From a9c7e7322eb09672c8dfba32503653d12e685543 Mon Sep 17 00:00:00 2001 From: Michael Mokry Date: Wed, 10 Apr 2019 09:53:44 -0500 Subject: XACML PDP DmaaP Deploy/UnDeploy Function 1. Added PDPUpdate listener 2. Added PDPUpdate Publisher 3. Added code to handle PdpUpdate messages and load policies being deployed 4. Modified Activator to register listener 5. Provided placeholder code to get policies from pdpx for return PdpStatus response to the PAP 6. Other minor modifications 7. Fix XacmlPdpApplicationManager to only load policy if supports policy type. 8. Checkstyle fixes 9. Updated applications to support loadPolicy(ToscaPolicy) and all the translators, JUnit tests. 10. Consolidated some duplicate code in the applications. Can probably do more in that area. 11. Fixed bug in Properties not really having a copy constructor. Change-Id: Ic29ad426061cbdb79c1339314667bb8ff8decb88 Issue-ID: POLICY-1451 Signed-off-by: Michael Mokry Signed-off-by: Pamela Dragosh --- .../application/guard/GuardPdpApplicationTest.java | 114 ++++++++------------- .../guard/src/test/resources/xacml.properties | 2 +- 2 files changed, 43 insertions(+), 73 deletions(-) (limited to 'applications/guard/src/test') diff --git a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java index be0ee2db..17917af0 100644 --- a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java +++ b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java @@ -25,10 +25,8 @@ package org.onap.policy.xacml.pdp.application.guard; import static org.assertj.core.api.Assertions.assertThat; import java.io.File; -import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; -import java.io.InputStream; import java.sql.Date; import java.time.Instant; import java.util.HashMap; @@ -56,12 +54,12 @@ import org.onap.policy.models.decisions.concepts.DecisionRequest; import org.onap.policy.models.decisions.concepts.DecisionResponse; import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicyTypeIdentifier; import org.onap.policy.pdp.xacml.application.common.OnapOperationsHistoryDbao; +import org.onap.policy.pdp.xacml.application.common.TestUtils; import org.onap.policy.pdp.xacml.application.common.XacmlApplicationException; import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider; import org.onap.policy.pdp.xacml.application.common.XacmlPolicyUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.yaml.snakeyaml.Yaml; @FixMethodOrder(MethodSorters.NAME_ASCENDING) public class GuardPdpApplicationTest { @@ -242,17 +240,7 @@ public class GuardPdpApplicationTest { // the pdp can support it and have it load // into the PDP. // - try (InputStream is = new FileInputStream("src/test/resources/vDNS.policy.guard.frequency.output.tosca.yaml")) { - // - // Have yaml parse it - // - Yaml yaml = new Yaml(); - Map toscaObject = yaml.load(is); - // - // Load the policies - // - service.loadPolicies(toscaObject); - } + TestUtils.loadPolicies("src/test/resources/vDNS.policy.guard.frequency.output.tosca.yaml", service); // // Zero recent actions: should get permit // @@ -283,17 +271,7 @@ public class GuardPdpApplicationTest { // the pdp can support it and have it load // into the PDP. // - try (InputStream is = new FileInputStream("src/test/resources/vDNS.policy.guard.minmax.output.tosca.yaml")) { - // - // Have yaml parse it - // - Yaml yaml = new Yaml(); - Map toscaObject = yaml.load(is); - // - // Load the policies - // - service.loadPolicies(toscaObject); - } + TestUtils.loadPolicies("src/test/resources/vDNS.policy.guard.minmax.output.tosca.yaml", service); // // vfcount=1 below min of 2: should get a Deny // @@ -322,7 +300,8 @@ public class GuardPdpApplicationTest { } @Test - public void test5MissingFields() throws FileNotFoundException, IOException, XacmlApplicationException { + public void test5MissingFields() throws FileNotFoundException, IOException, XacmlApplicationException, + CoderException { LOGGER.info("**************** Running test5 ****************"); // // Most likely we would not get a policy with missing fields passed to @@ -330,52 +309,42 @@ public class GuardPdpApplicationTest { // will be optional due to re-working of how the XACML policies are built, // let's add support in for that. // - try (InputStream is = new FileInputStream("src/test/resources/guard.policy-minmax-missing-fields1.yaml")) { - // - // Have yaml parse it - // - Yaml yaml = new Yaml(); - Map toscaObject = yaml.load(is); - // - // Load the policies - // - service.loadPolicies(toscaObject); - // - // We can create a DecisionRequest on the fly - no need - // to have it in the .json files - // - DecisionRequest request = new DecisionRequest(); - request.setOnapName("JUnit"); - request.setOnapComponent("test5MissingFields"); - request.setRequestId(UUID.randomUUID().toString()); - request.setAction("guard"); - Map guard = new HashMap<>(); - guard.put("actor", "FOO"); - guard.put("recipe", "bar"); - guard.put("vfCount", "4"); - Map resource = new HashMap<>(); - resource.put("guard", guard); - request.setResource(resource); - // - // Ask for a decision - should get permit - // - DecisionResponse response = service.makeDecision(request); - LOGGER.info("Looking for Permit Decision {}", response); - assertThat(response).isNotNull(); - assertThat(response.getStatus()).isNotNull(); - assertThat(response.getStatus()).isEqualTo("Permit"); - // - // Try a deny - // - guard.put("vfCount", "10"); - resource.put("guard", guard); - request.setResource(resource); - response = service.makeDecision(request); - LOGGER.info("Looking for Deny Decision {}", response); - assertThat(response).isNotNull(); - assertThat(response.getStatus()).isNotNull(); - assertThat(response.getStatus()).isEqualTo("Deny"); - } + TestUtils.loadPolicies("src/test/resources/guard.policy-minmax-missing-fields1.yaml", service); + // + // We can create a DecisionRequest on the fly - no need + // to have it in the .json files + // + DecisionRequest request = new DecisionRequest(); + request.setOnapName("JUnit"); + request.setOnapComponent("test5MissingFields"); + request.setRequestId(UUID.randomUUID().toString()); + request.setAction("guard"); + Map guard = new HashMap<>(); + guard.put("actor", "FOO"); + guard.put("recipe", "bar"); + guard.put("vfCount", "4"); + Map resource = new HashMap<>(); + resource.put("guard", guard); + request.setResource(resource); + // + // Ask for a decision - should get permit + // + DecisionResponse response = service.makeDecision(request); + LOGGER.info("Looking for Permit Decision {}", response); + assertThat(response).isNotNull(); + assertThat(response.getStatus()).isNotNull(); + assertThat(response.getStatus()).isEqualTo("Permit"); + // + // Try a deny + // + guard.put("vfCount", "10"); + resource.put("guard", guard); + request.setResource(resource); + response = service.makeDecision(request); + LOGGER.info("Looking for Deny Decision {}", response); + assertThat(response).isNotNull(); + assertThat(response.getStatus()).isNotNull(); + assertThat(response.getStatus()).isEqualTo("Deny"); } @SuppressWarnings("unchecked") @@ -397,6 +366,7 @@ public class GuardPdpApplicationTest { newEntry.setEndtime(Date.from(Instant.now())); newEntry.setRequestId(UUID.randomUUID().toString()); newEntry.setTarget(properties.get("target").toString()); + LOGGER.info("Inserting {}", newEntry); em.getTransaction().begin(); em.persist(newEntry); em.getTransaction().commit(); diff --git a/applications/guard/src/test/resources/xacml.properties b/applications/guard/src/test/resources/xacml.properties index d429a32e..25dee375 100644 --- a/applications/guard/src/test/resources/xacml.properties +++ b/applications/guard/src/test/resources/xacml.properties @@ -22,7 +22,7 @@ xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapP # # Use a root combining algorithm # -xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-unless-deny +xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides xacml.pip.engines=historydb -- cgit 1.2.3-korg