diff options
Diffstat (limited to 'applications/guard')
4 files changed, 120 insertions, 288 deletions
diff --git a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java index 41773ab7..0b3b1542 100644 --- a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java +++ b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java @@ -22,26 +22,12 @@ package org.onap.policy.xacml.pdp.application.guard; -import com.att.research.xacml.api.Request; -import com.att.research.xacml.api.Response; -import com.att.research.xacml.util.XACMLPolicyWriter; - -import java.io.IOException; -import java.nio.file.Path; import java.util.ArrayList; import java.util.Arrays; import java.util.List; -import java.util.Map; -import java.util.Properties; - -import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; -import org.onap.policy.models.decisions.concepts.DecisionRequest; -import org.onap.policy.models.decisions.concepts.DecisionResponse; import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicyTypeIdentifier; -import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; -import org.onap.policy.pdp.xacml.application.common.XacmlApplicationException; -import org.onap.policy.pdp.xacml.application.common.XacmlPolicyUtils; +import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; import org.onap.policy.pdp.xacml.application.common.std.StdXacmlApplicationServiceProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -99,65 +85,7 @@ public class GuardPdpApplication extends StdXacmlApplicationServiceProvider { } @Override - public void loadPolicies(Map<String, Object> toscaPolicies) throws XacmlApplicationException { - try { - // - // Convert the policies first - // - List<PolicyType> listPolicies = translator.scanAndConvertPolicies(toscaPolicies); - if (listPolicies.isEmpty()) { - throw new XacmlApplicationException("Converted 0 policies"); - } - // - // Create a copy of the properties object - // - Properties newProperties = this.getProperties(); - // - // Iterate through the policies - // - for (PolicyType newPolicy : listPolicies) { - // - // Construct the filename - // - Path refPath = XacmlPolicyUtils.constructUniquePolicyFilename(newPolicy, this.getDataPath()); - // - // Write the policy to disk - // Maybe check for an error - // - XACMLPolicyWriter.writePolicyFile(refPath, newPolicy); - // - // Add root policy to properties object - // - XacmlPolicyUtils.addRootPolicy(newProperties, refPath); - } - // - // Write the properties to disk - // - XacmlPolicyUtils.storeXacmlProperties(newProperties, - XacmlPolicyUtils.getPropertiesPath(this.getDataPath())); - // - // Reload the engine - // - this.createEngine(newProperties); - } catch (IOException | ToscaPolicyConversionException e) { - LOGGER.error("Failed to loadPolicies {}", e); - } + protected ToscaPolicyTranslator getTranslator() { + return translator; } - - @Override - public DecisionResponse makeDecision(DecisionRequest request) { - // - // Convert to a XacmlRequest - // - Request xacmlRequest = translator.convertRequest(request); - // - // Now get a decision - // - Response xacmlResponse = this.xacmlDecision(xacmlRequest); - // - // Convert to a DecisionResponse - // - return translator.convertResponse(xacmlResponse); - } - } diff --git a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/LegacyGuardTranslator.java b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/LegacyGuardTranslator.java index 48861d86..77dbb353 100644 --- a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/LegacyGuardTranslator.java +++ b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/LegacyGuardTranslator.java @@ -30,15 +30,9 @@ import com.att.research.xacml.api.Response; import com.att.research.xacml.api.Result; import com.att.research.xacml.api.XACML3; import com.att.research.xacml.std.annotations.RequestParser; -import com.att.research.xacml.util.XACMLPolicyWriter; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.util.ArrayList; import java.util.Collection; -import java.util.List; import java.util.Map; -import java.util.Map.Entry; import oasis.names.tc.xacml._3_0.core.schema.wd_17.AdviceExpressionType; import oasis.names.tc.xacml._3_0.core.schema.wd_17.AdviceExpressionsType; @@ -58,6 +52,7 @@ import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType; import org.onap.policy.models.decisions.concepts.DecisionRequest; import org.onap.policy.models.decisions.concepts.DecisionResponse; +import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy; import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator; @@ -69,8 +64,6 @@ public class LegacyGuardTranslator implements ToscaPolicyTranslator { private static final Logger LOGGER = LoggerFactory.getLogger(LegacyGuardTranslator.class); - private static final String FIELD_POLICIES = "policies"; - private static final String FIELD_TOPOLOGY_TEMPLATE = "topology_template"; private static final String FIELD_GUARD_ACTIVE_START = "guardActiveStart"; private static final String FIELD_GUARD_ACTIVE_END = "guardActiveEnd"; @@ -78,73 +71,52 @@ public class LegacyGuardTranslator implements ToscaPolicyTranslator { super(); } - @SuppressWarnings("unchecked") @Override - public List<PolicyType> scanAndConvertPolicies(Map<String, Object> toscaObject) - throws ToscaPolicyConversionException { + public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException { // - // Our return object + // Policy name should be at the root // - List<PolicyType> scannedPolicies = new ArrayList<>(); + String policyName = toscaPolicy.getMetadata().get("policy-id"); // - // Find the Policies + // Set it as the policy ID // - List<Object> policies; - - if (toscaObject.containsKey(FIELD_POLICIES)) { - policies = (List<Object>) toscaObject.get(FIELD_POLICIES); - } else if (toscaObject.containsKey(FIELD_TOPOLOGY_TEMPLATE)) { - Map<String, Object> topologyTemplate = (Map<String, Object>) toscaObject.get(FIELD_TOPOLOGY_TEMPLATE); - if (topologyTemplate.containsKey(FIELD_POLICIES)) { - policies = (List<Object>) topologyTemplate.get(FIELD_POLICIES); - } else { - LOGGER.warn("topologyTemplate does not contain policies"); - return scannedPolicies; - } - } else { - LOGGER.warn("Failed to find policies or topologyTemplate"); - return scannedPolicies; - } + PolicyType newPolicyType = new PolicyType(); + newPolicyType.setPolicyId(policyName); // - // Iterate each of the Policies + // Optional description // - for (Object policyObject : policies) { - // - // Get the contents - // - LOGGER.debug("Found policy {}", policyObject.getClass()); - Map<String, Object> policyContents = (Map<String, Object>) policyObject; - for (Entry<String, Object> entrySet : policyContents.entrySet()) { - LOGGER.debug("Entry set {}", entrySet); - // - // Convert this policy - // - PolicyType policy = this.convertPolicy(entrySet); - if (policy == null) { - // - // Somehow there wasn't enough information to create - // a policy - // - LOGGER.debug("Failed to convert policy"); - continue; - } - // - // Debug dump this - // - try (ByteArrayOutputStream os = new ByteArrayOutputStream()) { - XACMLPolicyWriter.writePolicyFile(os, policy); - LOGGER.debug("{}", os); - } catch (IOException e) { - LOGGER.error("Failed to convert {}", e); - } - // - // Convert and add in the new policy - // - scannedPolicies.add(policy); - } + newPolicyType.setDescription(toscaPolicy.getDescription()); + // + // There should be a metadata section + // + this.fillMetadataSection(newPolicyType, toscaPolicy.getMetadata()); + // + // Set the combining rule + // + newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_DENY_UNLESS_PERMIT.stringValue()); + // + // Generate the TargetType + // + newPolicyType.setTarget(this.generateTargetType(toscaPolicy.getProperties())); + // + // Now create the Permit Rule + // + RuleType rule = generatePermitRule(policyName, toscaPolicy.getType(), toscaPolicy.getProperties()); + // + // Check if we were able to create the rule + // + if (rule == null) { + LOGGER.warn("Failed to create rule"); + return null; } - - return scannedPolicies; + // + // Add the rule to the policy + // + newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule); + // + // Return our new policy + // + return newPolicyType; } @Override @@ -161,7 +133,6 @@ public class LegacyGuardTranslator implements ToscaPolicyTranslator { return null; } - @Override public DecisionResponse convertResponse(Response xacmlResponse) { LOGGER.debug("Converting Response {}", xacmlResponse); @@ -196,89 +167,31 @@ public class LegacyGuardTranslator implements ToscaPolicyTranslator { return decisionResponse; } - @SuppressWarnings("unchecked") - private PolicyType convertPolicy(Entry<String, Object> entrySet) throws ToscaPolicyConversionException { - // - // Policy name should be at the root - // - String policyName = entrySet.getKey(); - Map<String, Object> policyDefinition = (Map<String, Object>) entrySet.getValue(); - // - // Set it as the policy ID - // - PolicyType newPolicyType = new PolicyType(); - newPolicyType.setPolicyId(policyName); - // - // Optional description - // - if (policyDefinition.containsKey("description")) { - newPolicyType.setDescription(policyDefinition.get("description").toString()); - } - // - // There should be a metadata section - // - if (! policyDefinition.containsKey("metadata")) { - throw new ToscaPolicyConversionException(policyName + " missing metadata section"); - } - this.fillMetadataSection(newPolicyType, - (Map<String, Object>) policyDefinition.get("metadata")); - // - // Set the combining rule - // - newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_DENY_UNLESS_PERMIT.stringValue()); - // - // Generate the TargetType - // - if (! policyDefinition.containsKey("properties")) { - throw new ToscaPolicyConversionException(policyName + " missing properties section"); - } - newPolicyType.setTarget(this.generateTargetType((Map<String, Object>) policyDefinition.get("properties"))); - // - // Now create the Permit Rule - // - RuleType rule = generatePermitRule(policyName, policyDefinition.get("type").toString(), - (Map<String, Object>) policyDefinition.get("properties")); - // - // Check if we were able to create the rule - // - if (rule == null) { - LOGGER.warn("Failed to create rule"); - return null; - } - // - // Add the rule to the policy - // - newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule); - // - // Return our new policy - // - return newPolicyType; - } /** * From the TOSCA metadata section, pull in values that are needed into the XACML policy. * * @param policy Policy Object to store the metadata - * @param metadata The Metadata TOSCA Map + * @param map The Metadata TOSCA Map * @return Same Policy Object * @throws ToscaPolicyConversionException If there is something missing from the metadata */ protected PolicyType fillMetadataSection(PolicyType policy, - Map<String, Object> metadata) throws ToscaPolicyConversionException { - if (! metadata.containsKey("policy-id")) { + Map<String, String> map) throws ToscaPolicyConversionException { + if (! map.containsKey("policy-id")) { throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-id"); } else { // // Do nothing here - the XACML PolicyId is used from TOSCA Policy Name field // } - if (! metadata.containsKey("policy-version")) { + if (! map.containsKey("policy-version")) { throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-version"); } else { // // Add in the Policy Version // - policy.setVersion(metadata.get("policy-version").toString()); + policy.setVersion(map.get("policy-version").toString()); } return policy; } @@ -343,7 +256,8 @@ public class LegacyGuardTranslator implements ToscaPolicyTranslator { return allOf; } - private static RuleType generatePermitRule(String policyName, String policyType, Map<String, Object> properties) { + private static RuleType generatePermitRule(String policyName, String policyType, Map<String, Object> properties) + throws ToscaPolicyConversionException { // // Now determine which policy type we are generating // @@ -352,17 +266,16 @@ public class LegacyGuardTranslator implements ToscaPolicyTranslator { } else if ("onap.policies.controlloop.guard.MinMax".equals(policyType)) { return generateMinMaxPermit(policyName, properties); } + LOGGER.error("Missing policy type in the policy"); return null; } - private static RuleType generateFrequencyPermit(String policyName, Map<String, Object> properties) { + private static RuleType generateFrequencyPermit(String policyName, Map<String, Object> properties) + throws ToscaPolicyConversionException { // // See if its possible to generate a count // - Integer limit = null; - if (properties.containsKey("limit")) { - limit = Integer.decode(properties.get("limit").toString()); - } + Integer limit = parseInteger(properties.get("limit").toString()); if (limit == null) { LOGGER.debug("Must have a limit value for frequency guard policy to be created"); return null; @@ -372,7 +285,11 @@ public class LegacyGuardTranslator implements ToscaPolicyTranslator { // String timeWindow = null; if (properties.containsKey("timeWindow")) { - timeWindow = properties.get("timeWindow").toString(); + Integer intTimeWindow = parseInteger(properties.get("timeWindow").toString()); + if (intTimeWindow == null) { + throw new ToscaPolicyConversionException("timeWindow is not an integer"); + } + timeWindow = intTimeWindow.toString(); } String timeUnits = null; if (properties.containsKey("timeUnits")) { @@ -452,11 +369,11 @@ public class LegacyGuardTranslator implements ToscaPolicyTranslator { // Integer min = null; if (properties.containsKey("min")) { - min = Integer.decode(properties.get("min").toString()); + min = parseInteger(properties.get("min").toString()); } Integer max = null; if (properties.containsKey("max")) { - max = Integer.decode(properties.get("max").toString()); + max = parseInteger(properties.get("max").toString()); } final ApplyType minApply = generateMinCheck(min); final ApplyType maxApply = generateMaxCheck(max); @@ -708,6 +625,23 @@ public class LegacyGuardTranslator implements ToscaPolicyTranslator { return applyLessThanEqual; } + private static Integer parseInteger(String strInteger) { + Integer theInt = null; + try { + theInt = Integer.parseInt(strInteger); + } catch (NumberFormatException e) { + LOGGER.warn("Expecting an integer", e); + try { + Double dblLimit = Double.parseDouble(strInteger); + theInt = dblLimit.intValue(); + } catch (NumberFormatException e1) { + LOGGER.error("Failed to parse expected integer as a double", e); + return null; + } + } + return theInt; + } + private static AdviceExpressionsType generateRequestIdAdvice() { AdviceExpressionType adviceExpression = new AdviceExpressionType(); adviceExpression.setAppliesTo(EffectType.PERMIT); diff --git a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java index be0ee2db..17917af0 100644 --- a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java +++ b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java @@ -25,10 +25,8 @@ package org.onap.policy.xacml.pdp.application.guard; import static org.assertj.core.api.Assertions.assertThat; import java.io.File; -import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; -import java.io.InputStream; import java.sql.Date; import java.time.Instant; import java.util.HashMap; @@ -56,12 +54,12 @@ import org.onap.policy.models.decisions.concepts.DecisionRequest; import org.onap.policy.models.decisions.concepts.DecisionResponse; import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicyTypeIdentifier; import org.onap.policy.pdp.xacml.application.common.OnapOperationsHistoryDbao; +import org.onap.policy.pdp.xacml.application.common.TestUtils; import org.onap.policy.pdp.xacml.application.common.XacmlApplicationException; import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider; import org.onap.policy.pdp.xacml.application.common.XacmlPolicyUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.yaml.snakeyaml.Yaml; @FixMethodOrder(MethodSorters.NAME_ASCENDING) public class GuardPdpApplicationTest { @@ -242,17 +240,7 @@ public class GuardPdpApplicationTest { // the pdp can support it and have it load // into the PDP. // - try (InputStream is = new FileInputStream("src/test/resources/vDNS.policy.guard.frequency.output.tosca.yaml")) { - // - // Have yaml parse it - // - Yaml yaml = new Yaml(); - Map<String, Object> toscaObject = yaml.load(is); - // - // Load the policies - // - service.loadPolicies(toscaObject); - } + TestUtils.loadPolicies("src/test/resources/vDNS.policy.guard.frequency.output.tosca.yaml", service); // // Zero recent actions: should get permit // @@ -283,17 +271,7 @@ public class GuardPdpApplicationTest { // the pdp can support it and have it load // into the PDP. // - try (InputStream is = new FileInputStream("src/test/resources/vDNS.policy.guard.minmax.output.tosca.yaml")) { - // - // Have yaml parse it - // - Yaml yaml = new Yaml(); - Map<String, Object> toscaObject = yaml.load(is); - // - // Load the policies - // - service.loadPolicies(toscaObject); - } + TestUtils.loadPolicies("src/test/resources/vDNS.policy.guard.minmax.output.tosca.yaml", service); // // vfcount=1 below min of 2: should get a Deny // @@ -322,7 +300,8 @@ public class GuardPdpApplicationTest { } @Test - public void test5MissingFields() throws FileNotFoundException, IOException, XacmlApplicationException { + public void test5MissingFields() throws FileNotFoundException, IOException, XacmlApplicationException, + CoderException { LOGGER.info("**************** Running test5 ****************"); // // Most likely we would not get a policy with missing fields passed to @@ -330,52 +309,42 @@ public class GuardPdpApplicationTest { // will be optional due to re-working of how the XACML policies are built, // let's add support in for that. // - try (InputStream is = new FileInputStream("src/test/resources/guard.policy-minmax-missing-fields1.yaml")) { - // - // Have yaml parse it - // - Yaml yaml = new Yaml(); - Map<String, Object> toscaObject = yaml.load(is); - // - // Load the policies - // - service.loadPolicies(toscaObject); - // - // We can create a DecisionRequest on the fly - no need - // to have it in the .json files - // - DecisionRequest request = new DecisionRequest(); - request.setOnapName("JUnit"); - request.setOnapComponent("test5MissingFields"); - request.setRequestId(UUID.randomUUID().toString()); - request.setAction("guard"); - Map<String, Object> guard = new HashMap<>(); - guard.put("actor", "FOO"); - guard.put("recipe", "bar"); - guard.put("vfCount", "4"); - Map<String, Object> resource = new HashMap<>(); - resource.put("guard", guard); - request.setResource(resource); - // - // Ask for a decision - should get permit - // - DecisionResponse response = service.makeDecision(request); - LOGGER.info("Looking for Permit Decision {}", response); - assertThat(response).isNotNull(); - assertThat(response.getStatus()).isNotNull(); - assertThat(response.getStatus()).isEqualTo("Permit"); - // - // Try a deny - // - guard.put("vfCount", "10"); - resource.put("guard", guard); - request.setResource(resource); - response = service.makeDecision(request); - LOGGER.info("Looking for Deny Decision {}", response); - assertThat(response).isNotNull(); - assertThat(response.getStatus()).isNotNull(); - assertThat(response.getStatus()).isEqualTo("Deny"); - } + TestUtils.loadPolicies("src/test/resources/guard.policy-minmax-missing-fields1.yaml", service); + // + // We can create a DecisionRequest on the fly - no need + // to have it in the .json files + // + DecisionRequest request = new DecisionRequest(); + request.setOnapName("JUnit"); + request.setOnapComponent("test5MissingFields"); + request.setRequestId(UUID.randomUUID().toString()); + request.setAction("guard"); + Map<String, Object> guard = new HashMap<>(); + guard.put("actor", "FOO"); + guard.put("recipe", "bar"); + guard.put("vfCount", "4"); + Map<String, Object> resource = new HashMap<>(); + resource.put("guard", guard); + request.setResource(resource); + // + // Ask for a decision - should get permit + // + DecisionResponse response = service.makeDecision(request); + LOGGER.info("Looking for Permit Decision {}", response); + assertThat(response).isNotNull(); + assertThat(response.getStatus()).isNotNull(); + assertThat(response.getStatus()).isEqualTo("Permit"); + // + // Try a deny + // + guard.put("vfCount", "10"); + resource.put("guard", guard); + request.setResource(resource); + response = service.makeDecision(request); + LOGGER.info("Looking for Deny Decision {}", response); + assertThat(response).isNotNull(); + assertThat(response.getStatus()).isNotNull(); + assertThat(response.getStatus()).isEqualTo("Deny"); } @SuppressWarnings("unchecked") @@ -397,6 +366,7 @@ public class GuardPdpApplicationTest { newEntry.setEndtime(Date.from(Instant.now())); newEntry.setRequestId(UUID.randomUUID().toString()); newEntry.setTarget(properties.get("target").toString()); + LOGGER.info("Inserting {}", newEntry); em.getTransaction().begin(); em.persist(newEntry); em.getTransaction().commit(); diff --git a/applications/guard/src/test/resources/xacml.properties b/applications/guard/src/test/resources/xacml.properties index d429a32e..25dee375 100644 --- a/applications/guard/src/test/resources/xacml.properties +++ b/applications/guard/src/test/resources/xacml.properties @@ -22,7 +22,7 @@ xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapP # # Use a root combining algorithm # -xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-unless-deny +xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides xacml.pip.engines=historydb |