diff options
Diffstat (limited to 'applications/common/src/main')
4 files changed, 453 insertions, 1 deletions
diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryDbao.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryDbao.java new file mode 100644 index 00000000..3075a6bd --- /dev/null +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryDbao.java @@ -0,0 +1,82 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.pdp.xacml.application.common; + +import java.io.Serializable; +import java.util.Date; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.Id; +import javax.persistence.Table; + +import lombok.Data; + +@Entity +@Table(name = "operationshistory") +@Data +public class OnapOperationsHistoryDbao implements Serializable { + + private static final long serialVersionUID = -551420180714993577L; + + @Id + @GeneratedValue + @Column(name = "id") + private Long id; + + @Column(name = "closedLoopName", length = 255) + private String clName; + + @Column(name = "requestId", length = 50) + private String requestId; + + @Column(name = "subrequestId", length = 50) + private String subrequestId; + + @Column(name = "actor", length = 50) + private String actor; + + @Column(name = "operation", length = 50) + private String operation; + + @Column(name = "target", length = 50) + private String target; + + @Column(name = "starttime") + private Date starttime; + + @Column(name = "outcome", length = 50) + private String outcome; + + @Column(name = "message", length = 255) + private String message; + + @Column(name = "endtime") + private Date endtime; + + public OnapOperationsHistoryDbao() { + super(); + } + +} diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryPipEngine.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryPipEngine.java new file mode 100644 index 00000000..3d316b9a --- /dev/null +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryPipEngine.java @@ -0,0 +1,353 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.pdp.xacml.application.common; + +import com.att.research.xacml.api.Attribute; +import com.att.research.xacml.api.AttributeValue; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.api.pip.PIPException; +import com.att.research.xacml.api.pip.PIPFinder; +import com.att.research.xacml.api.pip.PIPRequest; +import com.att.research.xacml.api.pip.PIPResponse; +import com.att.research.xacml.std.StdMutableAttribute; +import com.att.research.xacml.std.datatypes.DataTypes; +import com.att.research.xacml.std.pip.StdMutablePIPResponse; +import com.att.research.xacml.std.pip.StdPIPRequest; +import com.att.research.xacml.std.pip.StdPIPResponse; +import com.att.research.xacml.std.pip.engines.StdConfigurableEngine; +import com.google.common.base.Strings; + +import java.math.BigInteger; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Iterator; +import java.util.Properties; + +import javax.persistence.EntityManager; +import javax.persistence.Persistence; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class OnapOperationsHistoryPipEngine extends StdConfigurableEngine { + private static Logger logger = LoggerFactory.getLogger(OnapOperationsHistoryPipEngine.class); + + private static final PIPRequest PIP_REQUEST_ACTOR = new StdPIPRequest( + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, + ToscaDictionary.ID_RESOURCE_GUARD_ACTOR, + XACML3.ID_DATATYPE_STRING); + + private static final PIPRequest PIP_REQUEST_RECIPE = new StdPIPRequest( + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, + ToscaDictionary.ID_RESOURCE_GUARD_RECIPE, + XACML3.ID_DATATYPE_STRING); + + private static final PIPRequest PIP_REQUEST_TARGET = new StdPIPRequest( + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, + ToscaDictionary.ID_RESOURCE_GUARD_TARGETID, + XACML3.ID_DATATYPE_STRING); + + private Properties properties; + + public OnapOperationsHistoryPipEngine() { + super(); + } + + @Override + public Collection<PIPRequest> attributesRequired() { + return Arrays.asList(PIP_REQUEST_ACTOR, PIP_REQUEST_RECIPE, PIP_REQUEST_TARGET); + } + + @Override + public Collection<PIPRequest> attributesProvided() { + return Collections.emptyList(); + } + + @Override + public PIPResponse getAttributes(PIPRequest pipRequest, PIPFinder pipFinder) throws PIPException { + logger.debug("getAttributes requesting attribute {} of type {} for issuer {}", + pipRequest.getAttributeId(), pipRequest.getDataTypeId(), pipRequest.getIssuer()); + // + // Determine if the issuer is correct + // + if (Strings.isNullOrEmpty(pipRequest.getIssuer())) { + logger.debug("issuer is null - returning empty response"); + // + // We only respond to ourself as the issuer + // + return StdPIPResponse.PIP_RESPONSE_EMPTY; + } + if (! pipRequest.getIssuer().startsWith(ToscaDictionary.GUARD_ISSUER)) { + logger.debug("Issuer does not start with guard"); + // + // We only respond to ourself as the issuer + // + return StdPIPResponse.PIP_RESPONSE_EMPTY; + } + // + // Parse out the issuer which denotes the time window + // + // Eg: urn:org:onapxacml:guard:historydb:tw:10:minute + // + String[] s1 = pipRequest.getIssuer().split("tw:"); + String[] s2 = s1[1].split(":"); + int timeWindowVal = Integer.parseInt(s2[0]); + String timeWindowScale = s2[1]; + // + // Grab other attribute values + // + String actor = getActor(pipFinder); + String operation = getRecipe(pipFinder); + String target = getTarget(pipFinder); + String timeWindow = timeWindowVal + " " + timeWindowScale; + logger.info("Going to query DB about: actor {} operation {} target {} time window {}", + actor, operation, target, timeWindow); + // + // Sanity check + // + if (actor == null || operation == null || target == null) { + // + // See if we have all the values + // + logger.error("missing attributes return empty"); + return StdPIPResponse.PIP_RESPONSE_EMPTY; + } + // + // Ok do the database query + // + int operationCount = doDatabaseQuery(actor, operation, target, timeWindowVal, timeWindowScale); + // + // Right now return empty + // + StdMutablePIPResponse stdPipResponse = new StdMutablePIPResponse(); + this.addIntegerAttribute(stdPipResponse, + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, + ToscaDictionary.ID_RESOURCE_GUARD_OPERATIONCOUNT, + operationCount, + pipRequest); + return new StdPIPResponse(stdPipResponse); + } + + @Override + public void configure(String id, Properties properties) throws PIPException { + super.configure(id, properties); + logger.debug("Configuring historyDb PIP {}", properties); + this.properties = properties; + } + + private String getActor(PIPFinder pipFinder) { + // + // Get the actor value + // + PIPResponse pipResponse = this.getAttribute(PIP_REQUEST_ACTOR, pipFinder); + if (pipResponse == null) { + logger.error("Need actor attribute which is not found"); + return null; + } + // + // Find the actor + // + return findFirstAttributeValue(pipResponse); + } + + private String getRecipe(PIPFinder pipFinder) { + // + // Get the actor value + // + PIPResponse pipResponse = this.getAttribute(PIP_REQUEST_RECIPE, pipFinder); + if (pipResponse == null) { + logger.error("Need recipe attribute which is not found"); + return null; + } + // + // Find the actor + // + return findFirstAttributeValue(pipResponse); + } + + private String getTarget(PIPFinder pipFinder) { + // + // Get the actor value + // + PIPResponse pipResponse = this.getAttribute(PIP_REQUEST_TARGET, pipFinder); + if (pipResponse == null) { + logger.error("Need target attribute which is not found"); + return null; + } + // + // Find the actor + // + return findFirstAttributeValue(pipResponse); + } + + private PIPResponse getAttribute(PIPRequest pipRequest, PIPFinder pipFinder) { + PIPResponse pipResponse = null; + try { + pipResponse = pipFinder.getMatchingAttributes(pipRequest, this); + if (pipResponse.getStatus() != null && !pipResponse.getStatus().isOk()) { + if (logger.isInfoEnabled()) { + logger.info("get attribute error retrieving {}: {}", pipRequest.getAttributeId().stringValue(), + pipResponse.getStatus()); + } + pipResponse = null; + } + if (pipResponse != null && pipResponse.getAttributes().isEmpty()) { + if (logger.isInfoEnabled()) { + logger.info("No value for {}", pipRequest.getAttributeId().stringValue()); + } + pipResponse = null; + } + } catch (PIPException ex) { + logger.error("PIPException getting subject-id attribute: " + ex.getMessage(), ex); + } + return pipResponse; + } + + private String findFirstAttributeValue(PIPResponse pipResponse) { + for (Attribute attribute: pipResponse.getAttributes()) { + Iterator<AttributeValue<String>> iterAttributeValues = attribute.findValues(DataTypes.DT_STRING); + if (iterAttributeValues != null) { + while (iterAttributeValues.hasNext()) { + String value = iterAttributeValues.next().getValue(); + if (value != null) { + return value; + } + } + } + } + return null; + } + + private void addIntegerAttribute(StdMutablePIPResponse stdPipResponse, Identifier category, + Identifier attributeId, int value, PIPRequest pipRequest) { + AttributeValue<BigInteger> attributeValue = null; + try { + attributeValue = DataTypes.DT_INTEGER.createAttributeValue(value); + } catch (Exception e) { + logger.error("Failed to convert {} to integer {}", value, e); + } + if (attributeValue != null) { + stdPipResponse.addAttribute(new StdMutableAttribute(category, attributeId, attributeValue, + pipRequest.getIssuer(), false)); + } + } + + private int doDatabaseQuery(String actor, String operation, String target, int timeWindowVal, + String timeWindowScale) { + logger.info("Querying operations history for {} {} {} {} {}", + actor, operation, target, timeWindowVal, timeWindowScale); + // + // Create our entity manager + // + EntityManager em; + try { + // + // In case there are any overloaded properties for the JPA + // + Properties emProperties = new Properties(properties); + // + // Create the entity manager factory + // + em = Persistence.createEntityManagerFactory( + properties.getProperty("historydb.persistenceunit", "OperationsHistoryPU"), + emProperties).createEntityManager(); + } catch (Exception e) { + logger.error("Persistence failed {} operations history db {}", e.getLocalizedMessage(), e); + return -1; + } + // + // Compute the time window + // + if (! "minute".equalsIgnoreCase(timeWindowScale) + && ! "hour".equalsIgnoreCase(timeWindowScale) + && ! "day".equalsIgnoreCase(timeWindowScale) + && ! "week".equalsIgnoreCase(timeWindowScale) + && ! "month".equalsIgnoreCase(timeWindowScale) + && ! "year".equalsIgnoreCase(timeWindowScale)) { + // + // Unsupported + // + logger.error("Unsupported time window scale value {}", timeWindowScale); + // + // Throw an exception instead? + // + return -1; + } + // + // Do the query + // + Object result = null; + try { + // + // + // + String strQuery = "select count(*) as numops from operationshistory" + + " where outcome<>'Failure_Guard'" + + " and actor=?" + + " and operation=?" + + " and target=?" + + " and endtime between TIMESTAMPADD(" + + timeWindowScale.toUpperCase() + + ", ?, CURRENT_TIMESTAMP)" + + " and CURRENT_TIMESTAMP"; + // + // We are expecting a single result + // + result = em.createNativeQuery(strQuery) + .setParameter(1, actor) + .setParameter(2, operation) + .setParameter(3, target) + .setParameter(4, timeWindowVal * -1) + .getSingleResult(); + } catch (Exception e) { + logger.error("Named query failed ", e); + } + // + // Check our query results + // + if (result != null) { + // + // Success let's see what JPA returned to us + // + logger.info("operations query returned {}", result); + // + // Should get back a long + // + if (result instanceof Long) { + return ((Long) result).intValue(); + } + // + // We shouldn't really get this result, but just + // in case we'll do the dirty work of parsing the + // string representation of the object. + // + return Integer.parseInt(result.toString()); + } + // + // We get here if we didn't get a result. Should + // we propagate back an exception? + // + return -1; + } + +} diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java index 0dcafa00..2d3cebd1 100644 --- a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java @@ -93,6 +93,8 @@ public final class ToscaDictionary { public static final Identifier ID_RESOURCE_GUARD_OPERATIONCOUNT = new IdentifierImpl(URN_ONAP, "guard:operation:operation-count"); + public static final String GUARD_ISSUER = URN_ONAP.stringValue() + "xacml:guard:historydb"; + /* * This id is specifically for advice returned from guard */ diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlPolicyUtils.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlPolicyUtils.java index 46742af9..30363b43 100644 --- a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlPolicyUtils.java +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlPolicyUtils.java @@ -34,6 +34,7 @@ import java.io.OutputStream; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import java.util.Map.Entry; import java.util.Properties; import java.util.Set; import java.util.StringJoiner; @@ -162,7 +163,7 @@ public class XacmlPolicyUtils { // int id = 1; while (true) { - String refId = "ref" + id; + String refId = "root" + id; if (rootPolicies.contains(refId)) { id++; } else { @@ -326,6 +327,16 @@ public class XacmlPolicyUtils { try (InputStream is = Files.newInputStream(propertyPath)) { Properties properties = new Properties(); properties.load(is); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("Loaded xacml properties {} {}", System.lineSeparator(), properties); + // + // It would be nice to sort this first + // + properties.list(System.out); + for (Entry<Object, Object> entrySet : properties.entrySet()) { + LOGGER.debug("{} -> {}", entrySet.getKey(), entrySet.getValue()); + } + } return properties; } } @@ -336,6 +347,10 @@ public class XacmlPolicyUtils { * @throws IOException If unable to store the file. */ public static void storeXacmlProperties(Properties properties, Path propertyPath) throws IOException { + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("Storing xacml properties {} {} {}", properties, System.lineSeparator(), propertyPath); + properties.list(System.out); + } try (OutputStream os = Files.newOutputStream(propertyPath)) { String strComments = "#"; properties.store(os, strComments); |