From b909b14fe88c5fe8f096cf8b471a2aa799d84739 Mon Sep 17 00:00:00 2001 From: Pamela Dragosh Date: Sat, 9 Mar 2019 11:48:44 -0500 Subject: Monitoring policy creation foundation Upgrde to xacml v2.0.0 release artifact. Some re-arrangement of classes. New class to support a common dictionary among the monitoring applications. I may move it to a common under the main since some of the values are shareable. Created application service provider, so the XACML main knows what policy types are pre-loaded and can report them back to the PAP. struggled with cucumber, which does not create TemporaryFolder although the documentation says its supported. Added a new Policy Finder specific to ONAP which does quicker job to load policies. Issue-ID: POLICY-1273 Change-Id: I4af15a64da3b42d48f29809710421b1649625adc Signed-off-by: Pamela Dragosh --- applications/monitoring/pom.xml | 5 + .../xacml/pdp/engine/OnapXacmlPdpEngine.java | 514 ++++++++++++++++++++- ...lication.common.XacmlApplicationServiceProvider | 1 + .../src/main/resources/RootMonitoringPolicy.xml | 40 +- .../src/test/java/cucumber/Stepdefs.java | 203 +++++++- .../xacml/pdp/engine/OnapXacmlPdpEngineTest.java | 296 ++++++++++++ .../src/test/resources/cucumber/decisions.feature | 14 +- .../test/resources/cucumber/load_policy.feature | 35 ++ .../test.monitoring.policy.badmetadata.1.yaml | 10 + .../test.monitoring.policy.badmetadata.2.yaml | 10 + .../test.monitoring.policy.missingmetadata.yaml | 9 + .../test.monitoring.policy.missingproperties.yaml | 9 + .../test.monitoring.policy.missingtype.yaml | 11 + .../test.monitoring.policy.missingversion.yaml | 11 + .../src/test/resources/unsupportedpolicytype.yaml | 11 + .../resources/vDNS.policy.decision.payload.json | 0 .../src/test/resources/vDNS.policy.input.yaml | 1 + .../monitoring/src/test/resources/vDNS.policy.xml | 44 ++ .../monitoring/src/test/resources/xacml.properties | 34 ++ 19 files changed, 1214 insertions(+), 44 deletions(-) create mode 100644 applications/monitoring/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider create mode 100644 applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngineTest.java create mode 100644 applications/monitoring/src/test/resources/cucumber/load_policy.feature create mode 100644 applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.1.yaml create mode 100644 applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.2.yaml create mode 100644 applications/monitoring/src/test/resources/test.monitoring.policy.missingmetadata.yaml create mode 100644 applications/monitoring/src/test/resources/test.monitoring.policy.missingproperties.yaml create mode 100644 applications/monitoring/src/test/resources/test.monitoring.policy.missingtype.yaml create mode 100644 applications/monitoring/src/test/resources/test.monitoring.policy.missingversion.yaml create mode 100644 applications/monitoring/src/test/resources/unsupportedpolicytype.yaml create mode 100644 applications/monitoring/src/test/resources/vDNS.policy.decision.payload.json create mode 100644 applications/monitoring/src/test/resources/vDNS.policy.xml create mode 100644 applications/monitoring/src/test/resources/xacml.properties (limited to 'applications/monitoring') diff --git a/applications/monitoring/pom.xml b/applications/monitoring/pom.xml index 6da9749d..018c3722 100644 --- a/applications/monitoring/pom.xml +++ b/applications/monitoring/pom.xml @@ -42,6 +42,11 @@ common-parameters ${policy.common.version} + + org.onap.policy.xacml-pdp.applications + common + ${project.version} + diff --git a/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java b/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java index c6719ecb..6c53566a 100644 --- a/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java +++ b/applications/monitoring/src/main/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngine.java @@ -22,6 +22,518 @@ package org.onap.policy.xacml.pdp.engine; -public class OnapXacmlPdpEngine { +import com.att.research.xacml.api.Request; +import com.att.research.xacml.api.Response; +import com.att.research.xacml.api.XACML3; +import com.att.research.xacml.api.pdp.PDPEngine; +import com.att.research.xacml.api.pdp.PDPEngineFactory; +import com.att.research.xacml.api.pdp.PDPException; +import com.att.research.xacml.util.FactoryException; +import com.att.research.xacml.util.XACMLPolicyScanner; +import com.att.research.xacml.util.XACMLProperties; +import com.google.common.collect.Lists; + +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Properties; +import java.util.Set; + +import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeAssignmentExpressionType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.ObligationExpressionsType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicySetType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType; + +import org.json.JSONObject; +import org.onap.policy.pdp.xacml.application.common.ToscaDictionary; +import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; +import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConverter; +import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConverterUtils; +import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider; +import org.onap.policy.pdp.xacml.application.common.XacmlUpdatePolicyUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.yaml.snakeyaml.Yaml; + +/** + * This is the engine class that manages the instance of the XACML PDP engine. + * + *

It is responsible for initializing it and shutting it down properly in a thread-safe manner. + * + * + * @author pameladragosh + * + */ +public class OnapXacmlPdpEngine implements ToscaPolicyConverter, XacmlApplicationServiceProvider { + + private static final Logger LOGGER = LoggerFactory.getLogger(OnapXacmlPdpEngine.class); + private static final String ONAP_MONITORING_BASE_POLICY_TYPE = "onap.Monitoring"; + private static final String ONAP_MONITORING_DERIVED_POLICY_TYPE = "onap.policies.monitoring"; + + + private Path pathForData = null; + private Properties pdpProperties = null; + private PDPEngine pdpEngine = null; + private Map supportedPolicyTypes = new HashMap<>(); + + /** + * Constructor. + */ + public OnapXacmlPdpEngine() { + // + // By default this supports just Monitoring policy types + // + supportedPolicyTypes.put(ONAP_MONITORING_BASE_POLICY_TYPE, "1.0.0"); + } + + /** + * Load properties from given file. + * + * @param location Path and filename + * @throws IOException If unable to read file + */ + public synchronized void loadXacmlProperties(String location) throws IOException { + try (InputStream is = new FileInputStream(location)) { + pdpProperties.load(is); + } + } + + /** + * Stores the XACML Properties to the given file location. + * + * @param location File location including name + * @throws IOException If unable to store the file. + */ + public synchronized void storeXacmlProperties(String location) throws IOException { + try (OutputStream os = new FileOutputStream(location)) { + String strComments = "#"; + pdpProperties.store(os, strComments); + } + } + + /** + * Make a decision call. + * + * @param request Incoming request object + * @return Response object + */ + public synchronized Response decision(Request request) { + // + // This is what we need to return + // + Response response = null; + // + // Track some timing + // + long timeStart = System.currentTimeMillis(); + try { + response = this.pdpEngine.decide(request); + } catch (PDPException e) { + LOGGER.error("{}", e); + } finally { + // + // Track the end of timing + // + long timeEnd = System.currentTimeMillis(); + LOGGER.info("Elapsed Time: {}ms", (timeEnd - timeStart)); + } + return response; + } + + @Override + public String applicationName() { + return "Monitoring Application"; + } + + @Override + public List actionDecisionsSupported() { + return Arrays.asList("configure"); + } + + @Override + public synchronized void initialize(Path pathForData) { + // + // Save our path + // + this.pathForData = pathForData; + LOGGER.debug("New Path is {}", this.pathForData.toAbsolutePath()); + // + // Look for and load the properties object + // + Path propertyPath = Paths.get(this.pathForData.toAbsolutePath().toString(), "xacml.properties"); + LOGGER.debug("Looking for {}", propertyPath.toAbsolutePath()); + try (InputStream is = new FileInputStream(propertyPath.toAbsolutePath().toString()) ) { + // + // Create a new properties object + // + pdpProperties = new Properties(); + // + // Load it with our values + // + pdpProperties.load(is); + LOGGER.debug("{}", pdpProperties); + } catch (IOException e) { + LOGGER.error("{}", e); + } + // + // Now initialize the XACML PDP Engine + // + try { + PDPEngineFactory factory = PDPEngineFactory.newInstance(); + this.pdpEngine = factory.newEngine(pdpProperties); + } catch (FactoryException e) { + LOGGER.error("{}", e); + } + } + + @Override + public synchronized List supportedPolicyTypes() { + return Lists.newArrayList(supportedPolicyTypes.keySet()); + } + + @Override + public boolean canSupportPolicyType(String policyType, String policyTypeVersion) { + // + // For Monitoring, we will attempt to support all versions + // of the policy type. Since we are only packaging a decision + // back with a JSON payload of the property contents. + // + return (policyType.equals(ONAP_MONITORING_BASE_POLICY_TYPE) + || policyType.startsWith(ONAP_MONITORING_DERIVED_POLICY_TYPE)); + } + + @Override + public synchronized void loadPolicies(Map toscaPolicies) { + // + // + // + try { + // + // Convert the policies first + // + List listPolicies = this.convertPolicies(toscaPolicies); + if (listPolicies.isEmpty()) { + throw new ToscaPolicyConversionException("Converted 0 policies"); + } + // + // Read in our Root Policy + // + Set roots = XACMLProperties.getRootPolicyIDs(pdpProperties); + if (roots.isEmpty()) { + throw new ToscaPolicyConversionException("There are NO root policies defined"); + } + // + // Really only should be one + // + String rootFile = pdpProperties.getProperty(roots.iterator().next() + ".file"); + try (InputStream is = new FileInputStream(rootFile)) { + Object policyData = XACMLPolicyScanner.readPolicy(is); + // + // Should be a PolicySet + // + if (policyData instanceof PolicySetType) { + PolicyType[] newPolicies = listPolicies.toArray(new PolicyType[listPolicies.size()]); + PolicySetType newRootPolicy = + XacmlUpdatePolicyUtils.updateXacmlRootPolicy((PolicySetType) policyData, newPolicies); + // + // Save the new Policies to disk + // + + // + // Save the root policy to disk + // + + // + // Update properties to declare the referenced policies + // + + // + // Write the policies to disk + // + + } else { + throw new ToscaPolicyConversionException("Root policy isn't a PolicySet"); + } + } + // + // Add to the root policy + // + } catch (IOException | ToscaPolicyConversionException e) { + LOGGER.error("Failed to loadPolicies {}", e); + } + } + + @Override + public synchronized JSONObject makeDecision(JSONObject jsonSchema) { + return null; + } + + @Override + public List convertPolicies(Map toscaObject) throws ToscaPolicyConversionException { + // + // Return the policies + // + return scanAndConvertPolicies(toscaObject); + } + + @Override + public List convertPolicies(InputStream isToscaPolicy) throws ToscaPolicyConversionException { + // + // Have snakeyaml parse the object + // + Yaml yaml = new Yaml(); + Map toscaObject = yaml.load(isToscaPolicy); + // + // Return the policies + // + return scanAndConvertPolicies(toscaObject); + } + + @SuppressWarnings("unchecked") + private List scanAndConvertPolicies(Map toscaObject) + throws ToscaPolicyConversionException { + // + // Our return object + // + List scannedPolicies = new ArrayList<>(); + // + // Iterate each of the Policies + // + List policies = (List) toscaObject.get("policies"); + for (Object policyObject : policies) { + // + // Get the contents + // + LOGGER.debug("Found policy {}", policyObject.getClass()); + Map policyContents = (Map) policyObject; + for (Entry entrySet : policyContents.entrySet()) { + LOGGER.info("Entry set {}", entrySet); + // + // Convert this policy + // + PolicyType policy = this.convertPolicy(entrySet); + // + // Convert and add in the new policy + // + scannedPolicies.add(policy); + } + } + + return scannedPolicies; + } + + @SuppressWarnings("unchecked") + private PolicyType convertPolicy(Entry entrySet) throws ToscaPolicyConversionException { + // + // Policy name should be at the root + // + String policyName = entrySet.getKey(); + Map policyDefinition = (Map) entrySet.getValue(); + // + // Set it as the policy ID + // + PolicyType newPolicyType = new PolicyType(); + newPolicyType.setPolicyId(policyName); + // + // Optional description + // + if (policyDefinition.containsKey("description")) { + newPolicyType.setDescription(policyDefinition.get("description").toString()); + } + // + // There should be a metadata section + // + if (! policyDefinition.containsKey("metadata")) { + throw new ToscaPolicyConversionException(policyName + " missing metadata section"); + } + this.fillMetadataSection(newPolicyType, + (Map) policyDefinition.get("metadata")); + // + // Set the combining rule + // + newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_FIRST_APPLICABLE.stringValue()); + // + // Generate the TargetType + // + // + // There should be a metadata section + // + if (! policyDefinition.containsKey("type")) { + throw new ToscaPolicyConversionException(policyName + " missing type value"); + } + if (! policyDefinition.containsKey("version")) { + throw new ToscaPolicyConversionException(policyName + " missing version value"); + } + TargetType target = this.generateTargetType(policyName, + policyDefinition.get("type").toString(), + policyDefinition.get("version").toString()); + newPolicyType.setTarget(target); + // + // Now create the Permit Rule + // No target since the policy has a target + // With obligations. + // + RuleType rule = new RuleType(); + rule.setDescription("Default is to PERMIT if the policy matches."); + rule.setRuleId(policyName + ":rule"); + rule.setEffect(EffectType.PERMIT); + rule.setTarget(new TargetType()); + // + // There should be properties section - this data ends up as a + // JSON BLOB that is returned back to calling application. + // + if (! policyDefinition.containsKey("properties")) { + throw new ToscaPolicyConversionException(policyName + " missing properties section"); + } + addObligation(rule, + (Map) policyDefinition.get("properties")); + // + // Add the rule to the policy + // + newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule); + // + // Return our new policy + // + return newPolicyType; + } + + /** + * From the TOSCA metadata section, pull in values that are needed into the XACML policy. + * + * @param policy Policy Object to store the metadata + * @param metadata The Metadata TOSCA Map + * @return Same Policy Object + * @throws ToscaPolicyConversionException If there is something missing from the metadata + */ + private PolicyType fillMetadataSection(PolicyType policy, + Map metadata) throws ToscaPolicyConversionException { + if (! metadata.containsKey("policy-id")) { + throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-id"); + } else { + // + // Do nothing here - the XACML PolicyId is used from TOSCA Policy Name field + // + } + if (! metadata.containsKey("policy-version")) { + throw new ToscaPolicyConversionException(policy.getPolicyId() + " missing metadata policy-version"); + } else { + // + // Add in the Policy Version + // + policy.setVersion(metadata.get("policy-version").toString()); + } + return policy; + } + + private TargetType generateTargetType(String policyId, String policyType, String policyTypeVersion) { + // + // Create all the match's that are possible + // + // This is for the Policy Id + // + MatchType matchPolicyId = ToscaPolicyConverterUtils.buildMatchTypeDesignator( + XACML3.ID_FUNCTION_STRING_EQUAL, + policyId, + XACML3.ID_DATATYPE_STRING, + ToscaDictionary.ID_RESOURCE_POLICY_ID, + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); + // + // This is for the Policy Type + // + MatchType matchPolicyType = ToscaPolicyConverterUtils.buildMatchTypeDesignator( + XACML3.ID_FUNCTION_STRING_EQUAL, + policyType, + XACML3.ID_DATATYPE_STRING, + ToscaDictionary.ID_RESOURCE_POLICY_TYPE, + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); + // + // This is for the Policy Type version + // + MatchType matchPolicyTypeVersion = ToscaPolicyConverterUtils.buildMatchTypeDesignator( + XACML3.ID_FUNCTION_STRING_EQUAL, + policyTypeVersion, + XACML3.ID_DATATYPE_STRING, + ToscaDictionary.ID_RESOURCE_POLICY_TYPE_VERSION, + XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE); + // + // This is our outer AnyOf - which is an OR + // + AnyOfType anyOf = new AnyOfType(); + // + // Create AllOf (AND) of just Policy Id + // + anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyId)); + // + // Create AllOf (AND) of just Policy Type + // + anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyType)); + // + // Create AllOf (AND) of Policy Type and Policy Type Version + // + anyOf.getAllOf().add(ToscaPolicyConverterUtils.buildAllOf(matchPolicyType, matchPolicyTypeVersion)); + // + // Now we can create the TargetType, add the top-level anyOf (OR), + // and return the value. + // + TargetType target = new TargetType(); + target.getAnyOf().add(anyOf); + return target; + } + + private RuleType addObligation(RuleType rule, Map properties) { + // + // Convert the YAML Policy to JSON Object + // + JSONObject jsonObject = new JSONObject(properties); + if (LOGGER.isDebugEnabled()) { + LOGGER.debug("JSON conversion {}{}", System.lineSeparator(), jsonObject); + } + // + // Create an AttributeValue for it + // + AttributeValueType value = new AttributeValueType(); + value.setDataType(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_DATATYPE.stringValue()); + value.getContent().add(jsonObject.toString()); + // + // Create our AttributeAssignmentExpression where we will + // store the contents of the policy in JSON format. + // + AttributeAssignmentExpressionType expressionType = new AttributeAssignmentExpressionType(); + expressionType.setAttributeId(ToscaDictionary.ID_OBLIGATION_POLICY_MONITORING_CONTENTS.stringValue()); + ObjectFactory factory = new ObjectFactory(); + expressionType.setExpression(factory.createAttributeValue(value)); + // + // Create an ObligationExpression for it + // + ObligationExpressionType obligation = new ObligationExpressionType(); + obligation.setFulfillOn(EffectType.PERMIT); + obligation.setObligationId(ToscaDictionary.ID_OBLIGATION_REST_BODY.stringValue()); + obligation.getAttributeAssignmentExpression().add(expressionType); + // + // Now we can add it into the rule + // + ObligationExpressionsType obligations = new ObligationExpressionsType(); + obligations.getObligationExpression().add(obligation); + rule.setObligationExpressions(obligations); + return rule; + } } diff --git a/applications/monitoring/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider b/applications/monitoring/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider new file mode 100644 index 00000000..5c8dd5e6 --- /dev/null +++ b/applications/monitoring/src/main/resources/META-INF/services/org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider @@ -0,0 +1 @@ +org.onap.policy.xacml.pdp.engine.OnapXacmlPdpEngine \ No newline at end of file diff --git a/applications/monitoring/src/main/resources/RootMonitoringPolicy.xml b/applications/monitoring/src/main/resources/RootMonitoringPolicy.xml index 3ac716e8..33b28815 100644 --- a/applications/monitoring/src/main/resources/RootMonitoringPolicy.xml +++ b/applications/monitoring/src/main/resources/RootMonitoringPolicy.xml @@ -1,5 +1,5 @@ - - + + The root policy for supporting in-memory onap.Monitoring policy-type policies. @@ -19,24 +19,18 @@ - - PERMIT - TO BE FILLED IN - - - - - John - - - - ACCESS - - - - - - - - Default is DENY - - + + + Default is to allow a permit - returning 0 obligations + + + + + + \ No newline at end of file diff --git a/applications/monitoring/src/test/java/cucumber/Stepdefs.java b/applications/monitoring/src/test/java/cucumber/Stepdefs.java index 6915afdb..ca5efa46 100644 --- a/applications/monitoring/src/test/java/cucumber/Stepdefs.java +++ b/applications/monitoring/src/test/java/cucumber/Stepdefs.java @@ -22,27 +22,204 @@ package cucumber; +import com.att.research.xacml.std.annotations.XACMLAction; +import com.att.research.xacml.std.annotations.XACMLRequest; +import com.att.research.xacml.std.annotations.XACMLResource; +import com.att.research.xacml.std.annotations.XACMLSubject; + import cucumber.api.java.en.Given; import cucumber.api.java.en.Then; import cucumber.api.java.en.When; +import org.junit.ClassRule; +import org.junit.rules.TemporaryFolder; + public class Stepdefs { - @Given("TCA Policy is loaded") - public void tca_Policy_is_loaded() { - // Write code here that turns the phrase above into concrete actions - throw new cucumber.api.PendingException(); + /* + + private static final Logger logger = LoggerFactory.getLogger(Stepdefs.class); + + public static OnapXacmlPdpEngine onapPdpEngine; + public static Properties properties; + public static Map tcaPolicy; + public static Request request; + public static File pathProperties; + public static File pathRootPolicy; + + /** + * Temporary folder where we will store newly created policies. + */ + @ClassRule + public TemporaryFolder policyFolder = new TemporaryFolder(); + + /** + * This is a simple annotation class to simulate + * requests coming in. + */ + @XACMLRequest(ReturnPolicyIdList = true) + public class MyXacmlRequest { + + @XACMLSubject(includeInResults = true) + String onapName = "DCAE"; + + @XACMLResource(includeInResults = true) + String resource = "onap.policies.Monitoring"; + + @XACMLAction() + String action = "configure"; + } + + /** + * Initialization. + */ + @Given("Initialization") + public void initialization() { + /* + // + // Everything initializes upon startup + // + assertThatCode(() -> { + // + // Assume XACML REST Controller loads PDP engine + // + onapPdpEngine = new OnapXacmlPdpEngine(); + // + // Come up with defaults + // + File path = Paths.get("src/test/resources").toFile(); + /* + // try (InputStream is = new FileInputStream("src/test/resources/xacml.properties")) { + // properties = new Properties(); + // properties.load(is); + // onapPdpEngine.initializeEngine(properties); +// } + onapPdpEngine.initialize(path.toPath()); + // + // Store the properties in new path + // + // JUNIT IS CRASHING - THE TEMP FOLDER NOT CREATED --> + //pathProperties = policyFolder.newFile("xacml.properties"); + // + // Store the root policies + // + for (String rootPolicyId : XACMLProperties.getRootPolicyIDs(properties)) { + logger.debug("Root policy id: " + rootPolicyId); + } + + }).doesNotThrowAnyException(); + */ + } + + /** + * Initialization. + */ + @When("Decision Requested") + public void decision_Requested() { + /* + // + // Simulate a request coming in from Xacml REST server + // + assertThatCode(() -> { + request = RequestParser.parseRequest(new MyXacmlRequest()); + }).doesNotThrowAnyException(); + */ + } + + /** + * Initialization. + */ + @Then("Decision Permit {int} Obligations") + public void decision_Permit_Obligations(Integer int1) { + /* + Response response = onapPdpEngine.decision(request); + for (Result result : response.getResults()) { + logger.debug(result.getDecision().toString()); + assertEquals(Decision.PERMIT, result.getDecision()); + assertThat(result.getObligations().size()).isEqualTo(int1); + } + */ + } + + /** + * Initialization. + */ + @When("The application gets new Tosca Policy") + public void the_application_gets_new_Tosca_Policy() { + /* + // + // The Xacml PDP REST controller Would receive this from the PAP + // + // And then parse it looking for Policy Types + // + assertThatCode(() -> { + try (InputStream is = new FileInputStream("src/test/resources/vDNS.policy.input.yaml")) { + Yaml yaml = new Yaml(); + tcaPolicy = yaml.load(is); + // + // Do we test iterating and determining if supported? + // + + } + }).doesNotThrowAnyException(); + */ } - @When("A Decision Request is received") - public void a_Decision_Request_is_received() { - // Write code here that turns the phrase above into concrete actions - throw new cucumber.api.PendingException(); + /** + * Initialization. + */ + @Then("Load Policy") + public void load_Policy() { + /* + assertThatCode(() -> { + // + // Load the policies + // + List convertedPolicies = onapPdpEngine.convertPolicies(tcaPolicy); + // + // Store these in temporary folder + // + int id = 1; + List newReferencedPolicies = new ArrayList<>(); + for (PolicyType convertedPolicy : convertedPolicies) { + // + // I don't think we should use the policy id as the filename - there could + // possibly be duplicates. eg. Not guaranteed to be unique. + // + File file = policyFolder.newFile("policy." + id + convertedPolicy.getPolicyId() + ".xml"); + logger.info("Creating Policy {}", file.getAbsolutePath()); + Path path = XACMLPolicyWriter.writePolicyFile(file.toPath(), convertedPolicy); + // + // Add it to our list + // + newReferencedPolicies.add(path); + } + // + // Now updated the properties + // + Path[] args = new Path[newReferencedPolicies.size()]; + newReferencedPolicies.toArray(args); + XACMLProperties.setXacmlReferencedProperties(properties, args); + // + // Reload the PDP engine + // + onapPdpEngine.initializeEngine(properties); + }).doesNotThrowAnyException(); + */ } - @Then("I should return TCA Policy as JSON") - public void i_should_return_TCA_Policy_as_JSON() { - // Write code here that turns the phrase above into concrete actions - throw new cucumber.api.PendingException(); + /** + * Initialization. + */ + @Then("Save Configuration") + public void save_Configuration() { + /* + assertThatCode(() -> { + // + // Save the configuration + // + onapPdpEngine.storeXacmlProperties(pathProperties.getAbsolutePath()); + }).doesNotThrowAnyException(); + */ } -} +} \ No newline at end of file diff --git a/applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngineTest.java b/applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngineTest.java new file mode 100644 index 00000000..940a974b --- /dev/null +++ b/applications/monitoring/src/test/java/org/onap/policy/xacml/pdp/engine/OnapXacmlPdpEngineTest.java @@ -0,0 +1,296 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.xacml.pdp.engine; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatCode; +import static org.assertj.core.api.Assertions.assertThatExceptionOfType; +import static org.junit.Assert.assertEquals; + +import com.att.research.xacml.api.Decision; +import com.att.research.xacml.api.Response; +import com.att.research.xacml.api.Result; +import com.att.research.xacml.std.annotations.RequestParser; +import com.att.research.xacml.std.annotations.XACMLAction; +import com.att.research.xacml.std.annotations.XACMLRequest; +import com.att.research.xacml.std.annotations.XACMLResource; +import com.att.research.xacml.std.annotations.XACMLSubject; +import com.att.research.xacml.util.XACMLProperties; +import com.google.common.io.Files; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.InputStream; +import java.io.OutputStream; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Properties; +import java.util.ServiceLoader; + +import org.junit.BeforeClass; +import org.junit.ClassRule; +import org.junit.Test; +import org.junit.rules.TemporaryFolder; +import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException; +import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.yaml.snakeyaml.Yaml; + +public class OnapXacmlPdpEngineTest { + + private static final Logger LOGGER = LoggerFactory.getLogger(OnapXacmlPdpEngineTest.class); + private static OnapXacmlPdpEngine onapPdpEngine; + private static Properties properties = new Properties(); + private static File propertiesFile; + + @ClassRule + public static final TemporaryFolder policyFolder = new TemporaryFolder(); + + /** + * This is a simple annotation class to simulate + * requests coming in. + */ + @XACMLRequest(ReturnPolicyIdList = true) + public class MyXacmlRequest { + + @XACMLSubject(includeInResults = true) + String onapName = "DCAE"; + + @XACMLResource(includeInResults = true) + String resource = "onap.policies.Monitoring"; + + @XACMLAction() + String action = "configure"; + } + + /** + * Load a test engine. + */ + @BeforeClass + public static void setup() { + assertThatCode(() -> { + // + // Copy all the properties and root policies to the temporary folder + // + try (InputStream is = new FileInputStream("src/test/resources/xacml.properties")) { + // + // Load it in + // + properties.load(is); + propertiesFile = policyFolder.newFile("xacml.properties"); + // + // Copy the root policies + // + for (String root : XACMLProperties.getRootPolicyIDs(properties)) { + // + // Get a file + // + Path rootPath = Paths.get(properties.getProperty(root + ".file")); + LOGGER.debug("Root file {} {}", rootPath, rootPath.getFileName()); + // + // Construct new file name + // + File newRootPath = policyFolder.newFile(rootPath.getFileName().toString()); + // + // Copy it + // + Files.copy(rootPath.toFile(), newRootPath); + assertThat(newRootPath).exists(); + // + // Point to where the new policy is in the temp dir + // + properties.setProperty(root + ".file", newRootPath.getAbsolutePath()); + } + try (OutputStream os = new FileOutputStream(propertiesFile.getAbsolutePath())) { + properties.store(os, ""); + assertThat(propertiesFile).exists(); + } + } + // + // Load service + // + ServiceLoader applicationLoader = + ServiceLoader.load(XacmlApplicationServiceProvider.class); + // + // Iterate through them - I could store the object as + // XacmlApplicationServiceProvider pointer. + // + // Try this later. + // + StringBuilder strDump = new StringBuilder("Loaded applications:" + System.lineSeparator()); + Iterator iterator = applicationLoader.iterator(); + while (iterator.hasNext()) { + XacmlApplicationServiceProvider application = iterator.next(); + strDump.append(application.applicationName()); + strDump.append(" supports "); + strDump.append(application.supportedPolicyTypes()); + strDump.append(System.lineSeparator()); + } + LOGGER.debug("{}", strDump); + // + // Create the engine instance + // + onapPdpEngine = new OnapXacmlPdpEngine(); + // + // Tell it to initialize based on the properties file + // we just built for it. + // + onapPdpEngine.initialize(propertiesFile.toPath().getParent()); + // + // Make sure there's an application name + // + assertThat(onapPdpEngine.applicationName()).isNotEmpty(); + // + // Ensure it has the supported policy types and + // can support the correct policy types. + // + assertThat(onapPdpEngine.canSupportPolicyType("onap.Monitoring", "1.0.0")).isTrue(); + assertThat(onapPdpEngine.canSupportPolicyType("onap.Monitoring", "1.5.0")).isTrue(); + assertThat(onapPdpEngine.canSupportPolicyType("onap.policies.monitoring.foobar", "1.0.1")).isTrue(); + assertThat(onapPdpEngine.canSupportPolicyType("onap.foobar", "1.0.0")).isFalse(); + assertThat(onapPdpEngine.supportedPolicyTypes()).contains("onap.Monitoring"); + // + // Ensure it supports decisions + // + assertThat(onapPdpEngine.actionDecisionsSupported()).contains("configure"); + }).doesNotThrowAnyException(); + } + + @Test + public void testNoPolicies() { + // + // Make a simple decision - NO policies are loaded + // + assertThatCode(() -> { + Response response = onapPdpEngine.decision(RequestParser.parseRequest(new MyXacmlRequest())); + for (Result result : response.getResults()) { + LOGGER.info("Decision {}", result.getDecision()); + assertEquals(Decision.PERMIT, result.getDecision()); + } + }).doesNotThrowAnyException(); + } + + @SuppressWarnings("unchecked") + @Test + public void testvDnsPolicy() { + // + // Now load the vDNS Policy - make sure + // the pdp can support it and have it load + // into the PDP. + // + assertThatCode(() -> { + try (InputStream is = new FileInputStream("src/test/resources/vDNS.policy.input.yaml")) { + Yaml yaml = new Yaml(); + Map toscaObject = yaml.load(is); + List policies = (List) toscaObject.get("policies"); + // + // What we should really do is split the policies out from the ones that + // are not supported to ones that are. And then load these. + // + // In another future review.... + // + for (Object policyObject : policies) { + // + // Get the contents + // + Map policyContents = (Map) policyObject; + for (Entry entrySet : policyContents.entrySet()) { + LOGGER.info("Entry set {}", entrySet.getKey()); + Map policyDefinition = (Map) entrySet.getValue(); + // + // Find the type and make sure the engine supports it + // + assertThat(policyDefinition.containsKey("type")).isTrue(); + assertThat(onapPdpEngine.canSupportPolicyType( + policyDefinition.get("type").toString(), + policyDefinition.get("version").toString())) + .isTrue(); + } + } + // + // Just go ahead and load them all for now + // + // Assuming all are supported etc. + // + onapPdpEngine.loadPolicies(toscaObject); + + //List policies = onapPdpEngine.convertPolicies(is); + // + // Should have a policy + //// assertThat(policies.isEmpty()).isFalse(); + } + }).doesNotThrowAnyException(); + } + + @Test + public void testBadPolicies() { + assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> { + try (InputStream is = + new FileInputStream("src/test/resources/test.monitoring.policy.missingmetadata.yaml")) { + onapPdpEngine.convertPolicies(is); + } + }).withMessageContaining("missing metadata section"); + + assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> { + try (InputStream is = + new FileInputStream("src/test/resources/test.monitoring.policy.missingtype.yaml")) { + onapPdpEngine.convertPolicies(is); + } + }).withMessageContaining("missing type value"); + + assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> { + try (InputStream is = + new FileInputStream("src/test/resources/test.monitoring.policy.missingversion.yaml")) { + onapPdpEngine.convertPolicies(is); + } + }).withMessageContaining("missing version value"); + + assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> { + try (InputStream is = + new FileInputStream("src/test/resources/test.monitoring.policy.badmetadata.1.yaml")) { + onapPdpEngine.convertPolicies(is); + } + }).withMessageContaining("missing metadata policy-version"); + + assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> { + try (InputStream is = + new FileInputStream("src/test/resources/test.monitoring.policy.badmetadata.2.yaml")) { + onapPdpEngine.convertPolicies(is); + } + }).withMessageContaining("missing metadata policy-id"); + + assertThatExceptionOfType(ToscaPolicyConversionException.class).isThrownBy(() -> { + try (InputStream is = + new FileInputStream("src/test/resources/test.monitoring.policy.missingproperties.yaml")) { + onapPdpEngine.convertPolicies(is); + } + }).withMessageContaining("missing properties section"); + } + +} diff --git a/applications/monitoring/src/test/resources/cucumber/decisions.feature b/applications/monitoring/src/test/resources/cucumber/decisions.feature index a23d965b..6a573d3c 100644 --- a/applications/monitoring/src/test/resources/cucumber/decisions.feature +++ b/applications/monitoring/src/test/resources/cucumber/decisions.feature @@ -18,10 +18,10 @@ # # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= -Feature: Return a decision - Return a decision for a request - - Scenario: Return policy as a JSON - Given TCA Policy is loaded - When A Decision Request is received - Then I should return TCA Policy as JSON \ No newline at end of file +#Feature: Return a decision +# Return a decision for a request +# +# Scenario: Return policy as a JSON +# Given TCA Policy is loaded +# When A Decision Request is received +# Then I should return TCA Policy as JSON \ No newline at end of file diff --git a/applications/monitoring/src/test/resources/cucumber/load_policy.feature b/applications/monitoring/src/test/resources/cucumber/load_policy.feature new file mode 100644 index 00000000..9651ca91 --- /dev/null +++ b/applications/monitoring/src/test/resources/cucumber/load_policy.feature @@ -0,0 +1,35 @@ +# +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ============LICENSE_END========================================================= + +Feature: Loading TOSCA Policies + When a TOSCA Policy is received, convert it + to a XACML policy and then load it into the XACML PDP engine. + + Scenario: No Policies Loaded + Given Initialization + When Decision Requested + Then Decision Permit 0 Obligations + + Scenario: Load New Policy + Given Initialization + When The application gets new Tosca Policy + Then Load Policy + And Save Configuration diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.1.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.1.yaml new file mode 100644 index 00000000..a2631848 --- /dev/null +++ b/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.1.yaml @@ -0,0 +1,10 @@ +tosca_definitions_version: tosca_simple_yaml_1_0_0 +policies: + - + test.monitoring.policy.badmetadata.1: + type: onap.policies.monitoring.cdap.tca.hi.lo.app + version: 1.0.0 + metadata: + policy-id: test.monitoring.policy.badmetadata.1 + properties: + domain: measurementsForVfScaling diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.2.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.2.yaml new file mode 100644 index 00000000..7da2db38 --- /dev/null +++ b/applications/monitoring/src/test/resources/test.monitoring.policy.badmetadata.2.yaml @@ -0,0 +1,10 @@ +tosca_definitions_version: tosca_simple_yaml_1_0_0 +policies: + - + onap.scaleout.tca: + type: onap.policies.monitoring.cdap.tca.hi.lo.app + version: 1.0.0 + metadata: + policy-version: 1 + properties: + domain: measurementsForVfScaling diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.missingmetadata.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.missingmetadata.yaml new file mode 100644 index 00000000..4984a1c3 --- /dev/null +++ b/applications/monitoring/src/test/resources/test.monitoring.policy.missingmetadata.yaml @@ -0,0 +1,9 @@ +tosca_definitions_version: tosca_simple_yaml_1_0_0 +policies: + - + onap.scaleout.tca: + type: onap.policies.monitoring.test + description: I am a test policy + version: 1.0.0 + properties: + domain: measurementsForVfScaling diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.missingproperties.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.missingproperties.yaml new file mode 100644 index 00000000..d4132a28 --- /dev/null +++ b/applications/monitoring/src/test/resources/test.monitoring.policy.missingproperties.yaml @@ -0,0 +1,9 @@ +tosca_definitions_version: tosca_simple_yaml_1_0_0 +policies: + - + onap.scaleout.tca: + type: onap.policies.monitoring.cdap.tca.hi.lo.app + version: 1.0.0 + metadata: + policy-id: onap.scaleout.tca + policy-version: 1 diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.missingtype.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.missingtype.yaml new file mode 100644 index 00000000..309d08c5 --- /dev/null +++ b/applications/monitoring/src/test/resources/test.monitoring.policy.missingtype.yaml @@ -0,0 +1,11 @@ +tosca_definitions_version: tosca_simple_yaml_1_0_0 +policies: + - + onap.scaleout.tca: + description: I am a test policy + version: 1.0.0 + metadata: + policy-id: onap.scaleout.tca + policy-version: 10 + properties: + domain: measurementsForVfScaling diff --git a/applications/monitoring/src/test/resources/test.monitoring.policy.missingversion.yaml b/applications/monitoring/src/test/resources/test.monitoring.policy.missingversion.yaml new file mode 100644 index 00000000..ff378d92 --- /dev/null +++ b/applications/monitoring/src/test/resources/test.monitoring.policy.missingversion.yaml @@ -0,0 +1,11 @@ +tosca_definitions_version: tosca_simple_yaml_1_0_0 +policies: + - + onap.scaleout.tca: + type: onap.policies.monitoring.test + description: I am a test policy + metadata: + policy-id: onap.scaleout.tca + policy-version: 10 + properties: + domain: measurementsForVfScaling diff --git a/applications/monitoring/src/test/resources/unsupportedpolicytype.yaml b/applications/monitoring/src/test/resources/unsupportedpolicytype.yaml new file mode 100644 index 00000000..0a895b38 --- /dev/null +++ b/applications/monitoring/src/test/resources/unsupportedpolicytype.yaml @@ -0,0 +1,11 @@ +tosca_definitions_version: tosca_simple_yaml_1_0_0 +policies: + - + policy.name: + type: foo.bar + version: 1.0.0 + metadata: + policy-id: policy.name + policy-version: 1 + properties: + prop1: value1 diff --git a/applications/monitoring/src/test/resources/vDNS.policy.decision.payload.json b/applications/monitoring/src/test/resources/vDNS.policy.decision.payload.json new file mode 100644 index 00000000..e69de29b diff --git a/applications/monitoring/src/test/resources/vDNS.policy.input.yaml b/applications/monitoring/src/test/resources/vDNS.policy.input.yaml index ee149381..ee12c702 100644 --- a/applications/monitoring/src/test/resources/vDNS.policy.input.yaml +++ b/applications/monitoring/src/test/resources/vDNS.policy.input.yaml @@ -6,6 +6,7 @@ policies: version: 1.0.0 metadata: policy-id: onap.scaleout.tca + policy-version: 1 properties: domain: measurementsForVfScaling metricsPerEventName: diff --git a/applications/monitoring/src/test/resources/vDNS.policy.xml b/applications/monitoring/src/test/resources/vDNS.policy.xml new file mode 100644 index 00000000..14ad4603 --- /dev/null +++ b/applications/monitoring/src/test/resources/vDNS.policy.xml @@ -0,0 +1,44 @@ + + + The root policy for supporting in-memory onap.Monitoring policy-type policies. + + + + + + onap.scaleout.tca + + + + + + + onap.scaleout.tca + + + + + + + onap.policies.monitoring.cdap.tca.hi.lo.app + + + + + + + onap.policies.monitoring.cdap.tca.hi.lo.app + + + + + + + Default is Permit + + + diff --git a/applications/monitoring/src/test/resources/xacml.properties b/applications/monitoring/src/test/resources/xacml.properties new file mode 100644 index 00000000..9b5330dc --- /dev/null +++ b/applications/monitoring/src/test/resources/xacml.properties @@ -0,0 +1,34 @@ +# +# Properties that the embedded PDP engine uses to configure and load +# +# Standard API Factories +# +xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory +xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory +xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory +xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory +xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory +# +# AT&T PDP Implementation Factories +# +xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory +xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory +xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory +# +# ONAP PDP Implementation Factories +# +xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory + +# +# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the +# policies and PIP configuration as defined below. Otherwise, this is the configuration that +# the embedded PDP uses. +# + +policytypes=onap.Monitoring, onap.policies.monitoring.cdap.tca.hi.lo.app + +# Policies to load +# +xacml.rootPolicies=monitoring +monitoring.file=src/main/resources/RootMonitoringPolicy.xml + -- cgit 1.2.3-korg