would receive this from the PAP
+ //
+ // And then parse it looking for Policy Types
+ //
+ assertThatCode(() -> {
+ try (InputStream is = new FileInputStream("src/test/resources/vDNS.policy.input.yaml")) {
+ Yaml yaml = new Yaml();
+ tcaPolicy = yaml.load(is);
+ //
+ // Do we test iterating and determining if supported?
+ //
+
+ }
+ }).doesNotThrowAnyException();
+ */
}
- @When("A Decision Request is received")
- public void a_Decision_Request_is_received() {
- // Write code here that turns the phrase above into concrete actions
- throw new cucumber.api.PendingException();
+ /**
+ * Initialization.
+ */
+ @Then("Load Policy")
+ public void load_Policy() {
+ /*
+ assertThatCode(() -> {
+ //
+ // Load the policies
+ //
+ List<PolicyType> convertedPolicies = onapPdpEngine.convertPolicies(tcaPolicy);
+ //
+ // Store these in temporary folder
+ //
+ int id = 1;
+ List<Path> newReferencedPolicies = new ArrayList<>();
+ for (PolicyType convertedPolicy : convertedPolicies) {
+ //
+ // I don't think we should use the policy id as the filename - there could
+ // possibly be duplicates. eg. Not guaranteed to be unique.
+ //
+ File file = policyFolder.newFile("policy." + id + convertedPolicy.getPolicyId() + ".xml");
+ logger.info("Creating Policy {}", file.getAbsolutePath());
+ Path path = XACMLPolicyWriter.writePolicyFile(file.toPath(), convertedPolicy);
+ //
+ // Add it to our list
+ //
+ newReferencedPolicies.add(path);
+ }
+ //
+ // Now updated the properties
+ //
+ Path[] args = new Path[newReferencedPolicies.size()];
+ newReferencedPolicies.toArray(args);
+ XACMLProperties.setXacmlReferencedProperties(properties, args);
+ //
+ // Reload the PDP engine
+ //
+ onapPdpEngine.initializeEngine(properties);
+ }).doesNotThrowAnyException();
+ */
}
- @Then("I should return TCA Policy as JSON")
- public void i_should_return_TCA_Policy_as_JSON() {
- // Write code here that turns the phrase above into concrete actions
- throw new cucumber.api.PendingException();
+ /**
+ * Initialization.
+ */
+ @Then("Save Configuration")
+ public void save_Configuration() {
+ /*
+ assertThatCode(() -> {
+ //
+ // Save the configuration
+ //
+ onapPdpEngine.storeXacmlProperties(pathProperties.getAbsolutePath());
+ }).doesNotThrowAnyException();
+ */
}
-}
+} \ No newline at end of file
diff --git a/applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngineTest.java b/applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngineTest.java
new file mode 100644
index 00000000..940a974b
--- /dev/null
+++ b/applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngineTest.java
@@ -0,0 +1,296 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.xacml.pdp.engine;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.junit.Assert.assertEquals;
+
+import com.att.research.xacml.api.Decision;
+import com.att.research.xacml.api.Response;
+import com.att.research.xacml.api.Result;
+import com.att.research.xacml.std.annotations.RequestParser;
+import com.att.research.xacml.std.annotations.XACMLAction;
+import com.att.research.xacml.std.annotations.XACMLRequest;
+import com.att.research.xacml.std.annotations.XACMLResource;
+import com.att.research.xacml.std.annotations.XACMLSubject;
+import com.att.research.xacml.util.XACMLProperties;
+import com.google.common.io.Files;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Properties;
+import java.util.ServiceLoader;
+
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
+import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.yaml.snakeyaml.Yaml;
+
+public class OnapXacmlPdpEngineTest {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(OnapXacmlPdpEngineTest.class);
+ private static OnapXacmlPdpEngine onapPdpEngine;
+ private static Properties properties = new Properties();
+ private static File propertiesFile;
+
+ @ClassRule
+ public static final TemporaryFolder policyFolder = new TemporaryFolder();
+
+ /**
+ * This is a simple annotation class to simulate
+ * requests coming in.
+ */
+ @XACMLRequest(ReturnPolicyIdList = true)
+ public class MyXacmlRequest {
+
+ @XACMLSubject(includeInResults = true)
+ String onapName = "DCAE";
+
+ @XACMLResource(includeInResults = true)
+ String resource = "onap.policies.Monitoring";
+
+ @XACMLAction()
+ String action = "configure";
+ }
+
+ /**
+ * Load a test engine.
+ */
+ @BeforeClass
+ public static void setup() {
+ assertThatCode(() -> {
+ //
+ // Copy all the properties and root policies to the temporary folder
+ //
+ try (InputStream is = new FileInputStream("src/test/resources/xacml.properties")) {
+ //
+ // Load it in
+ //
+ properties.load(is);
+ propertiesFile = policyFolder.newFile("xacml.properties");
+ //
+ // Copy the root policies
+ //
+ for (String root : XACMLProperties.getRootPolicyIDs(properties)) {
+ //
+ // Get a file
+ //
+ Path rootPath = Paths.get(properties.getProperty(root + ".file"));
+ LOGGER.debug("Root file {} {}", rootPath, rootPath.getFileName());
+ //
+ // Construct new file name
+ //
+ File newRootPath = policyFolder.newFile(rootPath.getFileName().toString());
+ //
+ // Copy it
+ //
+ Files.copy(rootPath.toFile(), newRootPath);
+ assertThat(newRootPath).exists();
+ //
+ // Point to where the new policy is in the temp dir
+ //
+ properties.setProperty(root + ".file", newRootPath.getAbsolutePath());
+ }
+ try (OutputStream os = new FileOutputStream(propertiesFile.getAbsolutePath())) {
+ properties.store(os, "");
+ assertThat(propertiesFile).exists();
+ }
+ }
+ //
+ // Load service
+ //
+ ServiceLoader<XacmlApplicationServiceProvider> applicationLoader =
+ ServiceLoader.load(XacmlApplicationServiceProvider.class);
+ //
+ // Iterate through them - I could store the object as
+ // XacmlApplicationServiceProvider pointer.
+ //
+ // Try this later.
+ //
+ StringBuilder strDump = new StringBuilder("Loaded applications:" + System.lineSeparator());
+ Iterator<XacmlApplicationServiceProvider> iterator = applicationLoader.iterator();
+ while (iterator.hasNext()) {
+ XacmlApplicationServiceProvider application = iterator.next();
+ strDump.append(application.applicationName());
+ strDump.append(" supports ");
+ strDump.append(application.supportedPolicyTypes());
+ strDump.append(System.lineSeparator());
+ }
+ LOGGER.debug("{}", strDump);
+ //
+ // Create the engine instance
+ //
+ onapPdpEngine = new OnapXacmlPdpEngine();
+ //
+ // Tell it to initialize based on the properties file
+ // we just built for it.
+ //
+ onapPdpEngine.initialize(propertiesFile.toPath().getParent());
+ //
+ // Make sure there's an application name
+ //
+ assertThat(onapPdpEngine.applicationName()).isNotEmpty();
+ //
+ // Ensure it has the supported policy types and
+ // can support the correct policy types.
+ //
+ assertThat(onapPdpEngine.canSupportPolicyType("onap.Monitoring", "1.0.0")).isTrue();
+ assertThat(onapPdpEngine.canSupportPolicyType("onap.Monitoring", "1.5.0")).isTrue();
+ assertThat(onapPdpEngine.canSupportPolicyType("onap.policies.monitoring.foobar", "1.0.1")).isTrue();
+ assertThat(onapPdpEngine.canSupportPolicyType("onap.foobar", "1.0.0")).isFalse();
+ assertThat(onapPdpEngine.supportedPolicyTypes()).contains("onap.Monitoring");
+ //
+ // Ensure it supports decisions
+ //
+ assertThat(onapPdpEngine.actionDecisionsSupported()).contains("configure");
+ }).doesNotThrowAnyException();
+ }
+
+ @Test
+ public void testNoPolicies() {
+ //
+ // Make a simple decision - NO policies are loaded
+ //
+ assertThatCode(() -> {
+ Response response = onapPdpEngine.decision(RequestParser.parseRequest(new MyXacmlRequest()));
+ for (Result result : response.getResults()) {
+ LOGGER.info("Decision {}", result.getDecision());
+ assertEquals(Decision.PERMIT, result.getDecision());
+ }
+ }).doesNotThrowAnyException();
+ }
+
+ @SuppressWarnings("unchecked")
+ @Test
+ public void testvDnsPolicy() {
+ //
+ // Now load the vDNS Policy - make sure
+ // the pdp can support it and have it load
+ // into the PDP.
+ //
+ assertThatCode(() -> {
+ try (InputStream is = new FileInputStream("src/test/resources/vDNS.policy.input.yaml")) {
+ Yaml yaml = new Yaml();
+ Map<String, Object> toscaObject = yaml.load(is);
+ List<Object> policies = (List<Object>) toscaObject.get("policies");
+ //
+ // What we should really do is split the policies out from the ones that
+ // are not supported to ones that are. And then load these.
+ //
+ // In another future review....
+ //
+ for (Object policyObject : policies) {
+ //
+ // Get the contents
+ //
+ Map<String, Object> policyContents = (Map<String, Object>) policyObject;
+ for (Entry<String, Object> entrySet : policyContents.entrySet()) {
+ LOGGER.info("Entry set {}", entrySet.getKey());
+ Map<String, Object> policyDefinition = (Map<String, Object>) entrySet.getValue();
+ //
+ // Find the type and make sure the engine supports it
+ //
+ assertThat(policyDefinition.containsKey("type")).isTrue();
+ assertThat(onapPdpEngine.canSupportPolicyType(
+ policyDefinition.get("type").toString(),
+ policyDefinition.get("version").toString()))
+ .isTrue();
+ }
+ }
+ //
+ // Just go ahead and load them all for now
+ //
+ // Assuming all are supported etc.
+ //
+ onapPdpEngine.loadPolicies(toscaObject);
+
+ //List<PolicyType> policies = onapPdpEngine.convertPolicies(is);
+ //
+ // Should have a policy
+ //// assertThat(policies.isEmpty()).isFalse();
+ }
+ }).doesNotThrowAnyException();
+ }
+
+ @Test
+ public void testBadPolicies() {
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> {
+ try (InputStream is =
+ new FileInputStream("src/test/resources/test.monitoring.policy.missingmetadata.yaml")) {
+ onapPdpEngine.convertPolicies(is);
+ }
+ }).withMessageContaining("missing metadata section");
+
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> {
+ try (InputStream is =
+ new FileInputStream("src/test/resources/test.monitoring.policy.missingtype.yaml")) {
+ onapPdpEngine.convertPolicies(is);
+ }
+ }).withMessageContaining("missing type value");
+
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> {
+ try (InputStream is =
+ new FileInputStream("src/test/resources/test.monitoring.policy.missingversion.yaml")) {
+ onapPdpEngine.convertPolicies(is);
+ }
+ }).withMessageContaining("missing version value");
+
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> {
+ try (InputStream is =
+ new FileInputStream("src/test/resources/test.monitoring.policy.badmetadata.1.yaml")) {
+ onapPdpEngine.convertPolicies(is);
+ }
+ }).withMessageContaining("missing metadata policy-version");
+
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> {
+ try (InputStream is =
+ new FileInputStream("src/test/resources/test.monitoring.policy.badmetadata.2.yaml")) {
+ onapPdpEngine.convertPolicies(is);
+ }
+ }).withMessageContaining("missing metadata policy-id");
+
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> {
+ try (InputStream is =
+ new FileInputStream("src/test/resources/test.monitoring.policy.missingproperties.yaml")) {
+ onapPdpEngine.convertPolicies(is);
+ }
+ }).withMessageContaining("missing properties section");
+ }
+
+}
diff --git a/applications/monitoring/src/test/resources/cucumber/decisions.feature b/applications/monitoring/src/test/resources/cucumber/decisions.feature
index a23d965b..6a573d3c 100644
--- a/applications/monitoring/src/test/resources/cucumber/decisions.feature
+++ b/applications/monitoring/src/test/resources/cucumber/decisions.feature
@@ -18,10 +18,10 @@
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
-Feature: Return a decision
- Return a decision for a request
-
- Scenario: Return policy as a JSON
- Given TCA Policy is loaded
- When A Decision Request is received
- Then I should return TCA Policy as JSON \ No newline at end of file
+#Feature: Return a decision
+# Return a decision for a request
+#
+# Scenario: Return policy as a JSON
+# Given TCA Policy is loaded
+# When A Decision Request is received
+# Then I should return TCA Policy as JSON \ No newline at end of file
diff --git a/applications/monitoring/src/test/resources/cucumber/load_policy.feature b/applications/monitoring/src/test/resources/cucumber/load_policy.feature
new file mode 100644
index 00000000..9651ca91
--- /dev/null
+++ b/applications/monitoring/src/test/resources/cucumber/load_policy.feature
@@ -0,0 +1,35 @@
+#
+# ============LICENSE_START=======================================================
+# ONAP
+# ================================================================================
+# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+Feature: Loading TOSCA Policies
+ When a TOSCA Policy is received, convert it
+ to a XACML policy and then load it into the XACML PDP engine.
+
+ Scenario: No Policies Loaded
+ Given Initialization
+ When Decision Requested
+ Then Decision Permit 0 Obligations
+
+ Scenario: Load New Policy
+ Given Initialization
+ When The application gets new Tosca Policy
+ Then Load Policy
+ And Save Configuration
diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.1.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.1.yaml
new file mode 100644
index 00000000..a2631848
--- /dev/null
+++ b/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.1.yaml
@@ -0,0 +1,10 @@
+tosca_definitions_version: tosca_simple_yaml_1_0_0
+policies:
+ -
+ test.monitoring.policy.badmetadata.1:
+ type: onap.policies.monitoring.cdap.tca.hi.lo.app
+ version: 1.0.0
+ metadata:
+ policy-id: test.monitoring.policy.badmetadata.1
+ properties:
+ domain: measurementsForVfScaling
diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.2.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.2.yaml
new file mode 100644
index 00000000..7da2db38
--- /dev/null
+++ b/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.2.yaml
@@ -0,0 +1,10 @@
+tosca_definitions_version: tosca_simple_yaml_1_0_0
+policies:
+ -
+ onap.scaleout.tca:
+ type: onap.policies.monitoring.cdap.tca.hi.lo.app
+ version: 1.0.0
+ metadata:
+ policy-version: 1
+ properties:
+ domain: measurementsForVfScaling
diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.missingmetadata.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.missingmetadata.yaml
new file mode 100644
index 00000000..4984a1c3
--- /dev/null
+++ b/applications/monitoring/src/test/resources/test.monitoring.policy.missingmetadata.yaml
@@ -0,0 +1,9 @@
+tosca_definitions_version: tosca_simple_yaml_1_0_0
+policies:
+ -
+ onap.scaleout.tca:
+ type: onap.policies.monitoring.test
+ description: I am a test policy
+ version: 1.0.0
+ properties:
+ domain: measurementsForVfScaling
diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.missingproperties.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.missingproperties.yaml
new file mode 100644
index 00000000..d4132a28
--- /dev/null
+++ b/applications/monitoring/src/test/resources/test.monitoring.policy.missingproperties.yaml
@@ -0,0 +1,9 @@
+tosca_definitions_version: tosca_simple_yaml_1_0_0
+policies:
+ -
+ onap.scaleout.tca:
+ type: onap.policies.monitoring.cdap.tca.hi.lo.app
+ version: 1.0.0
+ metadata:
+ policy-id: onap.scaleout.tca
+ policy-version: 1
diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.missingtype.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.missingtype.yaml
new file mode 100644
index 00000000..309d08c5
--- /dev/null
+++ b/applications/monitoring/src/test/resources/test.monitoring.policy.missingtype.yaml
@@ -0,0 +1,11 @@
+tosca_definitions_version: tosca_simple_yaml_1_0_0
+policies:
+ -
+ onap.scaleout.tca:
+ description: I am a test policy
+ version: 1.0.0
+ metadata:
+ policy-id: onap.scaleout.tca
+ policy-version: 10
+ properties:
+ domain: measurementsForVfScaling
diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.missingversion.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.missingversion.yaml
new file mode 100644
index 00000000..ff378d92
--- /dev/null
+++ b/applications/monitoring/src/test/resources/test.monitoring.policy.missingversion.yaml
@@ -0,0 +1,11 @@
+tosca_definitions_version: tosca_simple_yaml_1_0_0
+policies:
+ -
+ onap.scaleout.tca:
+ type: onap.policies.monitoring.test
+ description: I am a test policy
+ metadata:
+ policy-id: onap.scaleout.tca
+ policy-version: 10
+ properties:
+ domain: measurementsForVfScaling
diff --git a/applications/monitoring/src/test/resources/unsupportedpolicytype.yaml b/applications/monitoring/src/test/resources/unsupportedpolicytype.yaml
new file mode 100644
index 00000000..0a895b38
--- /dev/null
+++ b/applications/monitoring/src/test/resources/unsupportedpolicytype.yaml
@@ -0,0 +1,11 @@
+tosca_definitions_version: tosca_simple_yaml_1_0_0
+policies:
+ -
+ policy.name:
+ type: foo.bar
+ version: 1.0.0
+ metadata:
+ policy-id: policy.name
+ policy-version: 1
+ properties:
+ prop1: value1
diff --git a/applications/monitoring/src/test/resources/vDNS.policy.decision.payload.json b/applications/monitoring/src/test/resources/vDNS.policy.decision.payload.json
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/applications/monitoring/src/test/resources/vDNS.policy.decision.payload.json
diff --git a/applications/monitoring/src/test/resources/vDNS.policy.input.yaml b/applications/monitoring/src/test/resources/vDNS.policy.input.yaml
index ee149381..ee12c702 100644
--- a/applications/monitoring/src/test/resources/vDNS.policy.input.yaml
+++ b/applications/monitoring/src/test/resources/vDNS.policy.input.yaml
@@ -6,6 +6,7 @@ policies:
version: 1.0.0
metadata:
policy-id: onap.scaleout.tca
+ policy-version: 1
properties:
domain: measurementsForVfScaling
metricsPerEventName:
diff --git a/applications/monitoring/src/test/resources/vDNS.policy.xml b/applications/monitoring/src/test/resources/vDNS.policy.xml
new file mode 100644
index 00000000..14ad4603
--- /dev/null
+++ b/applications/monitoring/src/test/resources/vDNS.policy.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="onap.scaleout.tca" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-unless-permit">
+ <Description>The root policy for supporting in-memory onap.Monitoring policy-type policies.</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <!-- Exact policy-id value -->
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">onap.scaleout.tca</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ <AllOf>
+ <!-- Regular expression match on policy id -->
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">onap.scaleout.tca</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ <AllOf>
+ <!-- Exact policy-type value -->
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">onap.policies.monitoring.cdap.tca.hi.lo.app</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ <AllOf>
+ <!-- Regular expression match on policy-type -->
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">onap.policies.monitoring.cdap.tca.hi.lo.app</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:org:onap:xacml:rule:id:74caee98-bd05-4bb5-917c-a26ef80bb0f4" Effect="Permit">
+ <Description>Default is Permit</Description>
+ <!--
+
+ Add JSON as Obligation
+
+ -->
+ </Rule>
+</Policy>
diff --git a/applications/monitoring/src/test/resources/xacml.properties b/applications/monitoring/src/test/resources/xacml.properties
new file mode 100644
index 00000000..9b5330dc
--- /dev/null
+++ b/applications/monitoring/src/test/resources/xacml.properties
@@ -0,0 +1,34 @@
+#
+# Properties that the embedded PDP engine uses to configure and load
+#
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
+#
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+#
+# ONAP PDP Implementation Factories
+#
+xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory
+
+#
+# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the
+# policies and PIP configuration as defined below. Otherwise, this is the configuration that
+# the embedded PDP uses.
+#
+
+policytypes=onap.Monitoring, onap.policies.monitoring.cdap.tca.hi.lo.app
+
+# Policies to load
+#
+xacml.rootPolicies=monitoring
+monitoring.file=src/main/resources/RootMonitoringPolicy.xml
+