summaryrefslogtreecommitdiffstats
path: root/applications
diff options
context:
space:
mode:
authorPamela Dragosh <pdragosh@research.att.com>2019-03-09 11:48:44 -0500
committerPamela Dragosh <pdragosh@research.att.com>2019-03-15 08:54:05 -0400
commitb909b14fe88c5fe8f096cf8b471a2aa799d84739 (patch)
tree19de65fff7618bfad91acb0b803210a93dbb86cd /applications
parent4b2ef1a5a9bf92aeb7edc1512f7a6cd8e1be99d8 (diff)
Monitoring policy creation foundation
Upgrde to xacml v2.0.0 release artifact. Some re-arrangement of classes. New class to support a common dictionary among the monitoring applications. I may move it to a common under the main since some of the values are shareable. Created application service provider, so the XACML main knows what policy types are pre-loaded and can report them back to the PAP. struggled with cucumber, which does not create TemporaryFolder although the documentation says its supported. Added a new Policy Finder specific to ONAP which does quicker job to load policies. Issue-ID: POLICY-1273 Change-Id: I4af15a64da3b42d48f29809710421b1649625adc Signed-off-by: Pamela Dragosh <pdragosh@research.att.com>
Diffstat (limited to 'applications')
-rw-r--r--applications/common/pom.xml46
-rw-r--r--applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactory.java252
-rw-r--r--applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java69
-rw-r--r--applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConversionException.java50
-rw-r--r--applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConverter.java36
-rw-r--r--applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConverterUtils.java102
-rw-r--r--applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlApplicationServiceProvider.java98
-rw-r--r--applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlUpdatePolicyUtils.java88
-rw-r--r--applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionaryTest.java56
-rw-r--r--applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConversionExceptionTest.java35
-rw-r--r--applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConverterUtilsTest.java42
-rw-r--r--applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/XacmlUpdatePolicyUtilsTest.java226
-rw-r--r--applications/common/src/test/resources/test.properties32
-rw-r--r--applications/guard/pom.xml52
-rw-r--r--applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java107
-rw-r--r--applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java96
-rw-r--r--applications/guard/src/test/resources/xacml.properties37
-rw-r--r--applications/monitoring/pom.xml5
-rw-r--r--applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java514
-rw-r--r--applications/monitoring/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider1
-rw-r--r--applications/monitoring/src/main/resources/RootMonitoringPolicy.xml40
-rw-r--r--applications/monitoring/src/test/java/cucumber/Stepdefs.java203
-rw-r--r--applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngineTest.java296
-rw-r--r--applications/monitoring/src/test/resources/cucumber/decisions.feature14
-rw-r--r--applications/monitoring/src/test/resources/cucumber/load_policy.feature35
-rw-r--r--applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.1.yaml10
-rw-r--r--applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.2.yaml10
-rw-r--r--applications/monitoring/src/test/resources/test.monitoring.policy.missingmetadata.yaml9
-rw-r--r--applications/monitoring/src/test/resources/test.monitoring.policy.missingproperties.yaml9
-rw-r--r--applications/monitoring/src/test/resources/test.monitoring.policy.missingtype.yaml11
-rw-r--r--applications/monitoring/src/test/resources/test.monitoring.policy.missingversion.yaml11
-rw-r--r--applications/monitoring/src/test/resources/unsupportedpolicytype.yaml11
-rw-r--r--applications/monitoring/src/test/resources/vDNS.policy.decision.payload.json0
-rw-r--r--applications/monitoring/src/test/resources/vDNS.policy.input.yaml1
-rw-r--r--applications/monitoring/src/test/resources/vDNS.policy.xml44
-rw-r--r--applications/monitoring/src/test/resources/xacml.properties34
-rw-r--r--applications/pom.xml2
37 files changed, 2640 insertions, 44 deletions
diff --git a/applications/common/pom.xml b/applications/common/pom.xml
new file mode 100644
index 00000000..9d83f3d5
--- /dev/null
+++ b/applications/common/pom.xml
@@ -0,0 +1,46 @@
+<!--
+ ============LICENSE_START=======================================================
+ ONAP
+ ================================================================================
+ Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<project
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
+ xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.onap.policy.xacml-pdp.applications</groupId>
+ <artifactId>applications</artifactId>
+ <version>2.0.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>common</artifactId>
+
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.onap.policy.common</groupId>
+ <artifactId>utils-test</artifactId>
+ <version>${policy.common.version}</version>
+ </dependency>
+ </dependencies>
+</project>
diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactory.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactory.java
new file mode 100644
index 00000000..1e47c5b5
--- /dev/null
+++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactory.java
@@ -0,0 +1,252 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+
+package org.onap.policy.pdp.xacml.application.common;
+
+import com.att.research.xacml.std.StdStatusCode;
+import com.att.research.xacml.std.dom.DOMStructureException;
+import com.att.research.xacml.util.FactoryException;
+import com.att.research.xacml.util.XACMLProperties;
+import com.att.research.xacmlatt.pdp.policy.Policy;
+import com.att.research.xacmlatt.pdp.policy.PolicyDef;
+import com.att.research.xacmlatt.pdp.policy.PolicyFinder;
+import com.att.research.xacmlatt.pdp.policy.PolicyFinderFactory;
+import com.att.research.xacmlatt.pdp.policy.dom.DOMPolicyDef;
+import com.att.research.xacmlatt.pdp.std.StdPolicyFinder;
+import com.google.common.base.Splitter;
+import com.google.common.base.Strings;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.net.URLConnection;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Properties;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Implements ONAP specific ability to find Policies for XACML PDP engine.
+ *
+ * @author pameladragosh
+ *
+ */
+public class OnapPolicyFinderFactory extends PolicyFinderFactory {
+
+ public static final String PROP_FILE = ".file";
+ public static final String PROP_URL = ".url";
+
+ private static Logger logger = LoggerFactory.getLogger(OnapPolicyFinderFactory.class);
+ private List<PolicyDef> rootPolicies;
+ private List<PolicyDef> referencedPolicies;
+ private boolean needsInit = true;
+
+ private Properties properties = null;
+
+ /**
+ * Empty constructor.
+ */
+ public OnapPolicyFinderFactory() {
+ logger.debug("Constructed without properties");
+ //
+ // Here we differ from the StdPolicyFinderFactory in that we initialize right away.
+ // We do not wait for a policy request to happen to look for and load policies.
+ //
+ this.init();
+ }
+
+ /**
+ * Constructor with properties passed. This will be preferred.
+ *
+ * @param properties Properties object
+ */
+ public OnapPolicyFinderFactory(Properties properties) {
+ super(properties);
+ logger.debug("Constructed using properties {}", properties);
+ //
+ // Save our properties
+ //
+ this.properties = properties;
+ //
+ // Here we differ from the StdPolicyFinderFactory in that we initialize right away.
+ // We do not wait for a policy request to happen to look for and load policies.
+ //
+ this.init();
+ }
+
+ /**
+ * Loads the <code>PolicyDef</code> for the given <code>String</code> identifier by looking first
+ * for a ".file" property associated with the ID and using that to load from a <code>File</code> and
+ * looking for a ".url" property associated with the ID and using that to load from a <code>URL</code>.
+ *
+ * @param policyId the <code>String</code> identifier for the policy
+ * @return a <code>PolicyDef</code> loaded from the given identifier
+ */
+ protected PolicyDef loadPolicyDef(String policyId) {
+ String propLocation = null;
+ if (this.properties == null) {
+ propLocation = XACMLProperties.getProperty(policyId + PROP_FILE);
+ } else {
+ propLocation = this.properties.getProperty(policyId + PROP_FILE);
+ }
+ if (propLocation != null) {
+ //
+ // Try to load it from the file
+ //
+ PolicyDef policy = this.loadPolicyFileDef(propLocation);
+ if (policy != null) {
+ return policy;
+ }
+ }
+ if (this.properties == null) {
+ propLocation = XACMLProperties.getProperty(policyId + PROP_URL);
+ } else {
+ propLocation = this.properties.getProperty(policyId + PROP_URL);
+ }
+ if (propLocation != null) {
+ PolicyDef policy = this.loadPolicyUrlDef(propLocation);
+ if (policy != null) {
+ return policy;
+ }
+ }
+
+ logger.error("No known location for Policy {}", policyId);
+ return null;
+ }
+
+ protected PolicyDef loadPolicyFileDef(String propLocation) {
+ File fileLocation = new File(propLocation);
+ if (!fileLocation.exists()) {
+ logger.error("Policy file {} does not exist.", fileLocation.getAbsolutePath());
+ return null;
+ }
+ if (!fileLocation.canRead()) {
+ logger.error("Policy file {} cannot be read.", fileLocation.getAbsolutePath());
+ return null;
+ }
+ try {
+ logger.info("Loading policy file {}", fileLocation);
+ PolicyDef policyDef = DOMPolicyDef.load(fileLocation);
+ if (policyDef != null) {
+ return policyDef;
+ }
+ return new Policy(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, "DOM Could not load policy");
+ } catch (DOMStructureException ex) {
+ logger.error("Error loading policy file {}: {}", fileLocation.getAbsolutePath(), ex);
+ return new Policy(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, ex.getMessage());
+ }
+ }
+
+ protected PolicyDef loadPolicyUrlDef(String propLocation) {
+ InputStream is = null;
+ try {
+ URL url = new URL(propLocation);
+ URLConnection urlConnection = url.openConnection();
+ OnapPolicyFinderFactory.logger.info("Loading policy file {}", url);
+ is = urlConnection.getInputStream();
+ PolicyDef policyDef = DOMPolicyDef.load(is);
+ if (policyDef != null) {
+ return policyDef;
+ }
+ } catch (MalformedURLException ex) {
+ logger.error("Invalid URL " + propLocation + ": " + ex.getMessage(), ex);
+ } catch (IOException ex) {
+ logger.error("IOException opening URL {}: {}{}",
+ propLocation, ex.getMessage(), ex);
+ } catch (DOMStructureException ex) {
+ logger.error("Invalid Policy " + propLocation + ": " + ex.getMessage(), ex);
+ return new Policy(StdStatusCode.STATUS_CODE_SYNTAX_ERROR, ex.getMessage());
+ } finally {
+ if (is != null) {
+ try {
+ is.close();
+ } catch (IOException e) {
+ logger.error("Exception closing InputStream for GET of url {}: {}",
+ propLocation, e.getMessage() + " (May be memory leak)", e);
+ }
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Finds the identifiers for all of the policies referenced by the given property name in the
+ * <code>XACMLProperties</code> and loads them using the requested loading method.
+ *
+ * @param propertyName the <code>String</code> name of the property containing the list of policy identifiers
+ * @return a <code>List</code> of <code>PolicyDef</code>s loaded from the given property name
+ */
+ protected List<PolicyDef> getPolicyDefs(String propertyName) {
+ String policyIds;
+ if (this.properties != null) {
+ policyIds = this.properties.getProperty(propertyName);
+ } else {
+ policyIds = XACMLProperties.getProperty(propertyName);
+ }
+ if (Strings.isNullOrEmpty(policyIds)) {
+ return Collections.emptyList();
+ }
+
+ Iterable<String> policyIdArray = Splitter.on(',').trimResults().omitEmptyStrings().split(policyIds);
+ if (policyIdArray == null) {
+ return Collections.emptyList();
+ }
+
+ List<PolicyDef> listPolicyDefs = new ArrayList<>();
+ for (String policyId : policyIdArray) {
+ PolicyDef policyDef = this.loadPolicyDef(policyId);
+ if (policyDef != null) {
+ listPolicyDefs.add(policyDef);
+ }
+ }
+ return listPolicyDefs;
+ }
+
+ protected synchronized void init() {
+ if (this.needsInit) {
+ logger.debug("Initializing OnapPolicyFinderFactory Properties ");
+ this.rootPolicies = this.getPolicyDefs(XACMLProperties.PROP_ROOTPOLICIES);
+ this.referencedPolicies = this.getPolicyDefs(XACMLProperties.PROP_REFERENCEDPOLICIES);
+ logger.debug("Root Policies: {}", this.rootPolicies.size());
+ logger.debug("Referenced Policies: {}", this.referencedPolicies.size());
+ this.needsInit = false;
+ }
+ }
+
+ @Override
+ public PolicyFinder getPolicyFinder() throws FactoryException {
+ //
+ // Force using any properties that were passed upon construction
+ //
+ return new StdPolicyFinder(this.rootPolicies, this.referencedPolicies, this.properties);
+ }
+
+ @Override
+ public PolicyFinder getPolicyFinder(Properties properties) throws FactoryException {
+ return new StdPolicyFinder(this.rootPolicies, this.referencedPolicies, properties);
+ }
+
+}
diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java
new file mode 100644
index 00000000..c65d7a17
--- /dev/null
+++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java
@@ -0,0 +1,69 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.pdp.xacml.application.common;
+
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.XACML3;
+import com.att.research.xacml.std.IdentifierImpl;
+
+public final class ToscaDictionary {
+
+ private ToscaDictionary() {
+ super();
+ }
+
+ /*
+ * These are the ID's for various TOSCA Policy Types we are supporting in the Applications.
+ */
+ public static final Identifier URN_ONAP =
+ new IdentifierImpl("urn:org:onap");
+
+ public static final Identifier ID_RESOURCE_POLICY_ID =
+ XACML3.ID_RESOURCE_RESOURCE_ID;
+
+ public static final Identifier ID_RESOURCE_POLICY_TYPE =
+ new IdentifierImpl(URN_ONAP, "policy-type");
+
+ public static final Identifier ID_RESOURCE_POLICY_TYPE_VERSION =
+ new IdentifierImpl(URN_ONAP, "policy-type-version");
+
+ public static final Identifier ID_OBLIGATION_REST_BODY =
+ new IdentifierImpl(URN_ONAP, "rest:body");
+
+ public static final Identifier ID_OBLIGATION_POLICY_MONITORING =
+ new IdentifierImpl(URN_ONAP, ":obligation:monitoring");
+
+ public static final Identifier ID_OBLIGATION_POLICY_MONITORING_CONTENTS =
+ new IdentifierImpl(URN_ONAP, ":obligation:monitoring:contents");
+
+ public static final Identifier ID_OBLIGATION_POLICY_MONITORING_CATEGORY =
+ XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE;
+
+ public static final Identifier ID_OBLIGATION_POLICY_MONITORING_DATATYPE =
+ XACML3.ID_DATATYPE_STRING;
+
+ public static final Identifier ID_OBLIGATION_ISSUER =
+ new IdentifierImpl(URN_ONAP, "issuer:monitoring");
+
+
+}
diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConversionException.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConversionException.java
new file mode 100644
index 00000000..071a14e1
--- /dev/null
+++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConversionException.java
@@ -0,0 +1,50 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.pdp.xacml.application.common;
+
+public class ToscaPolicyConversionException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ public ToscaPolicyConversionException() {
+ super();
+ }
+
+ public ToscaPolicyConversionException(String message) {
+ super(message);
+ }
+
+ public ToscaPolicyConversionException(Throwable cause) {
+ super(cause);
+ }
+
+ public ToscaPolicyConversionException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public ToscaPolicyConversionException(String message, Throwable cause, boolean enableSuppression,
+ boolean writableStackTrace) {
+ super(message, cause, enableSuppression, writableStackTrace);
+ }
+
+}
diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConverter.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConverter.java
new file mode 100644
index 00000000..f6f75a4c
--- /dev/null
+++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConverter.java
@@ -0,0 +1,36 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.pdp.xacml.application.common;
+
+import java.io.InputStream;
+import java.util.List;
+import java.util.Map;
+
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
+
+public interface ToscaPolicyConverter {
+
+ List<PolicyType> convertPolicies(InputStream isToscaPolicy) throws ToscaPolicyConversionException;
+
+ List<PolicyType> convertPolicies(Map<String, Object> toscaObject) throws ToscaPolicyConversionException;
+}
diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConverterUtils.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConverterUtils.java
new file mode 100644
index 00000000..cd197935
--- /dev/null
+++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConverterUtils.java
@@ -0,0 +1,102 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.pdp.xacml.application.common;
+
+import com.att.research.xacml.api.Identifier;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOfType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
+
+/**
+ * This class contains static methods of helper classes to convert TOSCA policies
+ * into XACML policies.
+ *
+ * @author pameladragosh
+ *
+ */
+public final class ToscaPolicyConverterUtils {
+
+ private ToscaPolicyConverterUtils() {
+ super();
+ }
+
+ /**
+ * This method builds a MatchType for TargetType object for AttributeValue and AttributeDesignator
+ * combination.
+ *
+ * @param <T> Incoming value could be any object
+ * @param function Function for the Match
+ * @param value Attribute value used
+ * @param datatype Datatype for attribute value and AttributeDesignator
+ * @param designatorId ID for the AttributeDesignator
+ * @param designatorCategory Category ID for the AttributeDesignator
+ * @return The MatchType object
+ */
+ public static <T> MatchType buildMatchTypeDesignator(Identifier function,
+ T value,
+ Identifier datatype,
+ Identifier designatorId,
+ Identifier designatorCategory) {
+ //
+ // Create the MatchType object and set its function
+ //
+ MatchType match = new MatchType();
+ match.setMatchId(function.stringValue());
+ //
+ // Add in the AttributeValue object
+ //
+ AttributeValueType valueType = new AttributeValueType();
+ valueType.setDataType(datatype.stringValue());
+ valueType.getContent().add(value);
+
+ match.setAttributeValue(valueType);
+ //
+ // Add in the AttributeDesignator object
+ //
+ AttributeDesignatorType designator = new AttributeDesignatorType();
+ designator.setAttributeId(designatorId.stringValue());
+ designator.setCategory(designatorCategory.stringValue());
+ designator.setDataType(datatype.stringValue());
+
+ match.setAttributeDesignator(designator);
+ //
+ // Done
+ //
+ return match;
+ }
+
+ /**
+ * Builds an AllOfType (AND) with one or more MatchType objects.
+ *
+ * @param matches A list of one or more MatchType
+ * @return The AllOf object
+ */
+ public static AllOfType buildAllOf(MatchType... matches) {
+ AllOfType allOf = new AllOfType();
+ for (MatchType match : matches) {
+ allOf.getMatch().add(match);
+ }
+ return allOf;
+ }
+}
diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlApplicationServiceProvider.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlApplicationServiceProvider.java
new file mode 100644
index 00000000..65648ea8
--- /dev/null
+++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlApplicationServiceProvider.java
@@ -0,0 +1,98 @@
+/* ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.pdp.xacml.application.common;
+
+import java.nio.file.Path;
+import java.util.List;
+import java.util.Map;
+
+import org.json.JSONObject;
+
+/**
+ * This interface is how the XACML REST controller can communicate
+ * with Policy Type implementation applications.
+ * Applications should register themselves as this service provider
+ * and implement these methods.
+ *
+ * @author pameladragosh
+ *
+ */
+public interface XacmlApplicationServiceProvider {
+
+ /**
+ * Name of the application for auditing and organization of its data.
+ *
+ * @return String
+ */
+ String applicationName();
+
+ /**
+ * Returns a list of action decisions supported by the application.
+ *
+ * @return List of String (eg. "configure", "placement", "naming")
+ */
+ List<String> actionDecisionsSupported();
+
+ /**
+ * Initializes the application and gives it a Path for storing its
+ * data. The Path may be already populated with previous data.
+ *
+ * @param pathForData Local Path
+ */
+ void initialize(Path pathForData);
+
+ /**
+ * Returns a list of supported Tosca Policy Types.
+ *
+ * @return List of Strings (eg. "onap.policy.foo.bar")
+ */
+ List<String> supportedPolicyTypes();
+
+ /**
+ * Asks whether the application can support the incoming
+ * Tosca Policy Type and version.
+ *
+ * @param policyType String Tosca Policy Type
+ * @param policyTypeVersion String of the Tosca Policy Type version
+ * @return true if supported
+ */
+ boolean canSupportPolicyType(String policyType, String policyTypeVersion);
+
+ /**
+ * Load a Map representation of a Tosca Policy.
+ *
+ * @param toscaPolicies Map of Tosca Policy Objects
+ */
+ void loadPolicies(Map<String, Object> toscaPolicies);
+
+ /**
+ * Makes a decision given the incoming request and returns a response.
+ *
+ * <P>NOTE: I may want to change this to an object that represents the
+ * schema.
+ *
+ * @param jsonSchema Incoming Json
+ * @return response
+ */
+ JSONObject makeDecision(JSONObject jsonSchema);
+
+}
diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlUpdatePolicyUtils.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlUpdatePolicyUtils.java
new file mode 100644
index 00000000..957242c5
--- /dev/null
+++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlUpdatePolicyUtils.java
@@ -0,0 +1,88 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.pdp.xacml.application.common;
+
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
+
+public class XacmlUpdatePolicyUtils {
+
+ private XacmlUpdatePolicyUtils() {
+ super();
+ }
+
+ /**
+ * This method updates a root PolicySetType by adding in a PolicyType as a reference.
+ *
+ * @param rootPolicy Root PolicySet being updated
+ * @param referencedPolicies A list of PolicyType being added as a references
+ * @return the rootPolicy PolicySet object
+ */
+ public static PolicySetType updateXacmlRootPolicy(PolicySetType rootPolicy, PolicyType... referencedPolicies) {
+ ObjectFactory factory = new ObjectFactory();
+ //
+ // Iterate each policy
+ //
+ for (PolicyType referencedPolicy : referencedPolicies) {
+ IdReferenceType reference = new IdReferenceType();
+ reference.setValue(referencedPolicy.getPolicyId());
+ //
+ // Add it in
+ //
+ rootPolicy.getPolicySetOrPolicyOrPolicySetIdReference().add(factory.createPolicySetIdReference(reference));
+ }
+ //
+ // Return the updated object
+ //
+ return rootPolicy;
+ }
+
+ /**
+ * This method updates a root PolicySetType by adding in a PolicyType as a reference.
+ *
+ * @param rootPolicy Root PolicySet being updated
+ * @param referencedPolicySets A list of PolicySetType being added as a references
+ * @return the rootPolicy PolicySet object
+ */
+ public static PolicySetType updateXacmlRootPolicy(PolicySetType rootPolicy, PolicySetType... referencedPolicySets) {
+ ObjectFactory factory = new ObjectFactory();
+ //
+ // Iterate each policy
+ //
+ for (PolicySetType referencedPolicySet : referencedPolicySets) {
+ IdReferenceType reference = new IdReferenceType();
+ reference.setValue(referencedPolicySet.getPolicySetId());
+ //
+ // Add it in
+ //
+ rootPolicy.getPolicySetOrPolicyOrPolicySetIdReference().add(factory.createPolicySetIdReference(reference));
+ }
+ //
+ // Return the updated object
+ //
+ return rootPolicy;
+ }
+
+}
diff --git a/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionaryTest.java b/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionaryTest.java
new file mode 100644
index 00000000..d427982f
--- /dev/null
+++ b/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionaryTest.java
@@ -0,0 +1,56 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.pdp.xacml.application.common;
+
+import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Modifier;
+
+import org.junit.Test;
+
+public class ToscaDictionaryTest {
+
+ @Test
+ public void testConstructorIsProtected() throws Exception {
+ //
+ // Ensure that this is static class
+ //
+ final Constructor<ToscaDictionary> constructor = ToscaDictionary.class.getDeclaredConstructor();
+ assertTrue(Modifier.isPrivate(constructor.getModifiers()));
+ //
+ // Trying to get 100% code coverage
+ //
+ assertThatCode(() -> {
+ constructor.setAccessible(true);
+ constructor.newInstance();
+ }).doesNotThrowAnyException();
+ //
+ // Probably don't need these as these ID's are used by other components
+ //
+ assertNotNull(ToscaDictionary.ID_OBLIGATION_ISSUER);
+ }
+
+}
diff --git a/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConversionExceptionTest.java b/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConversionExceptionTest.java
new file mode 100644
index 00000000..bee4ba3d
--- /dev/null
+++ b/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConversionExceptionTest.java
@@ -0,0 +1,35 @@
+/*
+ * ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.pdp.xacml.application.common;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+import org.onap.policy.common.utils.test.ExceptionsTester;
+
+public class ToscaPolicyConversionExceptionTest {
+
+ @Test
+ public void test() {
+ assertEquals(5, new ExceptionsTester().test(ToscaPolicyConversionException.class));
+ }
+
+}
diff --git a/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConverterUtilsTest.java b/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConverterUtilsTest.java
new file mode 100644
index 00000000..cc1787c3
--- /dev/null
+++ b/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConverterUtilsTest.java
@@ -0,0 +1,42 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.pdp.xacml.application.common;
+
+import static org.junit.Assert.assertTrue;
+
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Modifier;
+
+import org.junit.Test;
+
+public class ToscaPolicyConverterUtilsTest {
+
+ @Test
+ public void test() throws NoSuchMethodException, SecurityException {
+ final Constructor<ToscaPolicyConverterUtils> constructor
+ = ToscaPolicyConverterUtils.class.getDeclaredConstructor();
+ assertTrue(Modifier.isPrivate(constructor.getModifiers()));
+
+ }
+
+}
diff --git a/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/XacmlUpdatePolicyUtilsTest.java b/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/XacmlUpdatePolicyUtilsTest.java
new file mode 100644
index 00000000..84fefa5c
--- /dev/null
+++ b/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/XacmlUpdatePolicyUtilsTest.java
@@ -0,0 +1,226 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.pdp.xacml.application.common;
+
+import static org.assertj.core.api.Assertions.assertThatCode;
+
+import com.att.research.xacml.api.XACML3;
+import com.att.research.xacml.util.XACMLPolicyWriter;
+import com.att.research.xacml.util.XACMLProperties;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Map.Entry;
+import java.util.Properties;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Utility methods for storing policies to disk and updating Properties objects
+ * that reference policies.
+ *
+ * @author pameladragosh
+ *
+ */
+public class XacmlUpdatePolicyUtilsTest {
+ private static final Logger LOGGER = LoggerFactory.getLogger(XacmlUpdatePolicyUtilsTest.class);
+
+ static Properties properties;
+
+ static PolicySetType rootPolicy = new PolicySetType();
+
+ static Path rootPath;
+
+ static PolicyType policy1 = new PolicyType();
+ static PolicyType policy2 = new PolicyType();
+
+ static PolicySetType policySet3 = new PolicySetType();
+
+ static Path path1;
+ static Path path2;
+
+ static Path policySetPath;
+
+ /**
+ * Temporary folder where we will store newly created policies.
+ */
+ @ClassRule
+ public static TemporaryFolder policyFolder = new TemporaryFolder();
+
+ /**
+ * Setup the JUnit tests.
+ *
+ * @throws Exception thrown
+ */
+ @BeforeClass
+ public static void setUp() throws Exception {
+ assertThatCode(() -> {
+ //
+ // Load our test property object
+ //
+ try (InputStream is = new FileInputStream("src/test/resources/test.properties")) {
+ properties = new Properties();
+ properties.load(is);
+ }
+ //
+ // Create a very basic Root policy
+ //
+ rootPolicy.setPolicySetId("root");
+ rootPolicy.setTarget(new TargetType());
+ rootPolicy.setPolicyCombiningAlgId(XACML3.ID_POLICY_FIRST_APPLICABLE.stringValue());
+ File rootFile = policyFolder.newFile("root.xml");
+ LOGGER.info("Creating Root Policy {}", rootFile.getAbsolutePath());
+ rootPath = XACMLPolicyWriter.writePolicyFile(rootFile.toPath(), rootPolicy);
+ //
+ // Create policies
+ //
+ path1 = createPolicy(policy1, "policy1", "resource1");
+ LOGGER.info(new String(Files.readAllBytes(path1)));
+ path2 = createPolicy(policy2, "policy2", "resource2");
+ LOGGER.info(new String(Files.readAllBytes(path2)));
+ //
+ // Create another PolicySet
+ //
+ policySet3.setPolicySetId("policyset1");
+ policySet3.setTarget(new TargetType());
+ policySet3.setPolicyCombiningAlgId(XACML3.ID_POLICY_FIRST_APPLICABLE.stringValue());
+ ObjectFactory factory = new ObjectFactory();
+
+ policySet3.getPolicySetOrPolicyOrPolicySetIdReference().add(factory.createPolicy(policy1));
+ policySet3.getPolicySetOrPolicyOrPolicySetIdReference().add(factory.createPolicy(policy2));
+ File policySetFile = policyFolder.newFile("policySet1.xml");
+ LOGGER.info("Creating PolicySet {}", policySetFile.getAbsolutePath());
+ policySetPath = XACMLPolicyWriter.writePolicyFile(policySetFile.toPath(), policySet3);
+
+ }).doesNotThrowAnyException();
+ }
+
+ private static Path createPolicy(PolicyType policy, String id, String resource) throws IOException {
+ //
+ // Create Policy 1
+ //
+ policy.setPolicyId(id);
+ MatchType matchPolicyId = ToscaPolicyConverterUtils.buildMatchTypeDesignator(
+ XACML3.ID_FUNCTION_STRING_EQUAL,
+ resource,
+ XACML3.ID_DATATYPE_STRING,
+ XACML3.ID_RESOURCE_RESOURCE_ID,
+ XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
+ //
+ // This is our outer AnyOf - which is an OR
+ //
+ AnyOfType anyOf = new AnyOfType();
+ //
+ // Create AllOf (AND) of just Policy Id
+ //
+ anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyId));
+ TargetType target = new TargetType();
+ target.getAnyOf().add(anyOf);
+ policy.setTarget(target);
+ RuleType rule = new RuleType();
+ rule.setRuleId(policy.getPolicyId() + ":rule");
+ rule.setEffect(EffectType.PERMIT);
+ rule.setTarget(new TargetType());
+ //
+ // Add the rule to the policy
+ //
+ policy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
+ //
+ // Create a file
+ //
+ File file = policyFolder.newFile(policy.getPolicyId() + ".xml");
+ LOGGER.info("Creating Policy {}", file.getAbsolutePath());
+ return XACMLPolicyWriter.writePolicyFile(file.toPath(), policy);
+ }
+
+ @Test
+ public void test() {
+ assertThatCode(() -> {
+ //
+ // Just update root and policies
+ //
+ XacmlUpdatePolicyUtils.updateXacmlRootPolicy(rootPolicy, policy1, policy2);
+ try (OutputStream os = new ByteArrayOutputStream()) {
+ XACMLPolicyWriter.writePolicyFile(os, rootPolicy);
+ LOGGER.debug("New Root Policy:{}{}", System.lineSeparator(), os.toString());
+ }
+ //
+ // Test updating the properties
+ //
+ XACMLProperties.setXacmlRootProperties(properties, rootPath);
+ XACMLProperties.setXacmlReferencedProperties(properties, path1, path2);
+ //
+ // Dump this out so I can see what I'm doing
+ //
+ for (Entry<Object, Object> entry : properties.entrySet()) {
+ LOGGER.info("{}={}", entry.getKey(), entry.getValue());
+ }
+ LOGGER.info("Properties {}", properties.toString());
+ //
+ // Somehow I have to figure out how to test this in assertj
+ //
+ //
+ // Just update root and PolicySet
+ //
+ XacmlUpdatePolicyUtils.updateXacmlRootPolicy(rootPolicy, policySet3);
+ try (OutputStream os = new ByteArrayOutputStream()) {
+ XACMLPolicyWriter.writePolicyFile(os, rootPolicy);
+ LOGGER.debug("New Root Policy:{}{}", System.lineSeparator(), os.toString());
+ }
+ //
+ // Test updating the properties
+ //
+ XACMLProperties.setXacmlRootProperties(properties, rootPath);
+ XACMLProperties.setXacmlReferencedProperties(properties, policySetPath);
+ //
+ // Dump this out so I can see what I'm doing
+ //
+ for (Entry<Object, Object> entry : properties.entrySet()) {
+ LOGGER.info("{}={}", entry.getKey(), entry.getValue());
+ }
+ LOGGER.info("Properties {}", properties.toString());
+ //
+ // Somehow I have to figure out how to test this in assertj
+ //
+
+ }).doesNotThrowAnyException();
+ }
+}
diff --git a/applications/common/src/test/resources/test.properties b/applications/common/src/test/resources/test.properties
new file mode 100644
index 00000000..efe90d82
--- /dev/null
+++ b/applications/common/src/test/resources/test.properties
@@ -0,0 +1,32 @@
+#
+# Properties that the embedded PDP engine uses to configure and load
+#
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
+#
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+#
+# ONAP PDP Implementation Factories
+#
+xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory
+
+#
+#
+#
+xacml.rootPolicies=rootstart
+rootstart.file=src/test/resources/root.xml
+
+xacml.referencedPolicies=refstart1,refstart2,refstart3,refstart4
+refstart1.file=src/test/resources/ref1.xml
+refstart2.file=src/test/resources/ref2.xml
+refstart3.file=src/test/resources/ref3.xml
+refstart4.file=src/test/resources/ref4.xml
diff --git a/applications/guard/pom.xml b/applications/guard/pom.xml
new file mode 100644
index 00000000..7ee3da08
--- /dev/null
+++ b/applications/guard/pom.xml
@@ -0,0 +1,52 @@
+<!--
+ ============LICENSE_START=======================================================
+ ONAP Policy Engine - XACML PDP
+ ================================================================================
+ Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.onap.policy.xacml-pdp.applications</groupId>
+ <artifactId>applications</artifactId>
+ <version>2.0.0-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>guard</artifactId>
+
+ <name>${project.artifactId}</name>
+ <description>This modules contain an application that implements onap.Guard policy-types for XACML PDP.</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>com.google.code.gson</groupId>
+ <artifactId>gson</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.onap.policy.common</groupId>
+ <artifactId>common-parameters</artifactId>
+ <version>${policy.common.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.onap.policy.xacml-pdp.applications</groupId>
+ <artifactId>common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+
+</project>
diff --git a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java
new file mode 100644
index 00000000..e8a51136
--- /dev/null
+++ b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java
@@ -0,0 +1,107 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.xacml.pdp.application.guard;
+
+import com.google.common.collect.Lists;
+
+import java.nio.file.Path;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.json.JSONObject;
+import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * This class implements the onap.policies.controlloop.Guard policy implementations.
+ *
+ * @author pameladragosh
+ *
+ */
+public class GuardPdpApplication implements XacmlApplicationServiceProvider {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(GuardPdpApplication.class);
+ private static final String STRING_VERSION100 = "1.0.0";
+ private Map<String, String> supportedPolicyTypes = new HashMap<>();
+ private Path pathForData;
+
+ /** Constructor.
+ *
+ */
+ public GuardPdpApplication() {
+ this.supportedPolicyTypes.put("onap.policies.controlloop.guard.FrequencyLimiter", STRING_VERSION100);
+ this.supportedPolicyTypes.put("onap.policies.controlloop.guard.MinMax", STRING_VERSION100);
+ }
+
+ @Override
+ public String applicationName() {
+ return "Guard Application";
+ }
+
+ @Override
+ public List<String> actionDecisionsSupported() {
+ return Arrays.asList("guard");
+ }
+
+ @Override
+ public void initialize(Path pathForData) {
+ //
+ // Save the path
+ //
+ this.pathForData = pathForData;
+ LOGGER.debug("New Path is {}", this.pathForData.toAbsolutePath());
+ }
+
+ @Override
+ public List<String> supportedPolicyTypes() {
+ return Lists.newArrayList(supportedPolicyTypes.keySet());
+ }
+
+ @Override
+ public boolean canSupportPolicyType(String policyType, String policyTypeVersion) {
+ //
+ // For the time being, restrict this if the version isn't known.
+ // Could be too difficult to support changing of versions dynamically.
+ //
+ if (! this.supportedPolicyTypes.containsKey(policyType)) {
+ return false;
+ }
+ //
+ // Must match version exactly
+ //
+ return this.supportedPolicyTypes.get(policyType).equals(policyTypeVersion);
+ }
+
+ @Override
+ public void loadPolicies(Map<String, Object> toscaPolicies) {
+ }
+
+ @Override
+ public JSONObject makeDecision(JSONObject jsonSchema) {
+ return null;
+ }
+
+}
diff --git a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java
new file mode 100644
index 00000000..656c7275
--- /dev/null
+++ b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java
@@ -0,0 +1,96 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.xacml.pdp.application.guard;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatCode;
+
+import com.att.research.xacml.std.annotations.XACMLAction;
+import com.att.research.xacml.std.annotations.XACMLRequest;
+import com.att.research.xacml.std.annotations.XACMLResource;
+import com.att.research.xacml.std.annotations.XACMLSubject;
+
+import org.junit.Before;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+
+public class GuardPdpApplicationTest {
+
+ @ClassRule
+ public static final TemporaryFolder policyFolder = new TemporaryFolder();
+
+ /**
+ * This is a simple annotation class to simulate
+ * requests coming in.
+ */
+ @XACMLRequest(ReturnPolicyIdList = true)
+ public class MyXacmlRequest {
+
+ @XACMLSubject(includeInResults = true)
+ String onapName = "Drools";
+
+ @XACMLResource(includeInResults = true)
+ String resource = "onap.policies.Guard";
+
+ @XACMLAction()
+ String action = "guard";
+ }
+
+ @Before
+ public void setUp() throws Exception {
+
+ }
+
+ @Test
+ public void testBasics() {
+ assertThatCode(() -> {
+ GuardPdpApplication guard = new GuardPdpApplication();
+ //
+ // Set the path
+ //
+ guard.initialize(policyFolder.getRoot().toPath());
+ //
+ // Application name
+ //
+ assertThat(guard.applicationName()).isNotEmpty();
+ //
+ // Decisions
+ //
+ assertThat(guard.actionDecisionsSupported().size()).isEqualTo(1);
+ assertThat(guard.actionDecisionsSupported()).contains("guard");
+ //
+ // Supported policy types
+ //
+ assertThat(guard.supportedPolicyTypes()).isNotEmpty();
+ assertThat(guard.supportedPolicyTypes().size()).isEqualTo(2);
+ assertThat(guard.canSupportPolicyType("onap.policies.controlloop.guard.FrequencyLimiter", "1.0.0"))
+ .isTrue();
+ assertThat(guard.canSupportPolicyType("onap.policies.controlloop.guard.FrequencyLimiter", "1.0.1"))
+ .isFalse();
+ assertThat(guard.canSupportPolicyType("onap.policies.controlloop.guard.MinMax", "1.0.0")).isTrue();
+ assertThat(guard.canSupportPolicyType("onap.policies.controlloop.guard.MinMax", "1.0.1")).isFalse();
+ assertThat(guard.canSupportPolicyType("onap.foo", "1.0.1")).isFalse();
+ }).doesNotThrowAnyException();
+ }
+}
diff --git a/applications/guard/src/test/resources/xacml.properties b/applications/guard/src/test/resources/xacml.properties
new file mode 100644
index 00000000..b32a936c
--- /dev/null
+++ b/applications/guard/src/test/resources/xacml.properties
@@ -0,0 +1,37 @@
+#
+# Properties that the embedded PDP engine uses to configure and load
+#
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
+#
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+#
+# ONAP PDP Implementation Factories
+#
+xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory
+
+#
+# ONAP Implementation Factories
+#
+#xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapApplicationPolicyFinder
+
+#
+# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the
+# policies and PIP configuration as defined below. Otherwise, this is the configuration that
+# the embedded PDP uses.
+#
+
+# Policies to load
+#
+xacml.rootPolicies=guard
+guard.file=src/main/resources/RootGuardPolicy.xml
+
diff --git a/applications/monitoring/pom.xml b/applications/monitoring/pom.xml
index 6da9749d..018c3722 100644
--- a/applications/monitoring/pom.xml
+++ b/applications/monitoring/pom.xml
@@ -42,6 +42,11 @@
<artifactId>common-parameters</artifactId>
<version>${policy.common.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.onap.policy.xacml-pdp.applications</groupId>
+ <artifactId>common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
</dependencies>
<build>
diff --git a/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java b/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java
index c6719ecb..6c53566a 100644
--- a/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java
+++ b/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java
@@ -22,6 +22,518 @@
package org.onap.policy.xacml.pdp.engine;
-public class OnapXacmlPdpEngine {
+import com.att.research.xacml.api.Request;
+import com.att.research.xacml.api.Response;
+import com.att.research.xacml.api.XACML3;
+import com.att.research.xacml.api.pdp.PDPEngine;
+import com.att.research.xacml.api.pdp.PDPEngineFactory;
+import com.att.research.xacml.api.pdp.PDPException;
+import com.att.research.xacml.util.FactoryException;
+import com.att.research.xacml.util.XACMLPolicyScanner;
+import com.att.research.xacml.util.XACMLProperties;
+import com.google.common.collect.Lists;
+
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Properties;
+import java.util.Set;
+
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpressionType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionsType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
+
+import org.json.JSONObject;
+import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConverter;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConverterUtils;
+import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider;
+import org.onap.policy.pdp.xacml.application.common.XacmlUpdatePolicyUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.yaml.snakeyaml.Yaml;
+
+/**
+ * This is the engine class that manages the instance of the XACML PDP engine.
+ *
+ * <p>It is responsible for initializing it and shutting it down properly in a thread-safe manner.
+ *
+ *
+ * @author pameladragosh
+ *
+ */
+public class OnapXacmlPdpEngine implements ToscaPolicyConverter, XacmlApplicationServiceProvider {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(OnapXacmlPdpEngine.class);
+ private static final String ONAP_MONITORING_BASE_POLICY_TYPE = "onap.Monitoring";
+ private static final String ONAP_MONITORING_DERIVED_POLICY_TYPE = "onap.policies.monitoring";
+
+
+ private Path pathForData = null;
+ private Properties pdpProperties = null;
+ private PDPEngine pdpEngine = null;
+ private Map<String, String> supportedPolicyTypes = new HashMap<>();
+
+ /**
+ * Constructor.
+ */
+ public OnapXacmlPdpEngine() {
+ //
+ // By default this supports just Monitoring policy types
+ //
+ supportedPolicyTypes.put(ONAP_MONITORING_BASE_POLICY_TYPE, "1.0.0");
+ }
+
+ /**
+ * Load properties from given file.
+ *
+ * @param location Path and filename
+ * @throws IOException If unable to read file
+ */
+ public synchronized void loadXacmlProperties(String location) throws IOException {
+ try (InputStream is = new FileInputStream(location)) {
+ pdpProperties.load(is);
+ }
+ }
+
+ /**
+ * Stores the XACML Properties to the given file location.
+ *
+ * @param location File location including name
+ * @throws IOException If unable to store the file.
+ */
+ public synchronized void storeXacmlProperties(String location) throws IOException {
+ try (OutputStream os = new FileOutputStream(location)) {
+ String strComments = "#";
+ pdpProperties.store(os, strComments);
+ }
+ }
+
+ /**
+ * Make a decision call.
+ *
+ * @param request Incoming request object
+ * @return Response object
+ */
+ public synchronized Response decision(Request request) {
+ //
+ // This is what we need to return
+ //
+ Response response = null;
+ //
+ // Track some timing
+ //
+ long timeStart = System.currentTimeMillis();
+ try {
+ response = this.pdpEngine.decide(request);
+ } catch (PDPException e) {
+ LOGGER.error("{}", e);
+ } finally {
+ //
+ // Track the end of timing
+ //
+ long timeEnd = System.currentTimeMillis();
+ LOGGER.info("Elapsed Time: {}ms", (timeEnd - timeStart));
+ }
+ return response;
+ }
+
+ @Override
+ public String applicationName() {
+ return "Monitoring Application";
+ }
+
+ @Override
+ public List<String> actionDecisionsSupported() {
+ return Arrays.asList("configure");
+ }
+
+ @Override
+ public synchronized void initialize(Path pathForData) {
+ //
+ // Save our path
+ //
+ this.pathForData = pathForData;
+ LOGGER.debug("New Path is {}", this.pathForData.toAbsolutePath());
+ //
+ // Look for and load the properties object
+ //
+ Path propertyPath = Paths.get(this.pathForData.toAbsolutePath().toString(), "xacml.properties");
+ LOGGER.debug("Looking for {}", propertyPath.toAbsolutePath());
+ try (InputStream is = new FileInputStream(propertyPath.toAbsolutePath().toString()) ) {
+ //
+ // Create a new properties object
+ //
+ pdpProperties = new Properties();
+ //
+ // Load it with our values
+ //
+ pdpProperties.load(is);
+ LOGGER.debug("{}", pdpProperties);
+ } catch (IOException e) {
+ LOGGER.error("{}", e);
+ }
+ //
+ // Now initialize the XACML PDP Engine
+ //
+ try {
+ PDPEngineFactory factory = PDPEngineFactory.newInstance();
+ this.pdpEngine = factory.newEngine(pdpProperties);
+ } catch (FactoryException e) {
+ LOGGER.error("{}", e);
+ }
+ }
+
+ @Override
+ public synchronized List<String> supportedPolicyTypes() {
+ return Lists.newArrayList(supportedPolicyTypes.keySet());
+ }
+
+ @Override
+ public boolean canSupportPolicyType(String policyType, String policyTypeVersion) {
+ //
+ // For Monitoring, we will attempt to support all versions
+ // of the policy type. Since we are only packaging a decision
+ // back with a JSON payload of the property contents.
+ //
+ return (policyType.equals(ONAP_MONITORING_BASE_POLICY_TYPE)
+ || policyType.startsWith(ONAP_MONITORING_DERIVED_POLICY_TYPE));
+ }
+
+ @Override
+ public synchronized void loadPolicies(Map<String, Object> toscaPolicies) {
+ //
+ //
+ //
+ try {
+ //
+ // Convert the policies first
+ //
+ List<PolicyType> listPolicies = this.convertPolicies(toscaPolicies);
+ if (listPolicies.isEmpty()) {
+ throw new ToscaPolicyConversionException("Converted 0 policies");
+ }
+ //
+ // Read in our Root Policy
+ //
+ Set<String> roots = XACMLProperties.getRootPolicyIDs(pdpProperties);
+ if (roots.isEmpty()) {
+ throw new ToscaPolicyConversionException("There are NO root policies defined");
+ }
+ //
+ // Really only should be one
+ //
+ String rootFile = pdpProperties.getProperty(roots.iterator().next() + ".file");
+ try (InputStream is = new FileInputStream(rootFile)) {
+ Object policyData = XACMLPolicyScanner.readPolicy(is);
+ //
+ // Should be a PolicySet
+ //
+ if (policyData instanceof PolicySetType) {
+ PolicyType[] newPolicies = listPolicies.toArray(new PolicyType[listPolicies.size()]);
+ PolicySetType newRootPolicy =
+ XacmlUpdatePolicyUtils.updateXacmlRootPolicy((PolicySetType) policyData, newPolicies);
+ //
+ // Save the new Policies to disk
+ //
+
+ //
+ // Save the root policy to disk
+ //
+
+ //
+ // Update properties to declare the referenced policies
+ //
+
+ //
+ // Write the policies to disk
+ //
+
+ } else {
+ throw new ToscaPolicyConversionException("Root policy isn't a PolicySet");
+ }
+ }
+ //
+ // Add to the root policy
+ //
+ } catch (IOException | ToscaPolicyConversionException e) {
+ LOGGER.error("Failed to loadPolicies {}", e);
+ }
+ }
+
+ @Override
+ public synchronized JSONObject makeDecision(JSONObject jsonSchema) {
+ return null;
+ }
+
+ @Override
+ public List<PolicyType> convertPolicies(Map<String, Object> toscaObject) throws ToscaPolicyConversionException {
+ //
+ // Return the policies
+ //
+ return scanAndConvertPolicies(toscaObject);
+ }
+
+ @Override
+ public List<PolicyType> convertPolicies(InputStream isToscaPolicy) throws ToscaPolicyConversionException {
+ //
+ // Have snakeyaml parse the object
+ //
+ Yaml yaml = new Yaml();
+ Map<String, Object> toscaObject = yaml.load(isToscaPolicy);
+ //
+ // Return the policies
+ //
+ return scanAndConvertPolicies(toscaObject);
+ }
+
+ @SuppressWarnings("unchecked")
+ private List<PolicyType> scanAndConvertPolicies(Map<String, Object> toscaObject)
+ throws ToscaPolicyConversionException {
+ //
+ // Our return object
+ //
+ List<PolicyType> scannedPolicies = new ArrayList<>();
+ //
+ // Iterate each of the Policies
+ //
+ List<Object> policies = (List<Object>) toscaObject.get("policies");
+ for (Object policyObject : policies) {
+ //
+ // Get the contents
+ //
+ LOGGER.debug("Found policy {}", policyObject.getClass());
+ Map<String, Object> policyContents = (Map<String, Object>) policyObject;
+ for (Entry<String, Object> entrySet : policyContents.entrySet()) {
+ LOGGER.info("Entry set {}", entrySet);
+ //
+ // Convert this policy
+ //
+ PolicyType policy = this.convertPolicy(entrySet);
+ //
+ // Convert and add in the new policy
+ //
+ scannedPolicies.add(policy);
+ }
+ }
+
+ return scannedPolicies;
+ }
+
+ @SuppressWarnings("unchecked")
+ private PolicyType convertPolicy(Entry<String, Object> entrySet) throws ToscaPolicyConversionException {
+ //
+ // Policy name should be at the root
+ //
+ String policyName = entrySet.getKey();
+ Map<String, Object> policyDefinition = (Map<String, Object>) entrySet.getValue();
+ //
+ // Set it as the policy ID
+ //
+ PolicyType newPolicyType = new PolicyType();
+ newPolicyType.setPolicyId(policyName);
+ //
+ // Optional description
+ //
+ if (policyDefinition.containsKey("description")) {
+ newPolicyType.setDescription(policyDefinition.get("description").toString());
+ }
+ //
+ // There should be a metadata section
+ //
+ if (! policyDefinition.containsKey("metadata")) {
+ throw new ToscaPolicyConversionException(policyName + " missing metadata section");
+ }
+ this.fillMetadataSection(newPolicyType,
+ (Map<String, Object>) policyDefinition.get("metadata"));
+ //
+ // Set the combining rule
+ //
+ newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_FIRST_APPLICABLE.stringValue());
+ //
+ // Generate the TargetType
+ //
+ //
+ // There should be a metadata section
+ //
+ if (! policyDefinition.containsKey("type")) {
+ throw new ToscaPolicyConversionException(policyName + " missing type value");
+ }
+ if (! policyDefinition.containsKey("version")) {
+ throw new ToscaPolicyConversionException(policyName + " missing version value");
+ }
+ TargetType target = this.generateTargetType(policyName,
+ policyDefinition.get("type").toString(),
+ policyDefinition.get("version").toString());
+ newPolicyType.setTarget(target);
+ //
+ // Now create the Permit Rule
+ // No target since the policy has a target
+ // With obligations.
+ //
+ RuleType rule = new RuleType();
+ rule.setDescription("Default is to PERMIT if the policy matches.");
+ rule.setRuleId(policyName + ":rule");
+ rule.setEffect(EffectType.PERMIT);
+ rule.setTarget(new TargetType());
+ //
+ // There should be properties section - this data ends up as a
+ // JSON BLOB that is returned back to calling application.
+ //
+ if (! policyDefinition.containsKey("properties")) {
+ throw new ToscaPolicyConversionException(policyName + " missing properties section");
+ }
+ addObligation(rule,
+ (Map<String, Object>) policyDefinition.get("properties"));
+ //
+ // Add the rule to the policy
+ //
+ newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
+ //
+ // Return our new policy
+ //
+ return newPolicyType;
+ }
+
+ /**
+ * From the TOSCA metadata section, pull in values that are needed into the XACML policy.
+ *
+ * @param policy Policy Object to store the metadata
+ * @param metadata The Metadata TOSCA Map
+ * @return Same Policy Object
+ * @throws ToscaPolicyConversionException If there is something missing from the metadata
+ */
+ private PolicyType fillMetadataSection(PolicyType policy,
+ Map<String, Object> metadata) throws ToscaPolicyConversionException {
+ if (! metadata.containsKey("policy-id")) {
+ throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-id");
+ } else {
+ //
+ // Do nothing here - the XACML PolicyId is used from TOSCA Policy Name field
+ //
+ }
+ if (! metadata.containsKey("policy-version")) {
+ throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-version");
+ } else {
+ //
+ // Add in the Policy Version
+ //
+ policy.setVersion(metadata.get("policy-version").toString());
+ }
+ return policy;
+ }
+
+ private TargetType generateTargetType(String policyId, String policyType, String policyTypeVersion) {
+ //
+ // Create all the match's that are possible
+ //
+ // This is for the Policy Id
+ //
+ MatchType matchPolicyId = ToscaPolicyConverterUtils.buildMatchTypeDesignator(
+ XACML3.ID_FUNCTION_STRING_EQUAL,
+ policyId,
+ XACML3.ID_DATATYPE_STRING,
+ ToscaDictionary.ID_RESOURCE_POLICY_ID,
+ XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
+ //
+ // This is for the Policy Type
+ //
+ MatchType matchPolicyType = ToscaPolicyConverterUtils.buildMatchTypeDesignator(
+ XACML3.ID_FUNCTION_STRING_EQUAL,
+ policyType,
+ XACML3.ID_DATATYPE_STRING,
+ ToscaDictionary.ID_RESOURCE_POLICY_TYPE,
+ XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
+ //
+ // This is for the Policy Type version
+ //
+ MatchType matchPolicyTypeVersion = ToscaPolicyConverterUtils.buildMatchTypeDesignator(
+ XACML3.ID_FUNCTION_STRING_EQUAL,
+ policyTypeVersion,
+ XACML3.ID_DATATYPE_STRING,
+ ToscaDictionary.ID_RESOURCE_POLICY_TYPE_VERSION,
+ XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
+ //
+ // This is our outer AnyOf - which is an OR
+ //
+ AnyOfType anyOf = new AnyOfType();
+ //
+ // Create AllOf (AND) of just Policy Id
+ //
+ anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyId));
+ //
+ // Create AllOf (AND) of just Policy Type
+ //
+ anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyType));
+ //
+ // Create AllOf (AND) of Policy Type and Policy Type Version
+ //
+ anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyType, matchPolicyTypeVersion));
+ //
+ // Now we can create the TargetType, add the top-level anyOf (OR),
+ // and return the value.
+ //
+ TargetType target = new TargetType();
+ target.getAnyOf().add(anyOf);
+ return target;
+ }
+
+ private RuleType addObligation(RuleType rule, Map<String, Object> properties) {
+ //
+ // Convert the YAML Policy to JSON Object
+ //
+ JSONObject jsonObject = new JSONObject(properties);
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug("JSON conversion {}{}", System.lineSeparator(), jsonObject);
+ }
+ //
+ // Create an AttributeValue for it
+ //
+ AttributeValueType value = new AttributeValueType();
+ value.setDataType(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_DATATYPE.stringValue());
+ value.getContent().add(jsonObject.toString());
+ //
+ // Create our AttributeAssignmentExpression where we will
+ // store the contents of the policy in JSON format.
+ //
+ AttributeAssignmentExpressionType expressionType = new AttributeAssignmentExpressionType();
+ expressionType.setAttributeId(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS.stringValue());
+ ObjectFactory factory = new ObjectFactory();
+ expressionType.setExpression(factory.createAttributeValue(value));
+ //
+ // Create an ObligationExpression for it
+ //
+ ObligationExpressionType obligation = new ObligationExpressionType();
+ obligation.setFulfillOn(EffectType.PERMIT);
+ obligation.setObligationId(ToscaDictionary.ID_OBLIGATION_REST_BODY.stringValue());
+ obligation.getAttributeAssignmentExpression().add(expressionType);
+ //
+ // Now we can add it into the rule
+ //
+ ObligationExpressionsType obligations = new ObligationExpressionsType();
+ obligations.getObligationExpression().add(obligation);
+ rule.setObligationExpressions(obligations);
+ return rule;
+ }
}
diff --git a/applications/monitoring/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider b/applications/monitoring/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider
new file mode 100644
index 00000000..5c8dd5e6
--- /dev/null
+++ b/applications/monitoring/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider
@@ -0,0 +1 @@
+org.onap.policy.xacml.pdp.engine.OnapXacmlPdpEngine \ No newline at end of file
diff --git a/applications/monitoring/src/main/resources/RootMonitoringPolicy.xml b/applications/monitoring/src/main/resources/RootMonitoringPolicy.xml
index 3ac716e8..33b28815 100644
--- a/applications/monitoring/src/main/resources/RootMonitoringPolicy.xml
+++ b/applications/monitoring/src/main/resources/RootMonitoringPolicy.xml
@@ -1,5 +1,5 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:org:onap:monitoring:policy:id" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyCombiningAlgId="urn:com:att:xacml:3.0:policy-combining-algorithm:combined-deny-overrides" PolicySetId="urn:org:onap:monitoring:policy:id" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd">
<Description>The root policy for supporting in-memory onap.Monitoring policy-type policies.</Description>
<Target>
<AnyOf>
@@ -19,24 +19,18 @@
</AllOf>
</AnyOf>
</Target>
- <Rule RuleId="urn:org:onap:xacml:rule:id:da3338f3-8a9d-4bc7-8266-35b886516354" Effect="Permit">
- <Description>PERMIT - TO BE FILLED IN</Description>
- <Target>
- <AnyOf>
- <AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">John</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ACCESS</AttributeValue>
- <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
- </Match>
- </AllOf>
- </AnyOf>
- </Target>
- </Rule>
- <Rule RuleId="urn:org:onap:xacml:rule:id:74caee98-bd05-4bb5-917c-a26ef80bb0f4" Effect="Deny">
- <Description>Default is DENY</Description>
- </Rule>
-</Policy>
+ <!--
+
+ New Policies created from TOSCA policies can be stored like this.
+
+ <PolicyIdReference>onap.scaleout.tca</PolicyIdReference>
+ <PolicySetIdReference>urn:oasis:names:tc:xacml:2.0:conformance-test:IIE001:policyset1</PolicySetIdReference>
+ -->
+ <Policy PolicyId="default" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny" >
+ <Description>Default is to allow a permit - returning 0 obligations</Description>
+ <Target/>
+ <Rule RuleId="default" Effect="Permit">
+ <Target/>
+ </Rule>
+ </Policy>
+</PolicySet> \ No newline at end of file
diff --git a/applications/monitoring/src/test/java/cucumber/Stepdefs.java b/applications/monitoring/src/test/java/cucumber/Stepdefs.java
index 6915afdb..ca5efa46 100644
--- a/applications/monitoring/src/test/java/cucumber/Stepdefs.java
+++ b/applications/monitoring/src/test/java/cucumber/Stepdefs.java
@@ -22,27 +22,204 @@
package cucumber;
+import com.att.research.xacml.std.annotations.XACMLAction;
+import com.att.research.xacml.std.annotations.XACMLRequest;
+import com.att.research.xacml.std.annotations.XACMLResource;
+import com.att.research.xacml.std.annotations.XACMLSubject;
+
import cucumber.api.java.en.Given;
import cucumber.api.java.en.Then;
import cucumber.api.java.en.When;
+import org.junit.ClassRule;
+import org.junit.rules.TemporaryFolder;
+
public class Stepdefs {
- @Given("TCA Policy is loaded")
- public void tca_Policy_is_loaded() {
- // Write code here that turns the phrase above into concrete actions
- throw new cucumber.api.PendingException();
+ /*
+
+ private static final Logger logger = LoggerFactory.getLogger(Stepdefs.class);
+
+ public static OnapXacmlPdpEngine onapPdpEngine;
+ public static Properties properties;
+ public static Map<String, Object> tcaPolicy;
+ public static Request request;
+ public static File pathProperties;
+ public static File pathRootPolicy;
+
+ /**
+ * Temporary folder where we will store newly created policies.
+ */
+ @ClassRule
+ public TemporaryFolder policyFolder = new TemporaryFolder();
+
+ /**
+ * This is a simple annotation class to simulate
+ * requests coming in.
+ */
+ @XACMLRequest(ReturnPolicyIdList = true)
+ public class MyXacmlRequest {
+
+ @XACMLSubject(includeInResults = true)
+ String onapName = "DCAE";
+
+ @XACMLResource(includeInResults = true)
+ String resource = "onap.policies.Monitoring";
+
+ @XACMLAction()
+ String action = "configure";
+ }
+
+ /**
+ * Initialization.
+ */
+ @Given("Initialization")
+ public void initialization() {
+ /*
+ //
+ // Everything initializes upon startup
+ //
+ assertThatCode(() -> {
+ //
+ // Assume XACML REST Controller loads PDP engine
+ //
+ onapPdpEngine = new OnapXacmlPdpEngine();
+ //
+ // Come up with defaults
+ //
+ File path = Paths.get("src/test/resources").toFile();
+ /*
+ // try (InputStream is = new FileInputStream("src/test/resources/xacml.properties")) {
+ // properties = new Properties();
+ // properties.load(is);
+ // onapPdpEngine.initializeEngine(properties);
+// }
+ onapPdpEngine.initialize(path.toPath());
+ //
+ // Store the properties in new path
+ //
+ // JUNIT IS CRASHING - THE TEMP FOLDER NOT CREATED -->
+ //pathProperties = policyFolder.newFile("xacml.properties");
+ //
+ // Store the root policies
+ //
+ for (String rootPolicyId : XACMLProperties.getRootPolicyIDs(properties)) {
+ logger.debug("Root policy id: " + rootPolicyId);
+ }
+
+ }).doesNotThrowAnyException();
+ */
+ }
+
+ /**
+ * Initialization.
+ */
+ @When("Decision Requested")
+ public void decision_Requested() {
+ /*
+ //
+ // Simulate a request coming in from Xacml REST server
+ //
+ assertThatCode(() -> {
+ request = RequestParser.parseRequest(new MyXacmlRequest());
+ }).doesNotThrowAnyException();
+ */
+ }
+
+ /**
+ * Initialization.
+ */
+ @Then("Decision Permit {int} Obligations")
+ public void decision_Permit_Obligations(Integer int1) {
+ /*
+ Response response = onapPdpEngine.decision(request);
+ for (Result result : response.getResults()) {
+ logger.debug(result.getDecision().toString());
+ assertEquals(Decision.PERMIT, result.getDecision());
+ assertThat(result.getObligations().size()).isEqualTo(int1);
+ }
+ */
+ }
+
+ /**
+ * Initialization.
+ */
+ @When("The application gets new Tosca Policy")
+ public void the_application_gets_new_Tosca_Policy() {
+ /*
+ //
+ // The Xacml PDP REST controller Would receive this from the PAP
+ //
+ // And then parse it looking for Policy Types
+ //
+ assertThatCode(() -> {
+ try (InputStream is = new FileInputStream("src/test/resources/vDNS.policy.input.yaml")) {
+ Yaml yaml = new Yaml();
+ tcaPolicy = yaml.load(is);
+ //
+ // Do we test iterating and determining if supported?
+ //
+
+ }
+ }).doesNotThrowAnyException();
+ */
}
- @When("A Decision Request is received")
- public void a_Decision_Request_is_received() {
- // Write code here that turns the phrase above into concrete actions
- throw new cucumber.api.PendingException();
+ /**
+ * Initialization.
+ */
+ @Then("Load Policy")
+ public void load_Policy() {
+ /*
+ assertThatCode(() -> {
+ //
+ // Load the policies
+ //
+ List<PolicyType> convertedPolicies = onapPdpEngine.convertPolicies(tcaPolicy);
+ //
+ // Store these in temporary folder
+ //
+ int id = 1;
+ List<Path> newReferencedPolicies = new ArrayList<>();
+ for (PolicyType convertedPolicy : convertedPolicies) {
+ //
+ // I don't think we should use the policy id as the filename - there could
+ // possibly be duplicates. eg. Not guaranteed to be unique.
+ //
+ File file = policyFolder.newFile("policy." + id + convertedPolicy.getPolicyId() + ".xml");
+ logger.info("Creating Policy {}", file.getAbsolutePath());
+ Path path = XACMLPolicyWriter.writePolicyFile(file.toPath(), convertedPolicy);
+ //
+ // Add it to our list
+ //
+ newReferencedPolicies.add(path);
+ }
+ //
+ // Now updated the properties
+ //
+ Path[] args = new Path[newReferencedPolicies.size()];
+ newReferencedPolicies.toArray(args);
+ XACMLProperties.setXacmlReferencedProperties(properties, args);
+ //
+ // Reload the PDP engine
+ //
+ onapPdpEngine.initializeEngine(properties);
+ }).doesNotThrowAnyException();
+ */
}
- @Then("I should return TCA Policy as JSON")
- public void i_should_return_TCA_Policy_as_JSON() {
- // Write code here that turns the phrase above into concrete actions
- throw new cucumber.api.PendingException();
+ /**
+ * Initialization.
+ */
+ @Then("Save Configuration")
+ public void save_Configuration() {
+ /*
+ assertThatCode(() -> {
+ //
+ // Save the configuration
+ //
+ onapPdpEngine.storeXacmlProperties(pathProperties.getAbsolutePath());
+ }).doesNotThrowAnyException();
+ */
}
-}
+} \ No newline at end of file
diff --git a/applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngineTest.java b/applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngineTest.java
new file mode 100644
index 00000000..940a974b
--- /dev/null
+++ b/applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngineTest.java
@@ -0,0 +1,296 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP
+ * ================================================================================
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.xacml.pdp.engine;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatCode;
+import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
+import static org.junit.Assert.assertEquals;
+
+import com.att.research.xacml.api.Decision;
+import com.att.research.xacml.api.Response;
+import com.att.research.xacml.api.Result;
+import com.att.research.xacml.std.annotations.RequestParser;
+import com.att.research.xacml.std.annotations.XACMLAction;
+import com.att.research.xacml.std.annotations.XACMLRequest;
+import com.att.research.xacml.std.annotations.XACMLResource;
+import com.att.research.xacml.std.annotations.XACMLSubject;
+import com.att.research.xacml.util.XACMLProperties;
+import com.google.common.io.Files;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Properties;
+import java.util.ServiceLoader;
+
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
+import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.yaml.snakeyaml.Yaml;
+
+public class OnapXacmlPdpEngineTest {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(OnapXacmlPdpEngineTest.class);
+ private static OnapXacmlPdpEngine onapPdpEngine;
+ private static Properties properties = new Properties();
+ private static File propertiesFile;
+
+ @ClassRule
+ public static final TemporaryFolder policyFolder = new TemporaryFolder();
+
+ /**
+ * This is a simple annotation class to simulate
+ * requests coming in.
+ */
+ @XACMLRequest(ReturnPolicyIdList = true)
+ public class MyXacmlRequest {
+
+ @XACMLSubject(includeInResults = true)
+ String onapName = "DCAE";
+
+ @XACMLResource(includeInResults = true)
+ String resource = "onap.policies.Monitoring";
+
+ @XACMLAction()
+ String action = "configure";
+ }
+
+ /**
+ * Load a test engine.
+ */
+ @BeforeClass
+ public static void setup() {
+ assertThatCode(() -> {
+ //
+ // Copy all the properties and root policies to the temporary folder
+ //
+ try (InputStream is = new FileInputStream("src/test/resources/xacml.properties")) {
+ //
+ // Load it in
+ //
+ properties.load(is);
+ propertiesFile = policyFolder.newFile("xacml.properties");
+ //
+ // Copy the root policies
+ //
+ for (String root : XACMLProperties.getRootPolicyIDs(properties)) {
+ //
+ // Get a file
+ //
+ Path rootPath = Paths.get(properties.getProperty(root + ".file"));
+ LOGGER.debug("Root file {} {}", rootPath, rootPath.getFileName());
+ //
+ // Construct new file name
+ //
+ File newRootPath = policyFolder.newFile(rootPath.getFileName().toString());
+ //
+ // Copy it
+ //
+ Files.copy(rootPath.toFile(), newRootPath);
+ assertThat(newRootPath).exists();
+ //
+ // Point to where the new policy is in the temp dir
+ //
+ properties.setProperty(root + ".file", newRootPath.getAbsolutePath());
+ }
+ try (OutputStream os = new FileOutputStream(propertiesFile.getAbsolutePath())) {
+ properties.store(os, "");
+ assertThat(propertiesFile).exists();
+ }
+ }
+ //
+ // Load service
+ //
+ ServiceLoader<XacmlApplicationServiceProvider> applicationLoader =
+ ServiceLoader.load(XacmlApplicationServiceProvider.class);
+ //
+ // Iterate through them - I could store the object as
+ // XacmlApplicationServiceProvider pointer.
+ //
+ // Try this later.
+ //
+ StringBuilder strDump = new StringBuilder("Loaded applications:" + System.lineSeparator());
+ Iterator<XacmlApplicationServiceProvider> iterator = applicationLoader.iterator();
+ while (iterator.hasNext()) {
+ XacmlApplicationServiceProvider application = iterator.next();
+ strDump.append(application.applicationName());
+ strDump.append(" supports ");
+ strDump.append(application.supportedPolicyTypes());
+ strDump.append(System.lineSeparator());
+ }
+ LOGGER.debug("{}", strDump);
+ //
+ // Create the engine instance
+ //
+ onapPdpEngine = new OnapXacmlPdpEngine();
+ //
+ // Tell it to initialize based on the properties file
+ // we just built for it.
+ //
+ onapPdpEngine.initialize(propertiesFile.toPath().getParent());
+ //
+ // Make sure there's an application name
+ //
+ assertThat(onapPdpEngine.applicationName()).isNotEmpty();
+ //
+ // Ensure it has the supported policy types and
+ // can support the correct policy types.
+ //
+ assertThat(onapPdpEngine.canSupportPolicyType("onap.Monitoring", "1.0.0")).isTrue();
+ assertThat(onapPdpEngine.canSupportPolicyType("onap.Monitoring", "1.5.0")).isTrue();
+ assertThat(onapPdpEngine.canSupportPolicyType("onap.policies.monitoring.foobar", "1.0.1")).isTrue();
+ assertThat(onapPdpEngine.canSupportPolicyType("onap.foobar", "1.0.0")).isFalse();
+ assertThat(onapPdpEngine.supportedPolicyTypes()).contains("onap.Monitoring");
+ //
+ // Ensure it supports decisions
+ //
+ assertThat(onapPdpEngine.actionDecisionsSupported()).contains("configure");
+ }).doesNotThrowAnyException();
+ }
+
+ @Test
+ public void testNoPolicies() {
+ //
+ // Make a simple decision - NO policies are loaded
+ //
+ assertThatCode(() -> {
+ Response response = onapPdpEngine.decision(RequestParser.parseRequest(new MyXacmlRequest()));
+ for (Result result : response.getResults()) {
+ LOGGER.info("Decision {}", result.getDecision());
+ assertEquals(Decision.PERMIT, result.getDecision());
+ }
+ }).doesNotThrowAnyException();
+ }
+
+ @SuppressWarnings("unchecked")
+ @Test
+ public void testvDnsPolicy() {
+ //
+ // Now load the vDNS Policy - make sure
+ // the pdp can support it and have it load
+ // into the PDP.
+ //
+ assertThatCode(() -> {
+ try (InputStream is = new FileInputStream("src/test/resources/vDNS.policy.input.yaml")) {
+ Yaml yaml = new Yaml();
+ Map<String, Object> toscaObject = yaml.load(is);
+ List<Object> policies = (List<Object>) toscaObject.get("policies");
+ //
+ // What we should really do is split the policies out from the ones that
+ // are not supported to ones that are. And then load these.
+ //
+ // In another future review....
+ //
+ for (Object policyObject : policies) {
+ //
+ // Get the contents
+ //
+ Map<String, Object> policyContents = (Map<String, Object>) policyObject;
+ for (Entry<String, Object> entrySet : policyContents.entrySet()) {
+ LOGGER.info("Entry set {}", entrySet.getKey());
+ Map<String, Object> policyDefinition = (Map<String, Object>) entrySet.getValue();
+ //
+ // Find the type and make sure the engine supports it
+ //
+ assertThat(policyDefinition.containsKey("type")).isTrue();
+ assertThat(onapPdpEngine.canSupportPolicyType(
+ policyDefinition.get("type").toString(),
+ policyDefinition.get("version").toString()))
+ .isTrue();
+ }
+ }
+ //
+ // Just go ahead and load them all for now
+ //
+ // Assuming all are supported etc.
+ //
+ onapPdpEngine.loadPolicies(toscaObject);
+
+ //List<PolicyType> policies = onapPdpEngine.convertPolicies(is);
+ //
+ // Should have a policy
+ //// assertThat(policies.isEmpty()).isFalse();
+ }
+ }).doesNotThrowAnyException();
+ }
+
+ @Test
+ public void testBadPolicies() {
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> {
+ try (InputStream is =
+ new FileInputStream("src/test/resources/test.monitoring.policy.missingmetadata.yaml")) {
+ onapPdpEngine.convertPolicies(is);
+ }
+ }).withMessageContaining("missing metadata section");
+
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> {
+ try (InputStream is =
+ new FileInputStream("src/test/resources/test.monitoring.policy.missingtype.yaml")) {
+ onapPdpEngine.convertPolicies(is);
+ }
+ }).withMessageContaining("missing type value");
+
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> {
+ try (InputStream is =
+ new FileInputStream("src/test/resources/test.monitoring.policy.missingversion.yaml")) {
+ onapPdpEngine.convertPolicies(is);
+ }
+ }).withMessageContaining("missing version value");
+
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> {
+ try (InputStream is =
+ new FileInputStream("src/test/resources/test.monitoring.policy.badmetadata.1.yaml")) {
+ onapPdpEngine.convertPolicies(is);
+ }
+ }).withMessageContaining("missing metadata policy-version");
+
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> {
+ try (InputStream is =
+ new FileInputStream("src/test/resources/test.monitoring.policy.badmetadata.2.yaml")) {
+ onapPdpEngine.convertPolicies(is);
+ }
+ }).withMessageContaining("missing metadata policy-id");
+
+ assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> {
+ try (InputStream is =
+ new FileInputStream("src/test/resources/test.monitoring.policy.missingproperties.yaml")) {
+ onapPdpEngine.convertPolicies(is);
+ }
+ }).withMessageContaining("missing properties section");
+ }
+
+}
diff --git a/applications/monitoring/src/test/resources/cucumber/decisions.feature b/applications/monitoring/src/test/resources/cucumber/decisions.feature
index a23d965b..6a573d3c 100644
--- a/applications/monitoring/src/test/resources/cucumber/decisions.feature
+++ b/applications/monitoring/src/test/resources/cucumber/decisions.feature
@@ -18,10 +18,10 @@
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
-Feature: Return a decision
- Return a decision for a request
-
- Scenario: Return policy as a JSON
- Given TCA Policy is loaded
- When A Decision Request is received
- Then I should return TCA Policy as JSON \ No newline at end of file
+#Feature: Return a decision
+# Return a decision for a request
+#
+# Scenario: Return policy as a JSON
+# Given TCA Policy is loaded
+# When A Decision Request is received
+# Then I should return TCA Policy as JSON \ No newline at end of file
diff --git a/applications/monitoring/src/test/resources/cucumber/load_policy.feature b/applications/monitoring/src/test/resources/cucumber/load_policy.feature
new file mode 100644
index 00000000..9651ca91
--- /dev/null
+++ b/applications/monitoring/src/test/resources/cucumber/load_policy.feature
@@ -0,0 +1,35 @@
+#
+# ============LICENSE_START=======================================================
+# ONAP
+# ================================================================================
+# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+Feature: Loading TOSCA Policies
+ When a TOSCA Policy is received, convert it
+ to a XACML policy and then load it into the XACML PDP engine.
+
+ Scenario: No Policies Loaded
+ Given Initialization
+ When Decision Requested
+ Then Decision Permit 0 Obligations
+
+ Scenario: Load New Policy
+ Given Initialization
+ When The application gets new Tosca Policy
+ Then Load Policy
+ And Save Configuration
diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.1.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.1.yaml
new file mode 100644
index 00000000..a2631848
--- /dev/null
+++ b/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.1.yaml
@@ -0,0 +1,10 @@
+tosca_definitions_version: tosca_simple_yaml_1_0_0
+policies:
+ -
+ test.monitoring.policy.badmetadata.1:
+ type: onap.policies.monitoring.cdap.tca.hi.lo.app
+ version: 1.0.0
+ metadata:
+ policy-id: test.monitoring.policy.badmetadata.1
+ properties:
+ domain: measurementsForVfScaling
diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.2.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.2.yaml
new file mode 100644
index 00000000..7da2db38
--- /dev/null
+++ b/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.2.yaml
@@ -0,0 +1,10 @@
+tosca_definitions_version: tosca_simple_yaml_1_0_0
+policies:
+ -
+ onap.scaleout.tca:
+ type: onap.policies.monitoring.cdap.tca.hi.lo.app
+ version: 1.0.0
+ metadata:
+ policy-version: 1
+ properties:
+ domain: measurementsForVfScaling
diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.missingmetadata.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.missingmetadata.yaml
new file mode 100644
index 00000000..4984a1c3
--- /dev/null
+++ b/applications/monitoring/src/test/resources/test.monitoring.policy.missingmetadata.yaml
@@ -0,0 +1,9 @@
+tosca_definitions_version: tosca_simple_yaml_1_0_0
+policies:
+ -
+ onap.scaleout.tca:
+ type: onap.policies.monitoring.test
+ description: I am a test policy
+ version: 1.0.0
+ properties:
+ domain: measurementsForVfScaling
diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.missingproperties.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.missingproperties.yaml
new file mode 100644
index 00000000..d4132a28
--- /dev/null
+++ b/applications/monitoring/src/test/resources/test.monitoring.policy.missingproperties.yaml
@@ -0,0 +1,9 @@
+tosca_definitions_version: tosca_simple_yaml_1_0_0
+policies:
+ -
+ onap.scaleout.tca:
+ type: onap.policies.monitoring.cdap.tca.hi.lo.app
+ version: 1.0.0
+ metadata:
+ policy-id: onap.scaleout.tca
+ policy-version: 1
diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.missingtype.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.missingtype.yaml
new file mode 100644
index 00000000..309d08c5
--- /dev/null
+++ b/applications/monitoring/src/test/resources/test.monitoring.policy.missingtype.yaml
@@ -0,0 +1,11 @@
+tosca_definitions_version: tosca_simple_yaml_1_0_0
+policies:
+ -
+ onap.scaleout.tca:
+ description: I am a test policy
+ version: 1.0.0
+ metadata:
+ policy-id: onap.scaleout.tca
+ policy-version: 10
+ properties:
+ domain: measurementsForVfScaling
diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.missingversion.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.missingversion.yaml
new file mode 100644
index 00000000..ff378d92
--- /dev/null
+++ b/applications/monitoring/src/test/resources/test.monitoring.policy.missingversion.yaml
@@ -0,0 +1,11 @@
+tosca_definitions_version: tosca_simple_yaml_1_0_0
+policies:
+ -
+ onap.scaleout.tca:
+ type: onap.policies.monitoring.test
+ description: I am a test policy
+ metadata:
+ policy-id: onap.scaleout.tca
+ policy-version: 10
+ properties:
+ domain: measurementsForVfScaling
diff --git a/applications/monitoring/src/test/resources/unsupportedpolicytype.yaml b/applications/monitoring/src/test/resources/unsupportedpolicytype.yaml
new file mode 100644
index 00000000..0a895b38
--- /dev/null
+++ b/applications/monitoring/src/test/resources/unsupportedpolicytype.yaml
@@ -0,0 +1,11 @@
+tosca_definitions_version: tosca_simple_yaml_1_0_0
+policies:
+ -
+ policy.name:
+ type: foo.bar
+ version: 1.0.0
+ metadata:
+ policy-id: policy.name
+ policy-version: 1
+ properties:
+ prop1: value1
diff --git a/applications/monitoring/src/test/resources/vDNS.policy.decision.payload.json b/applications/monitoring/src/test/resources/vDNS.policy.decision.payload.json
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/applications/monitoring/src/test/resources/vDNS.policy.decision.payload.json
diff --git a/applications/monitoring/src/test/resources/vDNS.policy.input.yaml b/applications/monitoring/src/test/resources/vDNS.policy.input.yaml
index ee149381..ee12c702 100644
--- a/applications/monitoring/src/test/resources/vDNS.policy.input.yaml
+++ b/applications/monitoring/src/test/resources/vDNS.policy.input.yaml
@@ -6,6 +6,7 @@ policies:
version: 1.0.0
metadata:
policy-id: onap.scaleout.tca
+ policy-version: 1
properties:
domain: measurementsForVfScaling
metricsPerEventName:
diff --git a/applications/monitoring/src/test/resources/vDNS.policy.xml b/applications/monitoring/src/test/resources/vDNS.policy.xml
new file mode 100644
index 00000000..14ad4603
--- /dev/null
+++ b/applications/monitoring/src/test/resources/vDNS.policy.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="onap.scaleout.tca" Version="1" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:deny-unless-permit">
+ <Description>The root policy for supporting in-memory onap.Monitoring policy-type policies.</Description>
+ <Target>
+ <AnyOf>
+ <AllOf>
+ <!-- Exact policy-id value -->
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">onap.scaleout.tca</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ <AllOf>
+ <!-- Regular expression match on policy id -->
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">onap.scaleout.tca</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ <AllOf>
+ <!-- Exact policy-type value -->
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">onap.policies.monitoring.cdap.tca.hi.lo.app</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ <AllOf>
+ <!-- Regular expression match on policy-type -->
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">onap.policies.monitoring.cdap.tca.hi.lo.app</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:resource:resource-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+ </AllOf>
+ </AnyOf>
+ </Target>
+ <Rule RuleId="urn:org:onap:xacml:rule:id:74caee98-bd05-4bb5-917c-a26ef80bb0f4" Effect="Permit">
+ <Description>Default is Permit</Description>
+ <!--
+
+ Add JSON as Obligation
+
+ -->
+ </Rule>
+</Policy>
diff --git a/applications/monitoring/src/test/resources/xacml.properties b/applications/monitoring/src/test/resources/xacml.properties
new file mode 100644
index 00000000..9b5330dc
--- /dev/null
+++ b/applications/monitoring/src/test/resources/xacml.properties
@@ -0,0 +1,34 @@
+#
+# Properties that the embedded PDP engine uses to configure and load
+#
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
+#
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+#
+# ONAP PDP Implementation Factories
+#
+xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory
+
+#
+# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the
+# policies and PIP configuration as defined below. Otherwise, this is the configuration that
+# the embedded PDP uses.
+#
+
+policytypes=onap.Monitoring, onap.policies.monitoring.cdap.tca.hi.lo.app
+
+# Policies to load
+#
+xacml.rootPolicies=monitoring
+monitoring.file=src/main/resources/RootMonitoringPolicy.xml
+
diff --git a/applications/pom.xml b/applications/pom.xml
index 13d83fe6..8d5d4b28 100644
--- a/applications/pom.xml
+++ b/applications/pom.xml
@@ -32,7 +32,9 @@
<artifactId>applications</artifactId>
<modules>
+ <module>common</module>
<module>monitoring</module>
+ <module>guard</module>
</modules>