diff options
Diffstat (limited to 'applications/common/src/main')
7 files changed, 603 insertions, 387 deletions
diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryPipEngine.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryPipEngine.java deleted file mode 100644 index 3d316b9a..00000000 --- a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryPipEngine.java +++ /dev/null @@ -1,353 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.pdp.xacml.application.common; - -import com.att.research.xacml.api.Attribute; -import com.att.research.xacml.api.AttributeValue; -import com.att.research.xacml.api.Identifier; -import com.att.research.xacml.api.XACML3; -import com.att.research.xacml.api.pip.PIPException; -import com.att.research.xacml.api.pip.PIPFinder; -import com.att.research.xacml.api.pip.PIPRequest; -import com.att.research.xacml.api.pip.PIPResponse; -import com.att.research.xacml.std.StdMutableAttribute; -import com.att.research.xacml.std.datatypes.DataTypes; -import com.att.research.xacml.std.pip.StdMutablePIPResponse; -import com.att.research.xacml.std.pip.StdPIPRequest; -import com.att.research.xacml.std.pip.StdPIPResponse; -import com.att.research.xacml.std.pip.engines.StdConfigurableEngine; -import com.google.common.base.Strings; - -import java.math.BigInteger; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.Iterator; -import java.util.Properties; - -import javax.persistence.EntityManager; -import javax.persistence.Persistence; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class OnapOperationsHistoryPipEngine extends StdConfigurableEngine { - private static Logger logger = LoggerFactory.getLogger(OnapOperationsHistoryPipEngine.class); - - private static final PIPRequest PIP_REQUEST_ACTOR = new StdPIPRequest( - XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, - ToscaDictionary.ID_RESOURCE_GUARD_ACTOR, - XACML3.ID_DATATYPE_STRING); - - private static final PIPRequest PIP_REQUEST_RECIPE = new StdPIPRequest( - XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, - ToscaDictionary.ID_RESOURCE_GUARD_RECIPE, - XACML3.ID_DATATYPE_STRING); - - private static final PIPRequest PIP_REQUEST_TARGET = new StdPIPRequest( - XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, - ToscaDictionary.ID_RESOURCE_GUARD_TARGETID, - XACML3.ID_DATATYPE_STRING); - - private Properties properties; - - public OnapOperationsHistoryPipEngine() { - super(); - } - - @Override - public Collection<PIPRequest> attributesRequired() { - return Arrays.asList(PIP_REQUEST_ACTOR, PIP_REQUEST_RECIPE, PIP_REQUEST_TARGET); - } - - @Override - public Collection<PIPRequest> attributesProvided() { - return Collections.emptyList(); - } - - @Override - public PIPResponse getAttributes(PIPRequest pipRequest, PIPFinder pipFinder) throws PIPException { - logger.debug("getAttributes requesting attribute {} of type {} for issuer {}", - pipRequest.getAttributeId(), pipRequest.getDataTypeId(), pipRequest.getIssuer()); - // - // Determine if the issuer is correct - // - if (Strings.isNullOrEmpty(pipRequest.getIssuer())) { - logger.debug("issuer is null - returning empty response"); - // - // We only respond to ourself as the issuer - // - return StdPIPResponse.PIP_RESPONSE_EMPTY; - } - if (! pipRequest.getIssuer().startsWith(ToscaDictionary.GUARD_ISSUER)) { - logger.debug("Issuer does not start with guard"); - // - // We only respond to ourself as the issuer - // - return StdPIPResponse.PIP_RESPONSE_EMPTY; - } - // - // Parse out the issuer which denotes the time window - // - // Eg: urn:org:onapxacml:guard:historydb:tw:10:minute - // - String[] s1 = pipRequest.getIssuer().split("tw:"); - String[] s2 = s1[1].split(":"); - int timeWindowVal = Integer.parseInt(s2[0]); - String timeWindowScale = s2[1]; - // - // Grab other attribute values - // - String actor = getActor(pipFinder); - String operation = getRecipe(pipFinder); - String target = getTarget(pipFinder); - String timeWindow = timeWindowVal + " " + timeWindowScale; - logger.info("Going to query DB about: actor {} operation {} target {} time window {}", - actor, operation, target, timeWindow); - // - // Sanity check - // - if (actor == null || operation == null || target == null) { - // - // See if we have all the values - // - logger.error("missing attributes return empty"); - return StdPIPResponse.PIP_RESPONSE_EMPTY; - } - // - // Ok do the database query - // - int operationCount = doDatabaseQuery(actor, operation, target, timeWindowVal, timeWindowScale); - // - // Right now return empty - // - StdMutablePIPResponse stdPipResponse = new StdMutablePIPResponse(); - this.addIntegerAttribute(stdPipResponse, - XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, - ToscaDictionary.ID_RESOURCE_GUARD_OPERATIONCOUNT, - operationCount, - pipRequest); - return new StdPIPResponse(stdPipResponse); - } - - @Override - public void configure(String id, Properties properties) throws PIPException { - super.configure(id, properties); - logger.debug("Configuring historyDb PIP {}", properties); - this.properties = properties; - } - - private String getActor(PIPFinder pipFinder) { - // - // Get the actor value - // - PIPResponse pipResponse = this.getAttribute(PIP_REQUEST_ACTOR, pipFinder); - if (pipResponse == null) { - logger.error("Need actor attribute which is not found"); - return null; - } - // - // Find the actor - // - return findFirstAttributeValue(pipResponse); - } - - private String getRecipe(PIPFinder pipFinder) { - // - // Get the actor value - // - PIPResponse pipResponse = this.getAttribute(PIP_REQUEST_RECIPE, pipFinder); - if (pipResponse == null) { - logger.error("Need recipe attribute which is not found"); - return null; - } - // - // Find the actor - // - return findFirstAttributeValue(pipResponse); - } - - private String getTarget(PIPFinder pipFinder) { - // - // Get the actor value - // - PIPResponse pipResponse = this.getAttribute(PIP_REQUEST_TARGET, pipFinder); - if (pipResponse == null) { - logger.error("Need target attribute which is not found"); - return null; - } - // - // Find the actor - // - return findFirstAttributeValue(pipResponse); - } - - private PIPResponse getAttribute(PIPRequest pipRequest, PIPFinder pipFinder) { - PIPResponse pipResponse = null; - try { - pipResponse = pipFinder.getMatchingAttributes(pipRequest, this); - if (pipResponse.getStatus() != null && !pipResponse.getStatus().isOk()) { - if (logger.isInfoEnabled()) { - logger.info("get attribute error retrieving {}: {}", pipRequest.getAttributeId().stringValue(), - pipResponse.getStatus()); - } - pipResponse = null; - } - if (pipResponse != null && pipResponse.getAttributes().isEmpty()) { - if (logger.isInfoEnabled()) { - logger.info("No value for {}", pipRequest.getAttributeId().stringValue()); - } - pipResponse = null; - } - } catch (PIPException ex) { - logger.error("PIPException getting subject-id attribute: " + ex.getMessage(), ex); - } - return pipResponse; - } - - private String findFirstAttributeValue(PIPResponse pipResponse) { - for (Attribute attribute: pipResponse.getAttributes()) { - Iterator<AttributeValue<String>> iterAttributeValues = attribute.findValues(DataTypes.DT_STRING); - if (iterAttributeValues != null) { - while (iterAttributeValues.hasNext()) { - String value = iterAttributeValues.next().getValue(); - if (value != null) { - return value; - } - } - } - } - return null; - } - - private void addIntegerAttribute(StdMutablePIPResponse stdPipResponse, Identifier category, - Identifier attributeId, int value, PIPRequest pipRequest) { - AttributeValue<BigInteger> attributeValue = null; - try { - attributeValue = DataTypes.DT_INTEGER.createAttributeValue(value); - } catch (Exception e) { - logger.error("Failed to convert {} to integer {}", value, e); - } - if (attributeValue != null) { - stdPipResponse.addAttribute(new StdMutableAttribute(category, attributeId, attributeValue, - pipRequest.getIssuer(), false)); - } - } - - private int doDatabaseQuery(String actor, String operation, String target, int timeWindowVal, - String timeWindowScale) { - logger.info("Querying operations history for {} {} {} {} {}", - actor, operation, target, timeWindowVal, timeWindowScale); - // - // Create our entity manager - // - EntityManager em; - try { - // - // In case there are any overloaded properties for the JPA - // - Properties emProperties = new Properties(properties); - // - // Create the entity manager factory - // - em = Persistence.createEntityManagerFactory( - properties.getProperty("historydb.persistenceunit", "OperationsHistoryPU"), - emProperties).createEntityManager(); - } catch (Exception e) { - logger.error("Persistence failed {} operations history db {}", e.getLocalizedMessage(), e); - return -1; - } - // - // Compute the time window - // - if (! "minute".equalsIgnoreCase(timeWindowScale) - && ! "hour".equalsIgnoreCase(timeWindowScale) - && ! "day".equalsIgnoreCase(timeWindowScale) - && ! "week".equalsIgnoreCase(timeWindowScale) - && ! "month".equalsIgnoreCase(timeWindowScale) - && ! "year".equalsIgnoreCase(timeWindowScale)) { - // - // Unsupported - // - logger.error("Unsupported time window scale value {}", timeWindowScale); - // - // Throw an exception instead? - // - return -1; - } - // - // Do the query - // - Object result = null; - try { - // - // - // - String strQuery = "select count(*) as numops from operationshistory" - + " where outcome<>'Failure_Guard'" - + " and actor=?" - + " and operation=?" - + " and target=?" - + " and endtime between TIMESTAMPADD(" - + timeWindowScale.toUpperCase() - + ", ?, CURRENT_TIMESTAMP)" - + " and CURRENT_TIMESTAMP"; - // - // We are expecting a single result - // - result = em.createNativeQuery(strQuery) - .setParameter(1, actor) - .setParameter(2, operation) - .setParameter(3, target) - .setParameter(4, timeWindowVal * -1) - .getSingleResult(); - } catch (Exception e) { - logger.error("Named query failed ", e); - } - // - // Check our query results - // - if (result != null) { - // - // Success let's see what JPA returned to us - // - logger.info("operations query returned {}", result); - // - // Should get back a long - // - if (result instanceof Long) { - return ((Long) result).intValue(); - } - // - // We shouldn't really get this result, but just - // in case we'll do the dirty work of parsing the - // string representation of the object. - // - return Integer.parseInt(result.toString()); - } - // - // We get here if we didn't get a result. Should - // we propagate back an exception? - // - return -1; - } - -} diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java index 2d3cebd1..21820b99 100644 --- a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java @@ -31,17 +31,18 @@ public final class ToscaDictionary { /* * These are the ID's for various TOSCA Policy Types we are supporting in the Applications. */ - public static final Identifier URN_ONAP = - new IdentifierImpl("urn:org:onap"); + public static final String URN_ONAP = "urn:org:onap"; + public static final Identifier ID_URN_ONAP = + new IdentifierImpl(URN_ONAP); public static final Identifier ID_RESOURCE_POLICY_ID = XACML3.ID_RESOURCE_RESOURCE_ID; public static final Identifier ID_RESOURCE_POLICY_TYPE = - new IdentifierImpl(URN_ONAP, "policy-type"); + new IdentifierImpl(ID_URN_ONAP, "policy-type"); public static final Identifier ID_RESOURCE_POLICY_TYPE_VERSION = - new IdentifierImpl(URN_ONAP, "policy-type-version"); + new IdentifierImpl(ID_URN_ONAP, "policy-type-version"); /* * These ID's are for identifying Subjects @@ -51,70 +52,75 @@ public final class ToscaDictionary { XACML3.ID_SUBJECT_SUBJECT_ID; public static final Identifier ID_SUBJECT_ONAP_COMPONENT = - new IdentifierImpl(URN_ONAP, "onap-component"); + new IdentifierImpl(ID_URN_ONAP, "onap-component"); public static final Identifier ID_SUBJECT_ONAP_INSTANCE = - new IdentifierImpl(URN_ONAP, "onap-instance"); + new IdentifierImpl(ID_URN_ONAP, "onap-instance"); /* * These 2 ID's are for Optimization policies */ public static final Identifier ID_RESOURCE_POLICY_SCOPE_PROPERTY = - new IdentifierImpl(URN_ONAP, "policy-scope-property"); + new IdentifierImpl(ID_URN_ONAP, "policy-scope-property"); public static final Identifier ID_RESOURCE_POLICY_TYPE_PROPERTY = - new IdentifierImpl(URN_ONAP, "policy-type-property"); + new IdentifierImpl(ID_URN_ONAP, "policy-type-property"); /* * These ID's are for Legacy Guard Policies */ public static final Identifier ID_RESOURCE_GUARD_ACTOR = - new IdentifierImpl(URN_ONAP, "guard:actor:actor-id"); + new IdentifierImpl(ID_URN_ONAP, "guard:actor:actor-id"); public static final Identifier ID_RESOURCE_GUARD_RECIPE = - new IdentifierImpl(URN_ONAP, "guard:operation:operation-id"); + new IdentifierImpl(ID_URN_ONAP, "guard:operation:operation-id"); public static final Identifier ID_RESOURCE_GUARD_CLNAME = - new IdentifierImpl(URN_ONAP, "guard:clname:clname-id"); + new IdentifierImpl(ID_URN_ONAP, "guard:clname:clname-id"); public static final Identifier ID_RESOURCE_GUARD_TARGETID = - new IdentifierImpl(URN_ONAP, "guard:target:target-id"); + new IdentifierImpl(ID_URN_ONAP, "guard:target:target-id"); public static final Identifier ID_SUBJECT_GUARD_REQUESTID = - new IdentifierImpl(URN_ONAP, "guard:request:request-id"); + new IdentifierImpl(ID_URN_ONAP, "guard:request:request-id"); public static final Identifier ID_RESOURCE_GUARD_VFCOUNT = - new IdentifierImpl(URN_ONAP, "guard:target:vf-count"); + new IdentifierImpl(ID_URN_ONAP, "guard:target:vf-count"); public static final Identifier ID_RESOURCE_GUARD_MIN = - new IdentifierImpl(URN_ONAP, "guard:target:min"); + new IdentifierImpl(ID_URN_ONAP, "guard:target:min"); public static final Identifier ID_RESOURCE_GUARD_MAX = - new IdentifierImpl(URN_ONAP, "guard:target:max"); + new IdentifierImpl(ID_URN_ONAP, "guard:target:max"); /* * This id specifically for guard is provided by the * operational history database PIP. */ + public static final String GUARD_OPERATIONCOUNT = "guard:operation:operation-count"; public static final Identifier ID_RESOURCE_GUARD_OPERATIONCOUNT = - new IdentifierImpl(URN_ONAP, "guard:operation:operation-count"); + new IdentifierImpl(ID_URN_ONAP, GUARD_OPERATIONCOUNT); - public static final String GUARD_ISSUER = URN_ONAP.stringValue() + "xacml:guard:historydb"; + public static final String GUARD_OPERATIONOUTCOME = "guard:operation:operation-outcome"; + public static final Identifier ID_RESOURCE_GUARD_OPERATIONOUTCOME = + new IdentifierImpl(ID_URN_ONAP, GUARD_OPERATIONOUTCOME); + + public static final String GUARD_ISSUER_PREFIX = URN_ONAP + ":xacml:guard:"; /* * This id is specifically for advice returned from guard */ public static final Identifier ID_ADVICE_GUARD = - new IdentifierImpl(URN_ONAP, "guard:advice"); + new IdentifierImpl(ID_URN_ONAP, "guard:advice"); public static final Identifier ID_ADVICE_GUARD_REQUESTID = - new IdentifierImpl(URN_ONAP, "guard:advice:request-id"); + new IdentifierImpl(ID_URN_ONAP, "guard:advice:request-id"); /* * Obligation specific ID's */ public static final Identifier ID_OBLIGATION_REST_BODY = - new IdentifierImpl(URN_ONAP, "rest:body"); + new IdentifierImpl(ID_URN_ONAP, "rest:body"); public static final Identifier ID_OBLIGATION_POLICY_MONITORING = - new IdentifierImpl(URN_ONAP, ":obligation:monitoring"); + new IdentifierImpl(ID_URN_ONAP, ":obligation:monitoring"); public static final Identifier ID_OBLIGATION_POLICY_MONITORING_CONTENTS = - new IdentifierImpl(URN_ONAP, ":obligation:monitoring:contents"); + new IdentifierImpl(ID_URN_ONAP, ":obligation:monitoring:contents"); public static final Identifier ID_OBLIGATION_POLICY_MONITORING_CATEGORY = XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE; @@ -123,7 +129,7 @@ public final class ToscaDictionary { XACML3.ID_DATATYPE_STRING; public static final Identifier ID_OBLIGATION_MONITORING_ISSUER = - new IdentifierImpl(URN_ONAP, "issuer:monitoring"); + new IdentifierImpl(ID_URN_ONAP, "issuer:monitoring"); diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/CountRecentOperationsPip.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/CountRecentOperationsPip.java new file mode 100644 index 00000000..c18ad5fa --- /dev/null +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/CountRecentOperationsPip.java @@ -0,0 +1,221 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.pdp.xacml.application.common.operationshistory; + +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.api.pip.PIPException; +import com.att.research.xacml.api.pip.PIPFinder; +import com.att.research.xacml.api.pip.PIPRequest; +import com.att.research.xacml.api.pip.PIPResponse; +import com.att.research.xacml.std.pip.StdMutablePIPResponse; +import com.att.research.xacml.std.pip.StdPIPResponse; +import com.google.common.base.Strings; + +import java.sql.Timestamp; +import java.time.Instant; +import java.time.temporal.ChronoUnit; +import java.util.Arrays; +import java.util.Collection; +import java.util.Properties; + +import javax.persistence.Persistence; + +import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; +import org.onap.policy.pdp.xacml.application.common.std.StdOnapPip; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + + +public class CountRecentOperationsPip extends StdOnapPip { + public static final String ISSUER_NAME = "count-recent-operations"; + private static Logger logger = LoggerFactory.getLogger(CountRecentOperationsPip.class); + + public CountRecentOperationsPip() { + super(); + } + + @Override + public Collection<PIPRequest> attributesRequired() { + return Arrays.asList(PIP_REQUEST_ACTOR, PIP_REQUEST_RECIPE, PIP_REQUEST_TARGET); + } + + @Override + public void configure(String id, Properties properties) throws PIPException { + super.configure(id, properties); + // + // Create our entity manager + // + em = null; + try { + // + // In case there are any overloaded properties for the JPA + // + Properties emProperties = new Properties(properties); + // + // Create the entity manager factory + // + em = Persistence.createEntityManagerFactory( + properties.getProperty(ISSUER_NAME + ".persistenceunit"), + emProperties).createEntityManager(); + } catch (Exception e) { + logger.error("Persistence failed {} operations history db {}", e.getLocalizedMessage(), e); + } + } + + /** + * getAttributes. + * + * @param pipRequest the request + * @param pipFinder the pip finder + * @return PIPResponse + */ + @Override + public PIPResponse getAttributes(PIPRequest pipRequest, PIPFinder pipFinder) throws PIPException { + logger.debug("getAttributes requesting attribute {} of type {} for issuer {}", + pipRequest.getAttributeId(), pipRequest.getDataTypeId(), pipRequest.getIssuer()); + // + // Determine if the issuer is correct + // + if (Strings.isNullOrEmpty(pipRequest.getIssuer())) { + logger.debug("issuer is null - returning empty response"); + // + // We only respond to ourself as the issuer + // + return StdPIPResponse.PIP_RESPONSE_EMPTY; + } + if (! pipRequest.getIssuer().startsWith(ToscaDictionary.GUARD_ISSUER_PREFIX)) { + logger.debug("Issuer does not start with guard"); + // + // We only respond to ourself as the issuer + // + return StdPIPResponse.PIP_RESPONSE_EMPTY; + } + // + // Parse out the issuer which denotes the time window + // Eg: any-prefix:tw:10:minute + // + String[] s1 = pipRequest.getIssuer().split("tw:"); + String[] s2 = s1[1].split(":"); + int timeWindowVal = Integer.parseInt(s2[0]); + String timeWindowScale = s2[1]; + // + // Grab other attribute values + // + String actor = getAttribute(pipFinder, PIP_REQUEST_ACTOR); + String operation = getAttribute(pipFinder, PIP_REQUEST_RECIPE); + String target = getAttribute(pipFinder, PIP_REQUEST_TARGET); + String timeWindow = timeWindowVal + " " + timeWindowScale; + logger.info("Going to query DB about: actor {} operation {} target {} time window {}", + actor, operation, target, timeWindow); + // + // Sanity check + // + if (actor == null || operation == null || target == null) { + // + // See if we have all the values + // + logger.error("missing attributes return empty"); + return StdPIPResponse.PIP_RESPONSE_EMPTY; + } + // + // Ok do the database query + // + long operationCount = doDatabaseQuery(actor, operation, target, timeWindowVal, timeWindowScale); + // + // Create and return PipResponse + // + StdMutablePIPResponse pipResponse = new StdMutablePIPResponse(); + this.addLongAttribute(pipResponse, + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, + ToscaDictionary.ID_RESOURCE_GUARD_OPERATIONCOUNT, + operationCount, + pipRequest); + return new StdPIPResponse(pipResponse); + } + + private long doDatabaseQuery(String actor, String operation, String target, int timeWindowVal, + String timeWindowScale) { + logger.info("Querying operations history for {} {} {} {} {}", + actor, operation, target, timeWindowVal, timeWindowScale); + // + // Only can query if we have an EntityManager + // + if (em == null) { + logger.error("No EntityManager available"); + return -1; + } + // + // Do the query + // + try { + // + // We are expecting a single result + // + return em.createQuery("select count(e) from Dbao e" + + " where e.outcome<>'Failure_Guard'" + + " and e.actor= ?1" + + " and e.operation= ?2" + + " and e.target= ?3" + + " and e.endtime between" + + " ?4 and CURRENT_TIMESTAMP", + Long.class) + .setParameter(1, actor) + .setParameter(2, operation) + .setParameter(3, target) + .setParameter(4, Timestamp.from(Instant.now() + .minus(timeWindowVal, + stringToChronoUnit(timeWindowScale)))) + .getSingleResult(); + } catch (Exception e) { + logger.error("Typed query failed ", e); + return -1; + } + } + + private ChronoUnit stringToChronoUnit(String scale) { + // + // Compute the time window + // + switch (scale.toLowerCase()) { + case "second": + return ChronoUnit.SECONDS; + case "minute": + return ChronoUnit.MINUTES; + case "hour": + return ChronoUnit.HOURS; + case "day": + return ChronoUnit.DAYS; + case "week": + return ChronoUnit.WEEKS; + case "month": + return ChronoUnit.MONTHS; + case "year": + return ChronoUnit.YEARS; + default: + // + // Unsupported + // + logger.error("Unsupported time window scale value {}", scale); + } + return null; + } + +} diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryDbao.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/Dbao.java index 3075a6bd..2b70c9be 100644 --- a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryDbao.java +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/Dbao.java @@ -20,7 +20,7 @@ * ============LICENSE_END========================================================= */ -package org.onap.policy.pdp.xacml.application.common; +package org.onap.policy.pdp.xacml.application.common.operationshistory; import java.io.Serializable; import java.util.Date; @@ -36,7 +36,7 @@ import lombok.Data; @Entity @Table(name = "operationshistory") @Data -public class OnapOperationsHistoryDbao implements Serializable { +public class Dbao implements Serializable { private static final long serialVersionUID = -551420180714993577L; @@ -46,7 +46,7 @@ public class OnapOperationsHistoryDbao implements Serializable { private Long id; @Column(name = "closedLoopName", length = 255) - private String clName; + private String closedLoopName; @Column(name = "requestId", length = 50) private String requestId; @@ -75,8 +75,4 @@ public class OnapOperationsHistoryDbao implements Serializable { @Column(name = "endtime") private Date endtime; - public OnapOperationsHistoryDbao() { - super(); - } - } diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/GetOperationOutcomePip.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/GetOperationOutcomePip.java new file mode 100644 index 00000000..717e537d --- /dev/null +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/GetOperationOutcomePip.java @@ -0,0 +1,160 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + + +package org.onap.policy.pdp.xacml.application.common.operationshistory; + +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.api.pip.PIPException; +import com.att.research.xacml.api.pip.PIPFinder; +import com.att.research.xacml.api.pip.PIPRequest; +import com.att.research.xacml.api.pip.PIPResponse; +import com.att.research.xacml.std.pip.StdMutablePIPResponse; +import com.att.research.xacml.std.pip.StdPIPResponse; +import com.google.common.base.Strings; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Properties; + +import javax.persistence.NoResultException; +import javax.persistence.Persistence; + +import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; +import org.onap.policy.pdp.xacml.application.common.std.StdOnapPip; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + + +public class GetOperationOutcomePip extends StdOnapPip { + public static final String ISSUER_NAME = "get-operation-outcome"; + private static Logger logger = LoggerFactory.getLogger(GetOperationOutcomePip.class); + + public GetOperationOutcomePip() { + super(); + } + + @Override + public Collection<PIPRequest> attributesRequired() { + return Arrays.asList(PIP_REQUEST_TARGET); + } + + @Override + public void configure(String id, Properties properties) throws PIPException { + super.configure(id, properties); + // + // Create our entity manager + // + em = null; + try { + // + // In case there are any overloaded properties for the JPA + // + Properties emProperties = new Properties(properties); + // + // Create the entity manager factory + // + em = Persistence.createEntityManagerFactory( + properties.getProperty(ISSUER_NAME + ".persistenceunit"), + emProperties).createEntityManager(); + } catch (Exception e) { + logger.error("Persistence failed {} operations history db {}", e.getLocalizedMessage(), e); + } + } + + /** + * getAttributes. + * + * @param pipRequest the request + * @param pipFinder the pip finder + * @return PIPResponse + */ + @Override + public PIPResponse getAttributes(PIPRequest pipRequest, PIPFinder pipFinder) throws PIPException { + logger.debug("getAttributes requesting attribute {} of type {} for issuer {}", + pipRequest.getAttributeId(), pipRequest.getDataTypeId(), pipRequest.getIssuer()); + // + // Determine if the issuer is correct + // + if (Strings.isNullOrEmpty(pipRequest.getIssuer())) { + logger.debug("issuer is null - returning empty response"); + // + // We only respond to ourself as the issuer + // + return StdPIPResponse.PIP_RESPONSE_EMPTY; + } + if (! pipRequest.getIssuer().startsWith(ToscaDictionary.GUARD_ISSUER_PREFIX)) { + logger.debug("Issuer does not start with guard"); + // + // We only respond to ourself as the issuer + // + return StdPIPResponse.PIP_RESPONSE_EMPTY; + } + // + // Parse out the issuer which denotes the time window + // Eg: any-prefix:clname:some-controlloop-name + // + String[] s1 = pipRequest.getIssuer().split("clname:"); + String clname = s1[1]; + String target = null; + target = getAttribute(pipFinder, PIP_REQUEST_TARGET); + + logger.debug("Going to query DB about: clname={}, target={}", clname, target); + String outcome = doDatabaseQuery(clname, target); + logger.debug("Query result is: {}", outcome); + + StdMutablePIPResponse pipResponse = new StdMutablePIPResponse(); + this.addStringAttribute(pipResponse, + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, + ToscaDictionary.ID_RESOURCE_GUARD_OPERATIONOUTCOME, + outcome, + pipRequest); + return new StdPIPResponse(pipResponse); + } + + private String doDatabaseQuery(String clname, String target) { + logger.info("Querying operations history for {} {}", clname, target); + // + // Only can query if we have an EntityManager + // + if (em == null) { + logger.error("No EntityManager available"); + return null; + } + // + // Do the query + // + try { + // + // We are expecting a single result + // + return em.createQuery("select e.outcome from Dbao e" + + " where e.closedLoopName= ?1" + + " and e.target= ?2" + + " order by e.endtime desc", + String.class) + .setParameter(1, clname) + .setParameter(2, target) + .setMaxResults(1) + .getSingleResult(); + } catch (Exception e) { + logger.error("Typed query failed ", e); + return null; + } + } +} diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdOnapPip.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdOnapPip.java new file mode 100644 index 00000000..70d49418 --- /dev/null +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdOnapPip.java @@ -0,0 +1,183 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.pdp.xacml.application.common.std; + +import com.att.research.xacml.api.Attribute; +import com.att.research.xacml.api.AttributeValue; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.api.pip.PIPException; +import com.att.research.xacml.api.pip.PIPFinder; +import com.att.research.xacml.api.pip.PIPRequest; +import com.att.research.xacml.api.pip.PIPResponse; +import com.att.research.xacml.std.StdMutableAttribute; +import com.att.research.xacml.std.datatypes.DataTypes; +import com.att.research.xacml.std.pip.StdMutablePIPResponse; +import com.att.research.xacml.std.pip.StdPIPRequest; +import com.att.research.xacml.std.pip.engines.StdConfigurableEngine; + +import java.math.BigInteger; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Iterator; +import java.util.Properties; + +import javax.persistence.EntityManager; + +import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + + +public abstract class StdOnapPip extends StdConfigurableEngine { + protected static Logger logger = LoggerFactory.getLogger(StdOnapPip.class); + + protected static final PIPRequest PIP_REQUEST_ACTOR = new StdPIPRequest( + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, + ToscaDictionary.ID_RESOURCE_GUARD_ACTOR, + XACML3.ID_DATATYPE_STRING); + + protected static final PIPRequest PIP_REQUEST_RECIPE = new StdPIPRequest( + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, + ToscaDictionary.ID_RESOURCE_GUARD_RECIPE, + XACML3.ID_DATATYPE_STRING); + + protected static final PIPRequest PIP_REQUEST_TARGET = new StdPIPRequest( + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, + ToscaDictionary.ID_RESOURCE_GUARD_TARGETID, + XACML3.ID_DATATYPE_STRING); + + protected Properties properties; + protected EntityManager em; + + public StdOnapPip() { + super(); + } + + @Override + public Collection<PIPRequest> attributesProvided() { + return Collections.emptyList(); + } + + @Override + public void configure(String id, Properties properties) throws PIPException { + super.configure(id, properties); + logger.debug("Configuring historyDb PIP {}", properties); + this.properties = properties; + } + + protected String getAttribute(PIPFinder pipFinder, PIPRequest pipRequest) { + // + // Get the actor value + // + PIPResponse pipResponse = this.getAttribute(pipRequest, pipFinder); + if (pipResponse == null) { + logger.error("Need actor attribute which is not found"); + return null; + } + // + // Find the actor + // + return findFirstAttributeValue(pipResponse); + } + + protected PIPResponse getAttribute(PIPRequest pipRequest, PIPFinder pipFinder) { + PIPResponse pipResponse = null; + try { + pipResponse = pipFinder.getMatchingAttributes(pipRequest, this); + if (pipResponse.getStatus() != null && !pipResponse.getStatus().isOk()) { + if (logger.isInfoEnabled()) { + logger.info("get attribute error retrieving {}: {}", pipRequest.getAttributeId().stringValue(), + pipResponse.getStatus()); + } + pipResponse = null; + } + if (pipResponse != null && pipResponse.getAttributes().isEmpty()) { + if (logger.isInfoEnabled()) { + logger.info("No value for {}", pipRequest.getAttributeId().stringValue()); + } + pipResponse = null; + } + } catch (PIPException ex) { + logger.error("PIPException getting subject-id attribute: " + ex.getMessage(), ex); + } + return pipResponse; + } + + protected String findFirstAttributeValue(PIPResponse pipResponse) { + for (Attribute attribute: pipResponse.getAttributes()) { + Iterator<AttributeValue<String>> iterAttributeValues = attribute.findValues(DataTypes.DT_STRING); + if (iterAttributeValues != null) { + while (iterAttributeValues.hasNext()) { + String value = iterAttributeValues.next().getValue(); + if (value != null) { + return value; + } + } + } + } + return null; + } + + protected void addIntegerAttribute(StdMutablePIPResponse stdPipResponse, Identifier category, + Identifier attributeId, int value, PIPRequest pipRequest) { + AttributeValue<BigInteger> attributeValue = null; + try { + attributeValue = DataTypes.DT_INTEGER.createAttributeValue(value); + } catch (Exception e) { + logger.error("Failed to convert {} to integer {}", value, e); + } + if (attributeValue != null) { + stdPipResponse.addAttribute(new StdMutableAttribute(category, attributeId, attributeValue, + pipRequest.getIssuer(), false)); + } + } + + protected void addLongAttribute(StdMutablePIPResponse stdPipResponse, Identifier category, + Identifier attributeId, long value, PIPRequest pipRequest) { + AttributeValue<BigInteger> attributeValue = null; + try { + attributeValue = DataTypes.DT_INTEGER.createAttributeValue(value); + } catch (Exception e) { + logger.error("Failed to convert {} to long {}", value, e); + } + if (attributeValue != null) { + stdPipResponse.addAttribute(new StdMutableAttribute(category, attributeId, attributeValue, + pipRequest.getIssuer(), false)); + } + } + + protected void addStringAttribute(StdMutablePIPResponse stdPipResponse, Identifier category, Identifier attributeId, + String value, PIPRequest pipRequest) { + AttributeValue<String> attributeValue = null; + try { + attributeValue = DataTypes.DT_STRING.createAttributeValue(value); + } catch (Exception ex) { + logger.error("Failed to convert {} to an AttributeValue<String>", value, ex); + } + if (attributeValue != null) { + stdPipResponse.addAttribute(new StdMutableAttribute(category, attributeId, attributeValue, + pipRequest.getIssuer(), false)); + } + } + +} diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdXacmlApplicationServiceProvider.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdXacmlApplicationServiceProvider.java index 7f85d2f0..5f84154f 100644 --- a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdXacmlApplicationServiceProvider.java +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdXacmlApplicationServiceProvider.java @@ -129,7 +129,8 @@ public abstract class StdXacmlApplicationServiceProvider implements XacmlApplica // // Convert the policies first // - PolicyType xacmlPolicy = this.getTranslator().convertPolicy(toscaPolicy); + PolicyType xacmlPolicy = this.getTranslator(toscaPolicy.getType()) + .convertPolicy(toscaPolicy); if (xacmlPolicy == null) { throw new ToscaPolicyConversionException("Failed to convert policy"); } @@ -187,8 +188,11 @@ public abstract class StdXacmlApplicationServiceProvider implements XacmlApplica return this.getTranslator().convertResponse(xacmlResponse); } + protected abstract ToscaPolicyTranslator getTranslator(String type); - protected abstract ToscaPolicyTranslator getTranslator(); + protected ToscaPolicyTranslator getTranslator() { + return this.getTranslator(""); + } protected synchronized PDPEngine getEngine() { return this.pdpEngine; @@ -251,7 +255,6 @@ public abstract class StdXacmlApplicationServiceProvider implements XacmlApplica PDPEngine engine = factory.newEngine(properties); if (engine != null) { this.pdpEngine = engine; -// this.pdpProperties = new Properties(properties); } } catch (FactoryException e) { LOGGER.error("Failed to create XACML PDP Engine {}", e); |