diff options
Diffstat (limited to 'applications/guard/src/main')
6 files changed, 299 insertions, 7 deletions
diff --git a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/CoordinationDirective.java b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/CoordinationDirective.java new file mode 100644 index 00000000..91f8ed2d --- /dev/null +++ b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/CoordinationDirective.java @@ -0,0 +1,43 @@ +/*- + * ============LICENSE_START======================================================= + * guard + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.xacml.pdp.application.guard; + +import java.io.Serializable; +import java.util.List; + +import lombok.Data; + +@Data +public class CoordinationDirective implements Serializable { + private static final long serialVersionUID = 6897293694639777548L; + private List<String> controlLoop; + private String coordinationFunction; + + /** + * gets the ith control loop. + * + * @param index the control loop's index + * @return the CoordinationDirective's string representation + */ + public String getControlLoop(int index) { + return controlLoop.get(index); + } +} diff --git a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/CoordinationGuardTranslator.java b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/CoordinationGuardTranslator.java new file mode 100644 index 00000000..c296526b --- /dev/null +++ b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/CoordinationGuardTranslator.java @@ -0,0 +1,166 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.xacml.pdp.application.guard; + +import com.att.research.xacml.api.Request; +import com.att.research.xacml.api.Response; +import com.att.research.xacml.util.XACMLPolicyScanner; + +import java.io.ByteArrayInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.UUID; +import java.util.stream.Collectors; +import java.util.stream.Stream; + +import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; + +import org.apache.commons.io.IOUtils; +import org.onap.policy.models.decisions.concepts.DecisionRequest; +import org.onap.policy.models.decisions.concepts.DecisionResponse; +import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy; +import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; +import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.yaml.snakeyaml.Yaml; +import org.yaml.snakeyaml.constructor.Constructor; + +public class CoordinationGuardTranslator implements ToscaPolicyTranslator { + + private static final Logger LOGGER = LoggerFactory.getLogger(CoordinationGuardTranslator.class); + + public CoordinationGuardTranslator() { + super(); + } + + @Override + public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException { + LOGGER.debug("Using CoordinationGuardTranslator.convertPolicy"); + // + // Policy name should be at the root + // + String policyName = toscaPolicy.getMetadata().get("policy-id"); + String type = toscaPolicy.getType(); + String coordinationFunctionPath = "src/main/resources/coordination/function"; + Map<String, Object> policyProps = toscaPolicy.getProperties(); + LOGGER.debug("path = {}", coordinationFunctionPath); + LOGGER.debug("props = {}", policyProps); + List<String> controlLoop = (List<String>) policyProps.get("controlLoop"); + CoordinationDirective cd = new CoordinationDirective(); + cd.setCoordinationFunction(type); + cd.setControlLoop(controlLoop); + LOGGER.debug("CoordinationDirective = {}", cd); + + String xacmlStr = generateXacmlFromCoordinationDirective(cd, coordinationFunctionPath); + + LOGGER.debug("xacmlStr\n{}", xacmlStr); + PolicyType scannedPolicy = null; + try (InputStream is = new ByteArrayInputStream(xacmlStr.getBytes(StandardCharsets.UTF_8))) { + scannedPolicy = (PolicyType) XACMLPolicyScanner.readPolicy(is); + } catch (IOException e) { + LOGGER.error("Failed to read policy", e); + } + return scannedPolicy; + } + + @Override + public Request convertRequest(DecisionRequest request) { + LOGGER.info("this convertRequest shouldn't be used"); + return null; + } + + @Override + public DecisionResponse convertResponse(Response xacmlResponse) { + LOGGER.info("this convertRequest shouldn't be used"); + return null; + } + + /** + * Load YAML coordination directive. + * + * @param directiveFilename yaml directive file to load + * @return the CoordinationDirective + */ + public static CoordinationDirective loadCoordinationDirectiveFromFile(String directiveFilename) { + try (InputStream is = new FileInputStream(new File(directiveFilename))) { + String contents = IOUtils.toString(is, StandardCharsets.UTF_8); + // + // Read the yaml into our Java Object + // + Yaml yaml = new Yaml(new Constructor(CoordinationDirective.class)); + Object obj = yaml.load(contents); + + LOGGER.debug(contents); + + return (CoordinationDirective) obj; + } catch (IOException e) { + LOGGER.error("Error while loading YAML coordination directive", e); + } + return null; + } + + /** + * Generate Xacml rule implementing specified CoordinationDirective. + * + * @param cd the CoordinationDirective + * @param protoDir the directory containing Xacml implementation prototypes + * @return the generated Xacml policy + */ + public static String generateXacmlFromCoordinationDirective(CoordinationDirective cd, + String protoDir) { + /* + * Determine file names + */ + String xacmlProtoFilename = protoDir + File.separator + cd.getCoordinationFunction() + ".xml"; + LOGGER.debug("xacmlProtoFilename={}", xacmlProtoFilename); + /* + * Values to be used for placeholders + */ + final String uniqueId = UUID.randomUUID().toString(); + final String cLOne = cd.getControlLoop(0); + final String cLTwo = cd.getControlLoop(1); + /* + * Replace prototype placeholders with appropriate values + */ + String xacmlPolicy = null; + try (Stream<String> stream = Files.lines(Paths.get(xacmlProtoFilename))) { + xacmlPolicy = stream.map(s -> s.replaceAll("UNIQUE_ID", uniqueId)) + .map(s -> s.replaceAll("CONTROL_LOOP_ONE", cLOne)) + .map(s -> s.replaceAll("CONTROL_LOOP_TWO", cLTwo)) + .collect(Collectors.joining(System.lineSeparator())); + } catch (IOException e) { + LOGGER.error("Error while generating XACML policy for coordination directive", e); + } + return xacmlPolicy; + } + +} diff --git a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java index 0b3b1542..55568c36 100644 --- a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java +++ b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java @@ -43,15 +43,22 @@ public class GuardPdpApplication extends StdXacmlApplicationServiceProvider { private static final Logger LOGGER = LoggerFactory.getLogger(GuardPdpApplication.class); private static final String STRING_VERSION100 = "1.0.0"; private List<ToscaPolicyTypeIdentifier> supportedPolicyTypes = new ArrayList<>(); - private LegacyGuardTranslator translator = new LegacyGuardTranslator(); + private LegacyGuardTranslator legacyTranslator = new LegacyGuardTranslator(); + private CoordinationGuardTranslator coordinationTranslator = new CoordinationGuardTranslator(); + /** Constructor. * */ public GuardPdpApplication() { - this.supportedPolicyTypes.add(new ToscaPolicyTypeIdentifier("onap.policies.controlloop.guard.FrequencyLimiter", + this.supportedPolicyTypes.add(new ToscaPolicyTypeIdentifier( + "onap.policies.controlloop.guard.FrequencyLimiter", + STRING_VERSION100)); + this.supportedPolicyTypes.add(new ToscaPolicyTypeIdentifier( + "onap.policies.controlloop.guard.MinMax", STRING_VERSION100)); - this.supportedPolicyTypes.add(new ToscaPolicyTypeIdentifier("onap.policies.controlloop.guard.MinMax", + this.supportedPolicyTypes.add(new ToscaPolicyTypeIdentifier( + "onap.policies.controlloop.guard.coordination.FirstBlocksSecond", STRING_VERSION100)); } @@ -85,7 +92,15 @@ public class GuardPdpApplication extends StdXacmlApplicationServiceProvider { } @Override - protected ToscaPolicyTranslator getTranslator() { - return translator; + protected ToscaPolicyTranslator getTranslator(String type) { + LOGGER.debug("Policy type {}", type); + if ( type.contains("coordination") ) { + LOGGER.debug("returning coordinationTranslator"); + return coordinationTranslator; + } else { + LOGGER.debug("returning legacyTranslator"); + return legacyTranslator; + } } + } diff --git a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/LegacyGuardPolicyRequest.java b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/LegacyGuardPolicyRequest.java index fa04e6bd..7b6c37a6 100644 --- a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/LegacyGuardPolicyRequest.java +++ b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/LegacyGuardPolicyRequest.java @@ -34,6 +34,7 @@ import lombok.Setter; import lombok.ToString; import org.onap.policy.models.decisions.concepts.DecisionRequest; +import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; @Getter @Setter @@ -42,6 +43,7 @@ import org.onap.policy.models.decisions.concepts.DecisionRequest; public class LegacyGuardPolicyRequest { private static final String STR_GUARD = "guard"; + private static final String URN_ONAP = ToscaDictionary.URN_ONAP; @XACMLSubject(includeInResults = true) private String onapName; @@ -79,6 +81,7 @@ public class LegacyGuardPolicyRequest { @XACMLResource(includeInResults = true, attributeId = "urn:org:onap:guard:target:max") private Integer max; + public LegacyGuardPolicyRequest() { super(); } diff --git a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/LegacyGuardTranslator.java b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/LegacyGuardTranslator.java index 77dbb353..28e62b73 100644 --- a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/LegacyGuardTranslator.java +++ b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/LegacyGuardTranslator.java @@ -57,6 +57,7 @@ import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils; +import org.onap.policy.pdp.xacml.application.common.operationshistory.CountRecentOperationsPip; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -167,7 +168,6 @@ public class LegacyGuardTranslator implements ToscaPolicyTranslator { return decisionResponse; } - /** * From the TOSCA metadata section, pull in values that are needed into the XACML policy. * @@ -527,7 +527,9 @@ public class LegacyGuardTranslator implements ToscaPolicyTranslator { // // Right now I am faking the count value by re-using the request-id field // - String issuer = ToscaDictionary.GUARD_ISSUER + ":tw:" + timeWindow + ":" + timeUnits; + String issuer = ToscaDictionary.GUARD_ISSUER_PREFIX + + CountRecentOperationsPip.ISSUER_NAME + + ":tw:" + timeWindow + ":" + timeUnits; designator.setIssuer(issuer); AttributeValueType valueLimit = new AttributeValueType(); diff --git a/applications/guard/src/main/resources/coordination/function/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.xml b/applications/guard/src/main/resources/coordination/function/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.xml new file mode 100644 index 00000000..bea05f26 --- /dev/null +++ b/applications/guard/src/main/resources/coordination/function/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.xml @@ -0,0 +1,63 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<!-- + ============LICENSE_START======================================================= + drools-applications + ================================================================================ + Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + --> + +<Policy xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" + PolicyId="UNIQUE_ID" Version="1" + RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny"> + <Description>Policy for first_blocks_second coordination (if first + running and second requests to run, deny second).</Description> + <Target> + <AnyOf> + <AllOf> + <Match + MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">CONTROL_LOOP_TWO</AttributeValue> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" + AttributeId="urn:org:onap:guard:clname:clname-id" + DataType="http://www.w3.org/2001/XMLSchema#string" + MustBePresent="false" /> + </Match> + </AllOf> + </AnyOf> + </Target> + + <Rule RuleId="UNIQUE_ID:rule:1" Effect="Deny"> + <Description>First Is Running</Description> + <Condition> + <Apply + FunctionId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <Apply + FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-one-and-only"> + <AttributeDesignator + Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" + AttributeId="urn:org:onap:guard:operation:operation-outcome" + DataType="http://www.w3.org/2001/XMLSchema#string" + Issuer="urn:org:onap:xacml:guard:get-operation-outcome:clname:CONTROL_LOOP_ONE" + MustBePresent="false" /> + </Apply> + <AttributeValue + DataType="http://www.w3.org/2001/XMLSchema#string">Success</AttributeValue> + </Apply> + </Condition> + </Rule> +</Policy> |