Robot test files will be included in a common directory as part of the CSIT refactoring work.
Issue-ID: POLICY-4542
Signed-off-by: zrrmmua <ramesh.murugan.iyer@est.tech>
Change-Id: I0915bb9801d483a9ce382a8c6978de6138c86d72
#!/bin/bash
#
# ============LICENSE_START====================================================
-# Copyright (C) 2022 Nordix Foundation.
+# Copyright (C) 2022-2023 Nordix Foundation.
# =============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
POLICY_PAP_CONTAINER="policy-pap"
POLICY_CLAMP_CONTAINER="policy-clamp-runtime-acm"
POLICY_APEX_CONTAINER="policy-apex-pdp"
+POLICY_DROOLS_CONTAINER="policy-drools-pdp"
+POLICY_XACML_CONTAINER="policy-xacml-pdp"
export PROJECT=""
export ROBOT_FILE=""
xacml-pdp | policy-xacml-pdp)
export ROBOT_FILE=($POLICY_XACML_PDP_ROBOT)
+ export READINESS_CONTAINERS=($POLICY_XACML_CONTAINER)
;;
drools-pdp | policy-drools-pdp)
export ROBOT_FILE=($POLICY_DROOLS_PDP_ROBOT)
+ export READINESS_CONTAINERS=($POLICY_DROOLS_CONTAINER)
;;
*)
-# Copyright © 2022 Nordix Foundation
+# Copyright © 2022-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
version: ~11.x-0
repository: 'file://components/policy-clamp-ac-pf-ppnt'
condition: policy-clamp-ac-pf-ppnt.enabled
+ - name: policy-drools-pdp
+ version: ~11.x-0
+ repository: 'file://components/policy-drools-pdp'
+ condition: policy-drools-pdp.enabled
+ - name: policy-xacml-pdp
+ version: ~11.x-0
+ repository: 'file://components/policy-xacml-pdp'
+ condition: policy-xacml-pdp.enabled
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Drools Policy Engine (PDP-D)
+name: policy-drools-pdp
+version: 11.0.0
+
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+# JVM options
+
+JVM_OPTIONS={{.Values.server.jvmOpts}}
+
+# SYSTEM software configuration
+
+POLICY_HOME=/opt/app/policy
+POLICY_LOGS=/var/log/onap/policy/pdpd
+
+# Telemetry credentials
+
+TELEMETRY_PORT=9696
+TELEMETRY_HOST=0.0.0.0
+
+# nexus repository
+
+SNAPSHOT_REPOSITORY_ID=policy-nexus-snapshots
+SNAPSHOT_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/snapshots/
+RELEASE_REPOSITORY_ID=policy-nexus-releases
+RELEASE_REPOSITORY_URL=http://{{.Values.nexus.name}}:{{.Values.nexus.port}}/nexus/content/repositories/releases/
+REPOSITORY_OFFLINE={{.Values.nexus.offline}}
+
+# Relational (SQL) DB access
+
+SQL_HOST={{ .Values.db.name }}
+SQL_PORT=3306
+JDBC_URL=jdbc:mariadb://{{ .Values.db.name }}:3306/
+JDBC_OPTS=
+MYSQL_CMD=
+
+# Liveness
+LIVENESS_CONTROLLERS=*
+
+# AAF
+
+AAF={{.Values.aaf.enabled}}
+AAF_NAMESPACE=org.onap.policy
+AAF_HOST=aaf-locate.{{.Release.Namespace}}
+
+# HTTP Servers
+
+HTTP_SERVER_HTTPS=false
+PROMETHEUS=true
+
+# PDP-D DMaaP configuration channel
+
+PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION
+PDPD_CONFIGURATION_SERVERS=message-router
+PDPD_CONFIGURATION_CONSUMER_GROUP=
+PDPD_CONFIGURATION_CONSUMER_INSTANCE=
+PDPD_CONFIGURATION_PARTITION_KEY=
+
+# PAP-PDP configuration channel
+
+POLICY_PDP_PAP_TOPIC=POLICY-PDP-PAP
+POLICY_PDP_PAP_GROUP=defaultGroup
+POLICY_PDP_PAP_POLICYTYPES=onap.policies.controlloop.operational.common.Drools
+
+# Symmetric Key for encoded sensitive data
+
+SYMM_KEY=
+
+# PAP
+
+PAP_HOST=policy-pap
+
+# PDP-X
+
+PDP_HOST=policy-xacml-pdp
+PDP_PORT=6969
+PDP_CONTEXT_URI=policy/pdpx/v1/
+GUARD_DISABLED=false
+
+# DCAE DMaaP
+
+DCAE_TOPIC=unauthenticated.DCAE_CL_OUTPUT
+DCAE_SERVERS=message-router
+DCAE_CONSUMER_GROUP=dcae.policy.shared
+
+# Open DMaaP
+
+DMAAP_SERVERS=message-router
+DMAAP_HTTPS="false"
+
+# AAI
+
+AAI_HOST=aai.{{.Release.Namespace}}
+AAI_PORT=8080
+AAI_CONTEXT_URI=
+
+# MSO
+
+SO_HOST=so.{{.Release.Namespace}}
+SO_PORT=8080
+SO_CONTEXT_URI=onap/so/infra/
+SO_URL=https://so.{{.Release.Namespace}}:8080/onap/so/infra
+
+# VFC
+
+VFC_HOST=
+VFC_PORT=
+VFC_CONTEXT_URI=api/nslcm/v1/
+
+# SDNC
+
+SDNC_HOST=sdnc.{{.Release.Namespace}}
+SDNC_PORT=8282
+SDNC_CONTEXT_URI=restconf/operations/
+
+# CDS
+
+CDS_GRPC_HOST={{.Values.cds.grpc.svcName}}
+CDS_GRPC_PORT={{.Values.cds.grpc.svcPort}}
--- /dev/null
+#
+# ============LICENSE_START=======================================================
+# ONAP
+# ================================================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+
+# system properties set within the application
+
+java.net.preferIPv4Stack=true
+
+# jmx
+
+com.sun.management.jmxremote.port=9991
+com.sun.management.jmxremote.authenticate=false
+com.sun.management.jmxremote.ssl=false
+
+# kie
+
+kie.maven.offline.force=${envd:REPOSITORY_OFFLINE:false}
+
+# symmetric key for sensitive configuration data
+
+engine.symm.key=${envd:SYMM_KEY}
--- /dev/null
+{{/*
+# Copyright 2023 Nordix Foundation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+POOLING_TOPIC=POOLING
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/network.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="MetricOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/metric.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/metric.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncMetricOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="MetricOut" />
+ </appender>
+
+ <appender name="TransactionOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpd/audit.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpd/audit.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncTransactionOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="TransactionOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <appender name="MetricStdOut" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$MetricLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncMetricStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="MetricStdOut" />
+ </appender>
+
+ <appender name="TransactionStdOut" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="org.onap.policy.common.utils.logging.LoggerMarkerFilter$TransactionLoggerMarkerFilter" />
+ <encoder>
+ <pattern>%X{RequestID}|%X{InvocationID}|%X{ServiceName}|%X{PartnerName}|%X{BeginTimestamp}|%X{EndTimestamp}|%X{ElapsedTime}|%X{ServiceInstanceID}|%X{VirtualServerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%X{Severity}|%X{TargetEntity}|%X{TargetServiceName}|%X{Server}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{ClientIPAddress}|%X{ProcessKey}|%X{RemoteHost}||%X{TargetVirtualEntity}|%level|%thread| %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncTransactionStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="TransactionStdOut" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <appender name="PromLogback" class="io.prometheus.client.logback.InstrumentedAppender"/>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncMetricOut" />
+ <appender-ref ref="AsyncTransactionOut" />
+ <appender-ref ref="AsyncStdOut" />
+ <appender-ref ref="AsyncMetricStdOut" />
+ <appender-ref ref="AsyncTransactionStdOut" />
+ <appender-ref ref="PromLogback" />
+ </root>
+
+</configuration>
--- /dev/null
+#!/bin/bash -x
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+sed -i "s/^dmaap/noop/g" \
+ ${POLICY_HOME}/config/engine.properties \
+ ${POLICY_HOME}/config/feature-lifecycle.properties
+
+chmod 644 ${POLICY_HOME}/config/engine.properties ${POLICY_HOME}/config/feature-lifecycle.properties
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ============LICENSE_START=======================================================
+ ONAP
+ ================================================================================
+ Copyright (C) 2023 Nordix Foundation. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+-->
+
+
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd">
+
+ <offline>{{.Values.nexus.offline}}</offline>
+
+ <profiles>
+
+ <profile>
+ <id>policy-local</id>
+
+ <repositories>
+ <repository>
+ <id>file-repository</id>
+ <url>file:${user.home}/.m2/file-repository</url>
+ <releases>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ <profile>
+ <id>policy-releases</id>
+
+ <repositories>
+ <repository>
+ <id>${env.RELEASE_REPOSITORY_ID}</id>
+ <url>${env.RELEASE_REPOSITORY_URL}</url>
+ <releases>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ </releases>
+ <snapshots>
+ <enabled>false</enabled>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ <profile>
+ <id>policy-snapshots</id>
+
+ <repositories>
+ <repository>
+ <id>${env.SNAPSHOT_REPOSITORY_ID}</id>
+ <url>${env.SNAPSHOT_REPOSITORY_URL}</url>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>always</updatePolicy>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ <profile>
+ <id>onap-releases</id>
+
+ <repositories>
+ <repository>
+ <id>onap-releases</id>
+ <name>onap-releases</name>
+ <url>https://nexus.onap.org/content/repositories/releases/</url>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ <snapshots>
+ <enabled>false</enabled>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ <profile>
+
+ <id>onap-snapshots</id>
+
+ <repositories>
+ <repository>
+ <id>onap-snapshots</id>
+ <name>onap-snapshots</name>
+ <url>https://nexus.onap.org/content/repositories/snapshots/</url>
+ <releases>
+ <enabled>false</enabled>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ </repository>
+ </repositories>
+
+ </profile>
+
+ </profiles>
+
+ <activeProfiles>
+ <activeProfile>policy-local</activeProfile>
+ <activeProfile>policy-releases</activeProfile>
+ <activeProfile>policy-snapshots</activeProfile>
+ <activeProfile>onap-releases</activeProfile>
+ <activeProfile>onap-snapshots</activeProfile>
+ </activeProfiles>
+
+ <servers>
+ <server>
+ <id>${env.SNAPSHOT_REPOSITORY_ID}</id>
+ <username>${env.REPOSITORY_USERNAME}</username>
+ <password>${env.REPOSITORY_PASSWORD}</password>
+ </server>
+ <server>
+ <id>${env.RELEASE_REPOSITORY_ID}</id>
+ <username>${env.REPOSITORY_USERNAME}</username>
+ <password>${env.REPOSITORY_PASSWORD}</password>
+ </server>
+ </servers>
+
+</settings>
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+TELEMETRY_USER={{.Values.telemetry.user}}
+TELEMETRY_PASSWORD={{.Values.telemetry.password}}
+
+REPOSITORY_USERNAME={{.Values.nexus.user}}
+REPOSITORY_PASSWORD={{.Values.nexus.password}}
+
+PDPD_CONFIGURATION_API_KEY={{.Values.dmaap.brmsgw.key}}
+PDPD_CONFIGURATION_API_SECRET={{.Values.dmaap.brmsgw.secret}}
+
+POLICY_PDP_PAP_API_KEY={{.Values.dmaap.pap.key}}
+POLICY_PDP_PAP_API_SECRET={{.Values.dmaap.pap.secret}}
+
+PAP_USERNAME={{.Values.pap.user}}
+PAP_PASSWORD={{.Values.pap.password}}
+
+PAP_LEGACY_USERNAME={{.Values.papl.user}}
+PAP_LEGACY_PASSWORD={{.Values.papl.password}}
+
+PDP_USERNAME={{.Values.pdp.user}}
+PDP_PASSWORD={{.Values.pdp.password}}
+
+PDP_LEGACY_USERNAME={{.Values.pdpl.user}}
+PDP_LEGACY_PASSWORD={{.Values.pdpl.password}}
+
+AAI_USERNAME={{.Values.aai.user}}
+AAI_PASSWORD={{.Values.aai.password}}
+
+SO_USERNAME={{.Values.so.user}}
+SO_PASSWORD={{.Values.so.password}}
+
+VFC_USERNAME={{.Values.vfc.user}}
+VFC_PASSWORD={{.Values.vfc.password}}
+
+SDNC_USERNAME={{.Values.sdnc.user}}
+SDNC_PASSWORD={{.Values.sdnc.password}}
+
+HEALTHCHECK_USER={{.Values.telemetry.user}}
+HEALTHCHECK_PASSWORD={{.Values.telemetry.password}}
+
+CDS_GRPC_USERNAME={{.Values.cds.grpc.user}}
+CDS_GRPC_PASSWORD={{.Values.cds.grpc.password}}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-configmap
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+{{- with .Files.Glob "resources/configmaps/*{.zip,store}" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/configmaps/*.{conf,sh,properties,xml,keyfile}").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
+kind: RoleBinding
+metadata:
+ name: {{ .Chart.Name }}-read
+ namespace: default
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Chart.Name }}-read
+roleRef:
+ kind: Role
+ name: read
+ apiGroup: rbac.authorization.k8s.io
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-db-secret
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.db.user }}
+ password: {{ .Values.db.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-secret
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+data:
+{{- range $path, $bytes := .Files.Glob "resources/secrets/*" }}
+ {{ base $path }}: {{ tpl ($.Files.Get $path) $ | b64enc | quote }}
+{{- end }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-read
+
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: https-6969
+ - port: {{ .Values.service.internalPort2 }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: https-9696
+ selector:
+ app: {{ .Chart.Name }}
+ release: release
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+spec:
+ serviceName: {{ .Chart.Name }}
+ replicas: 1
+ selector:
+ matchLabels:
+ app: {{ .Chart.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Chart.Name }}
+ release: release
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: nexus3.onap.org:10001/onap/oom/readiness:3.0.1
+ imagePullPolicy: Always
+ name: {{ .Chart.Name }}-db-readiness
+
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.image }}
+ imagePullPolicy: Always
+ command: ["sh","-c"]
+ args: ["/opt/app/policy/bin/pdpd-cl-entrypoint.sh boot"]
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ livenessProbe:
+ httpGet:
+ path: /healthcheck/controllers
+ port: 6968
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: REPLICAS
+ value: "1"
+ - name: SQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-db-secret
+ key: login
+ - name: SQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-db-secret
+ key: password
+ volumeMounts:
+
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /tmp/policy-install/config/credentials.conf
+ name: drools-secret
+ subPath: credentials.conf
+ - mountPath: /tmp/policy-install/config/base.conf
+ name: drools-config
+ subPath: base.conf
+ - mountPath: /tmp/policy-install/config/engine-system.properties
+ name: drools-config
+ subPath: engine-system.properties
+ - mountPath: /tmp/policy-install/config/feature-pooling-dmaap.conf
+ name: drools-config
+ subPath: feature-pooling-dmaap.conf
+ - mountPath: /tmp/policy-install/config/logback.xml
+ name: drools-config
+ subPath: logback.xml
+ - mountPath: /tmp/policy-install/config/settings.xml
+ name: drools-config
+ subPath: settings.xml
+ - mountPath: /tmp/policy-install/config/noop.pre.sh
+ name: drools-config
+ subPath: noop.pre.sh
+ resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+ serviceAccountName: {{ .Chart.Name }}-read
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: drools-config
+ configMap:
+ name: {{ .Chart.Name }}-configmap
+ items:
+ - key: base.conf
+ path: base.conf
+ mode: 0755
+ - key: engine-system.properties
+ path: engine-system.properties
+ mode: 0755
+ - key: feature-pooling-dmaap.conf
+ path: feature-pooling-dmaap.conf
+ mode: 0755
+ - key: logback.xml
+ path: logback.xml
+ mode: 0755
+ - key: settings.xml
+ path: settings.xml
+ mode: 0755
+ - key: noop.pre.sh
+ path: noop.pre.sh
+ mode: 0755
+ - name: drools-secret
+ secret:
+ secretName: {{ .Chart.Name }}-secret
+ items:
+ - key: credentials.conf
+ path: credentials.conf
+ mode: 0644
+ imagePullSecrets:
+ - name: "default-docker-registry-key"
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+ - uid: telemetry-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.telemetry.credsExternalSecret) . }}'
+ login: '{{ .Values.telemetry.user }}'
+ password: '{{ .Values.telemetry.password }}'
+ passwordPolicy: required
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-pdpd-cl:1.12-SNAPSHOT-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 180
+ periodSeconds: 60
+ timeoutSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 60
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: policy-drools-pdp
+ portName: http
+ internalPort: 6969
+ externalPort: 6969
+ nodePort: 17
+ internalPort2: 9696
+ externalPort2: 9696
+ nodePort2: 21
+
+ingress:
+ enabled: false
+
+# Default installation values to be overridden
+
+server:
+ jvmOpts: -server -XshowSettings:vm
+
+aaf:
+ enabled: "false"
+
+telemetry:
+ user: demo@people.osaaf.org
+ password: demo123456!
+
+nexus:
+ name: policy-nexus
+ port: 8081
+ user: admin
+ password: admin123
+ offline: true
+
+db:
+ name: mariadb-galera
+ user: policy-user
+ password: policy-user
+
+pap:
+ user: policyadmin
+ password: zb!XztG34
+
+pdp:
+ user: healthcheck
+ password: zb!XztG34
+
+papl:
+ user: testpap
+ password: alpha123
+
+pdpl:
+ user: testpdp
+ password: alpha123
+
+aai:
+ user: policy@policy.onap.org
+ password: demo123456!
+
+so:
+ user: InfraPortalClient
+ password: password1$
+
+vfc:
+ user:
+ password:
+
+sdnc:
+ user: admin
+ password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+dmaap:
+ brmsgw:
+ key:
+ password:
+ pap:
+ key:
+ password:
+
+cds:
+ grpc:
+ user: ccsdkapps
+ password: ccsdkapps
+ svcName: cds-blueprints-processor-grpc
+ svcPort: 9111
+
+# Resource Limit flavor -By Default using small
+# Segregation for Different environment (small, large, or unlimited)
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-drools-pdp
+ roles:
+ - read
+
+metrics:
+ serviceMonitor:
+ # Override the labels based on the Prometheus config parameter: serviceMonitorSelector.
+ # The default operator for prometheus enforces the below label.
+ labels:
+ release: prometheus
+ enabled: true
+ port: policy-drools-pdp-9696
+ interval: 60s
+ isHttps: true
+ basicAuth:
+ enabled: true
+ externalSecretNameSuffix: policy-drools-pdp-telemetry-creds
+ externalSecretUserKey: login
+ externalSecretPasswordKey: password
+ selector:
+ app: '{{ include "common.name" . }}'
+ chart: '{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}'
+ release: '{{ include "common.release" . }}'
+ heritage: '{{ .Release.Service }}'
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+apiVersion: v2
+description: ONAP Policy XACML PDP (PDP-X)
+name: policy-xacml-pdp
+version: 11.0.0
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+{
+ "name": "XacmlPdpParameters",
+ "pdpGroup": "defaultGroup",
+ "pdpType": "xacml",
+ "restServerParameters": {
+ "host": "0.0.0.0",
+ "port": 6969,
+ "userName": "${RESTSERVER_USER}",
+ "password": "${RESTSERVER_PASSWORD}",
+ "https": false,
+ "aaf": false,
+ "prometheus": true
+ },
+ "policyApiParameters": {
+ "hostname": "policy-api",
+ "port": 6969,
+ "userName": "${API_USER}",
+ "password": "${API_PASSWORD}",
+ "useHttps": false,
+ "aaf": false
+ },
+ "applicationParameters": {
+ "applicationPath": "/opt/app/policy/pdpx/apps"
+ },
+ "topicParameterGroup": {
+ "topicSources" : [{
+ "topic" : "POLICY-PDP-PAP",
+ "servers" : [ "message-router" ],
+ "useHttps" : false,
+ "fetchTimeout" : 15000,
+ "topicCommInfrastructure" : "dmaap"
+ }],
+ "topicSinks" : [{
+ "topic" : "POLICY-PDP-PAP",
+ "servers" : [ "message-router" ],
+ "useHttps" : false,
+ "topicCommInfrastructure" : "dmaap"
+ }]
+ }
+}
--- /dev/null
+{
+ "groups": [
+ {
+ "name": "defaultGroup",
+ "version": "1.0.0",
+ "description": "The default group that registers all supported policy types and pdps.",
+ "pdpGroupState": "ACTIVE",
+ "pdpSubgroups": [
+ {
+ "pdpType": "xacml",
+ "supportedPolicyTypes": [
+ {
+ "name": "onap.policies.controlloop.guard.common.FrequencyLimiter",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.controlloop.guard.common.MinMax",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.controlloop.guard.common.Blacklist",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.controlloop.guard.common.Filter",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.controlloop.guard.coordination.FirstBlocksSecond",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.monitoring.*",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.*",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.resource.AffinityPolicy",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.resource.DistancePolicy",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.resource.HpaPolicy",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.resource.OptimizationPolicy",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.resource.PciPolicy",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.service.QueryPolicy",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.service.SubscriberPolicy",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.resource.Vim_fit",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.optimization.resource.VnfPolicy",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.native.Xacml",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.Naming",
+ "version": "1.0.0"
+ },
+ {
+ "name": "onap.policies.match.*",
+ "version": "1.0.0"
+ }
+ ],
+ "currentInstanceCount": 0,
+ "desiredInstanceCount": 1,
+ "policies": [
+ {
+ "name": "SDNC_Policy.ONAP_NF_NAMING_TIMESTAMP",
+ "version": "1.0.0"
+ }
+ ]
+ }
+ ]
+ }
+ ]
+}
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ Copyright (C) 2023 Nordix Foundation. All rights reserved.
+
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ SPDX-License-Identifier: Apache-2.0
+ ============LICENSE_END=========================================================
+-->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpx/error.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpx/error.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpx/debug.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpx/debug.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/onap/policy/pdpx/network.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/onap/policy/pdpx/network.%d{yyyy-MM-dd}.%i.log.zip
+ </fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%t]%m%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncStdOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="STDOUT" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ <appender-ref ref="AsyncStdOut" />
+ </logger>
+
+ <appender name="PromLogback" class="io.prometheus.client.logback.InstrumentedAppender"/>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ <appender-ref ref="AsyncStdOut" />
+ <appender-ref ref="PromLogback" />
+ </root>
+
+</configuration>
--- /dev/null
+{{/*
+#
+# Properties that the embedded PDP engine uses to configure and load
+#
+# Standard API Factories
+#
+*/}}
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
+#
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+#
+# ONAP PDP Implementation Factories
+#
+xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory
+
+#
+# Use a root combining algorithm
+#
+xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides
+
+#
+# PIP Engine Definitions
+#
+count-recent-operations.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.CountRecentOperationsPip
+count-recent-operations.issuer=urn:org:onap:xacml:guard:count-recent-operations
+count-recent-operations.name=CountRecentOperations
+count-recent-operations.description=Returns operation counts based on time window
+count-recent-operations.persistenceunit=OperationsHistoryPU
+
+get-operation-outcome.classname=org.onap.policy.pdp.xacml.application.common.operationshistory.GetOperationOutcomePip
+get-operation-outcome.issuer=urn:org:onap:xacml:guard:get-operation-outcome
+get-operation-outcome.name=GetOperationOutcome
+get-operation-outcome.description=Returns operation outcome
+get-operation-outcome.persistenceunit=OperationsHistoryPU
+
+#
+# Make pips available to finder
+#
+xacml.pip.engines=count-recent-operations,get-operation-outcome
+
+#
+# JPA Properties
+#
+eclipselink.target-database=MySQL
+javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver
+javax.persistence.jdbc.url=jdbc:mariadb://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/operationshistory
+javax.persistence.jdbc.user=${SQL_USER}
+javax.persistence.jdbc.password=${SQL_PASSWORD}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-configmap
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+{{- with .Files.Glob "resources/config/*store" }}
+binaryData:
+{{- range $path, $bytes := . }}
+ {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }}
+{{- end }}
+{{- end }}
+data:
+{{ tpl (.Files.Glob "resources/config/*.{sql,json,properties,xml}").AsConfig . | indent 2 }}
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+spec:
+ selector:
+ matchLabels:
+ app: {{ .Chart.Name }}
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Chart.Name }}
+ release: release
+ spec:
+ initContainers:
+ - command:
+ - /app/ready.py
+ args:
+ - --job-name
+ - policy-galera-config
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: nexus3.onap.org:10001/onap/oom/readiness:3.0.1
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ .Chart.Name }}-readiness
+ - command:
+ - sh
+ args:
+ - -c
+ - "cd /config-input && for PFILE in `ls -1`; do envsubst <${PFILE} >/config/${PFILE}; done"
+ env:
+ - name: RESTSERVER_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-creds
+ key: login
+ - name: RESTSERVER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-restserver-creds
+ key: password
+ - name: API_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-api-creds
+ key: login
+ - name: API_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-api-creds
+ key: password
+ - name: SQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-db-secret
+ key: login
+ - name: SQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-db-secret
+ key: password
+ volumeMounts:
+ - mountPath: /config-input
+ name: pdpxconfig
+ - mountPath: /config
+ name: pdpxconfig-processed
+ image: docker.io/dibi/envsubst:1
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ name: {{ .Chart.Name }}-update-config
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.image }}
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ command: ["/opt/app/policy/pdpx/bin/policy-pdpx.sh"]
+ args: ["/opt/app/policy/pdpx/etc/mounted/config.json"]
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /opt/app/policy/pdpx/etc/mounted
+ name: pdpxconfig-processed
+ resources:
+{{ toYaml .Values.resources.small | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ serviceAccountName: {{ .Chart.Name }}-read
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: pdpxconfig
+ configMap:
+ name: {{ .Chart.Name }}-configmap
+ defaultMode: 0755
+ - name: pdpxconfig-processed
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "default-docker-registry-key"
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
+kind: RoleBinding
+metadata:
+ name: {{ .Chart.Name }}-read
+ namespace: default
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Chart.Name }}-read
+roleRef:
+ kind: Role
+ name: read
+ apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2023 Nordix Foundation. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-db-secret
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.db.user }}
+ password: {{ .Values.db.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-restserver-creds
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.restServer.user }}
+ password: {{ .Values.restServer.password }}
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Chart.Name }}-api-creds
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+type: Opaque
+stringData:
+ login: {{ .Values.apiServer.user }}
+ password: {{ .Values.apiServer.password }}
+
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-read
\ No newline at end of file
--- /dev/null
+{{/*
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: default
+ labels:
+ app: {{ .Chart.Name }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: release
+ heritage: Helm
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ selector:
+ app: {{ .Chart.Name }}
+ release: release
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2023 Nordix Foundation. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ persistence: {}
+ aafEnabled: false
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+ - uid: db-secret
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.db.credsExternalSecret) . }}'
+ login: '{{ .Values.db.user }}'
+ password: '{{ .Values.db.password }}'
+ passwordPolicy: required
+ - uid: restserver-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.restServer.credsExternalSecret) . }}'
+ login: '{{ .Values.restServer.user }}'
+ password: '{{ .Values.restServer.password }}'
+ passwordPolicy: required
+ - uid: api-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.apiServer.credsExternalSecret) . }}'
+ login: '{{ .Values.apiServer.user }}'
+ password: '{{ .Values.apiServer.password }}'
+ passwordPolicy: required
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: nexus3.onap.org:10001/onap/policy-xacml-pdp:2.8-SNAPSHOT-latest
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+
+db:
+ user: policy-user
+ password: policy-user
+ service:
+ name: mariadb-galera
+ internalPort: 3306
+
+restServer:
+ user: policyadmin
+ password: zb!XztG34
+
+apiServer:
+ user: policyadmin
+ password: zb!XztG34
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 20
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: policy-xacml-pdp
+ portName: http
+ externalPort: 6969
+ internalPort: 6969
+
+ingress:
+ enabled: false
+
+flavor: small
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 100m
+ memory: 1Gi
+ unlimited: {}
+
+#Pods Service Account
+serviceAccount:
+ nameOverride: policy-xacml-pdp
+ roles:
+ - read
-# Copyright © 2022 Nordix Foundation
+# Copyright © 2022-2023 Nordix Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
enabled: true
policy-clamp-ac-pf-ppnt:
enabled: true
+policy-drools-pdp:
+ enabled: true
+policy-xacml-pdp:
+ enabled: true
#################################################################
export APEX_IP=policy-apex-pdp
export DMAAP_IP=message-router
export SIM_IP=message-router
+export POLICY_PDPX_IP=policy-xacml-pdp
+export POLICY_PDPX_PORT=6969
export ROBOT_VARIABLES=
ROBOT_VARIABLES="-v DATA:$DATA -v NODETEMPLATES:$NODETEMPLATES -v POLICY_RUNTIME_ACM_IP:$POLICY_RUNTIME_ACM_IP -v POLICY_API_IP:$POLICY_API_IP
--v POLICY_PAP_IP:$POLICY_PAP_IP -v APEX_IP:$APEX_IP -v DMAAP_IP:$DMAAP_IP -v SIM_IP:$SIM_IP"
+-v POLICY_PAP_IP:$POLICY_PAP_IP -v APEX_IP:$APEX_IP -v DMAAP_IP:$DMAAP_IP -v SIM_IP:$SIM_IP -v POLICY_PDPX_IP:$POLICY_PDPX_IP"
echo "Run Robot test"
echo ROBOT_VARIABLES="${ROBOT_VARIABLES}"
echo "Starting Robot test suites ..."
+
+if [ $1 == "xacml-pdp-test.robot" ]; then
+ echo "Waiting for Xacml application to start"
+ ./data/wait_for_rest.sh policy-xacml-pdp "${POLICY_PDPX_PORT}"
+fi
python3 -m robot.run -d /tmp/ $ROBOT_VARIABLES $1
RESULT=$?
echo "RESULT: ${RESULT}"
--- /dev/null
+#!/bin/sh
+# ============LICENSE_START====================================================
+# Copyright (C) 2023 Nordix Foundation.
+# =============================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END======================================================
+usage() {
+ echo args: [-t timeout] [-c command] hostname1 port1 hostname2 port2 ... >&2
+ exit 1
+}
+tmout=300
+cmd=
+while getopts c:t: opt
+do
+ case "$opt" in
+ c)
+ cmd="$OPTARG"
+ ;;
+ t)
+ tmout="$OPTARG"
+ ;;
+ *)
+ usage
+ ;;
+ esac
+done
+nargs=$((OPTIND-1))
+shift "$nargs"
+even_args=$(($#%2))
+if [ $# -lt 2 ] || [ "$even_args" -ne 0 ]
+then
+ usage
+fi
+while [ $# -ge 2 ]
+do
+ export host="$1"
+ export port="$2"
+ shift
+ shift
+ echo "Waiting for REST to come up on $host port $port..."
+ while [ "$tmout" -gt 0 ]
+ do
+ if command -v docker > /dev/null 2>&1
+ then
+ docker ps --format "table {{ .Names }}\t{{ .Status }}"
+ fi
+ curl "http://$host:$port" > /dev/null 2>&1
+ rc=$?
+ if [ $rc -eq 0 ]
+ then
+ break
+ else
+ tmout=$((tmout-1))
+ sleep 1
+ fi
+ done
+ if [ $rc -ne 0 ]
+ then
+ echo "$host port $port REST cannot be detected"
+ exit $rc
+ fi
+done
+$cmd
+exit 0
+
+++ /dev/null
-*** Settings ***
-Library Collections
-Library RequestsLibrary
-Library OperatingSystem
-Library Process
-Library json
-Resource common-library.robot
-
-*** Test Cases ***
-Healthcheck
- [Documentation] Verify policy xacml-pdp health check
- ${resp}= PdpxGetReq /policy/pdpx/v1/healthcheck
- Should Be Equal As Strings ${resp.json()['code']} 200
-
-Statistics
- [Documentation] Verify policy xacml-pdp statistics
- ${resp}= PdpxGetReq /policy/pdpx/v1/statistics
- Should Be Equal As Strings ${resp.json()['code']} 200
-
-Metrics
- [Documentation] Verify policy-xacml-pdp is exporting prometheus metrics
- ${resp}= PdpxGetReq /metrics
- Should Contain ${resp.text} jvm_threads_current
-
-MakeTopics
- [Documentation] Creates the Policy topics
- ${result}= Run Process ${SCR_DMAAP}/make_topic.sh POLICY-PDP-PAP
- Should Be Equal As Integers ${result.rc} 0
-
-ExecuteXacmlPolicy
- CreateMonitorPolicy
- CreateOptimizationPolicy
- Wait Until Keyword Succeeds 1 min 15 sec GetDefaultDecision
- DeployPolicies
- Wait Until Keyword Succeeds 1 min 15 sec GetStatisticsAfterDeployed
- Wait Until Keyword Succeeds 1 min 15 sec GetAbbreviatedDecisionResult
- Wait Until Keyword Succeeds 1 min 15 sec GetMonitoringDecision
- Wait Until Keyword Succeeds 1 min 15 sec GetNamingDecision
- Wait Until Keyword Succeeds 1 min 15 sec GetOptimizationDecision
- Wait Until Keyword Succeeds 1 min 15 sec GetStatisticsAfterDecision
- UndeployMonitorPolicy
- Wait Until Keyword Succeeds 1 min 15 sec GetStatisticsAfterUndeploy
-
-*** Keywords ***
-
-CreateMonitorPolicy
- [Documentation] Create a Monitoring policy
- ${postjson}= Get file ${DATA2}/vCPE.policy.monitoring.input.tosca.json
- CreatePolicy /policy/api/v1/policytypes/onap.policies.monitoring.tcagen2/versions/1.0.0/policies 200 ${postjson} onap.restart.tca 1.0.0
-
-CreateOptimizationPolicy
- [Documentation] Create an Optimization policy
- ${postjson}= Get file ${DATA2}/vCPE.policies.optimization.input.tosca.json
- CreatePolicy /policy/api/v1/policytypes/onap.policies.optimization.resource.AffinityPolicy/versions/1.0.0/policies 200 ${postjson} OSDF_CASABLANCA.Affinity_Default 1.0.0
-
-GetDefaultDecision
- [Documentation] Get Default Decision with no policies in Xacml PDP
- ${postjson}= Get file ${CURDIR}/data/onap.policy.guard.decision.request.json
- ${resp}= DecisionPostReq ${postjson} abbrev=true
- ${status}= Get From Dictionary ${resp.json()} status
- Should Be Equal As Strings ${status} Permit
-
-DeployPolicies
- [Documentation] Runs Policy PAP to deploy a policy
- ${postjson}= Get file ${CURDIR}/data/vCPE.policy.input.tosca.deploy.json
- ${policyadmin}= PolicyAdminAuth
- PerformPostRequest ${POLICY_PAP_IP} /policy/pap/v1/pdps/policies 202 ${postjson} null ${policyadmin}
- ${result}= Run Process ${SCR_DMAAP}/wait_topic.sh POLICY-PDP-PAP
- ... responseTo xacml ACTIVE onap.restart.tca
- Should Be Equal As Integers ${result.rc} 0
-
-GetStatisticsAfterDeployed
- [Documentation] Verify policy xacml-pdp statistics after policy is deployed
- ${resp}= PdpxGetReq /policy/pdpx/v1/statistics
- Should Be Equal As Strings ${resp.json()['code']} 200
- Should Be Equal As Strings ${resp.json()['totalPoliciesCount']} 3
-
-GetAbbreviatedDecisionResult
- [Documentation] Get Decision with abbreviated results from Policy Xacml PDP
- ${postjson}= Get file ${CURDIR}/data/onap.policy.monitoring.decision.request.json
- ${resp}= DecisionPostReq ${postjson} abbrev=true
- ${policy}= Get From Dictionary ${resp.json()['policies']} onap.restart.tca
- Dictionary Should Contain Key ${policy} type
- Dictionary Should Contain Key ${policy} metadata
- Dictionary Should Not Contain Key ${policy} type_version
- Dictionary Should Not Contain Key ${policy} properties
- Dictionary Should Not Contain Key ${policy} name
- Dictionary Should Not Contain Key ${policy} version
-
-GetMonitoringDecision
- [Documentation] Get Decision from Monitoring Policy Xacml PDP
- ${postjson}= Get file ${CURDIR}/data/onap.policy.monitoring.decision.request.json
- ${resp}= DecisionPostReq ${postjson} null
- ${policy}= Get From Dictionary ${resp.json()['policies']} onap.restart.tca
- Dictionary Should Contain Key ${policy} type
- Dictionary Should Contain Key ${policy} metadata
- Dictionary Should Contain Key ${policy} type_version
- Dictionary Should Contain Key ${policy} properties
- Dictionary Should Contain Key ${policy} name
- Dictionary Should Contain Key ${policy} version
-
-GetNamingDecision
- [Documentation] Get Decision from Naming Policy Xacml PDP
- ${postjson}= Get file ${CURDIR}/data/onap.policy.naming.decision.request.json
- ${resp}= DecisionPostReq ${postjson} null
- ${policy}= Get From Dictionary ${resp.json()['policies']} SDNC_Policy.ONAP_NF_NAMING_TIMESTAMP
- Dictionary Should Contain Key ${policy} type
- Dictionary Should Contain Key ${policy} type_version
- Dictionary Should Contain Key ${policy} properties
- Dictionary Should Contain Key ${policy} name
-
-GetOptimizationDecision
- [Documentation] Get Decision from Optimization Policy Xacml PDP
- ${postjson}= Get file ${CURDIR}/data/onap.policy.optimization.decision.request.json
- ${resp}= DecisionPostReq ${postjson} null
- ${policy}= Get From Dictionary ${resp.json()['policies']} OSDF_CASABLANCA.Affinity_Default
- Dictionary Should Contain Key ${policy} type
- Dictionary Should Contain Key ${policy} type_version
- Dictionary Should Contain Key ${policy} properties
- Dictionary Should Contain Key ${policy} name
-
-GetStatisticsAfterDecision
- [Documentation] Runs Policy Xacml PDP Statistics after Decision request
- ${resp}= PdpxGetReq /policy/pdpx/v1/statistics
- Should Be Equal As Strings ${resp.json()['code']} 200
- Should Be Equal As Strings ${resp.json()['permitDecisionsCount']} 4
- Should Be Equal As Strings ${resp.json()['notApplicableDecisionsCount']} 1
-
-UndeployMonitorPolicy
- [Documentation] Runs Policy PAP to undeploy a policy
- ${policyadmin}= PolicyAdminAuth
- PerformDeleteRequest ${POLICY_PAP_IP} /policy/pap/v1/pdps/policies/onap.restart.tca 202 ${policyadmin}
-
-GetStatisticsAfterUndeploy
- [Documentation] Runs Policy Xacml PDP Statistics after policy is undeployed
- ${resp}= PdpxGetReq /policy/pdpx/v1/statistics
- Should Be Equal As Strings ${resp.json()['code']} 200
- Should Be Equal As Strings ${resp.json()['totalPoliciesCount']} 2
-
-PdpxGetReq
- [Arguments] ${url}
- ${hcauth}= HealthCheckAuth
- ${resp}= PerformGetRequest ${POLICY_PDPX_IP} ${url} 200 null ${hcauth}
- [return] ${resp}
-
-DecisionPostReq
- [Arguments] ${postjson} ${abbr}
- ${hcauth}= HealthCheckAuth
- ${resp}= PerformPostRequest ${POLICY_PDPX_IP} /policy/pdpx/v1/decision 200 ${postjson} ${abbr} ${hcauth}
- [return] ${resp}
Code Review / policy / docker.git / commitdiff