2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017-2020 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.guard;
23 import java.util.HashSet;
25 import java.util.UUID;
26 import java.util.function.Supplier;
27 import org.drools.core.WorkingMemory;
28 import org.slf4j.Logger;
29 import org.slf4j.LoggerFactory;
31 public class CallGuardTask implements Runnable {
33 private static final Logger logger = LoggerFactory.getLogger(CallGuardTask.class);
36 * Actor/recipe pairs whose guard requests need a VF Module count. Each element is of
37 * the form "<actor>:<recipe>".
39 private static final Set<String> NEEDS_VF_COUNT = new HashSet<>();
42 * Actor/recipe pairs whose guard requests need the VF Module count to be incremented
43 * (i.e., because a module is being added). Each element is of the form
44 * "<actor>:<recipe>".
46 private static final Set<String> INCR_VF_COUNT = new HashSet<>();
49 INCR_VF_COUNT.add("SO:VF Module Create");
50 NEEDS_VF_COUNT.addAll(INCR_VF_COUNT);
53 private WorkingMemory workingMemory;
54 private String clname;
56 private String recipe;
57 private String target;
58 private String requestId;
59 private Integer vfCount;
62 * Populated once the response has been determined, which may happen during the
63 * constructor or later, during {@link #run()}.
65 private PolicyGuardResponse guardResponse;
68 * Guard url is grabbed from PolicyEngine manager properties.
70 public CallGuardTask(WorkingMemory wm, String cl, String act,
71 String rec, String tar, String reqId, Supplier<Integer> vfcnt) {
81 String key = act + ":" + rec;
83 if (NEEDS_VF_COUNT.contains(key)) {
84 // this actor/recipe needs the count - get it
85 if ((vfCount = vfcnt.get()) == null) {
87 * The count is missing - create an artificial Deny, which will be
88 * inserted into working memory when "run()" is called.
90 guardResponse = new PolicyGuardResponse(Util.DENY, UUID.fromString(requestId), recipe);
91 logger.error("CallGuardTask.run missing VF Module count; requestId={}", requestId);
95 if (INCR_VF_COUNT.contains(key)) {
96 // this actor/recipe needs the count to be incremented
104 if (guardResponse != null) {
105 // already have a response - just insert it
106 workingMemory.insert(guardResponse);
110 final long startTime = System.nanoTime();
112 PolicyGuardXacmlRequestAttributes xacmlReq =
113 new PolicyGuardXacmlRequestAttributes(clname, actor, recipe, target, requestId, vfCount);
115 logger.debug("\n********** XACML REQUEST START ********");
116 logger.debug("{}", xacmlReq);
117 logger.debug("********** XACML REQUEST END ********\n");
119 String guardDecision = null;
122 // Make guard request
124 guardDecision = new PolicyGuardXacmlHelper().callPdp(xacmlReq);
126 logger.debug("\n********** XACML RESPONSE START ********");
127 logger.debug("{}", guardDecision);
128 logger.debug("********** XACML RESPONSE END ********\n");
131 // Check if the restful call was unsuccessful or property doesn't exist
133 if (guardDecision == null) {
134 logger.error("********** XACML FAILED TO CONNECT ********");
135 guardDecision = Util.INDETERMINATE;
138 guardResponse = new PolicyGuardResponse(guardDecision, UUID.fromString(this.requestId), this.recipe);
141 // Create an artificial Guard response in case we didn't get a clear Permit or Deny
143 if ("Indeterminate".equals(guardResponse.getResult())) {
144 guardResponse.setOperation(recipe);
145 guardResponse.setRequestId(UUID.fromString(requestId));
148 long estimatedTime = System.nanoTime() - startTime;
149 logger.debug("\n\n============ Guard inserted with decision {} !!! =========== time took: {} mili sec \n\n",
150 guardResponse.getResult(), (double) estimatedTime / 1000 / 1000);
151 workingMemory.insert(guardResponse);