From fca3dd7b4bdc33b579750004c9d3bc163d20a2a7 Mon Sep 17 00:00:00 2001 From: Joshua Reich Date: Mon, 8 Apr 2019 09:41:36 -0700 Subject: Add Control Loop Coordination policy. Refactor code to support multiple pip engines. Add pip engine for outcome. Modify LegacyGuardTranslator to use coordination translator's convertPolicy function when processing coordination guard. This version of convertPolicy intentionally uses string replacement on template-like xacml coordination guard to enable future support for API-based creation of new coordination guard types. Bug fixes and code cleanup. * Unused imports, sonar problems. * Consolidation of getAttribute method * Only use TypedQuery for Pips Issue-ID: POLICY-1471 Change-Id: I4e9365b7f23bee96cf438dad44feda97c65f6ecc Signed-off-by: Joshua Reich Signed-off-by: Pamela Dragosh --- .../common/OnapOperationsHistoryDbao.java | 82 ----- .../common/OnapOperationsHistoryPipEngine.java | 353 --------------------- .../xacml/application/common/ToscaDictionary.java | 54 ++-- .../CountRecentOperationsPip.java | 221 +++++++++++++ .../application/common/operationshistory/Dbao.java | 78 +++++ .../operationshistory/GetOperationOutcomePip.java | 160 ++++++++++ .../xacml/application/common/std/StdOnapPip.java | 183 +++++++++++ .../std/StdXacmlApplicationServiceProvider.java | 9 +- 8 files changed, 678 insertions(+), 462 deletions(-) delete mode 100644 applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryDbao.java delete mode 100644 applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryPipEngine.java create mode 100644 applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/CountRecentOperationsPip.java create mode 100644 applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/Dbao.java create mode 100644 applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/GetOperationOutcomePip.java create mode 100644 applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdOnapPip.java (limited to 'applications/common/src/main') diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryDbao.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryDbao.java deleted file mode 100644 index 3075a6bd..00000000 --- a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryDbao.java +++ /dev/null @@ -1,82 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.pdp.xacml.application.common; - -import java.io.Serializable; -import java.util.Date; - -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.Id; -import javax.persistence.Table; - -import lombok.Data; - -@Entity -@Table(name = "operationshistory") -@Data -public class OnapOperationsHistoryDbao implements Serializable { - - private static final long serialVersionUID = -551420180714993577L; - - @Id - @GeneratedValue - @Column(name = "id") - private Long id; - - @Column(name = "closedLoopName", length = 255) - private String clName; - - @Column(name = "requestId", length = 50) - private String requestId; - - @Column(name = "subrequestId", length = 50) - private String subrequestId; - - @Column(name = "actor", length = 50) - private String actor; - - @Column(name = "operation", length = 50) - private String operation; - - @Column(name = "target", length = 50) - private String target; - - @Column(name = "starttime") - private Date starttime; - - @Column(name = "outcome", length = 50) - private String outcome; - - @Column(name = "message", length = 255) - private String message; - - @Column(name = "endtime") - private Date endtime; - - public OnapOperationsHistoryDbao() { - super(); - } - -} diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryPipEngine.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryPipEngine.java deleted file mode 100644 index 3d316b9a..00000000 --- a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/OnapOperationsHistoryPipEngine.java +++ /dev/null @@ -1,353 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.pdp.xacml.application.common; - -import com.att.research.xacml.api.Attribute; -import com.att.research.xacml.api.AttributeValue; -import com.att.research.xacml.api.Identifier; -import com.att.research.xacml.api.XACML3; -import com.att.research.xacml.api.pip.PIPException; -import com.att.research.xacml.api.pip.PIPFinder; -import com.att.research.xacml.api.pip.PIPRequest; -import com.att.research.xacml.api.pip.PIPResponse; -import com.att.research.xacml.std.StdMutableAttribute; -import com.att.research.xacml.std.datatypes.DataTypes; -import com.att.research.xacml.std.pip.StdMutablePIPResponse; -import com.att.research.xacml.std.pip.StdPIPRequest; -import com.att.research.xacml.std.pip.StdPIPResponse; -import com.att.research.xacml.std.pip.engines.StdConfigurableEngine; -import com.google.common.base.Strings; - -import java.math.BigInteger; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.Iterator; -import java.util.Properties; - -import javax.persistence.EntityManager; -import javax.persistence.Persistence; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -public class OnapOperationsHistoryPipEngine extends StdConfigurableEngine { - private static Logger logger = LoggerFactory.getLogger(OnapOperationsHistoryPipEngine.class); - - private static final PIPRequest PIP_REQUEST_ACTOR = new StdPIPRequest( - XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, - ToscaDictionary.ID_RESOURCE_GUARD_ACTOR, - XACML3.ID_DATATYPE_STRING); - - private static final PIPRequest PIP_REQUEST_RECIPE = new StdPIPRequest( - XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, - ToscaDictionary.ID_RESOURCE_GUARD_RECIPE, - XACML3.ID_DATATYPE_STRING); - - private static final PIPRequest PIP_REQUEST_TARGET = new StdPIPRequest( - XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, - ToscaDictionary.ID_RESOURCE_GUARD_TARGETID, - XACML3.ID_DATATYPE_STRING); - - private Properties properties; - - public OnapOperationsHistoryPipEngine() { - super(); - } - - @Override - public Collection attributesRequired() { - return Arrays.asList(PIP_REQUEST_ACTOR, PIP_REQUEST_RECIPE, PIP_REQUEST_TARGET); - } - - @Override - public Collection attributesProvided() { - return Collections.emptyList(); - } - - @Override - public PIPResponse getAttributes(PIPRequest pipRequest, PIPFinder pipFinder) throws PIPException { - logger.debug("getAttributes requesting attribute {} of type {} for issuer {}", - pipRequest.getAttributeId(), pipRequest.getDataTypeId(), pipRequest.getIssuer()); - // - // Determine if the issuer is correct - // - if (Strings.isNullOrEmpty(pipRequest.getIssuer())) { - logger.debug("issuer is null - returning empty response"); - // - // We only respond to ourself as the issuer - // - return StdPIPResponse.PIP_RESPONSE_EMPTY; - } - if (! pipRequest.getIssuer().startsWith(ToscaDictionary.GUARD_ISSUER)) { - logger.debug("Issuer does not start with guard"); - // - // We only respond to ourself as the issuer - // - return StdPIPResponse.PIP_RESPONSE_EMPTY; - } - // - // Parse out the issuer which denotes the time window - // - // Eg: urn:org:onapxacml:guard:historydb:tw:10:minute - // - String[] s1 = pipRequest.getIssuer().split("tw:"); - String[] s2 = s1[1].split(":"); - int timeWindowVal = Integer.parseInt(s2[0]); - String timeWindowScale = s2[1]; - // - // Grab other attribute values - // - String actor = getActor(pipFinder); - String operation = getRecipe(pipFinder); - String target = getTarget(pipFinder); - String timeWindow = timeWindowVal + " " + timeWindowScale; - logger.info("Going to query DB about: actor {} operation {} target {} time window {}", - actor, operation, target, timeWindow); - // - // Sanity check - // - if (actor == null || operation == null || target == null) { - // - // See if we have all the values - // - logger.error("missing attributes return empty"); - return StdPIPResponse.PIP_RESPONSE_EMPTY; - } - // - // Ok do the database query - // - int operationCount = doDatabaseQuery(actor, operation, target, timeWindowVal, timeWindowScale); - // - // Right now return empty - // - StdMutablePIPResponse stdPipResponse = new StdMutablePIPResponse(); - this.addIntegerAttribute(stdPipResponse, - XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, - ToscaDictionary.ID_RESOURCE_GUARD_OPERATIONCOUNT, - operationCount, - pipRequest); - return new StdPIPResponse(stdPipResponse); - } - - @Override - public void configure(String id, Properties properties) throws PIPException { - super.configure(id, properties); - logger.debug("Configuring historyDb PIP {}", properties); - this.properties = properties; - } - - private String getActor(PIPFinder pipFinder) { - // - // Get the actor value - // - PIPResponse pipResponse = this.getAttribute(PIP_REQUEST_ACTOR, pipFinder); - if (pipResponse == null) { - logger.error("Need actor attribute which is not found"); - return null; - } - // - // Find the actor - // - return findFirstAttributeValue(pipResponse); - } - - private String getRecipe(PIPFinder pipFinder) { - // - // Get the actor value - // - PIPResponse pipResponse = this.getAttribute(PIP_REQUEST_RECIPE, pipFinder); - if (pipResponse == null) { - logger.error("Need recipe attribute which is not found"); - return null; - } - // - // Find the actor - // - return findFirstAttributeValue(pipResponse); - } - - private String getTarget(PIPFinder pipFinder) { - // - // Get the actor value - // - PIPResponse pipResponse = this.getAttribute(PIP_REQUEST_TARGET, pipFinder); - if (pipResponse == null) { - logger.error("Need target attribute which is not found"); - return null; - } - // - // Find the actor - // - return findFirstAttributeValue(pipResponse); - } - - private PIPResponse getAttribute(PIPRequest pipRequest, PIPFinder pipFinder) { - PIPResponse pipResponse = null; - try { - pipResponse = pipFinder.getMatchingAttributes(pipRequest, this); - if (pipResponse.getStatus() != null && !pipResponse.getStatus().isOk()) { - if (logger.isInfoEnabled()) { - logger.info("get attribute error retrieving {}: {}", pipRequest.getAttributeId().stringValue(), - pipResponse.getStatus()); - } - pipResponse = null; - } - if (pipResponse != null && pipResponse.getAttributes().isEmpty()) { - if (logger.isInfoEnabled()) { - logger.info("No value for {}", pipRequest.getAttributeId().stringValue()); - } - pipResponse = null; - } - } catch (PIPException ex) { - logger.error("PIPException getting subject-id attribute: " + ex.getMessage(), ex); - } - return pipResponse; - } - - private String findFirstAttributeValue(PIPResponse pipResponse) { - for (Attribute attribute: pipResponse.getAttributes()) { - Iterator> iterAttributeValues = attribute.findValues(DataTypes.DT_STRING); - if (iterAttributeValues != null) { - while (iterAttributeValues.hasNext()) { - String value = iterAttributeValues.next().getValue(); - if (value != null) { - return value; - } - } - } - } - return null; - } - - private void addIntegerAttribute(StdMutablePIPResponse stdPipResponse, Identifier category, - Identifier attributeId, int value, PIPRequest pipRequest) { - AttributeValue attributeValue = null; - try { - attributeValue = DataTypes.DT_INTEGER.createAttributeValue(value); - } catch (Exception e) { - logger.error("Failed to convert {} to integer {}", value, e); - } - if (attributeValue != null) { - stdPipResponse.addAttribute(new StdMutableAttribute(category, attributeId, attributeValue, - pipRequest.getIssuer(), false)); - } - } - - private int doDatabaseQuery(String actor, String operation, String target, int timeWindowVal, - String timeWindowScale) { - logger.info("Querying operations history for {} {} {} {} {}", - actor, operation, target, timeWindowVal, timeWindowScale); - // - // Create our entity manager - // - EntityManager em; - try { - // - // In case there are any overloaded properties for the JPA - // - Properties emProperties = new Properties(properties); - // - // Create the entity manager factory - // - em = Persistence.createEntityManagerFactory( - properties.getProperty("historydb.persistenceunit", "OperationsHistoryPU"), - emProperties).createEntityManager(); - } catch (Exception e) { - logger.error("Persistence failed {} operations history db {}", e.getLocalizedMessage(), e); - return -1; - } - // - // Compute the time window - // - if (! "minute".equalsIgnoreCase(timeWindowScale) - && ! "hour".equalsIgnoreCase(timeWindowScale) - && ! "day".equalsIgnoreCase(timeWindowScale) - && ! "week".equalsIgnoreCase(timeWindowScale) - && ! "month".equalsIgnoreCase(timeWindowScale) - && ! "year".equalsIgnoreCase(timeWindowScale)) { - // - // Unsupported - // - logger.error("Unsupported time window scale value {}", timeWindowScale); - // - // Throw an exception instead? - // - return -1; - } - // - // Do the query - // - Object result = null; - try { - // - // - // - String strQuery = "select count(*) as numops from operationshistory" - + " where outcome<>'Failure_Guard'" - + " and actor=?" - + " and operation=?" - + " and target=?" - + " and endtime between TIMESTAMPADD(" - + timeWindowScale.toUpperCase() - + ", ?, CURRENT_TIMESTAMP)" - + " and CURRENT_TIMESTAMP"; - // - // We are expecting a single result - // - result = em.createNativeQuery(strQuery) - .setParameter(1, actor) - .setParameter(2, operation) - .setParameter(3, target) - .setParameter(4, timeWindowVal * -1) - .getSingleResult(); - } catch (Exception e) { - logger.error("Named query failed ", e); - } - // - // Check our query results - // - if (result != null) { - // - // Success let's see what JPA returned to us - // - logger.info("operations query returned {}", result); - // - // Should get back a long - // - if (result instanceof Long) { - return ((Long) result).intValue(); - } - // - // We shouldn't really get this result, but just - // in case we'll do the dirty work of parsing the - // string representation of the object. - // - return Integer.parseInt(result.toString()); - } - // - // We get here if we didn't get a result. Should - // we propagate back an exception? - // - return -1; - } - -} diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java index 2d3cebd1..21820b99 100644 --- a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/ToscaDictionary.java @@ -31,17 +31,18 @@ public final class ToscaDictionary { /* * These are the ID's for various TOSCA Policy Types we are supporting in the Applications. */ - public static final Identifier URN_ONAP = - new IdentifierImpl("urn:org:onap"); + public static final String URN_ONAP = "urn:org:onap"; + public static final Identifier ID_URN_ONAP = + new IdentifierImpl(URN_ONAP); public static final Identifier ID_RESOURCE_POLICY_ID = XACML3.ID_RESOURCE_RESOURCE_ID; public static final Identifier ID_RESOURCE_POLICY_TYPE = - new IdentifierImpl(URN_ONAP, "policy-type"); + new IdentifierImpl(ID_URN_ONAP, "policy-type"); public static final Identifier ID_RESOURCE_POLICY_TYPE_VERSION = - new IdentifierImpl(URN_ONAP, "policy-type-version"); + new IdentifierImpl(ID_URN_ONAP, "policy-type-version"); /* * These ID's are for identifying Subjects @@ -51,70 +52,75 @@ public final class ToscaDictionary { XACML3.ID_SUBJECT_SUBJECT_ID; public static final Identifier ID_SUBJECT_ONAP_COMPONENT = - new IdentifierImpl(URN_ONAP, "onap-component"); + new IdentifierImpl(ID_URN_ONAP, "onap-component"); public static final Identifier ID_SUBJECT_ONAP_INSTANCE = - new IdentifierImpl(URN_ONAP, "onap-instance"); + new IdentifierImpl(ID_URN_ONAP, "onap-instance"); /* * These 2 ID's are for Optimization policies */ public static final Identifier ID_RESOURCE_POLICY_SCOPE_PROPERTY = - new IdentifierImpl(URN_ONAP, "policy-scope-property"); + new IdentifierImpl(ID_URN_ONAP, "policy-scope-property"); public static final Identifier ID_RESOURCE_POLICY_TYPE_PROPERTY = - new IdentifierImpl(URN_ONAP, "policy-type-property"); + new IdentifierImpl(ID_URN_ONAP, "policy-type-property"); /* * These ID's are for Legacy Guard Policies */ public static final Identifier ID_RESOURCE_GUARD_ACTOR = - new IdentifierImpl(URN_ONAP, "guard:actor:actor-id"); + new IdentifierImpl(ID_URN_ONAP, "guard:actor:actor-id"); public static final Identifier ID_RESOURCE_GUARD_RECIPE = - new IdentifierImpl(URN_ONAP, "guard:operation:operation-id"); + new IdentifierImpl(ID_URN_ONAP, "guard:operation:operation-id"); public static final Identifier ID_RESOURCE_GUARD_CLNAME = - new IdentifierImpl(URN_ONAP, "guard:clname:clname-id"); + new IdentifierImpl(ID_URN_ONAP, "guard:clname:clname-id"); public static final Identifier ID_RESOURCE_GUARD_TARGETID = - new IdentifierImpl(URN_ONAP, "guard:target:target-id"); + new IdentifierImpl(ID_URN_ONAP, "guard:target:target-id"); public static final Identifier ID_SUBJECT_GUARD_REQUESTID = - new IdentifierImpl(URN_ONAP, "guard:request:request-id"); + new IdentifierImpl(ID_URN_ONAP, "guard:request:request-id"); public static final Identifier ID_RESOURCE_GUARD_VFCOUNT = - new IdentifierImpl(URN_ONAP, "guard:target:vf-count"); + new IdentifierImpl(ID_URN_ONAP, "guard:target:vf-count"); public static final Identifier ID_RESOURCE_GUARD_MIN = - new IdentifierImpl(URN_ONAP, "guard:target:min"); + new IdentifierImpl(ID_URN_ONAP, "guard:target:min"); public static final Identifier ID_RESOURCE_GUARD_MAX = - new IdentifierImpl(URN_ONAP, "guard:target:max"); + new IdentifierImpl(ID_URN_ONAP, "guard:target:max"); /* * This id specifically for guard is provided by the * operational history database PIP. */ + public static final String GUARD_OPERATIONCOUNT = "guard:operation:operation-count"; public static final Identifier ID_RESOURCE_GUARD_OPERATIONCOUNT = - new IdentifierImpl(URN_ONAP, "guard:operation:operation-count"); + new IdentifierImpl(ID_URN_ONAP, GUARD_OPERATIONCOUNT); - public static final String GUARD_ISSUER = URN_ONAP.stringValue() + "xacml:guard:historydb"; + public static final String GUARD_OPERATIONOUTCOME = "guard:operation:operation-outcome"; + public static final Identifier ID_RESOURCE_GUARD_OPERATIONOUTCOME = + new IdentifierImpl(ID_URN_ONAP, GUARD_OPERATIONOUTCOME); + + public static final String GUARD_ISSUER_PREFIX = URN_ONAP + ":xacml:guard:"; /* * This id is specifically for advice returned from guard */ public static final Identifier ID_ADVICE_GUARD = - new IdentifierImpl(URN_ONAP, "guard:advice"); + new IdentifierImpl(ID_URN_ONAP, "guard:advice"); public static final Identifier ID_ADVICE_GUARD_REQUESTID = - new IdentifierImpl(URN_ONAP, "guard:advice:request-id"); + new IdentifierImpl(ID_URN_ONAP, "guard:advice:request-id"); /* * Obligation specific ID's */ public static final Identifier ID_OBLIGATION_REST_BODY = - new IdentifierImpl(URN_ONAP, "rest:body"); + new IdentifierImpl(ID_URN_ONAP, "rest:body"); public static final Identifier ID_OBLIGATION_POLICY_MONITORING = - new IdentifierImpl(URN_ONAP, ":obligation:monitoring"); + new IdentifierImpl(ID_URN_ONAP, ":obligation:monitoring"); public static final Identifier ID_OBLIGATION_POLICY_MONITORING_CONTENTS = - new IdentifierImpl(URN_ONAP, ":obligation:monitoring:contents"); + new IdentifierImpl(ID_URN_ONAP, ":obligation:monitoring:contents"); public static final Identifier ID_OBLIGATION_POLICY_MONITORING_CATEGORY = XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE; @@ -123,7 +129,7 @@ public final class ToscaDictionary { XACML3.ID_DATATYPE_STRING; public static final Identifier ID_OBLIGATION_MONITORING_ISSUER = - new IdentifierImpl(URN_ONAP, "issuer:monitoring"); + new IdentifierImpl(ID_URN_ONAP, "issuer:monitoring"); diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/CountRecentOperationsPip.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/CountRecentOperationsPip.java new file mode 100644 index 00000000..c18ad5fa --- /dev/null +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/CountRecentOperationsPip.java @@ -0,0 +1,221 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.pdp.xacml.application.common.operationshistory; + +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.api.pip.PIPException; +import com.att.research.xacml.api.pip.PIPFinder; +import com.att.research.xacml.api.pip.PIPRequest; +import com.att.research.xacml.api.pip.PIPResponse; +import com.att.research.xacml.std.pip.StdMutablePIPResponse; +import com.att.research.xacml.std.pip.StdPIPResponse; +import com.google.common.base.Strings; + +import java.sql.Timestamp; +import java.time.Instant; +import java.time.temporal.ChronoUnit; +import java.util.Arrays; +import java.util.Collection; +import java.util.Properties; + +import javax.persistence.Persistence; + +import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; +import org.onap.policy.pdp.xacml.application.common.std.StdOnapPip; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + + +public class CountRecentOperationsPip extends StdOnapPip { + public static final String ISSUER_NAME = "count-recent-operations"; + private static Logger logger = LoggerFactory.getLogger(CountRecentOperationsPip.class); + + public CountRecentOperationsPip() { + super(); + } + + @Override + public Collection attributesRequired() { + return Arrays.asList(PIP_REQUEST_ACTOR, PIP_REQUEST_RECIPE, PIP_REQUEST_TARGET); + } + + @Override + public void configure(String id, Properties properties) throws PIPException { + super.configure(id, properties); + // + // Create our entity manager + // + em = null; + try { + // + // In case there are any overloaded properties for the JPA + // + Properties emProperties = new Properties(properties); + // + // Create the entity manager factory + // + em = Persistence.createEntityManagerFactory( + properties.getProperty(ISSUER_NAME + ".persistenceunit"), + emProperties).createEntityManager(); + } catch (Exception e) { + logger.error("Persistence failed {} operations history db {}", e.getLocalizedMessage(), e); + } + } + + /** + * getAttributes. + * + * @param pipRequest the request + * @param pipFinder the pip finder + * @return PIPResponse + */ + @Override + public PIPResponse getAttributes(PIPRequest pipRequest, PIPFinder pipFinder) throws PIPException { + logger.debug("getAttributes requesting attribute {} of type {} for issuer {}", + pipRequest.getAttributeId(), pipRequest.getDataTypeId(), pipRequest.getIssuer()); + // + // Determine if the issuer is correct + // + if (Strings.isNullOrEmpty(pipRequest.getIssuer())) { + logger.debug("issuer is null - returning empty response"); + // + // We only respond to ourself as the issuer + // + return StdPIPResponse.PIP_RESPONSE_EMPTY; + } + if (! pipRequest.getIssuer().startsWith(ToscaDictionary.GUARD_ISSUER_PREFIX)) { + logger.debug("Issuer does not start with guard"); + // + // We only respond to ourself as the issuer + // + return StdPIPResponse.PIP_RESPONSE_EMPTY; + } + // + // Parse out the issuer which denotes the time window + // Eg: any-prefix:tw:10:minute + // + String[] s1 = pipRequest.getIssuer().split("tw:"); + String[] s2 = s1[1].split(":"); + int timeWindowVal = Integer.parseInt(s2[0]); + String timeWindowScale = s2[1]; + // + // Grab other attribute values + // + String actor = getAttribute(pipFinder, PIP_REQUEST_ACTOR); + String operation = getAttribute(pipFinder, PIP_REQUEST_RECIPE); + String target = getAttribute(pipFinder, PIP_REQUEST_TARGET); + String timeWindow = timeWindowVal + " " + timeWindowScale; + logger.info("Going to query DB about: actor {} operation {} target {} time window {}", + actor, operation, target, timeWindow); + // + // Sanity check + // + if (actor == null || operation == null || target == null) { + // + // See if we have all the values + // + logger.error("missing attributes return empty"); + return StdPIPResponse.PIP_RESPONSE_EMPTY; + } + // + // Ok do the database query + // + long operationCount = doDatabaseQuery(actor, operation, target, timeWindowVal, timeWindowScale); + // + // Create and return PipResponse + // + StdMutablePIPResponse pipResponse = new StdMutablePIPResponse(); + this.addLongAttribute(pipResponse, + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, + ToscaDictionary.ID_RESOURCE_GUARD_OPERATIONCOUNT, + operationCount, + pipRequest); + return new StdPIPResponse(pipResponse); + } + + private long doDatabaseQuery(String actor, String operation, String target, int timeWindowVal, + String timeWindowScale) { + logger.info("Querying operations history for {} {} {} {} {}", + actor, operation, target, timeWindowVal, timeWindowScale); + // + // Only can query if we have an EntityManager + // + if (em == null) { + logger.error("No EntityManager available"); + return -1; + } + // + // Do the query + // + try { + // + // We are expecting a single result + // + return em.createQuery("select count(e) from Dbao e" + + " where e.outcome<>'Failure_Guard'" + + " and e.actor= ?1" + + " and e.operation= ?2" + + " and e.target= ?3" + + " and e.endtime between" + + " ?4 and CURRENT_TIMESTAMP", + Long.class) + .setParameter(1, actor) + .setParameter(2, operation) + .setParameter(3, target) + .setParameter(4, Timestamp.from(Instant.now() + .minus(timeWindowVal, + stringToChronoUnit(timeWindowScale)))) + .getSingleResult(); + } catch (Exception e) { + logger.error("Typed query failed ", e); + return -1; + } + } + + private ChronoUnit stringToChronoUnit(String scale) { + // + // Compute the time window + // + switch (scale.toLowerCase()) { + case "second": + return ChronoUnit.SECONDS; + case "minute": + return ChronoUnit.MINUTES; + case "hour": + return ChronoUnit.HOURS; + case "day": + return ChronoUnit.DAYS; + case "week": + return ChronoUnit.WEEKS; + case "month": + return ChronoUnit.MONTHS; + case "year": + return ChronoUnit.YEARS; + default: + // + // Unsupported + // + logger.error("Unsupported time window scale value {}", scale); + } + return null; + } + +} diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/Dbao.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/Dbao.java new file mode 100644 index 00000000..2b70c9be --- /dev/null +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/Dbao.java @@ -0,0 +1,78 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.pdp.xacml.application.common.operationshistory; + +import java.io.Serializable; +import java.util.Date; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.Id; +import javax.persistence.Table; + +import lombok.Data; + +@Entity +@Table(name = "operationshistory") +@Data +public class Dbao implements Serializable { + + private static final long serialVersionUID = -551420180714993577L; + + @Id + @GeneratedValue + @Column(name = "id") + private Long id; + + @Column(name = "closedLoopName", length = 255) + private String closedLoopName; + + @Column(name = "requestId", length = 50) + private String requestId; + + @Column(name = "subrequestId", length = 50) + private String subrequestId; + + @Column(name = "actor", length = 50) + private String actor; + + @Column(name = "operation", length = 50) + private String operation; + + @Column(name = "target", length = 50) + private String target; + + @Column(name = "starttime") + private Date starttime; + + @Column(name = "outcome", length = 50) + private String outcome; + + @Column(name = "message", length = 255) + private String message; + + @Column(name = "endtime") + private Date endtime; + +} diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/GetOperationOutcomePip.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/GetOperationOutcomePip.java new file mode 100644 index 00000000..717e537d --- /dev/null +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/operationshistory/GetOperationOutcomePip.java @@ -0,0 +1,160 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + + +package org.onap.policy.pdp.xacml.application.common.operationshistory; + +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.api.pip.PIPException; +import com.att.research.xacml.api.pip.PIPFinder; +import com.att.research.xacml.api.pip.PIPRequest; +import com.att.research.xacml.api.pip.PIPResponse; +import com.att.research.xacml.std.pip.StdMutablePIPResponse; +import com.att.research.xacml.std.pip.StdPIPResponse; +import com.google.common.base.Strings; + +import java.util.Arrays; +import java.util.Collection; +import java.util.Properties; + +import javax.persistence.NoResultException; +import javax.persistence.Persistence; + +import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; +import org.onap.policy.pdp.xacml.application.common.std.StdOnapPip; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + + +public class GetOperationOutcomePip extends StdOnapPip { + public static final String ISSUER_NAME = "get-operation-outcome"; + private static Logger logger = LoggerFactory.getLogger(GetOperationOutcomePip.class); + + public GetOperationOutcomePip() { + super(); + } + + @Override + public Collection attributesRequired() { + return Arrays.asList(PIP_REQUEST_TARGET); + } + + @Override + public void configure(String id, Properties properties) throws PIPException { + super.configure(id, properties); + // + // Create our entity manager + // + em = null; + try { + // + // In case there are any overloaded properties for the JPA + // + Properties emProperties = new Properties(properties); + // + // Create the entity manager factory + // + em = Persistence.createEntityManagerFactory( + properties.getProperty(ISSUER_NAME + ".persistenceunit"), + emProperties).createEntityManager(); + } catch (Exception e) { + logger.error("Persistence failed {} operations history db {}", e.getLocalizedMessage(), e); + } + } + + /** + * getAttributes. + * + * @param pipRequest the request + * @param pipFinder the pip finder + * @return PIPResponse + */ + @Override + public PIPResponse getAttributes(PIPRequest pipRequest, PIPFinder pipFinder) throws PIPException { + logger.debug("getAttributes requesting attribute {} of type {} for issuer {}", + pipRequest.getAttributeId(), pipRequest.getDataTypeId(), pipRequest.getIssuer()); + // + // Determine if the issuer is correct + // + if (Strings.isNullOrEmpty(pipRequest.getIssuer())) { + logger.debug("issuer is null - returning empty response"); + // + // We only respond to ourself as the issuer + // + return StdPIPResponse.PIP_RESPONSE_EMPTY; + } + if (! pipRequest.getIssuer().startsWith(ToscaDictionary.GUARD_ISSUER_PREFIX)) { + logger.debug("Issuer does not start with guard"); + // + // We only respond to ourself as the issuer + // + return StdPIPResponse.PIP_RESPONSE_EMPTY; + } + // + // Parse out the issuer which denotes the time window + // Eg: any-prefix:clname:some-controlloop-name + // + String[] s1 = pipRequest.getIssuer().split("clname:"); + String clname = s1[1]; + String target = null; + target = getAttribute(pipFinder, PIP_REQUEST_TARGET); + + logger.debug("Going to query DB about: clname={}, target={}", clname, target); + String outcome = doDatabaseQuery(clname, target); + logger.debug("Query result is: {}", outcome); + + StdMutablePIPResponse pipResponse = new StdMutablePIPResponse(); + this.addStringAttribute(pipResponse, + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, + ToscaDictionary.ID_RESOURCE_GUARD_OPERATIONOUTCOME, + outcome, + pipRequest); + return new StdPIPResponse(pipResponse); + } + + private String doDatabaseQuery(String clname, String target) { + logger.info("Querying operations history for {} {}", clname, target); + // + // Only can query if we have an EntityManager + // + if (em == null) { + logger.error("No EntityManager available"); + return null; + } + // + // Do the query + // + try { + // + // We are expecting a single result + // + return em.createQuery("select e.outcome from Dbao e" + + " where e.closedLoopName= ?1" + + " and e.target= ?2" + + " order by e.endtime desc", + String.class) + .setParameter(1, clname) + .setParameter(2, target) + .setMaxResults(1) + .getSingleResult(); + } catch (Exception e) { + logger.error("Typed query failed ", e); + return null; + } + } +} diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdOnapPip.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdOnapPip.java new file mode 100644 index 00000000..70d49418 --- /dev/null +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdOnapPip.java @@ -0,0 +1,183 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.pdp.xacml.application.common.std; + +import com.att.research.xacml.api.Attribute; +import com.att.research.xacml.api.AttributeValue; +import com.att.research.xacml.api.Identifier; +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.api.pip.PIPException; +import com.att.research.xacml.api.pip.PIPFinder; +import com.att.research.xacml.api.pip.PIPRequest; +import com.att.research.xacml.api.pip.PIPResponse; +import com.att.research.xacml.std.StdMutableAttribute; +import com.att.research.xacml.std.datatypes.DataTypes; +import com.att.research.xacml.std.pip.StdMutablePIPResponse; +import com.att.research.xacml.std.pip.StdPIPRequest; +import com.att.research.xacml.std.pip.engines.StdConfigurableEngine; + +import java.math.BigInteger; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Iterator; +import java.util.Properties; + +import javax.persistence.EntityManager; + +import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + + +public abstract class StdOnapPip extends StdConfigurableEngine { + protected static Logger logger = LoggerFactory.getLogger(StdOnapPip.class); + + protected static final PIPRequest PIP_REQUEST_ACTOR = new StdPIPRequest( + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, + ToscaDictionary.ID_RESOURCE_GUARD_ACTOR, + XACML3.ID_DATATYPE_STRING); + + protected static final PIPRequest PIP_REQUEST_RECIPE = new StdPIPRequest( + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, + ToscaDictionary.ID_RESOURCE_GUARD_RECIPE, + XACML3.ID_DATATYPE_STRING); + + protected static final PIPRequest PIP_REQUEST_TARGET = new StdPIPRequest( + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE, + ToscaDictionary.ID_RESOURCE_GUARD_TARGETID, + XACML3.ID_DATATYPE_STRING); + + protected Properties properties; + protected EntityManager em; + + public StdOnapPip() { + super(); + } + + @Override + public Collection attributesProvided() { + return Collections.emptyList(); + } + + @Override + public void configure(String id, Properties properties) throws PIPException { + super.configure(id, properties); + logger.debug("Configuring historyDb PIP {}", properties); + this.properties = properties; + } + + protected String getAttribute(PIPFinder pipFinder, PIPRequest pipRequest) { + // + // Get the actor value + // + PIPResponse pipResponse = this.getAttribute(pipRequest, pipFinder); + if (pipResponse == null) { + logger.error("Need actor attribute which is not found"); + return null; + } + // + // Find the actor + // + return findFirstAttributeValue(pipResponse); + } + + protected PIPResponse getAttribute(PIPRequest pipRequest, PIPFinder pipFinder) { + PIPResponse pipResponse = null; + try { + pipResponse = pipFinder.getMatchingAttributes(pipRequest, this); + if (pipResponse.getStatus() != null && !pipResponse.getStatus().isOk()) { + if (logger.isInfoEnabled()) { + logger.info("get attribute error retrieving {}: {}", pipRequest.getAttributeId().stringValue(), + pipResponse.getStatus()); + } + pipResponse = null; + } + if (pipResponse != null && pipResponse.getAttributes().isEmpty()) { + if (logger.isInfoEnabled()) { + logger.info("No value for {}", pipRequest.getAttributeId().stringValue()); + } + pipResponse = null; + } + } catch (PIPException ex) { + logger.error("PIPException getting subject-id attribute: " + ex.getMessage(), ex); + } + return pipResponse; + } + + protected String findFirstAttributeValue(PIPResponse pipResponse) { + for (Attribute attribute: pipResponse.getAttributes()) { + Iterator> iterAttributeValues = attribute.findValues(DataTypes.DT_STRING); + if (iterAttributeValues != null) { + while (iterAttributeValues.hasNext()) { + String value = iterAttributeValues.next().getValue(); + if (value != null) { + return value; + } + } + } + } + return null; + } + + protected void addIntegerAttribute(StdMutablePIPResponse stdPipResponse, Identifier category, + Identifier attributeId, int value, PIPRequest pipRequest) { + AttributeValue attributeValue = null; + try { + attributeValue = DataTypes.DT_INTEGER.createAttributeValue(value); + } catch (Exception e) { + logger.error("Failed to convert {} to integer {}", value, e); + } + if (attributeValue != null) { + stdPipResponse.addAttribute(new StdMutableAttribute(category, attributeId, attributeValue, + pipRequest.getIssuer(), false)); + } + } + + protected void addLongAttribute(StdMutablePIPResponse stdPipResponse, Identifier category, + Identifier attributeId, long value, PIPRequest pipRequest) { + AttributeValue attributeValue = null; + try { + attributeValue = DataTypes.DT_INTEGER.createAttributeValue(value); + } catch (Exception e) { + logger.error("Failed to convert {} to long {}", value, e); + } + if (attributeValue != null) { + stdPipResponse.addAttribute(new StdMutableAttribute(category, attributeId, attributeValue, + pipRequest.getIssuer(), false)); + } + } + + protected void addStringAttribute(StdMutablePIPResponse stdPipResponse, Identifier category, Identifier attributeId, + String value, PIPRequest pipRequest) { + AttributeValue attributeValue = null; + try { + attributeValue = DataTypes.DT_STRING.createAttributeValue(value); + } catch (Exception ex) { + logger.error("Failed to convert {} to an AttributeValue", value, ex); + } + if (attributeValue != null) { + stdPipResponse.addAttribute(new StdMutableAttribute(category, attributeId, attributeValue, + pipRequest.getIssuer(), false)); + } + } + +} diff --git a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdXacmlApplicationServiceProvider.java b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdXacmlApplicationServiceProvider.java index 7f85d2f0..5f84154f 100644 --- a/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdXacmlApplicationServiceProvider.java +++ b/applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdXacmlApplicationServiceProvider.java @@ -129,7 +129,8 @@ public abstract class StdXacmlApplicationServiceProvider implements XacmlApplica // // Convert the policies first // - PolicyType xacmlPolicy = this.getTranslator().convertPolicy(toscaPolicy); + PolicyType xacmlPolicy = this.getTranslator(toscaPolicy.getType()) + .convertPolicy(toscaPolicy); if (xacmlPolicy == null) { throw new ToscaPolicyConversionException("Failed to convert policy"); } @@ -187,8 +188,11 @@ public abstract class StdXacmlApplicationServiceProvider implements XacmlApplica return this.getTranslator().convertResponse(xacmlResponse); } + protected abstract ToscaPolicyTranslator getTranslator(String type); - protected abstract ToscaPolicyTranslator getTranslator(); + protected ToscaPolicyTranslator getTranslator() { + return this.getTranslator(""); + } protected synchronized PDPEngine getEngine() { return this.pdpEngine; @@ -251,7 +255,6 @@ public abstract class StdXacmlApplicationServiceProvider implements XacmlApplica PDPEngine engine = factory.newEngine(properties); if (engine != null) { this.pdpEngine = engine; -// this.pdpProperties = new Properties(properties); } } catch (FactoryException e) { LOGGER.error("Failed to create XACML PDP Engine {}", e); -- cgit 1.2.3-korg