<module>packages</module>
<module>testsuites</module>
<module>xacml-test</module>
+ <module>tutorials</module>
</modules>
<dependencies>
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ ONAP Policy Engine - XACML PDP
+ ================================================================================
+ Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ Modifications Copyright (C) 2020 Bell Canada.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.onap.policy.xacml-pdp</groupId>
+ <artifactId>policy-xacml-pdp</artifactId>
+ <version>2.3.4-SNAPSHOT</version>
+ </parent>
+
+ <artifactId>xacml-tutorials</artifactId>
+ <packaging>pom</packaging>
+
+ <name>${project.artifactId}</name>
+ <description>This sub-module holds the XACML PDP Application Tutorials.</description>
+
+ <properties>
+ <!-- There code is not shipped with final artifact, for user testing only -->
+ <sonar.skip>true</sonar.skip>
+ </properties>
+
+ <modules>
+ <module>tutorial-xacml-application</module>
+ <module>tutorial-enforcement</module>
+ </modules>
+
+</project>
--- /dev/null
+Copyright 2020 AT&T Intellectual Property. All rights reserved.
+This file is licensed under the CREATIVE COMMONS ATTRIBUTION 4.0 INTERNATIONAL LICENSE
+Full license text at https://creativecommons.org/licenses/by/4.0/legalcode
+
+The Policy Enforcement Tutorial can be built:
+
+mvn clean install
+
+Be sure to start the Policy Framework application components if you are not testing this in a lab. See
+src/main/docker/README.txt for details to run local instances of the components.
+
+You can run the application via code by running the App.main method with command line argument with IP then Port
+of the XACML PDP, followed by the IP then Port of Dmaap.
+
+App.main(new String[] {"0.0.0.0", "6969", "0.0.0.0", "3904"});
+
+or from Eclipse by right-clicking App.java and selecting "Run As" and select "Java Application". Edit the
+configuration by adding these command line arguments: "0.0.0.0" "6969" "0.0.0.0" "3904"
+
+Quit the application by typing 'q' into stdin.
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ ONAP Policy Engine - XACML PDP
+ ================================================================================
+ Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ Modifications Copyright (C) 2020 Bell Canada.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.onap.policy.xacml-pdp</groupId>
+ <artifactId>xacml-tutorials</artifactId>
+ <version>2.3.4-SNAPSHOT</version>
+ </parent>
+
+ <groupId>org.onap.policy.tutorial</groupId>
+ <artifactId>tutorial-xacml-enforcement</artifactId>
+ <packaging>jar</packaging>
+
+ <name>tutorial-xacml-enforcement</name>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.onap.policy.models</groupId>
+ <artifactId>policy-models-decisions</artifactId>
+ <version>${policy.models.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.onap.policy.models</groupId>
+ <artifactId>policy-models-pap</artifactId>
+ <version>${policy.models.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.onap.policy.common</groupId>
+ <artifactId>policy-endpoints</artifactId>
+ <version>${policy.common.version}</version>
+ </dependency>
+ </dependencies>
+
+</project>
--- /dev/null
+docker-compose -f docker-compose.yml run --rm start_dependencies
+
+docker-compose -f docker-compose.yml run --rm start_all
+
+
+curl -X POST http://0.0.0.0:3904/events/POLICY-PDP-PAP
+
+Should return JSON similar to this:
+{"serverTimeMs":0,"count":0}
+
+
+curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6969/policy/pdpx/v1/healthcheck'
+
+Should return JSON similar to this:
+{"name":"Policy Xacml PDP","url":"self","healthy":true,"code":200,"message":"alive"}
+
+
+curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6767/policy/api/v1/healthcheck'
+Should return JSON similar to this:
+{
+ "name": "Policy API",
+ "url": "policy-api",
+ "healthy": true,
+ "code": 200,
+ "message": "alive"
+}
+
+curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6868/policy/pap/v1/healthcheck'
+{
+ "name": "Policy PAP",
+ "url": "policy-pap",
+ "healthy": true,
+ "code": 200,
+ "message": "alive"
+}
+
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+MYSQL_ROOT_PASSWORD=secret
+MYSQL_USER=policy_user
+MYSQL_PASSWORD=policy_user
\ No newline at end of file
--- /dev/null
+#!/bin/bash -xv
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+for db in policyadmin operationshistory
+do
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
+done
+
+mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
--- /dev/null
+{
+ "dmaapProvider": {
+ "name": "DMaaP simulator",
+ "topicSweepSec": 300
+ },
+ "restServers": [
+ {
+ "name": "DMaaP simulator",
+ "providerClass": "org.onap.policy.models.sim.dmaap.rest.DmaapSimRestControllerV1",
+ "host": "0.0.0.0",
+ "port": 3904,
+ "https": false
+ }
+ ]
+}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+version: '2'
+services:
+ mariadb:
+ image: mariadb:10.2.14
+ container_name: mariadb
+ hostname: mariadb
+ command: ['--lower-case-table-names=1', '--wait_timeout=28800']
+ env_file: config/db/db.conf
+ volumes:
+ - ./config/db:/docker-entrypoint-initdb.d
+ expose:
+ - 3306
+ message-router:
+ image: nexus3.onap.org:10001/onap/policy-models-simulator:latest
+ container_name: dmaap-simulator
+ hostname: dmaap-simulator
+ volumes:
+ - ./config/sim:/opt/app/policy/simulators/etc/mounted:ro
+ ports:
+ - "3904:3904"
+ expose:
+ - 3904
+ pap:
+ # Released Guilin image
+ image: nexus3.onap.org:10001/onap/policy-pap:2.3.3
+ container_name: policy-pap
+ depends_on:
+ - mariadb
+ - message-router
+ hostname: policy-pap
+ ports:
+ - "6868:6969"
+ expose:
+ - 6868
+ api:
+ # Released Guilin image
+ image: nexus3.onap.org:10001/onap/policy-api:2.3.3
+ container_name: policy-api
+ depends_on:
+ - mariadb
+ hostname: policy-api
+ ports:
+ - "6767:6969"
+ expose:
+ - 6767
+ xacml-pdp:
+ # Released Guilin image
+ image: nexus3.onap.org:10001/onap/policy-xacml-pdp:2.3.3
+ container_name: policy-xacml-pdp
+ depends_on:
+ - mariadb
+ - message-router
+ - pap
+ hostname: policy-xacml-pdp
+ ports:
+ - "6969:6969"
+ expose:
+ - 6969
+ start_dependencies:
+ image: dadarek/wait-for-dependencies
+ environment:
+ TIMEOUT_LENGTH: 60
+ container_name: policy-wait
+ depends_on:
+ - mariadb
+ - message-router
+ hostname: policy-wait
+ command:
+ mariadb:3306
+ message-router:3904
+ start_all:
+ image: dadarek/wait-for-dependencies
+ environment:
+ TIMEOUT_LENGTH: 60
+ container_name: policy-wait-all
+ depends_on:
+ - mariadb
+ - message-router
+ - api
+ - pap
+ - xacml-pdp
+ hostname: policy-wait-all
+ command:
+ mariadb:3306
+ message-router:3904
+ api:6969
+ pap:6969
+ xacml-pdp:6969
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.tutorial.policyenforcement;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Scanner;
+import javax.ws.rs.client.Entity;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import org.onap.policy.common.endpoints.event.comm.Topic.CommInfrastructure;
+import org.onap.policy.common.endpoints.event.comm.TopicEndpointManager;
+import org.onap.policy.common.endpoints.event.comm.TopicListener;
+import org.onap.policy.common.endpoints.event.comm.bus.internal.BusTopicParams;
+import org.onap.policy.common.endpoints.http.client.HttpClient;
+import org.onap.policy.common.endpoints.http.client.HttpClientConfigException;
+import org.onap.policy.common.endpoints.http.client.HttpClientFactoryInstance;
+import org.onap.policy.common.endpoints.parameters.TopicParameterGroup;
+import org.onap.policy.common.endpoints.parameters.TopicParameters;
+import org.onap.policy.common.utils.coder.CoderException;
+import org.onap.policy.common.utils.coder.StandardCoder;
+import org.onap.policy.models.decisions.concepts.DecisionRequest;
+import org.onap.policy.models.decisions.concepts.DecisionResponse;
+import org.onap.policy.models.pap.concepts.PolicyNotification;
+import org.onap.policy.models.pap.concepts.PolicyStatus;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class App extends Thread implements TopicListener {
+ private static Logger logger = LoggerFactory.getLogger(App.class);
+ private static final String MY_POLICYTYPEID = "onap.policies.monitoring.MyAnalytic";
+ private String xacmlPdpHost;
+ private String xacmlPdpPort;
+ private DecisionRequest decisionRequest = new DecisionRequest();
+ private Integer requestId = 1;
+ private HttpClient client = null;
+
+ /**
+ * Constructor.
+ *
+ * @param args Command line arguments
+ */
+ public App(String[] args) {
+ xacmlPdpHost = args[0];
+ xacmlPdpPort = args[1];
+
+ TopicParameters params = new TopicParameters();
+ params.setTopicCommInfrastructure("dmaap");
+ params.setFetchLimit(1);
+ params.setFetchTimeout(5000);
+ params.setTopic("POLICY-NOTIFICATION");
+ params.setServers(Arrays.asList(args[2] + ":" + args[3]));
+ TopicParameterGroup topicParams = new TopicParameterGroup();
+ topicParams.setTopicSources(Arrays.asList(params));
+
+ TopicEndpointManager.getManager().addTopics(topicParams);
+ TopicEndpointManager.getManager().getDmaapTopicSource("POLICY-NOTIFICATION").register(this);
+
+ decisionRequest.setOnapComponent("myComponent");
+ decisionRequest.setOnapName("myName");
+ decisionRequest.setOnapInstance("myInstanceId");
+ decisionRequest.setAction("configure");
+ Map<String, Object> resources = new HashMap<>();
+ resources.put("policy-type", MY_POLICYTYPEID);
+ decisionRequest.setResource(resources);
+ }
+
+ /**
+ * Thread run method that creates a connection and gets an initial Decision on which policy(s)
+ * we should be enforcing.
+ * Then sits waiting for the user to enter q or Q from the keyboard to quit. While waiting,
+ * listen on Dmaap topic for notification that the policy has changed.
+ */
+ @Override
+ public void run() {
+ logger.info("running - type q to stdin to quit");
+ try {
+ client = HttpClientFactoryInstance.getClientFactory().build(BusTopicParams.builder()
+ .clientName("myClientName").useHttps(true).allowSelfSignedCerts(true)
+ .hostname(xacmlPdpHost).port(Integer.parseInt(xacmlPdpPort))
+ .userName("healthcheck").password("zb!XztG34").basePath("policy/pdpx/v1")
+ .managed(true)
+ .serializationProvider("org.onap.policy.common.gson.GsonMessageBodyHandler")
+ .build());
+ } catch (NumberFormatException | HttpClientConfigException e) {
+ logger.error("Could not create Http client", e);
+ return;
+ }
+
+ Map<String, Object> policies = getDecision(client, this.decisionRequest);
+ if (policies.isEmpty()) {
+ logger.info("Not enforcing any policies to start");
+ }
+ for (Entry<String, Object> entrySet : policies.entrySet()) {
+ logger.info("Enforcing: {}", entrySet.getKey());
+ }
+
+ TopicEndpointManager.getManager().start();
+
+ @SuppressWarnings("resource") // never close System.in
+ Scanner input = new Scanner(System.in);
+ while (!Thread.currentThread().isInterrupted()) {
+ String quit = input.nextLine();
+ if ("q".equalsIgnoreCase(quit)) {
+ logger.info("quiting");
+ break;
+ }
+ }
+
+ TopicEndpointManager.getManager().shutdown();
+
+ }
+
+ /**
+ * This method is called when a topic event is received.
+ */
+ @Override
+ public void onTopicEvent(CommInfrastructure infra, String topic, String event) {
+ logger.info("onTopicEvent {}", event);
+ if (scanForPolicyType(event)) {
+ Map<String, Object> newPolicies = getDecision(client, this.decisionRequest);
+ if (newPolicies.isEmpty()) {
+ logger.info("Not enforcing any policies");
+ }
+ for (Entry<String, Object> entrySet : newPolicies.entrySet()) {
+ logger.info("Now Enforcing: {}", entrySet.getKey());
+ }
+ }
+ }
+
+ /**
+ * Helper method that parses a DMaap message event for POLICY-NOTIFICATION
+ * looking for our supported policy type to enforce.
+ *
+ * @param msg Dmaap Message
+ * @return true if MY_POLICYTYPEID is in the message
+ */
+ private boolean scanForPolicyType(String msg) {
+ StandardCoder gson = new StandardCoder();
+ try {
+ PolicyNotification notification = gson.decode(msg, PolicyNotification.class);
+ for (PolicyStatus added : notification.getAdded()) {
+ if (MY_POLICYTYPEID.equals(added.getPolicyTypeId())) {
+ return true;
+ }
+ }
+ for (PolicyStatus deleted : notification.getDeleted()) {
+ if (MY_POLICYTYPEID.equals(deleted.getPolicyTypeId())) {
+ return true;
+ }
+ }
+ } catch (CoderException e) {
+ logger.error("StandardCoder failed to parse PolicyNotification", e);
+ }
+ return false;
+ }
+
+
+ /**
+ * Helper method that calls the XACML PDP Decision API to get a Decision
+ * as to which policy we should be enforcing.
+ *
+ * @param client HttpClient to use to make REST call
+ * @param decisionRequest DecisionRequest object to send
+ * @return The Map of policies that was in the DecisionResponse object
+ */
+ private Map<String, Object> getDecision(HttpClient client, DecisionRequest decisionRequest) {
+ decisionRequest.setRequestId(requestId.toString());
+ requestId++;
+
+ Entity<DecisionRequest> entityRequest =
+ Entity.entity(decisionRequest, MediaType.APPLICATION_JSON);
+ Response response = client.post("/decision", entityRequest, Collections.emptyMap());
+
+ if (response.getStatus() != 200) {
+ logger.error(
+ "Decision API failed - is the IP/port correct? {}", response.getStatus());
+ return Collections.emptyMap();
+ }
+
+ DecisionResponse decisionResponse = HttpClient.getBody(response, DecisionResponse.class);
+
+ return decisionResponse.getPolicies();
+ }
+
+ /**
+ * Our Main application entry point.
+ *
+ * @param args command line arguments
+ */
+ public static void main(String[] args) {
+ logger.info("Hello Welcome to ONAP Enforcement Tutorial!");
+
+ App app = new App(args);
+
+ app.start();
+
+ try {
+ app.join();
+ } catch (InterruptedException e) {
+ Thread.currentThread().interrupt();
+ logger.warn("Thread interrupted");
+ }
+
+ logger.info("Tutorial ended");
+ }
+
+}
--- /dev/null
+tosca_definitions_version: tosca_simple_yaml_1_1_0
+policy_types:
+ onap.policies.Monitoring:
+ derived_from: tosca.policies.Root
+ version: 1.0.0
+ name: onap.policies.Monitoring
+ description: a base policy type for all policies that govern monitoring provisioning
+ onap.policies.monitoring.MyAnalytic:
+ derived_from: onap.policies.Monitoring
+ type_version: 1.0.0
+ version: 1.0.0
+ description: Example analytic
+ properties:
+ myProperty:
+ type: string
+ required: true
\ No newline at end of file
--- /dev/null
+tosca_definitions_version: tosca_simple_yaml_1_1_0
+topology_template:
+ policies:
+ -
+ policy1:
+ type: onap.policies.monitoring.MyAnalytic
+ type_version: 1.0.0
+ version: 1.0.0
+ name: policy1
+ metadata:
+ policy-id: policy1
+ policy-version: 1.0.0
+ properties:
+ myProperty: value1
\ No newline at end of file
--- /dev/null
+{
+ "info": {
+ "_postman_id": "f00b4c77-8f4b-423f-a132-2bcdd4adf598",
+ "name": "Policy Enforcement Tutorial",
+ "description": "Collection of Postman API calls to support the Policy Enforcement Tutorial",
+ "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
+ },
+ "item": [
+ {
+ "name": "Api Healthcheck",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "https://0.0.0.0:6767/policy/api/v1/healthcheck",
+ "protocol": "https",
+ "host": [
+ "0",
+ "0",
+ "0",
+ "0"
+ ],
+ "port": "6767",
+ "path": [
+ "policy",
+ "api",
+ "v1",
+ "healthcheck"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Create MyAnalytic Policy Type",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/yaml"
+ },
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/yaml"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "tosca_definitions_version: tosca_simple_yaml_1_1_0\npolicy_types:\n onap.policies.Monitoring:\n derived_from: tosca.policies.Root\n version: 1.0.0\n name: onap.policies.Monitoring\n description: a base policy type for all policies that govern monitoring provisioning\n onap.policies.monitoring.MyAnalytic:\n derived_from: onap.policies.Monitoring\n type_version: 1.0.0\n version: 1.0.0\n description: Example analytic\n properties:\n myProperty:\n type: string\n required: true"
+ },
+ "url": {
+ "raw": "https://0.0.0.0:6767/policy/api/v1/policytypes",
+ "protocol": "https",
+ "host": [
+ "0",
+ "0",
+ "0",
+ "0"
+ ],
+ "port": "6767",
+ "path": [
+ "policy",
+ "api",
+ "v1",
+ "policytypes"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Create policy1 MyAnalytic Policy",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/yaml"
+ },
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/yaml"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "tosca_definitions_version: tosca_simple_yaml_1_1_0\ntopology_template:\n policies:\n -\n policy1:\n type: onap.policies.monitoring.MyAnalytic\n type_version: 1.0.0\n version: 1.0.0\n name: policy1\n metadata:\n policy-id: policy1\n policy-version: 1.0.0\n properties:\n myProperty: value1\n "
+ },
+ "url": {
+ "raw": "https://0.0.0.0:6767/policy/api/v1/policytypes/onap.policies.monitoring.MyAnalytic/versions/1.0.0/policies",
+ "protocol": "https",
+ "host": [
+ "0",
+ "0",
+ "0",
+ "0"
+ ],
+ "port": "6767",
+ "path": [
+ "policy",
+ "api",
+ "v1",
+ "policytypes",
+ "onap.policies.monitoring.MyAnalytic",
+ "versions",
+ "1.0.0",
+ "policies"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "PAP Healthcheck",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "https://0.0.0.0:6868/policy/pap/v1/healthcheck",
+ "protocol": "https",
+ "host": [
+ "0",
+ "0",
+ "0",
+ "0"
+ ],
+ "port": "6868",
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "healthcheck"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "PAP Get PDPs",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "https://0.0.0.0:6868/policy/pap/v1/pdps",
+ "protocol": "https",
+ "host": [
+ "0",
+ "0",
+ "0",
+ "0"
+ ],
+ "port": "6868",
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Simple Deploy Policy - policy1",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "{\r\n \"policies\" : [\r\n {\r\n \"policy-id\": \"policy1\",\r\n \"policy-version\": \"1.0.0\"\r\n }\r\n ]\r\n}"
+ },
+ "url": {
+ "raw": "{https://0.0.0.0:6868/policy/pap/v1/pdps/policies",
+ "protocol": "{https",
+ "host": [
+ "0",
+ "0",
+ "0",
+ "0"
+ ],
+ "port": "6868",
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps",
+ "policies"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Xacml Healthcheck",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "https://0.0.0.0:6969/policy/pdpx/v1/healthcheck",
+ "protocol": "https",
+ "host": [
+ "0",
+ "0",
+ "0",
+ "0"
+ ],
+ "port": "6969",
+ "path": [
+ "policy",
+ "pdpx",
+ "v1",
+ "healthcheck"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Xacml Statistics",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "https://0.0.0.0:6969/policy/pdpx/v1/healthcheck",
+ "protocol": "https",
+ "host": [
+ "0",
+ "0",
+ "0",
+ "0"
+ ],
+ "port": "6969",
+ "path": [
+ "policy",
+ "pdpx",
+ "v1",
+ "healthcheck"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Xacml Decision - MyAnalytic policy-type",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "{\n \"ONAPName\": \"myName\",\n \"ONAPComponent\": \"myComponent\",\n \"ONAPInstance\": \"myInstanceId\",\n \"requestId\": \"1\",\n \"action\": \"configure\",\n \"resource\": {\n \"policy-type\": \"onap.policies.monitoring.MyAnalytic\"\n }\n}"
+ },
+ "url": {
+ "raw": "https://0.0.0.0:6969/policy/pdpx/v1/decision",
+ "protocol": "https",
+ "host": [
+ "0",
+ "0",
+ "0",
+ "0"
+ ],
+ "port": "6969",
+ "path": [
+ "policy",
+ "pdpx",
+ "v1",
+ "decision"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Dmaap Simulator - Policy Update Notification",
+ "request": {
+ "auth": {
+ "type": "noauth"
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "{\n \"messageName\": \"PDP_STATE_CHANGE\",\n \"requestId\": \"05d08a05-e182-46fa-a6d1-5500e52cd3e5\",\n \"timestampMs\": \"1576598570797\", \n \"name\": \"PamelaDragosh.local\",\n \"pdpGroup\": \"defaultGroup\",\n \"pdpSubgroup\":\"XacmlPdpGroup\",\n \"state\":\"ACTIVE\"\n}"
+ },
+ "url": {
+ "raw": "http://localhost:3904/events/POLICY-PDP-PAP",
+ "protocol": "http",
+ "host": [
+ "localhost"
+ ],
+ "port": "3904",
+ "path": [
+ "events",
+ "POLICY-PDP-PAP"
+ ]
+ }
+ },
+ "response": []
+ },
+ {
+ "name": "Simple Undeploy Policy Copy",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "DELETE",
+ "header": [
+ {
+ "key": "Accept",
+ "value": "application/json",
+ "type": "text"
+ },
+ {
+ "key": "Content-Type",
+ "value": "application/json",
+ "type": "text"
+ }
+ ],
+ "url": {
+ "raw": "https://0.0.0.0:6868/policy/pap/v1/pdps/policies/onap.policies.monitoring.MyAnalytic",
+ "protocol": "https",
+ "host": [
+ "0",
+ "0",
+ "0",
+ "0"
+ ],
+ "port": "6868",
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps",
+ "policies",
+ "onap.policies.monitoring.MyAnalytic"
+ ]
+ }
+ },
+ "response": []
+ }
+ ],
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "",
+ "type": "string"
+ }
+ ]
+ },
+ "protocolProfileBehavior": {}
+}
\ No newline at end of file
--- /dev/null
+<!--
+ ============LICENSE_START=======================================================
+ ONAP Policy Engine - XACML Application Tutorial
+ ================================================================================
+ Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <parent>
+ <groupId>org.onap.policy.xacml-pdp</groupId>
+ <artifactId>xacml-tutorials</artifactId>
+ <version>2.3.4-SNAPSHOT</version>
+ </parent>
+
+ <groupId>org.onap.policy.tutorial.xacml-application</groupId>
+ <artifactId>tutorial-xacml-application</artifactId>
+ <packaging>jar</packaging>
+
+ <name>tutorial-xacml-application</name>
+
+ <properties>
+ <!-- There is code to support JUnit testing in this sub-module. -->
+ <sonar.skip>true</sonar.skip>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.onap.policy.xacml-pdp.applications</groupId>
+ <artifactId>common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.onap.policy.xacml-pdp</groupId>
+ <artifactId>xacml-test</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <profiles>
+ <profile>
+ <id>docker</id>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>io.fabric8</groupId>
+ <artifactId>docker-maven-plugin</artifactId>
+ <configuration>
+ <verbose>true</verbose>
+ <images>
+ <image>
+ <name>onap/policy-xacml-tutorial</name>
+ <alias>xacml-pdp</alias>
+ <build>
+ <contextDir>${project.basedir}/src/main/docker</contextDir>
+ <assembly>
+ <descriptorRef>artifact-with-dependencies</descriptorRef>
+ </assembly>
+ </build>
+ </image>
+ </images>
+ </configuration>
+ <executions>
+ <execution>
+ <id>clean-images</id>
+ <phase>pre-clean</phase>
+ <goals>
+ <goal>remove</goal>
+ </goals>
+ </execution>
+ <execution>
+ <id>generate-images</id>
+ <phase>package</phase>
+ <goals>
+ <goal>build</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
+</project>
--- /dev/null
+{
+ "info": {
+ "_postman_id": "20eb42db-f0a7-4b65-8ccd-c3a5f56cb526",
+ "name": "Policy Application Tutorial",
+ "description": "Collection of Postman API calls to support the Policy Enforcement Tutorial",
+ "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json"
+ },
+ "item": [
+ {
+ "name": "Api Healthcheck",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-API-URL}}/policy/api/v1/healthcheck",
+ "host": [
+ "{{POLICY-API-URL}}"
+ ],
+ "path": [
+ "policy",
+ "api",
+ "v1",
+ "healthcheck"
+ ]
+ }
+ },
+ "response": [
+ ]
+ },
+ {
+ "name": "Create Authorization Policy Type",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/yaml"
+ },
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/yaml"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "tosca_definitions_version: tosca_simple_yaml_1_1_0\npolicy_types:\n onap.policies.Authorization:\n derived_from: tosca.policies.Root\n version: 1.0.0\n description: Example tutorial policy type for doing user authorization\n properties:\n user:\n type: string\n required: true\n description: The unique user name\n permissions:\n type: list\n required: true\n description: A list of resource permissions\n entry_schema:\n type: onap.datatypes.Tutorial\ndata_types:\n onap.datatypes.Tutorial:\n derived_from: tosca.datatypes.Root\n version: 1.0.0\n properties:\n entity:\n type: string\n required: true\n description: The resource\n permission:\n type: string\n required: true\n description: The permission level\n constraints:\n - valid_values: [read, write, delete]\n",
+ "options": {
+ "raw": {
+ "language": "text"
+ }
+ }
+ },
+ "url": {
+ "raw": "{{POLICY-API-URL}}/policy/api/v1/policytypes",
+ "host": [
+ "{{POLICY-API-URL}}"
+ ],
+ "path": [
+ "policy",
+ "api",
+ "v1",
+ "policytypes"
+ ]
+ }
+ },
+ "response": [
+ ]
+ },
+ {
+ "name": "Create policies",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/yaml"
+ },
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/yaml"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "tosca_definitions_version: tosca_simple_yaml_1_1_0\ntopology_template:\n policies:\n -\n onap.policy.tutorial.demo:\n type: onap.policies.Authorization\n type_version: 1.0.0\n version: 1.0.0\n metadata:\n policy-id: onap.policy.tutorial.demo\n policy-version: 1\n properties:\n user: demo\n permissions:\n -\n entity: foo\n permission: read\n -\n entity: foo\n permission: write\n -\n onap.policy.tutorial.audit:\n type: onap.policies.Authorization\n version: 1.0.0\n type_version: 1.0.0\n metadata:\n policy-id: onap.policy.tutorial.bar\n policy-version: 1\n properties:\n user: audit\n permissions:\n -\n entity: foo\n permission: read\n",
+ "options": {
+ "raw": {
+ "language": "text"
+ }
+ }
+ },
+ "url": {
+ "raw": "{{POLICY-API-URL}}/policy/api/v1/policytypes/onap.policies.Authorization/versions/1.0.0/policies",
+ "host": [
+ "{{POLICY-API-URL}}"
+ ],
+ "path": [
+ "policy",
+ "api",
+ "v1",
+ "policytypes",
+ "onap.policies.Authorization",
+ "versions",
+ "1.0.0",
+ "policies"
+ ]
+ }
+ },
+ "response": [
+ ]
+ },
+ {
+ "name": "PAP Healthcheck",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/healthcheck",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "healthcheck"
+ ]
+ }
+ },
+ "response": [
+ ]
+ },
+ {
+ "name": "PAP Get PDPs",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps"
+ ]
+ }
+ },
+ "response": [
+ ]
+ },
+ {
+ "name": "PdpGroup State Change PASSIVE",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "PUT",
+ "header": [
+ {
+ "key": "Content-Type",
+ "value": "application/json",
+ "type": "text"
+ },
+ {
+ "key": "Accept",
+ "value": "application/json",
+ "type": "text"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/groups/defaultGroup?state=PASSIVE",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps",
+ "groups",
+ "defaultGroup"
+ ],
+ "query": [
+ {
+ "key": "state",
+ "value": "PASSIVE"
+ }
+ ]
+ },
+ "description": "This is an API to change the current state of a PdpGroup (example - \"defaultGroup\") resulting in changing state of all the PDP instances registered with the PdpGroup. As of now, the allowed states are ACTIVE and PASSIVE."
+ },
+ "response": [
+ ]
+ },
+ {
+ "name": "Delete PdpGroup",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "DELETE",
+ "header": [
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/groups/defaultGroup",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps",
+ "groups",
+ "defaultGroup"
+ ]
+ },
+ "description": "This is an API to delete a specific PdpGroup (example - \"SampleGroup\") currently available in Policy DB, resulting in removing all the PDP instances registered with the group."
+ },
+ "response": [
+ ]
+ },
+ {
+ "name": "Create/Update PdpGroup",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "{\n \"groups\": [\n {\n \"name\": \"defaultGroup\",\n \"pdpGroupState\": \"ACTIVE\",\n \"properties\": {},\n \"pdpSubgroups\": [\n {\n \"pdpType\": \"xacml\",\n \"desiredInstanceCount\": 1,\n \"properties\": {},\n \"supportedPolicyTypes\": [\n {\n \"name\": \"onap.policies.Authorization\",\n \"version\": \"1.0.0\"\n }\n ],\n \"policies\": []\n }\n ]\n }\n ]\n}"
+ },
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/groups/batch",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps",
+ "groups",
+ "batch"
+ ]
+ },
+ "description": "This is a generic API to create/update PdpGroups in Policy DB. However, the supportedPolicyTypes field of PdpSubGroup cannot be changed once created."
+ },
+ "response": [
+ ]
+ },
+ {
+ "name": "Simple Deploy Policy - onap.policy.tutorial.demo",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "{\r\n \"policies\" : [\r\n {\r\n \"policy-id\": \"onap.policy.tutorial.demo\",\r\n \"policy-version\": \"1.0.0\"\r\n },\r\n {\r\n \"policy-id\": \"onap.policy.tutorial.audit\",\r\n \"policy-version\": \"1.0.0\"\r\n }\r\n ]\r\n}"
+ },
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/policies",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps",
+ "policies"
+ ]
+ }
+ },
+ "response": [
+ ]
+ },
+ {
+ "name": "Dmaap Simulator - Policy Update Notification",
+ "protocolProfileBehavior": {
+ "disableBodyPruning": true
+ },
+ "request": {
+ "auth": {
+ "type": "noauth"
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": ""
+ },
+ "url": {
+ "raw": "{{DMAAP-URL}}/events/POLICY-NOTIFICATION/group/id?timeout=5000",
+ "host": [
+ "{{DMAAP-URL}}"
+ ],
+ "path": [
+ "events",
+ "POLICY-NOTIFICATION",
+ "group",
+ "id"
+ ],
+ "query": [
+ {
+ "key": "timeout",
+ "value": "5000"
+ }
+ ]
+ }
+ },
+ "response": [
+ ]
+ },
+ {
+ "name": "Xacml Healthcheck",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-XACML-URL}}/policy/pdpx/v1/healthcheck",
+ "host": [
+ "{{POLICY-XACML-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pdpx",
+ "v1",
+ "healthcheck"
+ ]
+ }
+ },
+ "response": [
+ ]
+ },
+ {
+ "name": "Xacml Statistics",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "GET",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-XACML-URL}}/policy/pdpx/v1/statistics",
+ "host": [
+ "{{POLICY-XACML-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pdpx",
+ "v1",
+ "statistics"
+ ]
+ }
+ },
+ "response": [
+ ]
+ },
+ {
+ "name": "Xacml Decision - Authorization policy-type",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "POST",
+ "header": [
+ {
+ "key": "Content-Type",
+ "type": "text",
+ "value": "application/json"
+ },
+ {
+ "key": "Accept",
+ "type": "text",
+ "value": "application/json"
+ }
+ ],
+ "body": {
+ "mode": "raw",
+ "raw": "{\n \"ONAPName\": \"TutorialPEP\",\n \"ONAPComponent\": \"TutorialPEPComponent\",\n \"ONAPInstance\": \"TutorialPEPInstance\",\n \"requestId\": \"unique-request-id-tutorial\",\n \"action\": \"authorize\",\n \"resource\": {\n \"user\": \"audit\",\n \"entity\": \"foo\",\n \"permission\" : \"read\"\n }\n}"
+ },
+ "url": {
+ "raw": "{{POLICY-XACML-URL}}/policy/pdpx/v1/decision",
+ "host": [
+ "{{POLICY-XACML-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pdpx",
+ "v1",
+ "decision"
+ ]
+ }
+ },
+ "response": [
+ ]
+ },
+ {
+ "name": "Simple Undeploy Policy",
+ "request": {
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "zb!XztG34",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "healthcheck",
+ "type": "string"
+ }
+ ]
+ },
+ "method": "DELETE",
+ "header": [
+ {
+ "key": "Accept",
+ "value": "application/json",
+ "type": "text"
+ },
+ {
+ "key": "Content-Type",
+ "value": "application/json",
+ "type": "text"
+ }
+ ],
+ "url": {
+ "raw": "{{POLICY-PAP-URL}}/policy/pap/v1/pdps/policies/onap.policy.tutorial.demo",
+ "host": [
+ "{{POLICY-PAP-URL}}"
+ ],
+ "path": [
+ "policy",
+ "pap",
+ "v1",
+ "pdps",
+ "policies",
+ "onap.policy.tutorial.demo"
+ ]
+ }
+ },
+ "response": [
+ ]
+ }
+ ],
+ "auth": {
+ "type": "basic",
+ "basic": [
+ {
+ "key": "password",
+ "value": "",
+ "type": "string"
+ },
+ {
+ "key": "username",
+ "value": "",
+ "type": "string"
+ }
+ ]
+ },
+ "protocolProfileBehavior": {
+ }
+}
--- /dev/null
+FROM onap/policy-xacml-pdp
+
+ADD maven/${project.build.finalName}.jar /opt/app/policy/pdpx/lib/${project.build.finalName}.jar
+
+RUN mkdir -p /opt/app/policy/pdpx/apps/tutorial
+
+COPY --chown=policy:policy xacml.properties /opt/app/policy/pdpx/apps/tutorial
\ No newline at end of file
--- /dev/null
+docker-compose -f docker-compose.yml run --rm start_dependencies
+
+docker-compose -f docker-compose.yml run --rm start_all
+
+
+curl -X POST http://0.0.0.0:3904/events/POLICY-PDP-PAP
+
+Should return JSON similar to this:
+{"serverTimeMs":0,"count":0}
+
+
+curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6969/policy/pdpx/v1/healthcheck'
+
+Should return JSON similar to this:
+{"name":"Policy Xacml PDP","url":"self","healthy":true,"code":200,"message":"alive"}
+
+
+curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6767/policy/api/v1/healthcheck'
+Should return JSON similar to this:
+{
+ "name": "Policy API",
+ "url": "policy-api",
+ "healthy": true,
+ "code": 200,
+ "message": "alive"
+}
+
+curl -k -u 'healthcheck:zb!XztG34' 'https://0.0.0.0:6868/policy/pap/v1/healthcheck'
+Should return JSON similar to this:
+{
+ "name": "Policy PAP",
+ "url": "policy-pap",
+ "healthy": true,
+ "code": 200,
+ "message": "alive"
+}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+MYSQL_ROOT_PASSWORD=secret
+MYSQL_USER=policy_user
+MYSQL_PASSWORD=policy_user
\ No newline at end of file
--- /dev/null
+#!/bin/bash -xv
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+
+for db in policyadmin operationshistory
+do
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
+ mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
+done
+
+mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
--- /dev/null
+{
+ "dmaapProvider": {
+ "name": "DMaaP simulator",
+ "topicSweepSec": 300
+ },
+ "restServers": [
+ {
+ "name": "DMaaP simulator",
+ "providerClass": "org.onap.policy.models.sim.dmaap.rest.DmaapSimRestControllerV1",
+ "host": "0.0.0.0",
+ "port": 3904,
+ "https": false
+ }
+ ]
+}
\ No newline at end of file
--- /dev/null
+# ============LICENSE_START=======================================================
+# Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+version: '2'
+services:
+ mariadb:
+ image: mariadb:10.2.14
+ container_name: mariadb
+ hostname: mariadb
+ command: ['--lower-case-table-names=1', '--wait_timeout=28800']
+ env_file: config/db/db.conf
+ volumes:
+ - ./config/db:/docker-entrypoint-initdb.d
+ expose:
+ - 3306
+ message-router:
+ image: nexus3.onap.org:10001/onap/policy-models-simulator:latest
+ container_name: dmaap-simulator
+ hostname: dmaap-simulator
+ volumes:
+ - ./config/sim:/opt/app/policy/simulators/etc/mounted:ro
+ ports:
+ - "3904:3904"
+ expose:
+ - 3904
+ api:
+ # Guilin released images
+ image: nexus3.onap.org:10001/onap/policy-api:2.3.3
+ container_name: policy-api
+ depends_on:
+ - mariadb
+ hostname: policy-api
+ ports:
+ - "6767:6969"
+ expose:
+ - 6767
+ pap:
+ # Guilin released images
+ image: nexus3.onap.org:10001/onap/policy-pap:2.3.3
+ container_name: policy-pap
+ depends_on:
+ - mariadb
+ - message-router
+ - api
+ hostname: policy-pap
+ ports:
+ - "6868:6969"
+ expose:
+ - 6868
+ xacml-pdp:
+ image: onap/policy-xacml-tutorial
+ container_name: policy-xacml-pdp
+ depends_on:
+ - mariadb
+ - message-router
+ - api
+ - pap
+ hostname: policy-xacml-pdp
+ ports:
+ - "6969:6969"
+ expose:
+ - 6969
+ start_dependencies:
+ image: dadarek/wait-for-dependencies
+ environment:
+ TIMEOUT_LENGTH: 60
+ container_name: policy-wait
+ depends_on:
+ - mariadb
+ - message-router
+ hostname: policy-wait
+ command:
+ mariadb:3306
+ message-router:3904
+ start_all:
+ image: dadarek/wait-for-dependencies
+ environment:
+ TIMEOUT_LENGTH: 60
+ container_name: policy-wait-all
+ depends_on:
+ - mariadb
+ - message-router
+ - api
+ - pap
+ - xacml-pdp
+ hostname: policy-wait-all
+ command:
+ mariadb:3306
+ message-router:3904
+ api:6969
+ pap:6969
+ xacml-pdp:6969
--- /dev/null
+#
+# Properties that the embedded PDP engine uses to configure and load
+#
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
+#
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+#
+# ONAP PDP Implementation Factories
+#
+xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory
+
+#
+# Use a root combining algorithm
+#
+xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides
+
+#
+# Policies to load
+#
+xacml.rootPolicies=
+xacml.referencedPolicies=
\ No newline at end of file
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.tutorial.tutorial;
+
+import java.util.Arrays;
+import java.util.List;
+import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicyTypeIdentifier;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
+import org.onap.policy.pdp.xacml.application.common.std.StdXacmlApplicationServiceProvider;
+
+public class TutorialApplication extends StdXacmlApplicationServiceProvider {
+
+ private final ToscaPolicyTypeIdentifier supportedPolicyType =
+ new ToscaPolicyTypeIdentifier("onap.policies.Authorization", "1.0.0");
+ private final TutorialTranslator translator = new TutorialTranslator();
+
+ @Override
+ public String applicationName() {
+ return "tutorial";
+ }
+
+ @Override
+ public List<String> actionDecisionsSupported() {
+ return Arrays.asList("authorize");
+ }
+
+ @Override
+ public synchronized List<ToscaPolicyTypeIdentifier> supportedPolicyTypes() {
+ return Arrays.asList(supportedPolicyType);
+ }
+
+ @Override
+ public boolean canSupportPolicyType(ToscaPolicyTypeIdentifier policyTypeId) {
+ return supportedPolicyType.equals(policyTypeId);
+ }
+
+ @Override
+ protected ToscaPolicyTranslator getTranslator(String type) {
+ return translator;
+ }
+
+}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.tutorial.tutorial;
+
+import com.att.research.xacml.std.annotations.XACMLAction;
+import com.att.research.xacml.std.annotations.XACMLRequest;
+import com.att.research.xacml.std.annotations.XACMLResource;
+import com.att.research.xacml.std.annotations.XACMLSubject;
+import java.util.Map;
+import java.util.Map.Entry;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+import org.onap.policy.models.decisions.concepts.DecisionRequest;
+
+@Getter
+@Setter
+@ToString
+@XACMLRequest(ReturnPolicyIdList = true)
+public class TutorialRequest {
+ @XACMLSubject(includeInResults = true)
+ private String onapName;
+
+ @XACMLSubject(attributeId = "urn:org:onap:onap-component", includeInResults = true)
+ private String onapComponent;
+
+ @XACMLSubject(attributeId = "urn:org:onap:onap-instance", includeInResults = true)
+ private String onapInstance;
+
+ @XACMLAction()
+ private String action;
+
+ @XACMLResource(attributeId = "urn:org:onap:tutorial-user", includeInResults = true)
+ private String user;
+
+ @XACMLResource(attributeId = "urn:org:onap:tutorial-entity", includeInResults = true)
+ private String entity;
+
+ @XACMLResource(attributeId = "urn:org:onap:tutorial-permission", includeInResults = true)
+ private String permission;
+
+ /**
+ * createRequest.
+ *
+ * @param decisionRequest Incoming
+ * @return TutorialRequest object
+ */
+ public static TutorialRequest createRequest(DecisionRequest decisionRequest) {
+ //
+ // Create our object
+ //
+ TutorialRequest request = new TutorialRequest();
+ //
+ // Add the subject attributes
+ //
+ request.onapName = decisionRequest.getOnapName();
+ request.onapComponent = decisionRequest.getOnapComponent();
+ request.onapInstance = decisionRequest.getOnapInstance();
+ //
+ // Add the action attribute
+ //
+ request.action = decisionRequest.getAction();
+ //
+ // Add the resource attributes
+ //
+ Map<String, Object> resources = decisionRequest.getResource();
+ for (Entry<String, Object> entrySet : resources.entrySet()) {
+ if ("user".equals(entrySet.getKey())) {
+ request.user = entrySet.getValue().toString();
+ }
+ if ("entity".equals(entrySet.getKey())) {
+ request.entity = entrySet.getValue().toString();
+ }
+ if ("permission".equals(entrySet.getKey())) {
+ request.permission = entrySet.getValue().toString();
+ }
+ }
+
+ return request;
+ }
+}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.tutorial.tutorial;
+
+import com.att.research.xacml.api.DataTypeException;
+import com.att.research.xacml.api.Decision;
+import com.att.research.xacml.api.Identifier;
+import com.att.research.xacml.api.Request;
+import com.att.research.xacml.api.Response;
+import com.att.research.xacml.api.Result;
+import com.att.research.xacml.api.XACML3;
+import com.att.research.xacml.std.IdentifierImpl;
+import com.att.research.xacml.std.annotations.RequestParser;
+import java.util.List;
+import java.util.Map;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.EffectType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.RuleType;
+import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
+import org.onap.policy.models.decisions.concepts.DecisionRequest;
+import org.onap.policy.models.decisions.concepts.DecisionResponse;
+import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
+import org.onap.policy.pdp.xacml.application.common.ToscaDictionary;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyConversionException;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslator;
+import org.onap.policy.pdp.xacml.application.common.ToscaPolicyTranslatorUtils;
+
+public class TutorialTranslator implements ToscaPolicyTranslator {
+
+ private static final Identifier ID_TUTORIAL_USER = new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-user");
+ private static final Identifier ID_TUTORIAL_ENTITY =
+ new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-entity");
+ private static final Identifier ID_TUTORIAL_PERM =
+ new IdentifierImpl(ToscaDictionary.ID_URN_ONAP, "tutorial-permission");
+
+ /**
+ * Convert Policy from TOSCA to XACML.
+ */
+ @SuppressWarnings("unchecked")
+ public PolicyType convertPolicy(ToscaPolicy toscaPolicy) throws ToscaPolicyConversionException {
+ //
+ // Here is our policy with a version and default combining algo
+ //
+ PolicyType newPolicyType = new PolicyType();
+ newPolicyType.setPolicyId(toscaPolicy.getMetadata().get("policy-id"));
+ newPolicyType.setVersion(toscaPolicy.getMetadata().get("policy-version"));
+ //
+ // When choosing the rule combining algorithm, be sure to be mindful of the
+ // setting xacml.att.policyFinderFactory.combineRootPolicies in the
+ // xacml.properties file. As that choice for ALL the policies together may have
+ // an impact on the decision rendered from each individual policy.
+ //
+ // In this case, we will only produce XACML rules for permissions. If no permission
+ // combo exists, then the default is to deny.
+ //
+ newPolicyType.setRuleCombiningAlgId(XACML3.ID_RULE_DENY_UNLESS_PERMIT.stringValue());
+ //
+ // Create the target for the Policy.
+ //
+ // For simplicity, let's just match on the action "authorize" and the user
+ //
+ MatchType matchAction = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
+ XACML3.ID_FUNCTION_STRING_EQUAL, "authorize", XACML3.ID_DATATYPE_STRING,
+ XACML3.ID_ACTION_ACTION_ID, XACML3.ID_ATTRIBUTE_CATEGORY_ACTION);
+ Map<String, Object> props = toscaPolicy.getProperties();
+ String user = props.get("user").toString();
+ MatchType matchUser = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL, user,
+ XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_USER, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
+ AnyOfType anyOf = new AnyOfType();
+ //
+ // Create AllOf (AND) of just Policy Id
+ //
+ anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchAction, matchUser));
+ TargetType target = new TargetType();
+ target.getAnyOf().add(anyOf);
+ newPolicyType.setTarget(target);
+ //
+ // Now add the rule for each permission
+ //
+ int ruleNumber = 0;
+ List<Object> permissions = (List<Object>) props.get("permissions");
+ for (Object permission : permissions) {
+
+ MatchType matchEntity = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(XACML3.ID_FUNCTION_STRING_EQUAL,
+ ((Map<String, String>) permission).get("entity"), XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_ENTITY,
+ XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
+
+ MatchType matchPermission = ToscaPolicyTranslatorUtils.buildMatchTypeDesignator(
+ XACML3.ID_FUNCTION_STRING_EQUAL, ((Map<String, String>) permission).get("permission"),
+ XACML3.ID_DATATYPE_STRING, ID_TUTORIAL_PERM, XACML3.ID_ATTRIBUTE_CATEGORY_RESOURCE);
+ anyOf = new AnyOfType();
+ anyOf.getAllOf().add(ToscaPolicyTranslatorUtils.buildAllOf(matchEntity, matchPermission));
+ target = new TargetType();
+ target.getAnyOf().add(anyOf);
+
+ RuleType rule = new RuleType();
+ rule.setDescription("Default is to PERMIT if the policy matches.");
+ rule.setRuleId(newPolicyType.getPolicyId() + ":rule" + ruleNumber);
+
+ rule.setEffect(EffectType.PERMIT);
+ rule.setTarget(target);
+
+ newPolicyType.getCombinerParametersOrRuleCombinerParametersOrVariableDefinition().add(rule);
+
+ ruleNumber++;
+ }
+ return newPolicyType;
+ }
+
+ /**
+ * Convert ONAP DecisionRequest to XACML Request.
+ */
+ public Request convertRequest(DecisionRequest request) {
+ try {
+ return RequestParser.parseRequest(TutorialRequest.createRequest(request));
+ } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
+ // Empty
+ }
+ return null;
+ }
+
+ /**
+ * Convert XACML Response to ONAP DecisionResponse.
+ */
+ public DecisionResponse convertResponse(Response xacmlResponse) {
+ DecisionResponse decisionResponse = new DecisionResponse();
+ //
+ // Iterate through all the results
+ //
+ for (Result xacmlResult : xacmlResponse.getResults()) {
+ //
+ // Check the result
+ //
+ if (xacmlResult.getDecision() == Decision.PERMIT) {
+ //
+ // Just simply return a Permit response
+ //
+ decisionResponse.setStatus(Decision.PERMIT.toString());
+ } else {
+ //
+ // Just simply return a Deny response
+ //
+ decisionResponse.setStatus(Decision.DENY.toString());
+ }
+ }
+
+ return decisionResponse;
+ }
+
+}
--- /dev/null
+org.onap.policy.tutorial.tutorial.TutorialApplication
\ No newline at end of file
--- /dev/null
+#
+# Properties that the embedded PDP engine uses to configure and load
+#
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
+#
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+#
+# ONAP PDP Implementation Factories
+#
+xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory
+
+#
+# Use a root combining algorithm
+#
+xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides
+
+#
+# Policies to load
+#
+xacml.rootPolicies=
+xacml.referencedPolicies=
\ No newline at end of file
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.tutorial.tutorial;
+
+import static org.junit.Assert.assertEquals;
+
+import com.att.research.xacml.api.Response;
+import java.io.File;
+import java.io.IOException;
+import java.util.Properties;
+import java.util.ServiceLoader;
+import org.apache.commons.lang3.tuple.Pair;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.rules.TemporaryFolder;
+import org.onap.policy.common.endpoints.parameters.RestServerParameters;
+import org.onap.policy.common.utils.coder.CoderException;
+import org.onap.policy.common.utils.coder.StandardCoder;
+import org.onap.policy.common.utils.resources.TextFileUtils;
+import org.onap.policy.models.decisions.concepts.DecisionRequest;
+import org.onap.policy.models.decisions.concepts.DecisionResponse;
+import org.onap.policy.pdp.xacml.application.common.XacmlApplicationException;
+import org.onap.policy.pdp.xacml.application.common.XacmlApplicationServiceProvider;
+import org.onap.policy.pdp.xacml.application.common.XacmlPolicyUtils;
+import org.onap.policy.pdp.xacml.xacmltest.TestUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class TutorialApplicationTest {
+ private static final Logger LOGGER = LoggerFactory.getLogger(TutorialApplicationTest.class);
+ private static Properties properties = new Properties();
+ private static File propertiesFile;
+ private static XacmlApplicationServiceProvider service;
+ private static StandardCoder gson = new StandardCoder();
+
+ @ClassRule
+ public static final TemporaryFolder policyFolder = new TemporaryFolder();
+
+ /**
+ * setup the tests.
+ *
+ * @throws Exception Should not have exceptions thrown.
+ */
+ @BeforeClass
+ public static void setup() throws Exception {
+ //
+ // Setup our temporary folder
+ //
+ XacmlPolicyUtils.FileCreator myCreator = (String filename) -> policyFolder.newFile(filename);
+ propertiesFile = XacmlPolicyUtils.copyXacmlPropertiesContents("src/test/resources/xacml.properties",
+ properties, myCreator);
+ //
+ // Load XacmlApplicationServiceProvider service
+ //
+ ServiceLoader<XacmlApplicationServiceProvider> applicationLoader =
+ ServiceLoader.load(XacmlApplicationServiceProvider.class);
+ //
+ // Look for our class instance and save it
+ //
+ for (XacmlApplicationServiceProvider application : applicationLoader) {
+ //
+ // Is it our service?
+ //
+ if (application instanceof TutorialApplication) {
+ service = application;
+ }
+ }
+ //
+ // Tell the application to initialize based on the properties file
+ // we just built for it.
+ //
+ service.initialize(propertiesFile.toPath().getParent(), new RestServerParameters());
+ }
+
+ @Test
+ public void test() throws CoderException, XacmlApplicationException, IOException {
+ //
+ // Now load the tutorial policies.
+ //
+ TestUtils.loadPolicies("src/test/resources/tutorial-policies.yaml", service);
+ //
+ // Load a Decision request
+ //
+ DecisionRequest decisionRequest = gson.decode(
+ TextFileUtils
+ .getTextFileAsString("src/test/resources/tutorial-decision-request.json"),
+ DecisionRequest.class);
+ //
+ // Test a decision - should start with a permit
+ //
+ Pair<DecisionResponse, Response> decision = service.makeDecision(decisionRequest, null);
+ LOGGER.info(decision.getLeft().toString());
+ assertEquals("Permit", decision.getLeft().getStatus());
+ //
+ // This should be a deny
+ //
+ decisionRequest.getResource().put("user", "audit");
+ decision = service.makeDecision(decisionRequest, null);
+ LOGGER.info(decision.getLeft().toString());
+ assertEquals("Deny", decision.getLeft().getStatus());
+ }
+
+}
--- /dev/null
+{
+ "ONAPName": "TutorialPEP",
+ "ONAPComponent": "TutorialPEPComponent",
+ "ONAPInstance": "TutorialPEPInstance",
+ "requestId": "unique-request-id-tutorial",
+ "action": "authorize",
+ "resource": {
+ "user": "demo",
+ "entity": "foo",
+ "permission" : "write"
+ }
+}
--- /dev/null
+tosca_definitions_version: tosca_simple_yaml_1_1_0
+topology_template:
+ policies:
+ -
+ onap.policy.tutorial.demo:
+ type: onap.policies.Authorization
+ type_version: 1.0.0
+ version: 1.0.0
+ metadata:
+ policy-id: onap.policy.tutorial.demo
+ policy-version: 1
+ properties:
+ user: demo
+ permissions:
+ -
+ entity: foo
+ permission: read
+ -
+ entity: foo
+ permission: write
+ -
+ onap.policy.tutorial.audit:
+ type: onap.policies.Authorization
+ version: 1.0.0
+ type_version: 1.0.0
+ metadata:
+ policy-id: onap.policy.tutorial.bar
+ policy-version: 1
+ properties:
+ user: audit
+ permissions:
+ -
+ entity: foo
+ permission: read
--- /dev/null
+tosca_definitions_version: tosca_simple_yaml_1_1_0
+policy_types:
+ onap.policies.Authorization:
+ derived_from: tosca.policies.Root
+ version: 1.0.0
+ description: Example tutorial policy type for doing user authorization
+ properties:
+ user:
+ type: string
+ required: true
+ description: The unique user name
+ permissions:
+ type: list
+ required: true
+ description: A list of resource permissions
+ entry_schema:
+ type: onap.datatypes.Tutorial
+data_types:
+ onap.datatypes.Tutorial:
+ derived_from: tosca.datatypes.Root
+ version: 1.0.0
+ properties:
+ entity:
+ type: string
+ required: true
+ description: The resource
+ permission:
+ type: string
+ required: true
+ description: The permission level
+ constraints:
+ - valid_values: [read, write, delete]
--- /dev/null
+#
+# Properties that the embedded PDP engine uses to configure and load
+#
+# Standard API Factories
+#
+xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
+xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
+xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
+xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
+xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
+#
+# AT&T PDP Implementation Factories
+#
+xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
+xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
+xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
+#
+# ONAP PDP Implementation Factories
+#
+xacml.att.policyFinderFactory=org.onap.policy.pdp.xacml.application.common.OnapPolicyFinderFactory
+
+#
+# Use a root combining algorithm
+#
+xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:deny-overrides
+
+#
+# Policies to load
+#
+xacml.rootPolicies=
+xacml.referencedPolicies=
\ No newline at end of file
Code Review / policy / xacml-pdp.git / commitdiff