From 59c38b6b3dfbd43c876f85ffb1e4b484951ced44 Mon Sep 17 00:00:00 2001 From: Pamela Dragosh Date: Fri, 15 Mar 2019 14:30:00 -0400 Subject: Started with test decision JSON objects. Added new Policy Finder Factory that ONAP will use and got the code working with new policy/models (see other review which will have to be merged first). Added some new conversion methods to convert from a Xacml request to an Onap request. Added some property methods for XACML Properties objects and JUnit tests. Started filling in some Guard application details and combining code. Issue-ID: POLICY-1602 Change-Id: I5235b74f3b036dcf05779b655a03ac290d594354 Signed-off-by: Pamela Dragosh --- .../common/OnapPolicyFinderFactory.java | 38 +- .../common/OnapPolicyFinderFactoryException.java | 48 ++ .../xacml/application/common/ToscaDictionary.java | 7 +- .../application/common/ToscaPolicyConverter.java | 10 + .../common/XacmlApplicationServiceProvider.java | 12 +- .../xacml/application/common/XacmlPolicyUtils.java | 338 ++++++++++++ .../application/common/XacmlUpdatePolicyUtils.java | 88 --- .../OnapPolicyFinderFactoryExceptionTest.java | 35 ++ .../common/OnapPolicyFinderFactoryTest.java | 38 ++ .../application/common/XacmlPolicyUtilsTest.java | 264 +++++++++ .../common/XacmlUpdatePolicyUtilsTest.java | 226 -------- .../pdp/application/guard/GuardPdpApplication.java | 172 +++++- ...lication.common.XacmlApplicationServiceProvider | 1 + .../guard/src/main/resources/RootGuardPolicy.xml | 28 + .../application/guard/GuardPdpApplicationTest.java | 166 ++++-- .../monitoring/MonitoringPdpApplication.java | 613 +++++++++++++++++++++ .../application/monitoring/MonitoringRequest.java | 78 +++ .../xacml/pdp/engine/OnapXacmlPdpEngine.java | 539 ------------------ ...lication.common.XacmlApplicationServiceProvider | 2 +- .../src/main/resources/RootMonitoringPolicy.xml | 4 - .../monitoring/MonitoringPdpApplicationTest.java | 309 +++++++++++ .../xacml/pdp/engine/OnapXacmlPdpEngineTest.java | 296 ---------- .../src/test/resources/vDNS.policy.input.yaml | 49 +- main/pom.xml | 5 + .../onap/policy/pdpx/main/rest/model/Decision.java | 2 + .../pdpx/main/rest/TestXacmlPdpRestServer.java | 2 +- .../decisions/decision.multiple.input.json | 12 + .../decisions/decision.multiple.output.json | 87 +++ .../decisions/decision.policytype.input.json | 9 + .../decisions/decision.policytype.output.json | 129 +++++ .../resources/decisions/decision.single.input.json | 9 + .../resources/decisions/decsion.single.output.json | 46 ++ pom.xml | 11 + 33 files changed, 2416 insertions(+), 1257 deletions(-) create mode 100644 applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactoryException.java create mode 100644 applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlPolicyUtils.java delete mode 100644 applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlUpdatePolicyUtils.java create mode 100644 applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactoryExceptionTest.java create mode 100644 applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactoryTest.java create mode 100644 applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/XacmlPolicyUtilsTest.java delete mode 100644 applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/XacmlUpdatePolicyUtilsTest.java create mode 100644 applications/guard/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider create mode 100644 applications/guard/src/main/resources/RootGuardPolicy.xml create mode 100644 applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/application/monitoring/MonitoringPdpApplication.java create mode 100644 applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/application/monitoring/MonitoringRequest.java delete mode 100644 applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java create mode 100644 applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/application/monitoring/MonitoringPdpApplicationTest.java delete mode 100644 applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngineTest.java create mode 100644 main/src/test/resources/decisions/decision.multiple.input.json create mode 100644 main/src/test/resources/decisions/decision.multiple.output.json create mode 100644 main/src/test/resources/decisions/decision.policytype.input.json create mode 100644 main/src/test/resources/decisions/decision.policytype.output.json create mode 100644 main/src/test/resources/decisions/decision.single.input.json create mode 100644 main/src/test/resources/decisions/decsion.single.output.json diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactory.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactory.java index 1e47c5b5..7da455c0 100644 --- a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactory.java +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactory.java @@ -18,7 +18,6 @@ * ============LICENSE_END========================================================= */ - package org.onap.policy.pdp.xacml.application.common; import com.att.research.xacml.std.StdStatusCode; @@ -64,18 +63,16 @@ public class OnapPolicyFinderFactory extends PolicyFinderFactory { private List referencedPolicies; private boolean needsInit = true; - private Properties properties = null; + private Properties properties; /** - * Empty constructor. + * Empty private constructor. We do not want to create + * an instance of this without giving Properties object. + * + * @throws OnapPolicyFinderFactoryException Exception will be thrown */ - public OnapPolicyFinderFactory() { - logger.debug("Constructed without properties"); - // - // Here we differ from the StdPolicyFinderFactory in that we initialize right away. - // We do not wait for a policy request to happen to look for and load policies. - // - this.init(); + public OnapPolicyFinderFactory() throws OnapPolicyFinderFactoryException { + throw new OnapPolicyFinderFactoryException("Please use the constructor with Properties object."); } /** @@ -106,12 +103,7 @@ public class OnapPolicyFinderFactory extends PolicyFinderFactory { * @return a PolicyDef loaded from the given identifier */ protected PolicyDef loadPolicyDef(String policyId) { - String propLocation = null; - if (this.properties == null) { - propLocation = XACMLProperties.getProperty(policyId + PROP_FILE); - } else { - propLocation = this.properties.getProperty(policyId + PROP_FILE); - } + String propLocation = this.properties.getProperty(policyId + PROP_FILE); if (propLocation != null) { // // Try to load it from the file @@ -121,11 +113,8 @@ public class OnapPolicyFinderFactory extends PolicyFinderFactory { return policy; } } - if (this.properties == null) { - propLocation = XACMLProperties.getProperty(policyId + PROP_URL); - } else { - propLocation = this.properties.getProperty(policyId + PROP_URL); - } + + propLocation = this.properties.getProperty(policyId + PROP_URL); if (propLocation != null) { PolicyDef policy = this.loadPolicyUrlDef(propLocation); if (policy != null) { @@ -200,12 +189,7 @@ public class OnapPolicyFinderFactory extends PolicyFinderFactory { * @return a List of PolicyDefs loaded from the given property name */ protected List getPolicyDefs(String propertyName) { - String policyIds; - if (this.properties != null) { - policyIds = this.properties.getProperty(propertyName); - } else { - policyIds = XACMLProperties.getProperty(propertyName); - } + String policyIds = this.properties.getProperty(propertyName); if (Strings.isNullOrEmpty(policyIds)) { return Collections.emptyList(); } diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactoryException.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactoryException.java new file mode 100644 index 00000000..a42b3a5f --- /dev/null +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactoryException.java @@ -0,0 +1,48 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.pdp.xacml.application.common; + +public class OnapPolicyFinderFactoryException extends Exception { + + private static final long serialVersionUID = -1643639780835366726L; + + public OnapPolicyFinderFactoryException() { + super(); + } + + public OnapPolicyFinderFactoryException(String message) { + super(message); + } + + public OnapPolicyFinderFactoryException(Throwable cause) { + super(cause); + } + + public OnapPolicyFinderFactoryException(String message, Throwable cause) { + super(message, cause); + } + + public OnapPolicyFinderFactoryException(String message, Throwable cause, boolean enableSuppression, + boolean writableStackTrace) { + super(message, cause, enableSuppression, writableStackTrace); + } + +} diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java index c65d7a17..785ed9a8 100644 --- a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java @@ -28,10 +28,6 @@ import com.att.research.xacml.std.IdentifierImpl; public final class ToscaDictionary { - private ToscaDictionary() { - super(); - } - /* * These are the ID's for various TOSCA Policy Types we are supporting in the Applications. */ @@ -65,5 +61,8 @@ public final class ToscaDictionary { public static final Identifier ID_OBLIGATION_ISSUER = new IdentifierImpl(URN_ONAP, "issuer:monitoring"); + private ToscaDictionary() { + super(); + } } diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConverter.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConverter.java index f6f75a4c..8852eb08 100644 --- a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConverter.java +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaPolicyConverter.java @@ -22,15 +22,25 @@ package org.onap.policy.pdp.xacml.application.common; +import com.att.research.xacml.api.Request; +import com.att.research.xacml.api.Response; + import java.io.InputStream; import java.util.List; import java.util.Map; import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; +import org.onap.policy.models.decisions.concepts.DecisionRequest; +import org.onap.policy.models.decisions.concepts.DecisionResponse; + public interface ToscaPolicyConverter { List convertPolicies(InputStream isToscaPolicy) throws ToscaPolicyConversionException; List convertPolicies(Map toscaObject) throws ToscaPolicyConversionException; + + Request convertRequest(DecisionRequest request); + + DecisionResponse convertResponse(Response response); } diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlApplicationServiceProvider.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlApplicationServiceProvider.java index 65648ea8..2ddcd027 100644 --- a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlApplicationServiceProvider.java +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlApplicationServiceProvider.java @@ -25,7 +25,8 @@ import java.nio.file.Path; import java.util.List; import java.util.Map; -import org.json.JSONObject; +import org.onap.policy.models.decisions.concepts.DecisionRequest; +import org.onap.policy.models.decisions.concepts.DecisionResponse; /** * This interface is how the XACML REST controller can communicate @@ -87,12 +88,9 @@ public interface XacmlApplicationServiceProvider { /** * Makes a decision given the incoming request and returns a response. * - *

NOTE: I may want to change this to an object that represents the - * schema. - * - * @param jsonSchema Incoming Json - * @return response + * @param request Incoming DecisionRequest object + * @return response Responding DecisionResponse object */ - JSONObject makeDecision(JSONObject jsonSchema); + DecisionResponse makeDecision(DecisionRequest request); } diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlPolicyUtils.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlPolicyUtils.java new file mode 100644 index 00000000..19adaf6c --- /dev/null +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlPolicyUtils.java @@ -0,0 +1,338 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.pdp.xacml.application.common; + +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.pdp.PDPEngine; +import com.att.research.xacml.api.pdp.PDPEngineFactory; +import com.att.research.xacml.util.FactoryException; +import com.att.research.xacml.util.XACMLProperties; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.Properties; +import java.util.Set; +import java.util.StringJoiner; +import java.util.stream.Collectors; + +import oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +public class XacmlPolicyUtils { + + private static final Logger LOGGER = LoggerFactory.getLogger(XacmlPolicyUtils.class); + + private XacmlPolicyUtils() { + super(); + } + + /** + * Creates an empty PolicySetType object given the id and combining algorithm. Note,there + * will also be an empty Target created. You can easily override that if need be. + * + * @param policyId Policy Id + * @param policyCombiningAlgorithm Policy Combining Algorithm + * @return PolicySetType object + */ + public static PolicySetType createEmptyPolicySet(String policyId, Identifier policyCombiningAlgorithm) { + PolicySetType policy = new PolicySetType(); + policy.setPolicySetId(policyId); + policy.setPolicyCombiningAlgId(policyCombiningAlgorithm.stringValue()); + policy.setTarget(new TargetType()); + return policy; + } + + /** + * Creates an empty PolicySetType object given the id and combining algorithm. Note,there + * will also be an empty Target created. You can easily override that if need be. + * + * @param policyId Policy Id + * @param ruleCombiningAlgorithm Rule Combining Algorithm + * @return PolicyType object + */ + public static PolicyType createEmptyPolicy(String policyId, Identifier ruleCombiningAlgorithm) { + PolicyType policy = new PolicyType(); + policy.setPolicyId(policyId); + policy.setRuleCombiningAlgId(ruleCombiningAlgorithm.stringValue()); + policy.setTarget(new TargetType()); + return policy; + } + + /** + * This method adds a list of PolicyType objects to a root PolicySetType as + * referenced policies. + * + * @param rootPolicy Root PolicySet being updated + * @param referencedPolicies A list of PolicyType being added as a references + * @return the rootPolicy PolicySet object + */ + public static PolicySetType addPoliciesToXacmlRootPolicy(PolicySetType rootPolicy, + PolicyType... referencedPolicies) { + ObjectFactory factory = new ObjectFactory(); + // + // Iterate each policy + // + for (PolicyType referencedPolicy : referencedPolicies) { + IdReferenceType reference = new IdReferenceType(); + reference.setValue(referencedPolicy.getPolicyId()); + // + // Add it in + // + rootPolicy.getPolicySetOrPolicyOrPolicySetIdReference().add(factory.createPolicyIdReference(reference)); + } + // + // Return the updated object + // + return rootPolicy; + } + + /** + * This method updates a root PolicySetType by adding in a PolicyType as a reference. + * + * @param rootPolicy Root PolicySet being updated + * @param referencedPolicySets A list of PolicySetType being added as a references + * @return the rootPolicy PolicySet object + */ + public static PolicySetType addPolicySetsToXacmlRootPolicy(PolicySetType rootPolicy, + PolicySetType... referencedPolicySets) { + ObjectFactory factory = new ObjectFactory(); + // + // Iterate each policy + // + for (PolicySetType referencedPolicySet : referencedPolicySets) { + IdReferenceType reference = new IdReferenceType(); + reference.setValue(referencedPolicySet.getPolicySetId()); + // + // Add it in + // + rootPolicy.getPolicySetOrPolicyOrPolicySetIdReference().add(factory.createPolicySetIdReference(reference)); + } + // + // Return the updated object + // + return rootPolicy; + } + + /** + * Adds in the referenced policy to the PDP properties object. + * + * @param properties Input properties + * @param refPolicyPath Path to the referenced policy file + * @return Properties object + */ + public static Properties addReferencedPolicy(Properties properties, Path refPolicyPath) { + // + // Get the current set of referenced policy ids + // + Set referencedPolicies = XACMLProperties.getReferencedPolicyIDs(properties); + // + // Construct a unique id + // + int id = 1; + while (true) { + String refId = "ref" + id; + if (referencedPolicies.contains(refId)) { + id++; + } else { + referencedPolicies.add(refId); + properties.put(refId + ".file", refPolicyPath.toAbsolutePath().toString()); + break; + } + } + // + // Set the new comma separated list + // + properties.setProperty(XACMLProperties.PROP_REFERENCEDPOLICIES, + referencedPolicies.stream().collect(Collectors.joining(","))); + return properties; + } + + /** + * Removes a referenced policy from the Properties object. Both in the line + * that identifies the policy and the .file property that points to the path. + * + * @param properties Input Properties object to remove + * @param refPolicyPath The policy file path + * @return Properties object + */ + public static Properties removeReferencedPolicy(Properties properties, Path refPolicyPath) { + // + // Get the current set of referenced policy ids + // + StringJoiner join = new StringJoiner(","); + boolean found = false; + Set referencedPolicies = XACMLProperties.getReferencedPolicyIDs(properties); + for (String refPolicy : referencedPolicies) { + String refPolicyFile = refPolicy + ".file"; + // + // If the key and value match, then it will return true + // + if (properties.remove(refPolicyFile, refPolicyPath.toString())) { + // + // Record that we actually removed it + // + found = true; + } else { + // + // Retain it + // + join.add(refPolicy); + } + } + // + // Did we remove it? + // + if (found) { + // + // Now update the list of referenced properties + // + properties.setProperty(XACMLProperties.PROP_REFERENCEDPOLICIES, join.toString()); + } + return properties; + } + + /** + * Does a debug dump of referenced and root policy values. + * + * @param properties Input Properties object + * @param logger Logger object to use + */ + public static void debugDumpPolicyProperties(Properties properties, Logger logger) { + // + // I hate surrounding this all with an if, but by + // doing so I clear sonar issues with passing System.lineSeparator() + // as an argument. + // + if (logger.isDebugEnabled()) { + // + // Get the current set of referenced policy ids + // + Set rootPolicies = XACMLProperties.getRootPolicyIDs(properties); + logger.debug("Root Policies: {}", properties.getProperty(XACMLProperties.PROP_ROOTPOLICIES)); + for (String root : rootPolicies) { + logger.debug("{}", properties.getProperty(root + ".file", "NOT FOUND")); + } + // + // Get the current set of referenced policy ids + // + Set referencedPolicies = XACMLProperties.getReferencedPolicyIDs(properties); + logger.debug("Referenced Policies: {}", properties.getProperty(XACMLProperties.PROP_REFERENCEDPOLICIES)); + for (String ref : referencedPolicies) { + logger.debug("{}", properties.getProperty(ref + ".file", "NOT FOUND")); + } + } + } + + /** + * Constructs a unique policy filename for a given policy. + * + *

It could be dangerous to use policy-id and policy-version if the user + * gives us an invalid policy-id and policy-versions. + * + *

Should we append a UUID also to guarantee uniqueness? + * + *

How do we track that in case we need to know what policies we have loaded? + * + * @param policy PolicyType object + * @param path Path for policy + * @return Path unique file path for the Policy + */ + public static Path constructUniquePolicyFilename(PolicyType policy, Path path) { + // + // + // Can it be possible to produce an invalid filename? + // Should we insert a UUID + // + String filename = policy.getPolicyId() + "_" + policy.getVersion() + ".xml"; + // + // Construct the Path + // + return Paths.get(path.toAbsolutePath().toString(), filename); + } + + /** + * Load properties from given file. + * + * @throws IOException If unable to read file + */ + public static Properties loadXacmlProperties(Path propertyPath) throws IOException { + LOGGER.debug("Loading xacml properties {}", propertyPath); + try (InputStream is = Files.newInputStream(propertyPath)) { + Properties properties = new Properties(); + properties.load(is); + return properties; + } + } + + /** + * Stores the XACML Properties to the given file location. + * + * @throws IOException If unable to store the file. + */ + public static void storeXacmlProperties(Properties properties, Path propertyPath) throws IOException { + try (OutputStream os = Files.newOutputStream(propertyPath)) { + String strComments = "#"; + properties.store(os, strComments); + } + } + + /** + * Appends 'xacml.properties' to a root Path object + * + * @param rootPath Root Path object + * @return Path to rootPath/xacml.properties file + */ + public static Path getPropertiesPath(Path rootPath) { + return Paths.get(rootPath.toAbsolutePath().toString(), "xacml.properties"); + } + + + /** + * Creates an instance of PDP engine given the Properties object. + * + * @param properties Incoming Properties object + * @return PDPEngine instance or null if failed + */ + public static PDPEngine createEngine(Properties properties) { + // + // Now initialize the XACML PDP Engine + // + try { + PDPEngineFactory factory = PDPEngineFactory.newInstance(); + return factory.newEngine(properties); + } catch (FactoryException e) { + LOGGER.error("Failed to create XACML PDP Engine {}", e); + } + return null; + } +} diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlUpdatePolicyUtils.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlUpdatePolicyUtils.java deleted file mode 100644 index 957242c5..00000000 --- a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/XacmlUpdatePolicyUtils.java +++ /dev/null @@ -1,88 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.pdp.xacml.application.common; - -import oasis.names.tc.xacml._3_0.core.schema.wd_17.IdReferenceType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; - -public class XacmlUpdatePolicyUtils { - - private XacmlUpdatePolicyUtils() { - super(); - } - - /** - * This method updates a root PolicySetType by adding in a PolicyType as a reference. - * - * @param rootPolicy Root PolicySet being updated - * @param referencedPolicies A list of PolicyType being added as a references - * @return the rootPolicy PolicySet object - */ - public static PolicySetType updateXacmlRootPolicy(PolicySetType rootPolicy, PolicyType... referencedPolicies) { - ObjectFactory factory = new ObjectFactory(); - // - // Iterate each policy - // - for (PolicyType referencedPolicy : referencedPolicies) { - IdReferenceType reference = new IdReferenceType(); - reference.setValue(referencedPolicy.getPolicyId()); - // - // Add it in - // - rootPolicy.getPolicySetOrPolicyOrPolicySetIdReference().add(factory.createPolicySetIdReference(reference)); - } - // - // Return the updated object - // - return rootPolicy; - } - - /** - * This method updates a root PolicySetType by adding in a PolicyType as a reference. - * - * @param rootPolicy Root PolicySet being updated - * @param referencedPolicySets A list of PolicySetType being added as a references - * @return the rootPolicy PolicySet object - */ - public static PolicySetType updateXacmlRootPolicy(PolicySetType rootPolicy, PolicySetType... referencedPolicySets) { - ObjectFactory factory = new ObjectFactory(); - // - // Iterate each policy - // - for (PolicySetType referencedPolicySet : referencedPolicySets) { - IdReferenceType reference = new IdReferenceType(); - reference.setValue(referencedPolicySet.getPolicySetId()); - // - // Add it in - // - rootPolicy.getPolicySetOrPolicyOrPolicySetIdReference().add(factory.createPolicySetIdReference(reference)); - } - // - // Return the updated object - // - return rootPolicy; - } - -} diff --git a/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactoryExceptionTest.java b/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactoryExceptionTest.java new file mode 100644 index 00000000..86708284 --- /dev/null +++ b/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactoryExceptionTest.java @@ -0,0 +1,35 @@ +/* + * ============LICENSE_START======================================================= + * ONAP + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.pdp.xacml.application.common; + +import static org.junit.Assert.assertEquals; + +import org.junit.Test; +import org.onap.policy.common.utils.test.ExceptionsTester; + +public class OnapPolicyFinderFactoryExceptionTest { + + @Test + public void test() { + assertEquals(5, new ExceptionsTester().test(OnapPolicyFinderFactoryException.class)); + } + +} diff --git a/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactoryTest.java b/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactoryTest.java new file mode 100644 index 00000000..5cd1cdc7 --- /dev/null +++ b/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/OnapPolicyFinderFactoryTest.java @@ -0,0 +1,38 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.pdp.xacml.application.common; + +import static org.assertj.core.api.Assertions.assertThatExceptionOfType; + +import org.junit.Test; + +public class OnapPolicyFinderFactoryTest { + + @Test + public void test() throws NoSuchMethodException, SecurityException { + assertThatExceptionOfType(OnapPolicyFinderFactoryException.class).isThrownBy(() -> { + new OnapPolicyFinderFactory(); + }).withMessageContaining("Please use the constructor with Properties object."); + } + +} diff --git a/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/XacmlPolicyUtilsTest.java b/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/XacmlPolicyUtilsTest.java new file mode 100644 index 00000000..57800d9e --- /dev/null +++ b/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/XacmlPolicyUtilsTest.java @@ -0,0 +1,264 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.pdp.xacml.application.common; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatCode; + +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.util.XACMLPolicyWriter; + +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.Properties; + +import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType; + +import org.junit.BeforeClass; +import org.junit.ClassRule; +import org.junit.Test; +import org.junit.rules.TemporaryFolder; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * Utility methods for storing policies to disk and updating Properties objects + * that reference policies. + * + * @author pameladragosh + * + */ +public class XacmlPolicyUtilsTest { + private static final Logger LOGGER = LoggerFactory.getLogger(XacmlPolicyUtilsTest.class); + + static Properties properties; + + static PolicySetType rootPolicy = XacmlPolicyUtils.createEmptyPolicySet("root", XACML3.ID_POLICY_FIRST_APPLICABLE); + + static Path rootPath; + + static PolicyType policy1 = XacmlPolicyUtils.createEmptyPolicy("policy1", XACML3.ID_RULE_DENY_UNLESS_PERMIT); + static PolicyType policy2 = XacmlPolicyUtils.createEmptyPolicy("policy2", XACML3.ID_RULE_DENY_UNLESS_PERMIT); + static PolicyType policy3 = XacmlPolicyUtils.createEmptyPolicy("policy3", XACML3.ID_RULE_DENY_UNLESS_PERMIT); + static PolicyType policy4 = XacmlPolicyUtils.createEmptyPolicy("policy4", XACML3.ID_RULE_DENY_UNLESS_PERMIT); + + static PolicySetType policySet5 = XacmlPolicyUtils.createEmptyPolicySet( + "policyset1", XACML3.ID_POLICY_FIRST_APPLICABLE); + + static Path path1; + static Path path2; + static Path path3; + static Path path4; + + static Path policySetPath; + + /** + * Temporary folder where we will store newly created policies. + */ + @ClassRule + public static TemporaryFolder policyFolder = new TemporaryFolder(); + + /** + * Setup the JUnit tests by finishing creating the policies and + * writing them out to the temporary folder. + * + * @throws Exception thrown + */ + @BeforeClass + public static void setUp() throws Exception { + assertThatCode(() -> { + // + // Load our test property object + // + try (InputStream is = new FileInputStream("src/test/resources/test.properties")) { + properties = new Properties(); + properties.load(is); + } + // + // Save root policy + // + File rootFile = policyFolder.newFile("root.xml"); + LOGGER.info("Creating Root Policy {}", rootFile.getAbsolutePath()); + rootPath = XACMLPolicyWriter.writePolicyFile(rootFile.toPath(), rootPolicy); + // + // Create policies - Policies 1 and 2 will become references in the + // root policy. While Policies 3 and 4 will become references in the + // soon to be created PolicySet 5 below. + // + path1 = createPolicyContents(policy1, "resource1"); + LOGGER.info(new String(Files.readAllBytes(path1))); + path2 = createPolicyContents(policy2, "resource2"); + LOGGER.info(new String(Files.readAllBytes(path2))); + path3 = createPolicyContents(policy3, "resourc31"); + LOGGER.info(new String(Files.readAllBytes(path3))); + path4 = createPolicyContents(policy4, "resource4"); + LOGGER.info(new String(Files.readAllBytes(path4))); + // + // Create our PolicySet + // + policySet5.setPolicySetId("policyset5"); + policySet5.setTarget(new TargetType()); + policySet5.setPolicyCombiningAlgId(XACML3.ID_POLICY_FIRST_APPLICABLE.stringValue()); + ObjectFactory factory = new ObjectFactory(); + // + // Add Policies 3 and 4 to the PolicySet + // + policySet5.getPolicySetOrPolicyOrPolicySetIdReference().add(factory.createPolicy(policy1)); + policySet5.getPolicySetOrPolicyOrPolicySetIdReference().add(factory.createPolicy(policy2)); + assertThat(policySet5.getPolicySetOrPolicyOrPolicySetIdReference()).hasSize(2); + // + // Save that to disk + // + File policySetFile = policyFolder.newFile("policySet5.xml"); + LOGGER.info("Creating PolicySet {}", policySetFile.getAbsolutePath()); + policySetPath = XACMLPolicyWriter.writePolicyFile(policySetFile.toPath(), policySet5); + + }).doesNotThrowAnyException(); + } + + /** + * Helper method that creates a very simple Policy and Rule and saves it to disk. + * + * @param policy Policy to store contents in + * @param resource A simple resource id for the Target + * @return Path object of the policy + * @throws IOException If unable to write to disk + */ + private static Path createPolicyContents(PolicyType policy, String resource) throws IOException { + // + // Create The Match + // + MatchType matchPolicyId = ToscaPolicyConverterUtils.buildMatchTypeDesignator( + XACML3.ID_FUNCTION_STRING_EQUAL, + resource, + XACML3.ID_DATATYPE_STRING, + XACML3.ID_RESOURCE_RESOURCE_ID, + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); + // + // This is our outer AnyOf - which is an OR + // + AnyOfType anyOf = new AnyOfType(); + // + // Create AllOf (AND) of just Policy Id + // + anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyId)); + TargetType target = new TargetType(); + target.getAnyOf().add(anyOf); + policy.setTarget(target); + RuleType rule = new RuleType(); + rule.setRuleId(policy.getPolicyId() + ":rule"); + rule.setEffect(EffectType.PERMIT); + rule.setTarget(new TargetType()); + // + // Add the rule to the policy + // + policy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule); + // + // Save it to disk + // + File file = policyFolder.newFile(policy.getPolicyId() + ".xml"); + LOGGER.info("Creating Policy {}", file.getAbsolutePath()); + return XACMLPolicyWriter.writePolicyFile(file.toPath(), policy); + } + + @Test + public void testUpdatingPolicies() { + assertThatCode(() -> { + // + // Just update root and policies + // + XacmlPolicyUtils.addPoliciesToXacmlRootPolicy(rootPolicy, policy1, policy2); + // + // Make sure it is correct + // + assertThat(rootPolicy.getPolicySetOrPolicyOrPolicySetIdReference()).hasSize(2); + // + // Save to disk + // + try (OutputStream os = new ByteArrayOutputStream()) { + XACMLPolicyWriter.writePolicyFile(os, rootPolicy); + LOGGER.debug("New Root Policy:{}{}", System.lineSeparator(), os.toString()); + } + // + // Just update root and PolicySet + // + XacmlPolicyUtils.addPolicySetsToXacmlRootPolicy(rootPolicy, policySet5); + try (OutputStream os = new ByteArrayOutputStream()) { + XACMLPolicyWriter.writePolicyFile(os, rootPolicy); + LOGGER.debug("New Root Policy:{}{}", System.lineSeparator(), os.toString()); + } + }).doesNotThrowAnyException(); + } + + @Test + public void testRemovingProperties() { + // + // Dump what we are starting with + // + XacmlPolicyUtils.debugDumpPolicyProperties(properties, LOGGER); + // + // Remove referenced policies + // + Path ref = Paths.get("src/test/resources/ref1.xml"); + XacmlPolicyUtils.removeReferencedPolicy(properties, ref); + XacmlPolicyUtils.debugDumpPolicyProperties(properties, LOGGER); + assertThat(properties.getProperty("refstart1.file")).isNullOrEmpty(); + + ref = Paths.get("src/test/resources/ref2.xml"); + XacmlPolicyUtils.removeReferencedPolicy(properties, ref); + XacmlPolicyUtils.debugDumpPolicyProperties(properties, LOGGER); + assertThat(properties.getProperty("refstart2.file")).isNullOrEmpty(); + + // + // Test one that isn't in there + // + ref = Paths.get("src/test/resources/NotThere.xml"); + XacmlPolicyUtils.removeReferencedPolicy(properties, ref); + XacmlPolicyUtils.debugDumpPolicyProperties(properties, LOGGER); + assertThat(properties.getProperty("refstart3.file")).isNotBlank(); + + ref = Paths.get("src/test/resources/ref3.xml"); + XacmlPolicyUtils.removeReferencedPolicy(properties, ref); + XacmlPolicyUtils.debugDumpPolicyProperties(properties, LOGGER); + assertThat(properties.getProperty("refstart3.file")).isNullOrEmpty(); + + ref = Paths.get("src/test/resources/ref4.xml"); + XacmlPolicyUtils.removeReferencedPolicy(properties, ref); + XacmlPolicyUtils.debugDumpPolicyProperties(properties, LOGGER); + assertThat(properties.getProperty("refstart4.file")).isNullOrEmpty(); + } +} diff --git a/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/XacmlUpdatePolicyUtilsTest.java b/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/XacmlUpdatePolicyUtilsTest.java deleted file mode 100644 index 84fefa5c..00000000 --- a/applications/common/src/test/java/org/onap/policy/pdp/xacml/application/common/XacmlUpdatePolicyUtilsTest.java +++ /dev/null @@ -1,226 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.pdp.xacml.application.common; - -import static org.assertj.core.api.Assertions.assertThatCode; - -import com.att.research.xacml.api.XACML3; -import com.att.research.xacml.util.XACMLPolicyWriter; -import com.att.research.xacml.util.XACMLProperties; - -import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.nio.file.Files; -import java.nio.file.Path; -import java.util.Map.Entry; -import java.util.Properties; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType; -import org.junit.BeforeClass; -import org.junit.ClassRule; -import org.junit.Test; -import org.junit.rules.TemporaryFolder; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * Utility methods for storing policies to disk and updating Properties objects - * that reference policies. - * - * @author pameladragosh - * - */ -public class XacmlUpdatePolicyUtilsTest { - private static final Logger LOGGER = LoggerFactory.getLogger(XacmlUpdatePolicyUtilsTest.class); - - static Properties properties; - - static PolicySetType rootPolicy = new PolicySetType(); - - static Path rootPath; - - static PolicyType policy1 = new PolicyType(); - static PolicyType policy2 = new PolicyType(); - - static PolicySetType policySet3 = new PolicySetType(); - - static Path path1; - static Path path2; - - static Path policySetPath; - - /** - * Temporary folder where we will store newly created policies. - */ - @ClassRule - public static TemporaryFolder policyFolder = new TemporaryFolder(); - - /** - * Setup the JUnit tests. - * - * @throws Exception thrown - */ - @BeforeClass - public static void setUp() throws Exception { - assertThatCode(() -> { - // - // Load our test property object - // - try (InputStream is = new FileInputStream("src/test/resources/test.properties")) { - properties = new Properties(); - properties.load(is); - } - // - // Create a very basic Root policy - // - rootPolicy.setPolicySetId("root"); - rootPolicy.setTarget(new TargetType()); - rootPolicy.setPolicyCombiningAlgId(XACML3.ID_POLICY_FIRST_APPLICABLE.stringValue()); - File rootFile = policyFolder.newFile("root.xml"); - LOGGER.info("Creating Root Policy {}", rootFile.getAbsolutePath()); - rootPath = XACMLPolicyWriter.writePolicyFile(rootFile.toPath(), rootPolicy); - // - // Create policies - // - path1 = createPolicy(policy1, "policy1", "resource1"); - LOGGER.info(new String(Files.readAllBytes(path1))); - path2 = createPolicy(policy2, "policy2", "resource2"); - LOGGER.info(new String(Files.readAllBytes(path2))); - // - // Create another PolicySet - // - policySet3.setPolicySetId("policyset1"); - policySet3.setTarget(new TargetType()); - policySet3.setPolicyCombiningAlgId(XACML3.ID_POLICY_FIRST_APPLICABLE.stringValue()); - ObjectFactory factory = new ObjectFactory(); - - policySet3.getPolicySetOrPolicyOrPolicySetIdReference().add(factory.createPolicy(policy1)); - policySet3.getPolicySetOrPolicyOrPolicySetIdReference().add(factory.createPolicy(policy2)); - File policySetFile = policyFolder.newFile("policySet1.xml"); - LOGGER.info("Creating PolicySet {}", policySetFile.getAbsolutePath()); - policySetPath = XACMLPolicyWriter.writePolicyFile(policySetFile.toPath(), policySet3); - - }).doesNotThrowAnyException(); - } - - private static Path createPolicy(PolicyType policy, String id, String resource) throws IOException { - // - // Create Policy 1 - // - policy.setPolicyId(id); - MatchType matchPolicyId = ToscaPolicyConverterUtils.buildMatchTypeDesignator( - XACML3.ID_FUNCTION_STRING_EQUAL, - resource, - XACML3.ID_DATATYPE_STRING, - XACML3.ID_RESOURCE_RESOURCE_ID, - XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); - // - // This is our outer AnyOf - which is an OR - // - AnyOfType anyOf = new AnyOfType(); - // - // Create AllOf (AND) of just Policy Id - // - anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyId)); - TargetType target = new TargetType(); - target.getAnyOf().add(anyOf); - policy.setTarget(target); - RuleType rule = new RuleType(); - rule.setRuleId(policy.getPolicyId() + ":rule"); - rule.setEffect(EffectType.PERMIT); - rule.setTarget(new TargetType()); - // - // Add the rule to the policy - // - policy.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule); - // - // Create a file - // - File file = policyFolder.newFile(policy.getPolicyId() + ".xml"); - LOGGER.info("Creating Policy {}", file.getAbsolutePath()); - return XACMLPolicyWriter.writePolicyFile(file.toPath(), policy); - } - - @Test - public void test() { - assertThatCode(() -> { - // - // Just update root and policies - // - XacmlUpdatePolicyUtils.updateXacmlRootPolicy(rootPolicy, policy1, policy2); - try (OutputStream os = new ByteArrayOutputStream()) { - XACMLPolicyWriter.writePolicyFile(os, rootPolicy); - LOGGER.debug("New Root Policy:{}{}", System.lineSeparator(), os.toString()); - } - // - // Test updating the properties - // - XACMLProperties.setXacmlRootProperties(properties, rootPath); - XACMLProperties.setXacmlReferencedProperties(properties, path1, path2); - // - // Dump this out so I can see what I'm doing - // - for (Entry entry : properties.entrySet()) { - LOGGER.info("{}={}", entry.getKey(), entry.getValue()); - } - LOGGER.info("Properties {}", properties.toString()); - // - // Somehow I have to figure out how to test this in assertj - // - // - // Just update root and PolicySet - // - XacmlUpdatePolicyUtils.updateXacmlRootPolicy(rootPolicy, policySet3); - try (OutputStream os = new ByteArrayOutputStream()) { - XACMLPolicyWriter.writePolicyFile(os, rootPolicy); - LOGGER.debug("New Root Policy:{}{}", System.lineSeparator(), os.toString()); - } - // - // Test updating the properties - // - XACMLProperties.setXacmlRootProperties(properties, rootPath); - XACMLProperties.setXacmlReferencedProperties(properties, policySetPath); - // - // Dump this out so I can see what I'm doing - // - for (Entry entry : properties.entrySet()) { - LOGGER.info("{}={}", entry.getKey(), entry.getValue()); - } - LOGGER.info("Properties {}", properties.toString()); - // - // Somehow I have to figure out how to test this in assertj - // - - }).doesNotThrowAnyException(); - } -} diff --git a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java index e8a51136..2717c279 100644 --- a/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java +++ b/applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplication.java @@ -22,18 +22,36 @@ package org.onap.policy.xacml.pdp.application.guard; +import com.att.research.xacml.api.Request; +import com.att.research.xacml.api.Response; +import com.att.research.xacml.api.pdp.PDPEngine; +import com.att.research.xacml.api.pdp.PDPException; +import com.att.research.xacml.util.XACMLPolicyWriter; import com.google.common.collect.Lists; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; import java.nio.file.Path; +import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Map.Entry; +import java.util.Properties; -import org.json.JSONObject; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; + +import org.onap.policy.models.decisions.concepts.DecisionRequest; +import org.onap.policy.models.decisions.concepts.DecisionResponse; +import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; +import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConverter; import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider; +import org.onap.policy.pdp.xacml.application.common.XacmlPolicyUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.yaml.snakeyaml.Yaml; /** * This class implements the onap.policies.controlloop.Guard policy implementations. @@ -41,12 +59,14 @@ import org.slf4j.LoggerFactory; * @author pameladragosh * */ -public class GuardPdpApplication implements XacmlApplicationServiceProvider { +public class GuardPdpApplication implements ToscaPolicyConverter, XacmlApplicationServiceProvider { private static final Logger LOGGER = LoggerFactory.getLogger(GuardPdpApplication.class); private static final String STRING_VERSION100 = "1.0.0"; private Map supportedPolicyTypes = new HashMap<>(); private Path pathForData; + private Properties pdpProperties = null; + private PDPEngine pdpEngine = null; /** Constructor. * @@ -69,10 +89,26 @@ public class GuardPdpApplication implements XacmlApplicationServiceProvider { @Override public void initialize(Path pathForData) { // - // Save the path + // Save our path // this.pathForData = pathForData; LOGGER.debug("New Path is {}", this.pathForData.toAbsolutePath()); + // + // Look for and load the properties object + // + try { + pdpProperties = XacmlPolicyUtils.loadXacmlProperties(XacmlPolicyUtils.getPropertiesPath(pathForData)); + LOGGER.debug("{}", pdpProperties); + } catch (IOException e) { + LOGGER.error("{}", e); + } + // + // Create an engine + // + PDPEngine newEngine = XacmlPolicyUtils.createEngine(pdpProperties); + if (newEngine != null) { + pdpEngine = newEngine; + } } @Override @@ -97,11 +133,139 @@ public class GuardPdpApplication implements XacmlApplicationServiceProvider { @Override public void loadPolicies(Map toscaPolicies) { + try { + // + // Convert the policies first + // + List listPolicies = this.convertPolicies(toscaPolicies); + if (listPolicies.isEmpty()) { + throw new ToscaPolicyConversionException("Converted 0 policies"); + } + } catch (ToscaPolicyConversionException e) { + LOGGER.error("Failed to loadPolicies {}", e); + } + } + + @Override + public DecisionResponse makeDecision(DecisionRequest request) { + // + // Convert to a XacmlRequest + // + Request xacmlRequest = this.convertRequest(request); + // + // Now get a decision + // + Response xacmlResponse = this.xacmlDecision(xacmlRequest); + // + // Convert to a DecisionResponse + // + return this.convertResponse(xacmlResponse); + } + + @Override + public List convertPolicies(InputStream isToscaPolicy) throws ToscaPolicyConversionException { + // + // Have snakeyaml parse the object + // + Yaml yaml = new Yaml(); + Map toscaObject = yaml.load(isToscaPolicy); + // + // Return the policies + // + return scanAndConvertPolicies(toscaObject); + } + + @Override + public List convertPolicies(Map toscaObject) throws ToscaPolicyConversionException { + // + // Return the policies + // + return scanAndConvertPolicies(toscaObject); } @Override - public JSONObject makeDecision(JSONObject jsonSchema) { + public Request convertRequest(DecisionRequest request) { + // TODO Auto-generated method stub return null; } + @Override + public DecisionResponse convertResponse(Response response) { + // TODO Auto-generated method stub + return null; + } + + @SuppressWarnings("unchecked") + private List scanAndConvertPolicies(Map toscaObject) + throws ToscaPolicyConversionException { + // + // Our return object + // + List scannedPolicies = new ArrayList<>(); + // + // Iterate each of the Policies + // + List policies = (List) toscaObject.get("policies"); + for (Object policyObject : policies) { + // + // Get the contents + // + LOGGER.debug("Found policy {}", policyObject.getClass()); + Map policyContents = (Map) policyObject; + for (Entry entrySet : policyContents.entrySet()) { + LOGGER.debug("Entry set {}", entrySet); + // + // Convert this policy + // + PolicyType policy = this.convertPolicy(entrySet); + try (ByteArrayOutputStream os = new ByteArrayOutputStream()) { + XACMLPolicyWriter.writePolicyFile(os, policy); + LOGGER.debug("{}", os); + } catch (IOException e) { + LOGGER.error("Failed to convert {}", e); + } + // + // Convert and add in the new policy + // + scannedPolicies.add(policy); + } + } + + return scannedPolicies; + } + + private PolicyType convertPolicy(Entry entrySet) throws ToscaPolicyConversionException { + + return null; + } + + /** + * Make a decision call. + * + * @param request Incoming request object + * @return Response object + */ + private synchronized Response xacmlDecision(Request request) { + // + // This is what we need to return + // + Response response = null; + // + // Track some timing + // + long timeStart = System.currentTimeMillis(); + try { + response = this.pdpEngine.decide(request); + } catch (PDPException e) { + LOGGER.error("Xacml PDP Engine failed {}", e); + } finally { + // + // Track the end of timing + // + long timeEnd = System.currentTimeMillis(); + LOGGER.info("Elapsed Time: {}ms", (timeEnd - timeStart)); + } + return response; + } + } diff --git a/applications/guard/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider b/applications/guard/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider new file mode 100644 index 00000000..93084459 --- /dev/null +++ b/applications/guard/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider @@ -0,0 +1 @@ +org.onap.policy.xacml.pdp.application.guard.GuardPdpApplication \ No newline at end of file diff --git a/applications/guard/src/main/resources/RootGuardPolicy.xml b/applications/guard/src/main/resources/RootGuardPolicy.xml new file mode 100644 index 00000000..f9f47265 --- /dev/null +++ b/applications/guard/src/main/resources/RootGuardPolicy.xml @@ -0,0 +1,28 @@ + + + The root policy for supporting onap.Guard policies. + + + + + guard + + + + + + + + Default is to allow a permit - returning 0 obligations + + + + + + \ No newline at end of file diff --git a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java index 656c7275..ae4193d3 100644 --- a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java +++ b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java @@ -25,37 +25,46 @@ package org.onap.policy.xacml.pdp.application.guard; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatCode; -import com.att.research.xacml.std.annotations.XACMLAction; -import com.att.research.xacml.std.annotations.XACMLRequest; -import com.att.research.xacml.std.annotations.XACMLResource; -import com.att.research.xacml.std.annotations.XACMLSubject; +import com.att.research.xacml.util.XACMLProperties; +import com.google.common.io.Files; +import com.google.gson.Gson; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.InputStream; +import java.io.OutputStream; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.Iterator; +import java.util.Properties; +import java.util.ServiceLoader; import org.junit.Before; import org.junit.ClassRule; import org.junit.Test; import org.junit.rules.TemporaryFolder; +import org.onap.policy.common.utils.resources.TextFileUtils; +import org.onap.policy.models.decisions.concepts.DecisionRequest; +import org.onap.policy.models.decisions.serialization.DecisionRequestMessageBodyHandler; +import org.onap.policy.models.decisions.serialization.DecisionResponseMessageBodyHandler; +import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class GuardPdpApplicationTest { - @ClassRule - public static final TemporaryFolder policyFolder = new TemporaryFolder(); - - /** - * This is a simple annotation class to simulate - * requests coming in. - */ - @XACMLRequest(ReturnPolicyIdList = true) - public class MyXacmlRequest { - - @XACMLSubject(includeInResults = true) - String onapName = "Drools"; + private static final Logger LOGGER = LoggerFactory.getLogger(GuardPdpApplicationTest.class); + private static Properties properties = new Properties(); + private static File propertiesFile; + private static XacmlApplicationServiceProvider service; + private static DecisionRequest requestSinglePolicy; - @XACMLResource(includeInResults = true) - String resource = "onap.policies.Guard"; + private static Gson gsonDecisionRequest; + private static Gson gsonDecisionResponse; - @XACMLAction() - String action = "guard"; - } + @ClassRule + public static final TemporaryFolder policyFolder = new TemporaryFolder(); @Before public void setUp() throws Exception { @@ -65,32 +74,117 @@ public class GuardPdpApplicationTest { @Test public void testBasics() { assertThatCode(() -> { - GuardPdpApplication guard = new GuardPdpApplication(); // - // Set the path + // Create our Gson builder + // + gsonDecisionRequest = new DecisionRequestMessageBodyHandler().getGson(); + gsonDecisionResponse = new DecisionResponseMessageBodyHandler().getGson(); + // + // Load Single Decision Request + // + requestSinglePolicy = gsonDecisionRequest.fromJson( + TextFileUtils + .getTextFileAsString("../../main/src/test/resources/decisions/decision.single.input.json"), + DecisionRequest.class); // - guard.initialize(policyFolder.getRoot().toPath()); + // Copy all the properties and root policies to the temporary folder // - // Application name + try (InputStream is = new FileInputStream("src/test/resources/xacml.properties")) { + // + // Load it in + // + properties.load(is); + propertiesFile = policyFolder.newFile("xacml.properties"); + // + // Copy the root policies + // + for (String root : XACMLProperties.getRootPolicyIDs(properties)) { + // + // Get a file + // + Path rootPath = Paths.get(properties.getProperty(root + ".file")); + LOGGER.debug("Root file {} {}", rootPath, rootPath.getFileName()); + // + // Construct new file name + // + File newRootPath = policyFolder.newFile(rootPath.getFileName().toString()); + // + // Copy it + // + Files.copy(rootPath.toFile(), newRootPath); + assertThat(newRootPath).exists(); + // + // Point to where the new policy is in the temp dir + // + properties.setProperty(root + ".file", newRootPath.getAbsolutePath()); + } + try (OutputStream os = new FileOutputStream(propertiesFile.getAbsolutePath())) { + properties.store(os, ""); + assertThat(propertiesFile).exists(); + } + } // - assertThat(guard.applicationName()).isNotEmpty(); + // Load service + // + ServiceLoader applicationLoader = + ServiceLoader.load(XacmlApplicationServiceProvider.class); + // + // Iterate through them - I could store the object as + // XacmlApplicationServiceProvider pointer. + // + // Try this later. + // + StringBuilder strDump = new StringBuilder("Loaded applications:" + System.lineSeparator()); + Iterator iterator = applicationLoader.iterator(); + while (iterator.hasNext()) { + XacmlApplicationServiceProvider application = iterator.next(); + // + // Is it our service? + // + if (application instanceof GuardPdpApplication) { + // + // Should be the first and only one + // + assertThat(service).isNull(); + service = application; + } + strDump.append(application.applicationName()); + strDump.append(" supports "); + strDump.append(application.supportedPolicyTypes()); + strDump.append(System.lineSeparator()); + } + LOGGER.debug("{}", strDump); + // + // Tell it to initialize based on the properties file + // we just built for it. + // + service.initialize(propertiesFile.toPath().getParent()); + // + // Make sure there's an application name + // + assertThat(service.applicationName()).isNotEmpty(); // // Decisions // - assertThat(guard.actionDecisionsSupported().size()).isEqualTo(1); - assertThat(guard.actionDecisionsSupported()).contains("guard"); + assertThat(service.actionDecisionsSupported().size()).isEqualTo(1); + assertThat(service.actionDecisionsSupported()).contains("guard"); // - // Supported policy types + // Ensure it has the supported policy types and + // can support the correct policy types. // - assertThat(guard.supportedPolicyTypes()).isNotEmpty(); - assertThat(guard.supportedPolicyTypes().size()).isEqualTo(2); - assertThat(guard.canSupportPolicyType("onap.policies.controlloop.guard.FrequencyLimiter", "1.0.0")) + assertThat(service.supportedPolicyTypes()).isNotEmpty(); + assertThat(service.supportedPolicyTypes().size()).isEqualTo(2); + assertThat(service.canSupportPolicyType("onap.policies.controlloop.guard.FrequencyLimiter", "1.0.0")) .isTrue(); - assertThat(guard.canSupportPolicyType("onap.policies.controlloop.guard.FrequencyLimiter", "1.0.1")) + assertThat(service.canSupportPolicyType("onap.policies.controlloop.guard.FrequencyLimiter", "1.0.1")) .isFalse(); - assertThat(guard.canSupportPolicyType("onap.policies.controlloop.guard.MinMax", "1.0.0")).isTrue(); - assertThat(guard.canSupportPolicyType("onap.policies.controlloop.guard.MinMax", "1.0.1")).isFalse(); - assertThat(guard.canSupportPolicyType("onap.foo", "1.0.1")).isFalse(); + assertThat(service.canSupportPolicyType("onap.policies.controlloop.guard.MinMax", "1.0.0")).isTrue(); + assertThat(service.canSupportPolicyType("onap.policies.controlloop.guard.MinMax", "1.0.1")).isFalse(); + assertThat(service.canSupportPolicyType("onap.foo", "1.0.1")).isFalse(); + // + // Ensure it supports decisions + // + assertThat(service.actionDecisionsSupported()).contains("guard"); }).doesNotThrowAnyException(); } } diff --git a/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/application/monitoring/MonitoringPdpApplication.java b/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/application/monitoring/MonitoringPdpApplication.java new file mode 100644 index 00000000..ab48d134 --- /dev/null +++ b/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/application/monitoring/MonitoringPdpApplication.java @@ -0,0 +1,613 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.xacml.pdp.application.monitoring; + +import com.att.research.xacml.api.AttributeAssignment; +import com.att.research.xacml.api.DataTypeException; +import com.att.research.xacml.api.Decision; +import com.att.research.xacml.api.Obligation; +import com.att.research.xacml.api.Request; +import com.att.research.xacml.api.Response; +import com.att.research.xacml.api.Result; +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.api.pdp.PDPEngine; +import com.att.research.xacml.api.pdp.PDPException; +import com.att.research.xacml.std.annotations.RequestParser; +import com.att.research.xacml.util.XACMLPolicyScanner; +import com.att.research.xacml.util.XACMLPolicyWriter; +import com.att.research.xacml.util.XACMLProperties; +import com.google.common.collect.Lists; +import com.google.gson.Gson; + +import java.io.ByteArrayOutputStream; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Properties; +import java.util.Set; + +import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpressionType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionsType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType; + +import org.json.JSONObject; +import org.onap.policy.models.decisions.concepts.DecisionRequest; +import org.onap.policy.models.decisions.concepts.DecisionResponse; +import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; +import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; +import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConverter; +import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConverterUtils; +import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider; +import org.onap.policy.pdp.xacml.application.common.XacmlPolicyUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.yaml.snakeyaml.Yaml; + +/** + * This is the engine class that manages the instance of the XACML PDP engine. + * + *

It is responsible for initializing it and shutting it down properly in a thread-safe manner. + * + * + * @author pameladragosh + * + */ +public class MonitoringPdpApplication implements ToscaPolicyConverter, XacmlApplicationServiceProvider { + + private static final Logger LOGGER = LoggerFactory.getLogger(MonitoringPdpApplication.class); + private static final String ONAP_MONITORING_BASE_POLICY_TYPE = "onap.Monitoring"; + private static final String ONAP_MONITORING_DERIVED_POLICY_TYPE = "onap.policies.monitoring"; + + private Path pathForData = null; + private Properties pdpProperties = null; + private PDPEngine pdpEngine = null; + private Map supportedPolicyTypes = new HashMap<>(); + + /** + * Constructor. + */ + public MonitoringPdpApplication() { + // + // By default this supports just Monitoring policy types + // + supportedPolicyTypes.put(ONAP_MONITORING_BASE_POLICY_TYPE, "1.0.0"); + } + + @Override + public String applicationName() { + return "Monitoring Application"; + } + + @Override + public List actionDecisionsSupported() { + return Arrays.asList("configure"); + } + + @Override + public synchronized void initialize(Path pathForData) { + // + // Save our path + // + this.pathForData = pathForData; + LOGGER.debug("New Path is {}", this.pathForData.toAbsolutePath()); + // + // Look for and load the properties object + // + try { + pdpProperties = XacmlPolicyUtils.loadXacmlProperties(XacmlPolicyUtils.getPropertiesPath(pathForData)); + LOGGER.debug("{}", pdpProperties); + } catch (IOException e) { + LOGGER.error("{}", e); + } + // + // Create an engine + // + PDPEngine newEngine = XacmlPolicyUtils.createEngine(pdpProperties); + if (newEngine != null) { + pdpEngine = newEngine; + } + } + + @Override + public synchronized List supportedPolicyTypes() { + return Lists.newArrayList(supportedPolicyTypes.keySet()); + } + + @Override + public boolean canSupportPolicyType(String policyType, String policyTypeVersion) { + // + // For Monitoring, we will attempt to support all versions + // of the policy type. Since we are only packaging a decision + // back with a JSON payload of the property contents. + // + return (policyType.equals(ONAP_MONITORING_BASE_POLICY_TYPE) + || policyType.startsWith(ONAP_MONITORING_DERIVED_POLICY_TYPE)); + } + + @Override + public synchronized void loadPolicies(Map toscaPolicies) { + try { + // + // Convert the policies first + // + List listPolicies = this.convertPolicies(toscaPolicies); + if (listPolicies.isEmpty()) { + throw new ToscaPolicyConversionException("Converted 0 policies"); + } + // + // Read in our Root Policy + // + Set roots = XACMLProperties.getRootPolicyIDs(pdpProperties); + if (roots.isEmpty()) { + throw new ToscaPolicyConversionException("There are NO root policies defined"); + } + // + // Really only should be one + // + String rootFile = pdpProperties.getProperty(roots.iterator().next() + ".file"); + try (InputStream is = new FileInputStream(rootFile)) { + // + // Read the Root Policy into memory + // + Object policyData = XACMLPolicyScanner.readPolicy(is); + // + // Should be a PolicySet + // + if (policyData instanceof PolicySetType) { + // + // Add the referenced policies into a new Root Policy + // + PolicyType[] newPolicies = listPolicies.toArray(new PolicyType[listPolicies.size()]); + PolicySetType newRootPolicy = XacmlPolicyUtils.addPoliciesToXacmlRootPolicy( + (PolicySetType) policyData, newPolicies); + LOGGER.debug("New ROOT Policy"); + try (ByteArrayOutputStream os = new ByteArrayOutputStream()) { + XACMLPolicyWriter.writePolicyFile(os, newRootPolicy); + LOGGER.debug("{}", os); + } catch (IOException e) { + LOGGER.error("Failed to convert {}", e); + } + // + // Save the new Policies to disk + // + for (PolicyType policy : newPolicies) { + // + // Construct the filename + // + Path refPath = XacmlPolicyUtils.constructUniquePolicyFilename(policy, pathForData); + // + // Write the policy to disk + // Maybe check for an error + // + XACMLPolicyWriter.writePolicyFile(refPath, policy); + // + // Save it off + // + XacmlPolicyUtils.addReferencedPolicy(pdpProperties, refPath); + } + // + // Save the root policy to disk + // + XACMLPolicyWriter.writePolicyFile(Paths.get(rootFile), newRootPolicy); + // + // Write the policies to disk + // + XacmlPolicyUtils.storeXacmlProperties(pdpProperties, + XacmlPolicyUtils.getPropertiesPath(pathForData)); + // + // Reload the engine + // + PDPEngine newEngine = XacmlPolicyUtils.createEngine(pdpProperties); + if (newEngine != null) { + pdpEngine = newEngine; + } + } else { + throw new ToscaPolicyConversionException("Root policy isn't a PolicySet"); + } + } + } catch (IOException | ToscaPolicyConversionException e) { + LOGGER.error("Failed to loadPolicies {}", e); + } + } + + @Override + public synchronized DecisionResponse makeDecision(DecisionRequest request) { + // + // Convert to a XacmlRequest + // + Request xacmlRequest = this.convertRequest(request); + // + // Now get a decision + // + Response xacmlResponse = this.xacmlDecision(xacmlRequest); + // + // Convert to a DecisionResponse + // + return this.convertResponse(xacmlResponse); + } + + @Override + public List convertPolicies(Map toscaObject) throws ToscaPolicyConversionException { + // + // Return the policies + // + return scanAndConvertPolicies(toscaObject); + } + + @Override + public List convertPolicies(InputStream isToscaPolicy) throws ToscaPolicyConversionException { + // + // Have snakeyaml parse the object + // + Yaml yaml = new Yaml(); + Map toscaObject = yaml.load(isToscaPolicy); + // + // Return the policies + // + return scanAndConvertPolicies(toscaObject); + } + + @SuppressWarnings("unchecked") + private List scanAndConvertPolicies(Map toscaObject) + throws ToscaPolicyConversionException { + // + // Our return object + // + List scannedPolicies = new ArrayList<>(); + // + // Iterate each of the Policies + // + List policies = (List) toscaObject.get("policies"); + for (Object policyObject : policies) { + // + // Get the contents + // + LOGGER.debug("Found policy {}", policyObject.getClass()); + Map policyContents = (Map) policyObject; + for (Entry entrySet : policyContents.entrySet()) { + LOGGER.debug("Entry set {}", entrySet); + // + // Convert this policy + // + PolicyType policy = this.convertPolicy(entrySet); + try (ByteArrayOutputStream os = new ByteArrayOutputStream()) { + XACMLPolicyWriter.writePolicyFile(os, policy); + LOGGER.debug("{}", os); + } catch (IOException e) { + LOGGER.error("Failed to convert {}", e); + } + // + // Convert and add in the new policy + // + scannedPolicies.add(policy); + } + } + + return scannedPolicies; + } + + @SuppressWarnings("unchecked") + private PolicyType convertPolicy(Entry entrySet) throws ToscaPolicyConversionException { + // + // Policy name should be at the root + // + String policyName = entrySet.getKey(); + Map policyDefinition = (Map) entrySet.getValue(); + // + // Set it as the policy ID + // + PolicyType newPolicyType = new PolicyType(); + newPolicyType.setPolicyId(policyName); + // + // Optional description + // + if (policyDefinition.containsKey("description")) { + newPolicyType.setDescription(policyDefinition.get("description").toString()); + } + // + // There should be a metadata section + // + if (! policyDefinition.containsKey("metadata")) { + throw new ToscaPolicyConversionException(policyName + " missing metadata section"); + } + this.fillMetadataSection(newPolicyType, + (Map) policyDefinition.get("metadata")); + // + // Set the combining rule + // + newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_FIRST_APPLICABLE.stringValue()); + // + // Generate the TargetType + // + // + // There should be a metadata section + // + if (! policyDefinition.containsKey("type")) { + throw new ToscaPolicyConversionException(policyName + " missing type value"); + } + if (! policyDefinition.containsKey("version")) { + throw new ToscaPolicyConversionException(policyName + " missing version value"); + } + TargetType target = this.generateTargetType(policyName, + policyDefinition.get("type").toString(), + policyDefinition.get("version").toString()); + newPolicyType.setTarget(target); + // + // Now create the Permit Rule + // No target since the policy has a target + // With obligations. + // + RuleType rule = new RuleType(); + rule.setDescription("Default is to PERMIT if the policy matches."); + rule.setRuleId(policyName + ":rule"); + rule.setEffect(EffectType.PERMIT); + rule.setTarget(new TargetType()); + // + // Now represent the policy as Json + // + JSONObject jsonObligation = new JSONObject(); + jsonObligation.put(policyName, policyDefinition); + addObligation(rule, jsonObligation); + // + // Add the rule to the policy + // + newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule); + // + // Return our new policy + // + return newPolicyType; + } + + /** + * From the TOSCA metadata section, pull in values that are needed into the XACML policy. + * + * @param policy Policy Object to store the metadata + * @param metadata The Metadata TOSCA Map + * @return Same Policy Object + * @throws ToscaPolicyConversionException If there is something missing from the metadata + */ + private PolicyType fillMetadataSection(PolicyType policy, + Map metadata) throws ToscaPolicyConversionException { + if (! metadata.containsKey("policy-id")) { + throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-id"); + } else { + // + // Do nothing here - the XACML PolicyId is used from TOSCA Policy Name field + // + } + if (! metadata.containsKey("policy-version")) { + throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-version"); + } else { + // + // Add in the Policy Version + // + policy.setVersion(metadata.get("policy-version").toString()); + } + return policy; + } + + private TargetType generateTargetType(String policyId, String policyType, String policyTypeVersion) { + // + // Create all the match's that are possible + // + // This is for the Policy Id + // + MatchType matchPolicyId = ToscaPolicyConverterUtils.buildMatchTypeDesignator( + XACML3.ID_FUNCTION_STRING_EQUAL, + policyId, + XACML3.ID_DATATYPE_STRING, + ToscaDictionary.ID_RESOURCE_POLICY_ID, + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); + // + // This is for the Policy Type + // + MatchType matchPolicyType = ToscaPolicyConverterUtils.buildMatchTypeDesignator( + XACML3.ID_FUNCTION_STRING_EQUAL, + policyType, + XACML3.ID_DATATYPE_STRING, + ToscaDictionary.ID_RESOURCE_POLICY_TYPE, + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); + // + // This is for the Policy Type version + // + MatchType matchPolicyTypeVersion = ToscaPolicyConverterUtils.buildMatchTypeDesignator( + XACML3.ID_FUNCTION_STRING_EQUAL, + policyTypeVersion, + XACML3.ID_DATATYPE_STRING, + ToscaDictionary.ID_RESOURCE_POLICY_TYPE_VERSION, + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); + // + // This is our outer AnyOf - which is an OR + // + AnyOfType anyOf = new AnyOfType(); + // + // Create AllOf (AND) of just Policy Id + // + anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyId)); + // + // Create AllOf (AND) of just Policy Type + // + anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyType)); + // + // Create AllOf (AND) of Policy Type and Policy Type Version + // + anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyType, matchPolicyTypeVersion)); + // + // Now we can create the TargetType, add the top-level anyOf (OR), + // and return the value. + // + TargetType target = new TargetType(); + target.getAnyOf().add(anyOf); + return target; + } + + private RuleType addObligation(RuleType rule, JSONObject jsonPolicy) { + // + // Convert the YAML Policy to JSON Object + // + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("JSON DCAE Policy {}{}", System.lineSeparator(), jsonPolicy); + } + // + // Create an AttributeValue for it + // + AttributeValueType value = new AttributeValueType(); + value.setDataType(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_DATATYPE.stringValue()); + value.getContent().add(jsonPolicy.toString()); + // + // Create our AttributeAssignmentExpression where we will + // store the contents of the policy in JSON format. + // + AttributeAssignmentExpressionType expressionType = new AttributeAssignmentExpressionType(); + expressionType.setAttributeId(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS.stringValue()); + ObjectFactory factory = new ObjectFactory(); + expressionType.setExpression(factory.createAttributeValue(value)); + // + // Create an ObligationExpression for it + // + ObligationExpressionType obligation = new ObligationExpressionType(); + obligation.setFulfillOn(EffectType.PERMIT); + obligation.setObligationId(ToscaDictionary.ID_OBLIGATION_REST_BODY.stringValue()); + obligation.getAttributeAssignmentExpression().add(expressionType); + // + // Now we can add it into the rule + // + ObligationExpressionsType obligations = new ObligationExpressionsType(); + obligations.getObligationExpression().add(obligation); + rule.setObligationExpressions(obligations); + return rule; + } + + @Override + public Request convertRequest(DecisionRequest request) { + LOGGER.debug("Converting Request {}", request); + try { + return RequestParser.parseRequest(MonitoringRequest.createInstance(request)); + } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) { + LOGGER.error("Failed to convert DecisionRequest: {}", e); + } + // + // TODO throw exception + // + return null; + } + + @Override + public DecisionResponse convertResponse(Response xacmlResponse) { + LOGGER.debug("Converting Response {}", xacmlResponse); + DecisionResponse decisionResponse = new DecisionResponse(); + // + // Iterate through all the results + // + for (Result xacmlResult : xacmlResponse.getResults()) { + // + // Check the result + // + if (xacmlResult.getDecision() == Decision.PERMIT) { + // + // Setup policies + // + decisionResponse.setPolicies(new ArrayList<>()); + // + // Go through obligations + // + for (Obligation obligation : xacmlResult.getObligations()) { + LOGGER.debug("Obligation: {}", obligation); + for (AttributeAssignment assignment : obligation.getAttributeAssignments()) { + LOGGER.debug("Attribute Assignment: {}", assignment); + // + // We care about the content attribute + // + if (ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS + .equals(assignment.getAttributeId())) { + // + // The contents are in Json form + // + Object stringContents = assignment.getAttributeValue().getValue(); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("DCAE contents: {}{}", System.lineSeparator(), stringContents); + } + // + // Let's parse it into a map using Gson + // + Gson gson = new Gson(); + @SuppressWarnings("unchecked") + Map result = gson.fromJson(stringContents.toString() ,Map.class); + decisionResponse.getPolicies().add(result); + } + } + } + } else { + decisionResponse.setErrorMessage("A better error message"); + } + } + + return decisionResponse; + } + + /** + * Make a decision call. + * + * @param request Incoming request object + * @return Response object + */ + private synchronized Response xacmlDecision(Request request) { + // + // This is what we need to return + // + Response response = null; + // + // Track some timing + // + long timeStart = System.currentTimeMillis(); + try { + response = this.pdpEngine.decide(request); + } catch (PDPException e) { + LOGGER.error("Xacml PDP Engine failed {}", e); + } finally { + // + // Track the end of timing + // + long timeEnd = System.currentTimeMillis(); + LOGGER.info("Elapsed Time: {}ms", (timeEnd - timeStart)); + } + return response; + } +} diff --git a/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/application/monitoring/MonitoringRequest.java b/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/application/monitoring/MonitoringRequest.java new file mode 100644 index 00000000..b2e5ff9a --- /dev/null +++ b/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/application/monitoring/MonitoringRequest.java @@ -0,0 +1,78 @@ +/* + * ============LICENSE_START======================================================= + * ONAP Policy Decision Models + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.xacml.pdp.application.monitoring; + +import com.att.research.xacml.std.annotations.XACMLAction; +import com.att.research.xacml.std.annotations.XACMLRequest; +import com.att.research.xacml.std.annotations.XACMLResource; +import com.att.research.xacml.std.annotations.XACMLSubject; + +import java.util.Map; +import java.util.Map.Entry; + +import org.onap.policy.models.decisions.concepts.DecisionRequest; + +@XACMLRequest(ReturnPolicyIdList = true) +public class MonitoringRequest { + + @XACMLSubject(includeInResults = true) + String onapName = "DCAE"; + + @XACMLResource(includeInResults = true) + String resource = "onap.policies.Monitoring"; + + @XACMLAction() + String action = "configure"; + + + /** + * Parses the DecisionRequest into a MonitoringRequest. + * + * @param decisionRequest Input DecisionRequest + * @return MonitoringRequest + */ + public static MonitoringRequest createInstance(DecisionRequest decisionRequest) { + MonitoringRequest request = new MonitoringRequest(); + request.onapName = decisionRequest.getOnapName(); + request.action = decisionRequest.getAction(); + + Map resources = decisionRequest.getResource(); + for (Entry entry : resources.entrySet()) { + if (entry.getKey().equals("policy-id")) { + // + // TODO handle lists of policies + // + request.resource = entry.getValue().toString(); + continue; + } + if (entry.getKey().equals("policy-type")) { + // + // TODO handle lists of policies + // + request.resource = entry.getValue().toString(); + } + } + // + // TODO handle a bad incoming request. Do that here? + // + return request; + } +} diff --git a/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java b/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java deleted file mode 100644 index 6c53566a..00000000 --- a/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java +++ /dev/null @@ -1,539 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.xacml.pdp.engine; - -import com.att.research.xacml.api.Request; -import com.att.research.xacml.api.Response; -import com.att.research.xacml.api.XACML3; -import com.att.research.xacml.api.pdp.PDPEngine; -import com.att.research.xacml.api.pdp.PDPEngineFactory; -import com.att.research.xacml.api.pdp.PDPException; -import com.att.research.xacml.util.FactoryException; -import com.att.research.xacml.util.XACMLPolicyScanner; -import com.att.research.xacml.util.XACMLProperties; -import com.google.common.collect.Lists; - -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Properties; -import java.util.Set; - -import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpressionType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionsType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType; - -import org.json.JSONObject; -import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; -import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; -import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConverter; -import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConverterUtils; -import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider; -import org.onap.policy.pdp.xacml.application.common.XacmlUpdatePolicyUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.yaml.snakeyaml.Yaml; - -/** - * This is the engine class that manages the instance of the XACML PDP engine. - * - *

It is responsible for initializing it and shutting it down properly in a thread-safe manner. - * - * - * @author pameladragosh - * - */ -public class OnapXacmlPdpEngine implements ToscaPolicyConverter, XacmlApplicationServiceProvider { - - private static final Logger LOGGER = LoggerFactory.getLogger(OnapXacmlPdpEngine.class); - private static final String ONAP_MONITORING_BASE_POLICY_TYPE = "onap.Monitoring"; - private static final String ONAP_MONITORING_DERIVED_POLICY_TYPE = "onap.policies.monitoring"; - - - private Path pathForData = null; - private Properties pdpProperties = null; - private PDPEngine pdpEngine = null; - private Map supportedPolicyTypes = new HashMap<>(); - - /** - * Constructor. - */ - public OnapXacmlPdpEngine() { - // - // By default this supports just Monitoring policy types - // - supportedPolicyTypes.put(ONAP_MONITORING_BASE_POLICY_TYPE, "1.0.0"); - } - - /** - * Load properties from given file. - * - * @param location Path and filename - * @throws IOException If unable to read file - */ - public synchronized void loadXacmlProperties(String location) throws IOException { - try (InputStream is = new FileInputStream(location)) { - pdpProperties.load(is); - } - } - - /** - * Stores the XACML Properties to the given file location. - * - * @param location File location including name - * @throws IOException If unable to store the file. - */ - public synchronized void storeXacmlProperties(String location) throws IOException { - try (OutputStream os = new FileOutputStream(location)) { - String strComments = "#"; - pdpProperties.store(os, strComments); - } - } - - /** - * Make a decision call. - * - * @param request Incoming request object - * @return Response object - */ - public synchronized Response decision(Request request) { - // - // This is what we need to return - // - Response response = null; - // - // Track some timing - // - long timeStart = System.currentTimeMillis(); - try { - response = this.pdpEngine.decide(request); - } catch (PDPException e) { - LOGGER.error("{}", e); - } finally { - // - // Track the end of timing - // - long timeEnd = System.currentTimeMillis(); - LOGGER.info("Elapsed Time: {}ms", (timeEnd - timeStart)); - } - return response; - } - - @Override - public String applicationName() { - return "Monitoring Application"; - } - - @Override - public List actionDecisionsSupported() { - return Arrays.asList("configure"); - } - - @Override - public synchronized void initialize(Path pathForData) { - // - // Save our path - // - this.pathForData = pathForData; - LOGGER.debug("New Path is {}", this.pathForData.toAbsolutePath()); - // - // Look for and load the properties object - // - Path propertyPath = Paths.get(this.pathForData.toAbsolutePath().toString(), "xacml.properties"); - LOGGER.debug("Looking for {}", propertyPath.toAbsolutePath()); - try (InputStream is = new FileInputStream(propertyPath.toAbsolutePath().toString()) ) { - // - // Create a new properties object - // - pdpProperties = new Properties(); - // - // Load it with our values - // - pdpProperties.load(is); - LOGGER.debug("{}", pdpProperties); - } catch (IOException e) { - LOGGER.error("{}", e); - } - // - // Now initialize the XACML PDP Engine - // - try { - PDPEngineFactory factory = PDPEngineFactory.newInstance(); - this.pdpEngine = factory.newEngine(pdpProperties); - } catch (FactoryException e) { - LOGGER.error("{}", e); - } - } - - @Override - public synchronized List supportedPolicyTypes() { - return Lists.newArrayList(supportedPolicyTypes.keySet()); - } - - @Override - public boolean canSupportPolicyType(String policyType, String policyTypeVersion) { - // - // For Monitoring, we will attempt to support all versions - // of the policy type. Since we are only packaging a decision - // back with a JSON payload of the property contents. - // - return (policyType.equals(ONAP_MONITORING_BASE_POLICY_TYPE) - || policyType.startsWith(ONAP_MONITORING_DERIVED_POLICY_TYPE)); - } - - @Override - public synchronized void loadPolicies(Map toscaPolicies) { - // - // - // - try { - // - // Convert the policies first - // - List listPolicies = this.convertPolicies(toscaPolicies); - if (listPolicies.isEmpty()) { - throw new ToscaPolicyConversionException("Converted 0 policies"); - } - // - // Read in our Root Policy - // - Set roots = XACMLProperties.getRootPolicyIDs(pdpProperties); - if (roots.isEmpty()) { - throw new ToscaPolicyConversionException("There are NO root policies defined"); - } - // - // Really only should be one - // - String rootFile = pdpProperties.getProperty(roots.iterator().next() + ".file"); - try (InputStream is = new FileInputStream(rootFile)) { - Object policyData = XACMLPolicyScanner.readPolicy(is); - // - // Should be a PolicySet - // - if (policyData instanceof PolicySetType) { - PolicyType[] newPolicies = listPolicies.toArray(new PolicyType[listPolicies.size()]); - PolicySetType newRootPolicy = - XacmlUpdatePolicyUtils.updateXacmlRootPolicy((PolicySetType) policyData, newPolicies); - // - // Save the new Policies to disk - // - - // - // Save the root policy to disk - // - - // - // Update properties to declare the referenced policies - // - - // - // Write the policies to disk - // - - } else { - throw new ToscaPolicyConversionException("Root policy isn't a PolicySet"); - } - } - // - // Add to the root policy - // - } catch (IOException | ToscaPolicyConversionException e) { - LOGGER.error("Failed to loadPolicies {}", e); - } - } - - @Override - public synchronized JSONObject makeDecision(JSONObject jsonSchema) { - return null; - } - - @Override - public List convertPolicies(Map toscaObject) throws ToscaPolicyConversionException { - // - // Return the policies - // - return scanAndConvertPolicies(toscaObject); - } - - @Override - public List convertPolicies(InputStream isToscaPolicy) throws ToscaPolicyConversionException { - // - // Have snakeyaml parse the object - // - Yaml yaml = new Yaml(); - Map toscaObject = yaml.load(isToscaPolicy); - // - // Return the policies - // - return scanAndConvertPolicies(toscaObject); - } - - @SuppressWarnings("unchecked") - private List scanAndConvertPolicies(Map toscaObject) - throws ToscaPolicyConversionException { - // - // Our return object - // - List scannedPolicies = new ArrayList<>(); - // - // Iterate each of the Policies - // - List policies = (List) toscaObject.get("policies"); - for (Object policyObject : policies) { - // - // Get the contents - // - LOGGER.debug("Found policy {}", policyObject.getClass()); - Map policyContents = (Map) policyObject; - for (Entry entrySet : policyContents.entrySet()) { - LOGGER.info("Entry set {}", entrySet); - // - // Convert this policy - // - PolicyType policy = this.convertPolicy(entrySet); - // - // Convert and add in the new policy - // - scannedPolicies.add(policy); - } - } - - return scannedPolicies; - } - - @SuppressWarnings("unchecked") - private PolicyType convertPolicy(Entry entrySet) throws ToscaPolicyConversionException { - // - // Policy name should be at the root - // - String policyName = entrySet.getKey(); - Map policyDefinition = (Map) entrySet.getValue(); - // - // Set it as the policy ID - // - PolicyType newPolicyType = new PolicyType(); - newPolicyType.setPolicyId(policyName); - // - // Optional description - // - if (policyDefinition.containsKey("description")) { - newPolicyType.setDescription(policyDefinition.get("description").toString()); - } - // - // There should be a metadata section - // - if (! policyDefinition.containsKey("metadata")) { - throw new ToscaPolicyConversionException(policyName + " missing metadata section"); - } - this.fillMetadataSection(newPolicyType, - (Map) policyDefinition.get("metadata")); - // - // Set the combining rule - // - newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_FIRST_APPLICABLE.stringValue()); - // - // Generate the TargetType - // - // - // There should be a metadata section - // - if (! policyDefinition.containsKey("type")) { - throw new ToscaPolicyConversionException(policyName + " missing type value"); - } - if (! policyDefinition.containsKey("version")) { - throw new ToscaPolicyConversionException(policyName + " missing version value"); - } - TargetType target = this.generateTargetType(policyName, - policyDefinition.get("type").toString(), - policyDefinition.get("version").toString()); - newPolicyType.setTarget(target); - // - // Now create the Permit Rule - // No target since the policy has a target - // With obligations. - // - RuleType rule = new RuleType(); - rule.setDescription("Default is to PERMIT if the policy matches."); - rule.setRuleId(policyName + ":rule"); - rule.setEffect(EffectType.PERMIT); - rule.setTarget(new TargetType()); - // - // There should be properties section - this data ends up as a - // JSON BLOB that is returned back to calling application. - // - if (! policyDefinition.containsKey("properties")) { - throw new ToscaPolicyConversionException(policyName + " missing properties section"); - } - addObligation(rule, - (Map) policyDefinition.get("properties")); - // - // Add the rule to the policy - // - newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule); - // - // Return our new policy - // - return newPolicyType; - } - - /** - * From the TOSCA metadata section, pull in values that are needed into the XACML policy. - * - * @param policy Policy Object to store the metadata - * @param metadata The Metadata TOSCA Map - * @return Same Policy Object - * @throws ToscaPolicyConversionException If there is something missing from the metadata - */ - private PolicyType fillMetadataSection(PolicyType policy, - Map metadata) throws ToscaPolicyConversionException { - if (! metadata.containsKey("policy-id")) { - throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-id"); - } else { - // - // Do nothing here - the XACML PolicyId is used from TOSCA Policy Name field - // - } - if (! metadata.containsKey("policy-version")) { - throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-version"); - } else { - // - // Add in the Policy Version - // - policy.setVersion(metadata.get("policy-version").toString()); - } - return policy; - } - - private TargetType generateTargetType(String policyId, String policyType, String policyTypeVersion) { - // - // Create all the match's that are possible - // - // This is for the Policy Id - // - MatchType matchPolicyId = ToscaPolicyConverterUtils.buildMatchTypeDesignator( - XACML3.ID_FUNCTION_STRING_EQUAL, - policyId, - XACML3.ID_DATATYPE_STRING, - ToscaDictionary.ID_RESOURCE_POLICY_ID, - XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); - // - // This is for the Policy Type - // - MatchType matchPolicyType = ToscaPolicyConverterUtils.buildMatchTypeDesignator( - XACML3.ID_FUNCTION_STRING_EQUAL, - policyType, - XACML3.ID_DATATYPE_STRING, - ToscaDictionary.ID_RESOURCE_POLICY_TYPE, - XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); - // - // This is for the Policy Type version - // - MatchType matchPolicyTypeVersion = ToscaPolicyConverterUtils.buildMatchTypeDesignator( - XACML3.ID_FUNCTION_STRING_EQUAL, - policyTypeVersion, - XACML3.ID_DATATYPE_STRING, - ToscaDictionary.ID_RESOURCE_POLICY_TYPE_VERSION, - XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); - // - // This is our outer AnyOf - which is an OR - // - AnyOfType anyOf = new AnyOfType(); - // - // Create AllOf (AND) of just Policy Id - // - anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyId)); - // - // Create AllOf (AND) of just Policy Type - // - anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyType)); - // - // Create AllOf (AND) of Policy Type and Policy Type Version - // - anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyType, matchPolicyTypeVersion)); - // - // Now we can create the TargetType, add the top-level anyOf (OR), - // and return the value. - // - TargetType target = new TargetType(); - target.getAnyOf().add(anyOf); - return target; - } - - private RuleType addObligation(RuleType rule, Map properties) { - // - // Convert the YAML Policy to JSON Object - // - JSONObject jsonObject = new JSONObject(properties); - if (LOGGER.isDebugEnabled()) { - LOGGER.debug("JSON conversion {}{}", System.lineSeparator(), jsonObject); - } - // - // Create an AttributeValue for it - // - AttributeValueType value = new AttributeValueType(); - value.setDataType(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_DATATYPE.stringValue()); - value.getContent().add(jsonObject.toString()); - // - // Create our AttributeAssignmentExpression where we will - // store the contents of the policy in JSON format. - // - AttributeAssignmentExpressionType expressionType = new AttributeAssignmentExpressionType(); - expressionType.setAttributeId(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS.stringValue()); - ObjectFactory factory = new ObjectFactory(); - expressionType.setExpression(factory.createAttributeValue(value)); - // - // Create an ObligationExpression for it - // - ObligationExpressionType obligation = new ObligationExpressionType(); - obligation.setFulfillOn(EffectType.PERMIT); - obligation.setObligationId(ToscaDictionary.ID_OBLIGATION_REST_BODY.stringValue()); - obligation.getAttributeAssignmentExpression().add(expressionType); - // - // Now we can add it into the rule - // - ObligationExpressionsType obligations = new ObligationExpressionsType(); - obligations.getObligationExpression().add(obligation); - rule.setObligationExpressions(obligations); - return rule; - } - -} diff --git a/applications/monitoring/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider b/applications/monitoring/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider index 5c8dd5e6..29c6b87f 100644 --- a/applications/monitoring/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider +++ b/applications/monitoring/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider @@ -1 +1 @@ -org.onap.policy.xacml.pdp.engine.OnapXacmlPdpEngine \ No newline at end of file +org.onap.policy.xacml.pdp.application.monitoring.MonitoringPdpApplication \ No newline at end of file diff --git a/applications/monitoring/src/main/resources/RootMonitoringPolicy.xml b/applications/monitoring/src/main/resources/RootMonitoringPolicy.xml index 33b28815..5578fda9 100644 --- a/applications/monitoring/src/main/resources/RootMonitoringPolicy.xml +++ b/applications/monitoring/src/main/resources/RootMonitoringPolicy.xml @@ -4,10 +4,6 @@ - - onap.policies.Monitoring - - DCAE diff --git a/applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/application/monitoring/MonitoringPdpApplicationTest.java b/applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/application/monitoring/MonitoringPdpApplicationTest.java new file mode 100644 index 00000000..af6e6548 --- /dev/null +++ b/applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/application/monitoring/MonitoringPdpApplicationTest.java @@ -0,0 +1,309 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.xacml.pdp.application.monitoring; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatCode; +import static org.assertj.core.api.Assertions.assertThatExceptionOfType; + +import com.att.research.xacml.util.XACMLProperties; +import com.google.common.io.Files; +import com.google.gson.Gson; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.InputStream; +import java.io.OutputStream; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Properties; +import java.util.ServiceLoader; + +import org.junit.BeforeClass; +import org.junit.ClassRule; +import org.junit.Test; +import org.junit.rules.TemporaryFolder; +import org.onap.policy.common.utils.resources.TextFileUtils; +import org.onap.policy.models.decisions.concepts.DecisionRequest; +import org.onap.policy.models.decisions.concepts.DecisionResponse; +import org.onap.policy.models.decisions.serialization.DecisionRequestMessageBodyHandler; +import org.onap.policy.models.decisions.serialization.DecisionResponseMessageBodyHandler; +import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; +import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.yaml.snakeyaml.Yaml; + +public class MonitoringPdpApplicationTest { + + private static final Logger LOGGER = LoggerFactory.getLogger(MonitoringPdpApplicationTest.class); + private static Properties properties = new Properties(); + private static File propertiesFile; + private static XacmlApplicationServiceProvider service; + private static DecisionRequest requestSinglePolicy; + + private static Gson gsonDecisionRequest; + private static Gson gsonDecisionResponse; + + @ClassRule + public static final TemporaryFolder policyFolder = new TemporaryFolder(); + + /** + * Load a test engine. + */ + @BeforeClass + public static void setup() { + assertThatCode(() -> { + // + // Create our Gson builder + // + gsonDecisionRequest = new DecisionRequestMessageBodyHandler().getGson(); + gsonDecisionResponse = new DecisionResponseMessageBodyHandler().getGson(); + // + // Load Single Decision Request + // + requestSinglePolicy = gsonDecisionRequest.fromJson( + TextFileUtils + .getTextFileAsString("../../main/src/test/resources/decisions/decision.single.input.json"), + DecisionRequest.class); + // + // Copy all the properties and root policies to the temporary folder + // + try (InputStream is = new FileInputStream("src/test/resources/xacml.properties")) { + // + // Load it in + // + properties.load(is); + propertiesFile = policyFolder.newFile("xacml.properties"); + // + // Copy the root policies + // + for (String root : XACMLProperties.getRootPolicyIDs(properties)) { + // + // Get a file + // + Path rootPath = Paths.get(properties.getProperty(root + ".file")); + LOGGER.debug("Root file {} {}", rootPath, rootPath.getFileName()); + // + // Construct new file name + // + File newRootPath = policyFolder.newFile(rootPath.getFileName().toString()); + // + // Copy it + // + Files.copy(rootPath.toFile(), newRootPath); + assertThat(newRootPath).exists(); + // + // Point to where the new policy is in the temp dir + // + properties.setProperty(root + ".file", newRootPath.getAbsolutePath()); + } + try (OutputStream os = new FileOutputStream(propertiesFile.getAbsolutePath())) { + properties.store(os, ""); + assertThat(propertiesFile).exists(); + } + } + // + // Load service + // + ServiceLoader applicationLoader = + ServiceLoader.load(XacmlApplicationServiceProvider.class); + // + // Iterate through them - I could store the object as + // XacmlApplicationServiceProvider pointer. + // + // Try this later. + // + StringBuilder strDump = new StringBuilder("Loaded applications:" + System.lineSeparator()); + Iterator iterator = applicationLoader.iterator(); + while (iterator.hasNext()) { + XacmlApplicationServiceProvider application = iterator.next(); + // + // Is it our service? + // + if (application instanceof MonitoringPdpApplication) { + // + // Should be the first and only one + // + assertThat(service).isNull(); + service = application; + } + strDump.append(application.applicationName()); + strDump.append(" supports "); + strDump.append(application.supportedPolicyTypes()); + strDump.append(System.lineSeparator()); + } + LOGGER.debug("{}", strDump); + // + // Tell it to initialize based on the properties file + // we just built for it. + // + service.initialize(propertiesFile.toPath().getParent()); + // + // Make sure there's an application name + // + assertThat(service.applicationName()).isNotEmpty(); + // + // Ensure it has the supported policy types and + // can support the correct policy types. + // + assertThat(service.canSupportPolicyType("onap.Monitoring", "1.0.0")).isTrue(); + assertThat(service.canSupportPolicyType("onap.Monitoring", "1.5.0")).isTrue(); + assertThat(service.canSupportPolicyType("onap.policies.monitoring.foobar", "1.0.1")).isTrue(); + assertThat(service.canSupportPolicyType("onap.foobar", "1.0.0")).isFalse(); + assertThat(service.supportedPolicyTypes()).contains("onap.Monitoring"); + // + // Ensure it supports decisions + // + assertThat(service.actionDecisionsSupported()).contains("configure"); + }).doesNotThrowAnyException(); + } + + @Test + public void testNoPolicies() { + // + // Make a simple decision - NO policies are loaded + // + assertThatCode(() -> { + // + // Ask for a decision + // + DecisionResponse response = service.makeDecision(requestSinglePolicy); + LOGGER.info("Decision {}", response); + + assertThat(response).isNotNull(); + assertThat(response.getErrorMessage()).isNullOrEmpty(); + assertThat(response.getPolicies().size()).isEqualTo(0); + + }).doesNotThrowAnyException(); + } + + @SuppressWarnings("unchecked") + @Test + public void testvDnsPolicy() { + // + // Now load the vDNS Policy - make sure + // the pdp can support it and have it load + // into the PDP. + // + assertThatCode(() -> { + try (InputStream is = new FileInputStream("src/test/resources/vDNS.policy.input.yaml")) { + Yaml yaml = new Yaml(); + Map toscaObject = yaml.load(is); + List policies = (List) toscaObject.get("policies"); + // + // What we should really do is split the policies out from the ones that + // are not supported to ones that are. And then load these. + // + // In another future review.... + // + for (Object policyObject : policies) { + // + // Get the contents + // + Map policyContents = (Map) policyObject; + for (Entry entrySet : policyContents.entrySet()) { + LOGGER.info("Entry set {}", entrySet.getKey()); + Map policyDefinition = (Map) entrySet.getValue(); + // + // Find the type and make sure the engine supports it + // + assertThat(policyDefinition.containsKey("type")).isTrue(); + assertThat(service.canSupportPolicyType( + policyDefinition.get("type").toString(), + policyDefinition.get("version").toString())) + .isTrue(); + } + } + // + // Just go ahead and load them all for now + // + // Assuming all are supported etc. + // + service.loadPolicies(toscaObject); + // + // Ask for a decision + // + DecisionResponse response = service.makeDecision(requestSinglePolicy); + LOGGER.info("Decision {}", response); + + assertThat(response).isNotNull(); + assertThat(response.getPolicies().size()).isEqualTo(1); + // + // Dump it out as Json + // + LOGGER.info(gsonDecisionResponse.toJson(response)); + } + }).doesNotThrowAnyException(); + } + + @Test + public void testBadPolicies() { + // + // No need for service, just test some of the methods + // for bad policies + // + MonitoringPdpApplication onapPdpEngine = new MonitoringPdpApplication(); + + assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> { + try (InputStream is = + new FileInputStream("src/test/resources/test.monitoring.policy.missingmetadata.yaml")) { + onapPdpEngine.convertPolicies(is); + } + }).withMessageContaining("missing metadata section"); + + assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> { + try (InputStream is = + new FileInputStream("src/test/resources/test.monitoring.policy.missingtype.yaml")) { + onapPdpEngine.convertPolicies(is); + } + }).withMessageContaining("missing type value"); + + assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> { + try (InputStream is = + new FileInputStream("src/test/resources/test.monitoring.policy.missingversion.yaml")) { + onapPdpEngine.convertPolicies(is); + } + }).withMessageContaining("missing version value"); + + assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> { + try (InputStream is = + new FileInputStream("src/test/resources/test.monitoring.policy.badmetadata.1.yaml")) { + onapPdpEngine.convertPolicies(is); + } + }).withMessageContaining("missing metadata policy-version"); + + assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> { + try (InputStream is = + new FileInputStream("src/test/resources/test.monitoring.policy.badmetadata.2.yaml")) { + onapPdpEngine.convertPolicies(is); + } + }).withMessageContaining("missing metadata policy-id"); + } + +} diff --git a/applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngineTest.java b/applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngineTest.java deleted file mode 100644 index 940a974b..00000000 --- a/applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngineTest.java +++ /dev/null @@ -1,296 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.xacml.pdp.engine; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatCode; -import static org.assertj.core.api.Assertions.assertThatExceptionOfType; -import static org.junit.Assert.assertEquals; - -import com.att.research.xacml.api.Decision; -import com.att.research.xacml.api.Response; -import com.att.research.xacml.api.Result; -import com.att.research.xacml.std.annotations.RequestParser; -import com.att.research.xacml.std.annotations.XACMLAction; -import com.att.research.xacml.std.annotations.XACMLRequest; -import com.att.research.xacml.std.annotations.XACMLResource; -import com.att.research.xacml.std.annotations.XACMLSubject; -import com.att.research.xacml.util.XACMLProperties; -import com.google.common.io.Files; - -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.InputStream; -import java.io.OutputStream; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.util.Iterator; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Properties; -import java.util.ServiceLoader; - -import org.junit.BeforeClass; -import org.junit.ClassRule; -import org.junit.Test; -import org.junit.rules.TemporaryFolder; -import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; -import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.yaml.snakeyaml.Yaml; - -public class OnapXacmlPdpEngineTest { - - private static final Logger LOGGER = LoggerFactory.getLogger(OnapXacmlPdpEngineTest.class); - private static OnapXacmlPdpEngine onapPdpEngine; - private static Properties properties = new Properties(); - private static File propertiesFile; - - @ClassRule - public static final TemporaryFolder policyFolder = new TemporaryFolder(); - - /** - * This is a simple annotation class to simulate - * requests coming in. - */ - @XACMLRequest(ReturnPolicyIdList = true) - public class MyXacmlRequest { - - @XACMLSubject(includeInResults = true) - String onapName = "DCAE"; - - @XACMLResource(includeInResults = true) - String resource = "onap.policies.Monitoring"; - - @XACMLAction() - String action = "configure"; - } - - /** - * Load a test engine. - */ - @BeforeClass - public static void setup() { - assertThatCode(() -> { - // - // Copy all the properties and root policies to the temporary folder - // - try (InputStream is = new FileInputStream("src/test/resources/xacml.properties")) { - // - // Load it in - // - properties.load(is); - propertiesFile = policyFolder.newFile("xacml.properties"); - // - // Copy the root policies - // - for (String root : XACMLProperties.getRootPolicyIDs(properties)) { - // - // Get a file - // - Path rootPath = Paths.get(properties.getProperty(root + ".file")); - LOGGER.debug("Root file {} {}", rootPath, rootPath.getFileName()); - // - // Construct new file name - // - File newRootPath = policyFolder.newFile(rootPath.getFileName().toString()); - // - // Copy it - // - Files.copy(rootPath.toFile(), newRootPath); - assertThat(newRootPath).exists(); - // - // Point to where the new policy is in the temp dir - // - properties.setProperty(root + ".file", newRootPath.getAbsolutePath()); - } - try (OutputStream os = new FileOutputStream(propertiesFile.getAbsolutePath())) { - properties.store(os, ""); - assertThat(propertiesFile).exists(); - } - } - // - // Load service - // - ServiceLoader applicationLoader = - ServiceLoader.load(XacmlApplicationServiceProvider.class); - // - // Iterate through them - I could store the object as - // XacmlApplicationServiceProvider pointer. - // - // Try this later. - // - StringBuilder strDump = new StringBuilder("Loaded applications:" + System.lineSeparator()); - Iterator iterator = applicationLoader.iterator(); - while (iterator.hasNext()) { - XacmlApplicationServiceProvider application = iterator.next(); - strDump.append(application.applicationName()); - strDump.append(" supports "); - strDump.append(application.supportedPolicyTypes()); - strDump.append(System.lineSeparator()); - } - LOGGER.debug("{}", strDump); - // - // Create the engine instance - // - onapPdpEngine = new OnapXacmlPdpEngine(); - // - // Tell it to initialize based on the properties file - // we just built for it. - // - onapPdpEngine.initialize(propertiesFile.toPath().getParent()); - // - // Make sure there's an application name - // - assertThat(onapPdpEngine.applicationName()).isNotEmpty(); - // - // Ensure it has the supported policy types and - // can support the correct policy types. - // - assertThat(onapPdpEngine.canSupportPolicyType("onap.Monitoring", "1.0.0")).isTrue(); - assertThat(onapPdpEngine.canSupportPolicyType("onap.Monitoring", "1.5.0")).isTrue(); - assertThat(onapPdpEngine.canSupportPolicyType("onap.policies.monitoring.foobar", "1.0.1")).isTrue(); - assertThat(onapPdpEngine.canSupportPolicyType("onap.foobar", "1.0.0")).isFalse(); - assertThat(onapPdpEngine.supportedPolicyTypes()).contains("onap.Monitoring"); - // - // Ensure it supports decisions - // - assertThat(onapPdpEngine.actionDecisionsSupported()).contains("configure"); - }).doesNotThrowAnyException(); - } - - @Test - public void testNoPolicies() { - // - // Make a simple decision - NO policies are loaded - // - assertThatCode(() -> { - Response response = onapPdpEngine.decision(RequestParser.parseRequest(new MyXacmlRequest())); - for (Result result : response.getResults()) { - LOGGER.info("Decision {}", result.getDecision()); - assertEquals(Decision.PERMIT, result.getDecision()); - } - }).doesNotThrowAnyException(); - } - - @SuppressWarnings("unchecked") - @Test - public void testvDnsPolicy() { - // - // Now load the vDNS Policy - make sure - // the pdp can support it and have it load - // into the PDP. - // - assertThatCode(() -> { - try (InputStream is = new FileInputStream("src/test/resources/vDNS.policy.input.yaml")) { - Yaml yaml = new Yaml(); - Map toscaObject = yaml.load(is); - List policies = (List) toscaObject.get("policies"); - // - // What we should really do is split the policies out from the ones that - // are not supported to ones that are. And then load these. - // - // In another future review.... - // - for (Object policyObject : policies) { - // - // Get the contents - // - Map policyContents = (Map) policyObject; - for (Entry entrySet : policyContents.entrySet()) { - LOGGER.info("Entry set {}", entrySet.getKey()); - Map policyDefinition = (Map) entrySet.getValue(); - // - // Find the type and make sure the engine supports it - // - assertThat(policyDefinition.containsKey("type")).isTrue(); - assertThat(onapPdpEngine.canSupportPolicyType( - policyDefinition.get("type").toString(), - policyDefinition.get("version").toString())) - .isTrue(); - } - } - // - // Just go ahead and load them all for now - // - // Assuming all are supported etc. - // - onapPdpEngine.loadPolicies(toscaObject); - - //List policies = onapPdpEngine.convertPolicies(is); - // - // Should have a policy - //// assertThat(policies.isEmpty()).isFalse(); - } - }).doesNotThrowAnyException(); - } - - @Test - public void testBadPolicies() { - assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> { - try (InputStream is = - new FileInputStream("src/test/resources/test.monitoring.policy.missingmetadata.yaml")) { - onapPdpEngine.convertPolicies(is); - } - }).withMessageContaining("missing metadata section"); - - assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> { - try (InputStream is = - new FileInputStream("src/test/resources/test.monitoring.policy.missingtype.yaml")) { - onapPdpEngine.convertPolicies(is); - } - }).withMessageContaining("missing type value"); - - assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> { - try (InputStream is = - new FileInputStream("src/test/resources/test.monitoring.policy.missingversion.yaml")) { - onapPdpEngine.convertPolicies(is); - } - }).withMessageContaining("missing version value"); - - assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> { - try (InputStream is = - new FileInputStream("src/test/resources/test.monitoring.policy.badmetadata.1.yaml")) { - onapPdpEngine.convertPolicies(is); - } - }).withMessageContaining("missing metadata policy-version"); - - assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> { - try (InputStream is = - new FileInputStream("src/test/resources/test.monitoring.policy.badmetadata.2.yaml")) { - onapPdpEngine.convertPolicies(is); - } - }).withMessageContaining("missing metadata policy-id"); - - assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> { - try (InputStream is = - new FileInputStream("src/test/resources/test.monitoring.policy.missingproperties.yaml")) { - onapPdpEngine.convertPolicies(is); - } - }).withMessageContaining("missing properties section"); - } - -} diff --git a/applications/monitoring/src/test/resources/vDNS.policy.input.yaml b/applications/monitoring/src/test/resources/vDNS.policy.input.yaml index ee12c702..763af75f 100644 --- a/applications/monitoring/src/test/resources/vDNS.policy.input.yaml +++ b/applications/monitoring/src/test/resources/vDNS.policy.input.yaml @@ -8,27 +8,28 @@ policies: policy-id: onap.scaleout.tca policy-version: 1 properties: - domain: measurementsForVfScaling - metricsPerEventName: - - - eventName: vLoadBalancer - controlLoopSchemaType: VNF - policyScope: "type=configuration" - policyName: "onap.scaleout.tca" - policyVersion: "v0.0.1" - thresholds: - - closedLoopControlName: "CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A" - closedLoopEventStatus: ONSET - version: "1.0.2" - fieldPath: "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated" - thresholdValue: 500 - direction: LESS_OR_EQUAL - severity: MAJOR - - - closedLoopControlName: "CL-LBAL-LOW-TRAFFIC-SIG-0C5920A6-B564-8035-C878-0E814352BC2B" - closedLoopEventStatus: ONSET - version: "1.0.2" - fieldPath: "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated" - thresholdValue: 5000 - direction: GREATER_OR_EQUAL - severity: CRITICAL + tca_policy: + domain: measurementsForVfScaling + metricsPerEventName: + - + eventName: vLoadBalancer + controlLoopSchemaType: VNF + policyScope: "type=configuration" + policyName: "onap.scaleout.tca" + policyVersion: "v0.0.1" + thresholds: + - closedLoopControlName: "CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A" + closedLoopEventStatus: ONSET + version: "1.0.2" + fieldPath: "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated" + thresholdValue: 500 + direction: LESS_OR_EQUAL + severity: MAJOR + - + closedLoopControlName: "CL-LBAL-LOW-TRAFFIC-SIG-0C5920A6-B564-8035-C878-0E814352BC2B" + closedLoopEventStatus: ONSET + version: "1.0.2" + fieldPath: "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated" + thresholdValue: 5000 + direction: GREATER_OR_EQUAL + severity: CRITICAL diff --git a/main/pom.xml b/main/pom.xml index b769f37a..f4b0c9f4 100644 --- a/main/pom.xml +++ b/main/pom.xml @@ -66,6 +66,11 @@ monitoring ${project.version} + + org.onap.policy.xacml-pdp.applications + guard + ${project.version} + diff --git a/main/src/main/java/org/onap/policy/pdpx/main/rest/model/Decision.java b/main/src/main/java/org/onap/policy/pdpx/main/rest/model/Decision.java index 4504cb1b..f5c9a4d8 100644 --- a/main/src/main/java/org/onap/policy/pdpx/main/rest/model/Decision.java +++ b/main/src/main/java/org/onap/policy/pdpx/main/rest/model/Decision.java @@ -27,6 +27,8 @@ public class Decision { String onapName; + String onapComponent; + String onapInstance; String action; diff --git a/main/src/test/java/org/onap/policy/pdpx/main/rest/TestXacmlPdpRestServer.java b/main/src/test/java/org/onap/policy/pdpx/main/rest/TestXacmlPdpRestServer.java index 1ec649cb..316abac7 100644 --- a/main/src/test/java/org/onap/policy/pdpx/main/rest/TestXacmlPdpRestServer.java +++ b/main/src/test/java/org/onap/policy/pdpx/main/rest/TestXacmlPdpRestServer.java @@ -230,7 +230,7 @@ public class TestXacmlPdpRestServer { @Override public void checkServerTrusted(final java.security.cert.X509Certificate[] certs, final String authType) {} - }}; + } }; final SSLContext sc = SSLContext.getInstance("TLSv1.2"); sc.init(null, noopTrustManager, new SecureRandom()); diff --git a/main/src/test/resources/decisions/decision.multiple.input.json b/main/src/test/resources/decisions/decision.multiple.input.json new file mode 100644 index 00000000..f2e760c1 --- /dev/null +++ b/main/src/test/resources/decisions/decision.multiple.input.json @@ -0,0 +1,12 @@ +{ + "ONAPName": "DCAE", + "ONAPComponent": "PolicyHandler", + "ONAPInstance": "622431a4-9dea-4eae-b443-3b2164639c64", + "action": "configure", + "resource": { + "policy-id": [ + "onap.scaleout.tca", + "onap.restart.tca" + ] + } +} \ No newline at end of file diff --git a/main/src/test/resources/decisions/decision.multiple.output.json b/main/src/test/resources/decisions/decision.multiple.output.json new file mode 100644 index 00000000..003a25b6 --- /dev/null +++ b/main/src/test/resources/decisions/decision.multiple.output.json @@ -0,0 +1,87 @@ +{ + "policies": { + "onap.scaleout.tca": { + "type": "onap.policies.monitoring.cdap.tca.hi.lo.app", + "version": "1.0.0", + "metadata": { + "policy-id": "onap.scaleout.tca" + }, + "properties": { + "tca_policy": { + "domain": "measurementsForVfScaling", + "metricsPerEventName": [ + { + "eventName": "vLoadBalancer", + "controlLoopSchemaType": "VNF", + "policyScope": "type=configuration", + "policyName": "onap.scaleout.tca", + "policyVersion": "v0.0.1", + "thresholds": [ + { + "closedLoopControlName": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", + "closedLoopEventStatus": "ONSET", + "version": "1.0.2", + "fieldPath": "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated", + "thresholdValue": 500, + "direction": "LESS_OR_EQUAL", + "severity": "MAJOR" + }, + { + "closedLoopControlName": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", + "closedLoopEventStatus": "ONSET", + "version": "1.0.2", + "fieldPath": "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated", + "thresholdValue": 5000, + "direction": "GREATER_OR_EQUAL", + "severity": "CRITICAL" + } + ] + } + ] + } + } + }, + "onap.restart.tca": { + "type": "onap.policies.monitoring.cdap.tca.hi.lo.app", + "version": "1.0.0", + "metadata": { + "policy-id": "onap.restart.tca", + "policy-version": 1 + }, + "properties": { + "tca_policy": { + "domain": "measurementsForVfScaling", + "metricsPerEventName": [ + { + "eventName": "Measurement_vGMUX", + "controlLoopSchemaType": "VNF", + "policyScope": "DCAE", + "policyName": "DCAE.Config_tca-hi-lo", + "policyVersion": "v0.0.1", + "thresholds": [ + { + "closedLoopControlName": "ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e", + "version": "1.0.2", + "fieldPath": "$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value", + "thresholdValue": 0, + "direction": "EQUAL", + "severity": "MAJOR", + "closedLoopEventStatus": "ABATED" + }, + { + "closedLoopControlName": "ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e", + "version": "1.0.2", + "fieldPath": "$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value", + "thresholdValue": 0, + "direction": "GREATER", + "severity": "CRITICAL", + "closedLoopEventStatus": "ONSET" + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/main/src/test/resources/decisions/decision.policytype.input.json b/main/src/test/resources/decisions/decision.policytype.input.json new file mode 100644 index 00000000..5a609cac --- /dev/null +++ b/main/src/test/resources/decisions/decision.policytype.input.json @@ -0,0 +1,9 @@ +{ + "ONAPName": "DCAE", + "ONAPComponent": "PolicyHandler", + "ONAPInstance": "622431a4-9dea-4eae-b443-3b2164639c64", + "action": "configure", + "resource": { + "policy-type": "onap.policies.monitoring.cdap.tca.hi.lo.app" + } +} \ No newline at end of file diff --git a/main/src/test/resources/decisions/decision.policytype.output.json b/main/src/test/resources/decisions/decision.policytype.output.json new file mode 100644 index 00000000..7d164a81 --- /dev/null +++ b/main/src/test/resources/decisions/decision.policytype.output.json @@ -0,0 +1,129 @@ +{ + "policies": { + "onap.scaleout.tca": { + "type": "onap.policies.monitoring.cdap.tca.hi.lo.app", + "version": "1.0.0", + "metadata": { + "policy-id": "onap.scaleout.tca" + }, + "properties": { + "tca_policy": { + "domain": "measurementsForVfScaling", + "metricsPerEventName": [ + { + "eventName": "vLoadBalancer", + "controlLoopSchemaType": "VNF", + "policyScope": "type=configuration", + "policyName": "onap.scaleout.tca", + "policyVersion": "v0.0.1", + "thresholds": [ + { + "closedLoopControlName": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", + "closedLoopEventStatus": "ONSET", + "version": "1.0.2", + "fieldPath": "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated", + "thresholdValue": 500, + "direction": "LESS_OR_EQUAL", + "severity": "MAJOR" + }, + { + "closedLoopControlName": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", + "closedLoopEventStatus": "ONSET", + "version": "1.0.2", + "fieldPath": "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated", + "thresholdValue": 5000, + "direction": "GREATER_OR_EQUAL", + "severity": "CRITICAL" + } + ] + } + ] + } + } + }, + "onap.restart.tca": { + "type": "onap.policies.monitoring.cdap.tca.hi.lo.app", + "version": "1.0.0", + "metadata": { + "policy-id": "onap.restart.tca", + "policy-version": 1 + }, + "properties": { + "tca_policy": { + "domain": "measurementsForVfScaling", + "metricsPerEventName": [ + { + "eventName": "Measurement_vGMUX", + "controlLoopSchemaType": "VNF", + "policyScope": "DCAE", + "policyName": "DCAE.Config_tca-hi-lo", + "policyVersion": "v0.0.1", + "thresholds": [ + { + "closedLoopControlName": "ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e", + "version": "1.0.2", + "fieldPath": "$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value", + "thresholdValue": 0, + "direction": "EQUAL", + "severity": "MAJOR", + "closedLoopEventStatus": "ABATED" + }, + { + "closedLoopControlName": "ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e", + "version": "1.0.2", + "fieldPath": "$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value", + "thresholdValue": 0, + "direction": "GREATER", + "severity": "CRITICAL", + "closedLoopEventStatus": "ONSET" + } + ] + } + ] + } + } + }, + "onap.vfirewall.tca": { + "type": "onap.policy.monitoring.cdap.tca.hi.lo.app", + "version": "1.0.0", + "metadata": { + "policy-id": "onap.vfirewall.tca", + "policy-version": 1 + }, + "properties": { + "tca_policy": { + "domain": "measurementsForVfScaling", + "metricsPerEventName": [ + { + "eventName": "vLoadBalancer", + "controlLoopSchemaType": "VNF", + "policyScope": "resource=vLoadBalancer;type=configuration", + "policyName": "onap.vfirewall.tca", + "policyVersion": "v0.0.1", + "thresholds": [ + { + "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", + "closedLoopEventStatus": "ONSET", + "version": "1.0.2", + "fieldPath": "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated", + "thresholdValue": 500, + "direction": "LESS_OR_EQUAL", + "severity": "MAJOR" + }, + { + "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", + "closedLoopEventStatus": "ONSET", + "version": "1.0.2", + "fieldPath": "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated", + "thresholdValue": 5000, + "direction": "GREATER_OR_EQUAL", + "severity": "CRITICAL" + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/main/src/test/resources/decisions/decision.single.input.json b/main/src/test/resources/decisions/decision.single.input.json new file mode 100644 index 00000000..07a1adab --- /dev/null +++ b/main/src/test/resources/decisions/decision.single.input.json @@ -0,0 +1,9 @@ +{ + "ONAPName": "DCAE", + "ONAPComponent": "PolicyHandler", + "ONAPInstance": "622431a4-9dea-4eae-b443-3b2164639c64", + "action": "configure", + "resource": { + "policy-id": "onap.scaleout.tca" + } +} \ No newline at end of file diff --git a/main/src/test/resources/decisions/decsion.single.output.json b/main/src/test/resources/decisions/decsion.single.output.json new file mode 100644 index 00000000..707a3964 --- /dev/null +++ b/main/src/test/resources/decisions/decsion.single.output.json @@ -0,0 +1,46 @@ +{ + "policies": { + "onap.scaleout.tca": { + "type": "onap.policies.monitoring.cdap.tca.hi.lo.app", + "version": "1.0.0", + "metadata": { + "policy-id": "onap.scaleout.tca", + "policy-version": 1 + }, + "properties": { + "tca_policy": { + "domain": "measurementsForVfScaling", + "metricsPerEventName": [ + { + "eventName": "vLoadBalancer", + "controlLoopSchemaType": "VNF", + "policyScope": "type=configuration", + "policyName": "onap.scaleout.tca", + "policyVersion": "v0.0.1", + "thresholds": [ + { + "closedLoopControlName": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", + "closedLoopEventStatus": "ONSET", + "version": "1.0.2", + "fieldPath": "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated", + "thresholdValue": 500, + "direction": "LESS_OR_EQUAL", + "severity": "MAJOR" + }, + { + "closedLoopControlName": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", + "closedLoopEventStatus": "ONSET", + "version": "1.0.2", + "fieldPath": "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated", + "thresholdValue": 5000, + "direction": "GREATER_OR_EQUAL", + "severity": "CRITICAL" + } + ] + } + ] + } + } + } + } +} \ No newline at end of file diff --git a/pom.xml b/pom.xml index fea5818d..7b413785 100644 --- a/pom.xml +++ b/pom.xml @@ -46,6 +46,7 @@ reuseReports 1.4.0-SNAPSHOT + 2.0.0-SNAPSHOT @@ -108,6 +109,16 @@ xacml-pdp 2.0.0 + + org.onap.policy.models + models-decisions + ${policy.models.version} + + + org.onap.policy.models + policy-models-tosca + ${policy.models.version} + -- cgit 1.2.3-korg