X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=applications%2Fguard%2Fsrc%2Ftest%2Fjava%2Forg%2Fonap%2Fpolicy%2Fxacml%2Fpdp%2Fapplication%2Fguard%2FGuardPdpApplicationTest.java;h=f5392cfaca07476fe812ece8c1a5b59d06e5e594;hb=refs%2Fchanges%2F12%2F107412%2F1;hp=c5cf0327ef29d58113ab7b387e2d680b6b10fdf9;hpb=fca3dd7b4bdc33b579750004c9d3bc163d20a2a7;p=policy%2Fxacml-pdp.git diff --git a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java index c5cf0327..f5392cfa 100644 --- a/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java +++ b/applications/guard/src/test/java/org/onap/policy/xacml/pdp/application/guard/GuardPdpApplicationTest.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2019-2020 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,22 +23,23 @@ package org.onap.policy.xacml.pdp.application.guard; import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.assertThatCode; +import com.att.research.xacml.api.Response; import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; import java.sql.Date; import java.time.Instant; -import java.util.HashMap; import java.util.Iterator; +import java.util.List; import java.util.Map; import java.util.Properties; import java.util.ServiceLoader; import java.util.UUID; - import javax.persistence.EntityManager; import javax.persistence.Persistence; - +import org.apache.commons.lang3.tuple.Pair; import org.junit.AfterClass; import org.junit.Before; import org.junit.BeforeClass; @@ -47,18 +48,20 @@ import org.junit.FixMethodOrder; import org.junit.Test; import org.junit.rules.TemporaryFolder; import org.junit.runners.MethodSorters; +import org.onap.policy.common.endpoints.parameters.RestServerParameters; import org.onap.policy.common.utils.coder.CoderException; import org.onap.policy.common.utils.coder.StandardCoder; import org.onap.policy.common.utils.resources.TextFileUtils; import org.onap.policy.models.decisions.concepts.DecisionRequest; import org.onap.policy.models.decisions.concepts.DecisionResponse; +import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy; import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicyTypeIdentifier; -import org.onap.policy.pdp.xacml.application.common.TestUtils; import org.onap.policy.pdp.xacml.application.common.XacmlApplicationException; import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider; import org.onap.policy.pdp.xacml.application.common.XacmlPolicyUtils; import org.onap.policy.pdp.xacml.application.common.operationshistory.CountRecentOperationsPip; import org.onap.policy.pdp.xacml.application.common.operationshistory.Dbao; +import org.onap.policy.pdp.xacml.xacmltest.TestUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -68,10 +71,9 @@ public class GuardPdpApplicationTest { private static final Logger LOGGER = LoggerFactory.getLogger(GuardPdpApplicationTest.class); private static Properties properties = new Properties(); private static File propertiesFile; + private static RestServerParameters clientParams = new RestServerParameters(); private static XacmlApplicationServiceProvider service; - private static DecisionRequest requestVfCount1; - private static DecisionRequest requestVfCount3; - private static DecisionRequest requestVfCount6; + private static DecisionRequest requestVfCount; private static StandardCoder gson = new StandardCoder(); private static EntityManager em; private static final String DENY = "Deny"; @@ -81,8 +83,7 @@ public class GuardPdpApplicationTest { public static final TemporaryFolder policyFolder = new TemporaryFolder(); /** - * Copies the xacml.properties and policies files into - * temporary folder and loads the service provider saving + * Copies the xacml.properties and policies files into temporary folder and loads the service provider saving * instance of provider off for other tests to use. */ @BeforeClass @@ -92,8 +93,8 @@ public class GuardPdpApplicationTest { // Setup our temporary folder // XacmlPolicyUtils.FileCreator myCreator = (String filename) -> policyFolder.newFile(filename); - propertiesFile = XacmlPolicyUtils.copyXacmlPropertiesContents("src/test/resources/xacml.properties", - properties, myCreator); + propertiesFile = XacmlPolicyUtils.copyXacmlPropertiesContents("src/test/resources/xacml.properties", properties, + myCreator); // // Load service // @@ -102,7 +103,7 @@ public class GuardPdpApplicationTest { // // Find the guard service application and save for use in all the tests // - StringBuilder strDump = new StringBuilder("Loaded applications:" + System.lineSeparator()); + StringBuilder strDump = new StringBuilder("Loaded applications:" + XacmlPolicyUtils.LINE_SEPARATOR); Iterator iterator = applicationLoader.iterator(); while (iterator.hasNext()) { XacmlApplicationServiceProvider application = iterator.next(); @@ -119,40 +120,41 @@ public class GuardPdpApplicationTest { strDump.append(application.applicationName()); strDump.append(" supports "); strDump.append(application.supportedPolicyTypes()); - strDump.append(System.lineSeparator()); + strDump.append(XacmlPolicyUtils.LINE_SEPARATOR); } LOGGER.info("{}", strDump); // // Tell it to initialize based on the properties file // we just built for it. // - service.initialize(propertiesFile.toPath().getParent()); + service.initialize(propertiesFile.toPath().getParent(), clientParams); // // Load Decision Requests // - requestVfCount1 = gson.decode( - TextFileUtils.getTextFileAsString( - "src/test/resources/requests/guard.vfCount.1.json"), - DecisionRequest.class); - requestVfCount3 = gson.decode( - TextFileUtils.getTextFileAsString( - "src/test/resources/requests/guard.vfCount.3.json"), - DecisionRequest.class); - requestVfCount6 = gson.decode( - TextFileUtils.getTextFileAsString( - "src/test/resources/requests/guard.vfCount.6.json"), - DecisionRequest.class); + requestVfCount = + gson.decode(TextFileUtils.getTextFileAsString("src/test/resources/requests/guard.vfCount.json"), + DecisionRequest.class); // // Create EntityManager for manipulating DB // String persistenceUnit = CountRecentOperationsPip.ISSUER_NAME + ".persistenceunit"; - em = Persistence.createEntityManagerFactory( - GuardPdpApplicationTest.properties.getProperty(persistenceUnit), properties) + em = Persistence + .createEntityManagerFactory(GuardPdpApplicationTest.properties.getProperty(persistenceUnit), properties) .createEntityManager(); } /** - * Clears the database before each test. + * Close the entity manager. + */ + @AfterClass + public static void cleanup() throws Exception { + if (em != null) { + em.close(); + } + } + + /** + * Clears the database before each test so there are no operations in it. * */ @Before @@ -191,16 +193,16 @@ public class GuardPdpApplicationTest { // // Ask for a decision // - DecisionResponse response = service.makeDecision(request); + Pair decision = service.makeDecision(request, null); // // Check decision // - checkDecision(expected, response); + checkDecision(expected, decision.getKey()); } @Test public void test1Basics() throws CoderException, IOException { - LOGGER.info("**************** Running test1 ****************"); + LOGGER.info("**************** Running test1Basics ****************"); // // Make sure there's an application name // @@ -215,15 +217,21 @@ public class GuardPdpApplicationTest { // can support the correct policy types. // assertThat(service.supportedPolicyTypes()).isNotEmpty(); - assertThat(service.supportedPolicyTypes().size()).isEqualTo(3); - assertThat(service.canSupportPolicyType(new ToscaPolicyTypeIdentifier( - "onap.policies.controlloop.guard.FrequencyLimiter", "1.0.0"))).isTrue(); - assertThat(service.canSupportPolicyType(new ToscaPolicyTypeIdentifier( - "onap.policies.controlloop.guard.FrequencyLimiter", "1.0.1"))).isFalse(); - assertThat(service.canSupportPolicyType(new ToscaPolicyTypeIdentifier( - "onap.policies.controlloop.guard.MinMax", "1.0.0"))).isTrue(); - assertThat(service.canSupportPolicyType(new ToscaPolicyTypeIdentifier( - "onap.policies.controlloop.guard.MinMax", "1.0.1"))).isFalse(); + assertThat(service.supportedPolicyTypes().size()).isEqualTo(4); + assertThat(service.canSupportPolicyType( + new ToscaPolicyTypeIdentifier("onap.policies.controlloop.guard.common.FrequencyLimiter", "1.0.0"))) + .isTrue(); + assertThat(service.canSupportPolicyType( + new ToscaPolicyTypeIdentifier("onap.policies.controlloop.guard.common.FrequencyLimiter", "1.0.1"))) + .isFalse(); + assertThat(service.canSupportPolicyType( + new ToscaPolicyTypeIdentifier("onap.policies.controlloop.guard.common.MinMax", "1.0.0"))).isTrue(); + assertThat(service.canSupportPolicyType( + new ToscaPolicyTypeIdentifier("onap.policies.controlloop.guard.common.MinMax", "1.0.1"))).isFalse(); + assertThat(service.canSupportPolicyType( + new ToscaPolicyTypeIdentifier("onap.policies.controlloop.guard.common.Blacklist", "1.0.0"))).isTrue(); + assertThat(service.canSupportPolicyType( + new ToscaPolicyTypeIdentifier("onap.policies.controlloop.guard.common.Blacklist", "1.0.1"))).isFalse(); assertThat(service.canSupportPolicyType(new ToscaPolicyTypeIdentifier( "onap.policies.controlloop.guard.coordination.FirstBlocksSecond", "1.0.0"))).isTrue(); assertThat(service.canSupportPolicyType(new ToscaPolicyTypeIdentifier( @@ -233,124 +241,115 @@ public class GuardPdpApplicationTest { @Test public void test2NoPolicies() throws CoderException { - LOGGER.info("**************** Running test2 ****************"); - requestAndCheckDecision(requestVfCount1,PERMIT); + LOGGER.info("**************** Running test2NoPolicies ****************"); + assertThatCode(() -> requestAndCheckDecision(requestVfCount, PERMIT)).doesNotThrowAnyException(); } @Test - public void test3FrequencyLimiter() throws CoderException, FileNotFoundException, IOException, - XacmlApplicationException { - LOGGER.info("**************** Running test3 ****************"); + public void test3FrequencyLimiter() + throws CoderException, FileNotFoundException, IOException, XacmlApplicationException { + LOGGER.info("**************** Running test3FrequencyLimiter ****************"); // // Now load the vDNS frequency limiter Policy - make sure // the pdp can support it and have it load // into the PDP. // - TestUtils.loadPolicies("src/test/resources/vDNS.policy.guard.frequency.output.tosca.yaml", service); + List loadedPolicies = + TestUtils.loadPolicies("policies/vDNS.policy.guard.frequencylimiter.input.tosca.yaml", service); + assertThat(loadedPolicies).hasSize(1); + assertThat(loadedPolicies.get(0).getName()).isEqualTo("guard.frequency.scaleout"); // // Zero recent actions: should get permit // - requestAndCheckDecision(requestVfCount1,PERMIT); - // - // Add entry into operations history DB - // - insertOperationEvent(requestVfCount1); - // - // Only one recent actions: should get permit - // - requestAndCheckDecision(requestVfCount1,PERMIT); + requestAndCheckDecision(requestVfCount, PERMIT); // // Add entry into operations history DB // - insertOperationEvent(requestVfCount1); + insertOperationEvent(requestVfCount); // // Two recent actions, more than specified limit of 2: should get deny // - requestAndCheckDecision(requestVfCount1,DENY); + requestAndCheckDecision(requestVfCount, DENY); } + @SuppressWarnings("unchecked") @Test public void test4MinMax() throws CoderException, FileNotFoundException, IOException, XacmlApplicationException { - LOGGER.info("**************** Running test4 ****************"); + LOGGER.info("**************** Running test4MinMax ****************"); // // Now load the vDNS min max Policy - make sure // the pdp can support it and have it load // into the PDP. // - TestUtils.loadPolicies("src/test/resources/vDNS.policy.guard.minmax.output.tosca.yaml", service); + List loadedPolicies = + TestUtils.loadPolicies("policies/vDNS.policy.guard.minmaxvnfs.input.tosca.yaml", service); + assertThat(loadedPolicies).hasSize(1); + assertThat(loadedPolicies.get(0).getName()).isEqualTo("guard.minmax.scaleout"); // - // vfcount=1 below min of 2: should get a Deny + // vfcount=0 below min of 1: should get a Permit // - requestAndCheckDecision(requestVfCount1, DENY); + requestAndCheckDecision(requestVfCount, PERMIT); // - // vfcount=3 between min of 2 and max of 5: should get a Permit + // vfcount=1 between min of 1 and max of 2: should get a Permit // - requestAndCheckDecision(requestVfCount3, PERMIT); + ((Map) requestVfCount.getResource().get("guard")).put("vfCount", 1); + requestAndCheckDecision(requestVfCount, PERMIT); // - // vfcount=6 above max of 5: should get a Deny + // vfcount=2 hits the max of 2: should get a Deny // - requestAndCheckDecision(requestVfCount6,DENY); + ((Map) requestVfCount.getResource().get("guard")).put("vfCount", 2); + requestAndCheckDecision(requestVfCount, DENY); // - // Add two entry into operations history DB + // vfcount=3 above max of 2: should get a Deny // - insertOperationEvent(requestVfCount1); - insertOperationEvent(requestVfCount1); + ((Map) requestVfCount.getResource().get("guard")).put("vfCount", 3); + requestAndCheckDecision(requestVfCount, DENY); // - // vfcount=3 between min of 2 and max of 5, but 2 recent actions is above frequency limit: should get a Deny + // Insert entry into operations history DB - to indicate a successful + // VF Module Create. // - requestAndCheckDecision(requestVfCount3, DENY); + insertOperationEvent(requestVfCount); // - // vfcount=6 above max of 5: should get a Deny + // vfcount=1 between min of 1 and max of 2; MinMax should succeed, + // BUT the frequency limiter should fail // - requestAndCheckDecision(requestVfCount6, DENY); + ((Map) requestVfCount.getResource().get("guard")).put("vfCount", 1); + requestAndCheckDecision(requestVfCount, DENY); } + @SuppressWarnings("unchecked") @Test - public void test5MissingFields() throws FileNotFoundException, IOException, XacmlApplicationException, - CoderException { - LOGGER.info("**************** Running test5 ****************"); - // - // Most likely we would not get a policy with missing fields passed to - // us from the API. But in case that happens, or we decide that some fields - // will be optional due to re-working of how the XACML policies are built, - // let's add support in for that. - // - TestUtils.loadPolicies("src/test/resources/guard.policy-minmax-missing-fields1.yaml", service); - // - // We can create a DecisionRequest on the fly - no need - // to have it in the .json files - // - DecisionRequest request = new DecisionRequest(); - request.setOnapName("JUnit"); - request.setOnapComponent("test5MissingFields"); - request.setRequestId(UUID.randomUUID().toString()); - request.setAction("guard"); - Map guard = new HashMap<>(); - guard.put("actor", "FOO"); - guard.put("recipe", "bar"); - guard.put("vfCount", "4"); - Map resource = new HashMap<>(); - resource.put("guard", guard); - request.setResource(resource); - // - // Ask for a decision - should get permit - // - DecisionResponse response = service.makeDecision(request); - LOGGER.info("Looking for Permit Decision {}", response); - assertThat(response).isNotNull(); - assertThat(response.getStatus()).isNotNull(); - assertThat(response.getStatus()).isEqualTo("Permit"); + public void test5Blacklist() throws CoderException, XacmlApplicationException { + LOGGER.info("**************** Running test5Blacklist ****************"); // - // Try a deny + // Load the blacklist policy in with the others. // - guard.put("vfCount", "10"); - resource.put("guard", guard); - request.setResource(resource); - response = service.makeDecision(request); - LOGGER.info("Looking for Deny Decision {}", response); - assertThat(response).isNotNull(); - assertThat(response.getStatus()).isNotNull(); - assertThat(response.getStatus()).isEqualTo("Deny"); + List loadedPolicies = + TestUtils.loadPolicies("policies/vDNS.policy.guard.blacklist.input.tosca.yaml", service); + assertThat(loadedPolicies).hasSize(1); + assertThat(loadedPolicies.get(0).getName()).isEqualTo("guard.blacklist.scaleout"); + // + // vfcount=0 below min of 1: should get a Permit because target is NOT blacklisted + // + requestAndCheckDecision(requestVfCount, PERMIT); + // + // vfcount=1 between min of 1 and max of 2: change the + // + ((Map) requestVfCount.getResource().get("guard")).put("target", + "the-vfmodule-where-root-is-true"); + // + // vfcount=0 below min of 1: should get a Deny because target IS blacklisted + // + requestAndCheckDecision(requestVfCount, DENY); + // + // vfcount=1 between min of 1 and max of 2: change the + // + ((Map) requestVfCount.getResource().get("guard")).put("target", + "another-vfmodule-where-root-is-true"); + // + // vfcount=0 below min of 1: should get a Deny because target IS blacklisted + // + requestAndCheckDecision(requestVfCount, DENY); } @SuppressWarnings("unchecked") @@ -365,7 +364,7 @@ public class GuardPdpApplicationTest { // Dbao newEntry = new Dbao(); newEntry.setActor(properties.get("actor").toString()); - newEntry.setOperation(properties.get("recipe").toString()); + newEntry.setOperation(properties.get("operation").toString()); newEntry.setClosedLoopName(properties.get("clname").toString()); newEntry.setOutcome("SUCCESS"); newEntry.setStarttime(Date.from(Instant.now().minusMillis(20000))); @@ -378,14 +377,4 @@ public class GuardPdpApplicationTest { em.getTransaction().commit(); } - /** - * Close the entity manager. - */ - @AfterClass - public static void cleanup() throws Exception { - if (em != null) { - em.close(); - } - } - }