diff options
Diffstat (limited to 'packages')
6 files changed, 144 insertions, 11 deletions
diff --git a/packages/policy-xacmlpdp-docker/src/main/docker/Dockerfile b/packages/policy-xacmlpdp-docker/src/main/docker/Dockerfile index e6b37463..3732e589 100644 --- a/packages/policy-xacmlpdp-docker/src/main/docker/Dockerfile +++ b/packages/policy-xacmlpdp-docker/src/main/docker/Dockerfile @@ -10,30 +10,27 @@ ENV https_proxy $HTTPS_PROXY ENV BUILD_VERSION ${BUILD_VERSION} ENV POLICY_LOGS ${POLICY_LOGS} -ENV POLICY_HOME=/opt/app/policy -ENV POLICY_PDPX_HOME=${POLICY_HOME}/pdpx +ENV POLICY_HOME=/opt/app/policy/pdpx RUN \ apk add --no-cache --update busybox-extras bash nss procps coreutils findutils grep \ zip unzip curl wget openssh maven openjdk8 jq httpie py-pip - RUN addgroup policy && \ adduser -S --shell /bin/bash -G policy policy -RUN mkdir -p ${POLICY_PDPX_HOME} ${POLICY_LOGS} ${POLICY_HOME}/etc/ssl ${POLICY_PDPX_HOME}/bin && \ - chown -R policy:policy ${POLICY_HOME} ${POLICY_PDPX_HOME} ${POLICY_LOGS} +RUN mkdir -p ${POLICY_HOME} ${POLICY_LOGS} ${POLICY_HOME}/etc/ssl ${POLICY_HOME}/bin ${POLICY_HOME}/apps && \ + chown -R policy:policy ${POLICY_HOME} ${POLICY_LOGS} RUN mkdir /packages COPY /maven/* /packages -RUN tar xvfz /packages/policy-xacmlpdp.tar.gz --directory ${POLICY_PDPX_HOME} && \ +RUN tar xvfz /packages/policy-xacmlpdp.tar.gz --directory ${POLICY_HOME} && \ rm /packages/policy-xacmlpdp.tar.gz -WORKDIR ${POLICY_PDPX_HOME} +WORKDIR ${POLICY_HOME} COPY policy-pdpx.sh bin/. -RUN chown -R policy:policy * && chmod +x bin/*.sh && \ - cp ${POLICY_PDPX_HOME}/etc/ssl/* ${POLICY_HOME}/etc/ssl && chown policy:policy ${POLICY_HOME}/etc/ssl/* +RUN chown -R policy:policy * && chmod +x bin/*.sh USER policy -WORKDIR ${POLICY_PDPX_HOME}/bin +WORKDIR ${POLICY_HOME}/bin ENTRYPOINT [ "bash", "./policy-pdpx.sh" ] diff --git a/packages/policy-xacmlpdp-tarball/src/main/resources/apps/guard/xacml.properties b/packages/policy-xacmlpdp-tarball/src/main/resources/apps/guard/xacml.properties new file mode 100644 index 00000000..e3ef3ebc --- /dev/null +++ b/packages/policy-xacmlpdp-tarball/src/main/resources/apps/guard/xacml.properties @@ -0,0 +1,46 @@ +# +# Properties that the embedded PDP engine uses to configure and load +# +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +# +# ONAP PDP Implementation Factories +# +xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory + +# +# Use a root combining algorithm +# +xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-unless-deny + +xacml.pip.engines=historydb + +# +# PIP Engine Definition +# +historydb.classname=org.onap.policy.pdp.xacml.application.common.OnapOperationsHistoryPipEngine +historydb.issuer=urn:org:onap:xacml:guard:historydb +historydb.name=operationHistoryDB +historydb.description=Returns operation counts based on time window + +# +# Database persistence for PIP +# +historydb.persistenceunit=OperationsHistoryPU + +# Policies to load +# +#xacml.rootPolicies=guard +#guard.file=src/main/resources/RootGuardPolicy.xml + diff --git a/packages/policy-xacmlpdp-tarball/src/main/resources/apps/monitoring/RootMonitoringPolicy.xml b/packages/policy-xacmlpdp-tarball/src/main/resources/apps/monitoring/RootMonitoringPolicy.xml new file mode 100644 index 00000000..5578fda9 --- /dev/null +++ b/packages/policy-xacmlpdp-tarball/src/main/resources/apps/monitoring/RootMonitoringPolicy.xml @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<PolicySet xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" PolicyCombiningAlgId="urn:com:att:xacml:3.0:policy-combining-algorithm:combined-deny-overrides" PolicySetId="urn:org:onap:monitoring:policy:id" Version="1.0" xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:policy:schema:os access_control-xacml-2.0-policy-schema-os.xsd"> + <Description>The root policy for supporting in-memory onap.Monitoring policy-type policies.</Description> + <Target> + <AnyOf> + <AllOf> + <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DCAE</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + <Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case"> + <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">configure</AttributeValue> + <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/> + </Match> + </AllOf> + </AnyOf> + </Target> + <!-- + + New Policies created from TOSCA policies can be stored like this. + + <PolicyIdReference>onap.scaleout.tca</PolicyIdReference> + <PolicySetIdReference>urn:oasis:names:tc:xacml:2.0:conformance-test:IIE001:policyset1</PolicySetIdReference> + --> + <Policy PolicyId="default" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:permit-unless-deny" > + <Description>Default is to allow a permit - returning 0 obligations</Description> + <Target/> + <Rule RuleId="default" Effect="Permit"> + <Target/> + </Rule> + </Policy> +</PolicySet>
\ No newline at end of file diff --git a/packages/policy-xacmlpdp-tarball/src/main/resources/apps/monitoring/xacml.properties b/packages/policy-xacmlpdp-tarball/src/main/resources/apps/monitoring/xacml.properties new file mode 100644 index 00000000..8ad5152d --- /dev/null +++ b/packages/policy-xacmlpdp-tarball/src/main/resources/apps/monitoring/xacml.properties @@ -0,0 +1,26 @@ +# +# Properties that the embedded PDP engine uses to configure and load +# +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +# +# ONAP PDP Implementation Factories +# +xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory + +# Policies to load +# +xacml.rootPolicies=monitoring +monitoring.file=/opt/app/policy/pdpx/apps/monitoring/RootMonitoringPolicy.xml + diff --git a/packages/policy-xacmlpdp-tarball/src/main/resources/apps/optimization/xacml.properties b/packages/policy-xacmlpdp-tarball/src/main/resources/apps/optimization/xacml.properties new file mode 100644 index 00000000..5ea247cf --- /dev/null +++ b/packages/policy-xacmlpdp-tarball/src/main/resources/apps/optimization/xacml.properties @@ -0,0 +1,31 @@ +# +# Properties that the embedded PDP engine uses to configure and load +# +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +# +# ONAP PDP Implementation Factories +# +xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory + +# +# Use a root combining algorithm +# +xacml.att.policyFinderFactory.combineRootPolicies=urn:com:att:xacml:3.0:policy-combining-algorithm:combined-permit-overrides + +# +# Policies to load +# +xacml.rootPolicies= +xacml.referencedPolicies=
\ No newline at end of file diff --git a/packages/policy-xacmlpdp-tarball/src/main/resources/etc/defaultConfig.json b/packages/policy-xacmlpdp-tarball/src/main/resources/etc/defaultConfig.json index 561574a2..cc13e5b3 100644 --- a/packages/policy-xacmlpdp-tarball/src/main/resources/etc/defaultConfig.json +++ b/packages/policy-xacmlpdp-tarball/src/main/resources/etc/defaultConfig.json @@ -7,5 +7,6 @@ "password": "zb!XztG34", "https": true, "aaf": false - } + }, + "applicationPath": "/opt/app/policy/pdpx/apps" } |