Two Policy Guard features added: Frequency-limiter and Blacklist.
Change-Id: I48184ab0ae9760c9ea7594cd7346b456aa964d48
Signed-off-by: Michael Borokhovich <michael@research.att.com>
* ============LICENSE_END=========================================================
*/
-
package org.onap.policy.guard;
import com.att.research.xacml.api.DataTypeException;
WorkingMemory workingMemory;
PDPEngine embeddedPdpEngine;
String restfulPdpUrl;
+ String clname;
String actor;
String recipe;
String target;
String requestId;
- public CallGuardTask(PDPEngine engine, String url, WorkingMemory wm, String act, String rec, String tar, String reqId) {
+ public CallGuardTask(PDPEngine engine, String url, WorkingMemory wm, String cl, String act, String rec, String tar, String reqId) {
embeddedPdpEngine = engine;
restfulPdpUrl = url;
workingMemory = wm;
+ clname = cl;
actor = act;
recipe = rec;
requestId = reqId;
long startTime = System.nanoTime();
com.att.research.xacml.api.Request request = null;
- PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes(actor, recipe, target, requestId);
+ PolicyGuardXacmlRequestAttributes xacmlReq = new PolicyGuardXacmlRequestAttributes(clname, actor, recipe, target, requestId);
try {
request = RequestParser.parseRequest(xacmlReq);
// TODO Auto-generated catch block
e.printStackTrace();
}
- /*
- try {
- Thread.sleep(2000);
- } catch (InterruptedException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- */
+
System.out.println("\n********** XACML REQUEST START ********");
System.out.println(request);
import java.util.Set;
import javax.persistence.EntityManager;
+import javax.persistence.NoResultException;
+import javax.persistence.NonUniqueResultException;
import javax.persistence.Persistence;
import javax.persistence.Query;
public PIPEngineGetHistory() {
super();
-
- System.out.println("HAHAHAHAHAHAHAHAHAHAHAHAHAHAHA");
-
// TODO Auto-generated constructor stub
}
@Override
public Collection<PIPRequest> attributesRequired() {
// TODO Auto-generated method stub
- System.out.println("DADADADADADADADADADADADADA");
return null;
}
@Override
public Collection<PIPRequest> attributesProvided() {
// TODO Auto-generated method stub
- System.out.println("GAGAGAGAGAGAGAGAGAGAGAGAGAGAGAGAGAGAG");
return null;
}
@Override
public PIPResponse getAttributes(PIPRequest pipRequest, PIPFinder pipFinder) throws PIPException {
// TODO Auto-generated method stub
- System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - Entering FeqLimiter PIP!!!");
+ System.out.println("Entering FeqLimiter PIP");
/*
* First check to see if the issuer is set and then match it
String string;
if ((string = pipRequest.getIssuer()) == null) {
this.logger.debug("No issuer in the request...");
- System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - FeqLimiter PIP - No issuer in the request!!!");
+ System.out.println("FeqLimiter PIP - No issuer in the request!");
return StdPIPResponse.PIP_RESPONSE_EMPTY;
}
else{
//Notice, we are checking here for the base issuer prefix.
if (!string.contains(this.getIssuer())) {
this.logger.debug("Requested issuer '" + string + "' does not match " + (this.getIssuer() == null ? "null" : "'" + this.getIssuer() + "'"));
- System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - FeqLimiter PIP - Issuer "+ string +" does not match with: "+this.getIssuer());
+ System.out.println("FeqLimiter PIP - Issuer "+ string +" does not match with: "+this.getIssuer());
return StdPIPResponse.PIP_RESPONSE_EMPTY;
}
}
String[] s2 = s1[1].split(":");
String timeWindowVal = s2[0];// number [of minutes, hours, days...]
String timeWindowScale = s2[1];//e.g., minute, hour, day, week, month, year
-
- //System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - FeqLimiter PIP - Issuer " + string + " is OK - proceeding with the request!!!");
- //System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - FeqLimiter PIP - TimeWindow: " + timeWindowVal + " " + timeWindowScale);
String actor = getActor(pipFinder).iterator().next();
String operation = getRecipe(pipFinder).iterator().next();
System.out.println("Going to query DB about: "+actor + " " + operation + " " + target + " " + timeWindow);
int countFromDB = getCountFromDB(actor, operation, target, timeWindow);
-
StdMutablePIPResponse stdPIPResponse = new StdMutablePIPResponse();
this.addIntegerAttribute(stdPIPResponse,
@Override
public void configure(String id, Properties properties) throws PIPException {
super.configure(id, properties);
- //System.out.println("MAMAMAMAMAMAMAMAMAMAMAMAMA - Configuring FeqLimiter PIP!!!");
+
if (this.getDescription() == null) {
this.setDescription(DEFAULT_DESCRIPTION);
}
if (this.getIssuer() == null) {
this.setIssuer(DEFAULT_ISSUER);
}
- /*
- try{
- em = Persistence.createEntityManagerFactory("OperationsHistoryPU").createEntityManager();//emf.createEntityManager();
- }catch(Exception e){
- System.err.println("Freq limiter PIP got Exception " + e.getLocalizedMessage() + " Can't connect to Operations History DB.");
- return;
- }
- */
-
}
+
+ private void addStringAttribute(StdMutablePIPResponse stdPIPResponse, Identifier category, Identifier attributeId, String value) {
+ if (value != null) {
+ AttributeValue<String> attributeValue = null;
+ try {
+ attributeValue = DataTypes.DT_STRING.createAttributeValue(value);
+ } catch (Exception ex) {
+ //this.logger.error("Failed to convert " + value + " to an AttributeValue<String>", ex);
+ }
+ if (attributeValue != null) {
+ stdPIPResponse.addAttribute(new StdMutableAttribute(category, attributeId, attributeValue, this.getIssuer(), false));
+ }
+ }
+ }
+
private PIPResponse getAttribute(PIPRequest pipRequest, PIPFinder pipFinder) {
PIPResponse pipResponse = null;
private static int getCountFromDB(String actor, String operation, String target, String timeWindow){
- long startTime = System.nanoTime();
+ //long startTime = System.nanoTime();
-
-
EntityManager em;
try{
- em = Persistence.createEntityManagerFactory("OperationsHistoryPU").createEntityManager();//emf.createEntityManager();
+ em = Persistence.createEntityManagerFactory("OperationsHistoryPU").createEntityManager();
}catch(Exception e){
- System.err.println("Test thread got Exception " + e.getLocalizedMessage() + " Can't write to Operations History DB.");
+ System.err.println("PIP thread got Exception " + e.getLocalizedMessage() + " Can't connect to Operations History DB.");
return -1;
}
-
- //em.getTransaction().begin();
String sql = "select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor='"
+ actor
+ "' and operation='"
Query nq = em.createNativeQuery(sql);
- int ret = ((Number)nq.getSingleResult()).intValue();
-
- System.out.println("###########************** History count: " + ret);
+ int ret = -1;
+ try{
+ ret = ((Number)nq.getSingleResult()).intValue();
+ }
+ catch(NoResultException | NonUniqueResultException ex){
+ System.err.println("PIP thread got Exception " + ex.getLocalizedMessage());
+ return -1;
+ }
- //em.getTransaction().commit();
- long estimatedTime = System.nanoTime() - startTime;
- System.out.println("time took: " + (double)estimatedTime/1000/1000 + " mili sec.");
+ //System.out.println("###########************** History count: " + ret);
+
+ //long estimatedTime = System.nanoTime() - startTime;
+ //System.out.println("time took: " + (double)estimatedTime/1000/1000 + " mili sec.");
em.close();
- return ret;
-
-
+ return ret;
}
- public PolicyGuardXacmlRequestAttributes(String actor_id, String operation_id, String target_id,
+ public PolicyGuardXacmlRequestAttributes(String clname_id, String actor_id, String operation_id, String target_id,
String request_id) {
super();
+ this.clname_id = clname_id;
this.actor_id = actor_id;
this.operation_id = operation_id;
this.target_id = target_id;
//@XACMLAction()
//String action;
+ @XACMLSubject(includeInResults=true, attributeId="urn:oasis:names:tc:xacml:1.0:clname:clname-id")
+ String clname_id;
+
@XACMLSubject(includeInResults=true, attributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id")
String actor_id;
public void setRequest_id(String request_id) {
this.request_id = request_id;
}
+
+
+
+ public String getClname_id() {
+ return clname_id;
+ }
+
+
+
+ public void setClname_id(String clname_id) {
+ this.clname_id = clname_id;
+ }
package org.onap.policy.guard;
-
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
+import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
+
import org.onap.policy.controlloop.policy.guard.ControlLoopGuard;
+
public class PolicyGuardYamlToXacml {
public static void fromYamlToXacml(String yamlFile, String xacmlTemplate, String xacmlPolicyOutput){
ControlLoopGuard yamlGuardObject = Util.loadYamlGuard(yamlFile);
- System.out.println("actor: " + yamlGuardObject.guards.getFirst().actor);
- System.out.println("recipe: " + yamlGuardObject.guards.getFirst().recipe);
- System.out.println("num: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().num);
- System.out.println("duration: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().duration);
- System.out.println("time_in_range: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range);
+ System.out.println("clname: " + yamlGuardObject.guards.getFirst().match_parameters.controlLoopName);
+ System.out.println("actor: " + yamlGuardObject.guards.getFirst().match_parameters.actor);
+ System.out.println("recipe: " + yamlGuardObject.guards.getFirst().match_parameters.recipe);
+ System.out.println("num: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().freq_limit_per_target);
+ System.out.println("duration: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_window);
+ System.out.println("time_in_range: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range);
Path xacmlTemplatePath = Paths.get(xacmlTemplate);
String xacmlTemplateContent;
xacmlTemplateContent = new String(Files.readAllBytes(xacmlTemplatePath));
String xacmlPolicyContent = generateXacmlGuard(xacmlTemplateContent,
- yamlGuardObject.guards.getFirst().actor,
- yamlGuardObject.guards.getFirst().recipe,
- yamlGuardObject.guards.getFirst().limit_constraints.getFirst().num,
- yamlGuardObject.guards.getFirst().limit_constraints.getFirst().duration,
- yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range.get("arg2"),
- yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range.get("arg3")
+ yamlGuardObject.guards.getFirst().match_parameters.controlLoopName,
+ yamlGuardObject.guards.getFirst().match_parameters.actor,
+ yamlGuardObject.guards.getFirst().match_parameters.recipe,
+ yamlGuardObject.guards.getFirst().match_parameters.targets,
+ yamlGuardObject.guards.getFirst().limit_constraints.getFirst().freq_limit_per_target,
+ yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_window,
+ yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range.get("start"),
+ yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range.get("end")
);
public static String generateXacmlGuard(String xacmlFileContent,
+ String clname,
String actor,
- String recipe,
+ String recipe,
+ LinkedList<String> targets,
Integer limit,
Map<String,String> timeWindow,
String guardActiveStart,
String guardActiveEnd) {
- Pattern p = Pattern.compile("\\$\\{actor\\}");
+ Pattern p = Pattern.compile("\\$\\{clname\\}");
Matcher m = p.matcher(xacmlFileContent);
+ if(isNullOrEmpty(clname)) clname = ".*";
+ xacmlFileContent = m.replaceAll(clname);
+
+ p = Pattern.compile("\\$\\{actor\\}");
+ m = p.matcher(xacmlFileContent);
+ if(isNullOrEmpty(actor)) actor = ".*";
xacmlFileContent = m.replaceAll(actor);
p = Pattern.compile("\\$\\{recipe\\}");
m = p.matcher(xacmlFileContent);
+ if(isNullOrEmpty(recipe)) recipe = ".*";
xacmlFileContent = m.replaceAll(recipe);
+
+ p = Pattern.compile("\\$\\{targets\\}");
+ m = p.matcher(xacmlFileContent);
+ String targetsRegex = "";
+ if(isNullOrEmptyList(targets)){
+ targetsRegex = ".*";
+ }
+ else{
+ for(String t : targets){
+ targetsRegex += (t + "|");
+
+ }
+ targetsRegex = targetsRegex.substring(0, targetsRegex.length()-1);
+ }
+ xacmlFileContent = m.replaceAll(targetsRegex);
p = Pattern.compile("\\$\\{limit\\}");
m = p.matcher(xacmlFileContent);
return xacmlFileContent;
}
+ public static boolean isNullOrEmpty(String s){
+
+ if(s == null){
+ return true;
+ }
+ else if(s.equals("")){
+ return true;
+ }
+ return false;
+
+ }
+
+ public static boolean isNullOrEmptyList(LinkedList<String> list){
+
+ if(list == null){
+ return true;
+ }
+ else if(list.isEmpty()){
+ return true;
+ }
+ return false;
+
+ }
public static void fromYamlToXacmlBlacklist(String yamlFile, String xacmlTemplate, String xacmlPolicyOutput){
ControlLoopGuard yamlGuardObject = Util.loadYamlGuard(yamlFile);
- System.out.println("actor: " + yamlGuardObject.guards.getFirst().actor);
- System.out.println("recipe: " + yamlGuardObject.guards.getFirst().recipe);
- System.out.println("num: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().num);
- System.out.println("duration: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().duration);
- System.out.println("time_in_range: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range);
+ System.out.println("actor: " + yamlGuardObject.guards.getFirst().match_parameters.actor);
+ System.out.println("recipe: " + yamlGuardObject.guards.getFirst().match_parameters.recipe);
+ System.out.println("freq_limit_per_target: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().freq_limit_per_target);
+ System.out.println("time_window: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_window);
+ System.out.println("active_time_range: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range);
Path xacmlTemplatePath = Paths.get(xacmlTemplate);
String xacmlTemplateContent;
xacmlTemplateContent = new String(Files.readAllBytes(xacmlTemplatePath));
String xacmlPolicyContent = generateXacmlGuardBlacklist(xacmlTemplateContent,
- yamlGuardObject.guards.getFirst().actor,
- yamlGuardObject.guards.getFirst().recipe,
+ yamlGuardObject.guards.getFirst().match_parameters.controlLoopName,
+ yamlGuardObject.guards.getFirst().match_parameters.actor,
+ yamlGuardObject.guards.getFirst().match_parameters.recipe,
yamlGuardObject.guards.getFirst().limit_constraints.getFirst().blacklist,
- yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range.get("arg2"),
- yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range.get("arg3")
+ yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range.get("start"),
+ yamlGuardObject.guards.getFirst().limit_constraints.getFirst().active_time_range.get("end")
);
}
public static String generateXacmlGuardBlacklist(String xacmlFileContent,
+ String clname,
String actor,
String recipe,
List<String> blacklist,
String guardActiveStart,
String guardActiveEnd) {
- Pattern p = Pattern.compile("\\$\\{actor\\}");
+
+ Pattern p = Pattern.compile("\\$\\{clname\\}");
Matcher m = p.matcher(xacmlFileContent);
+ if(isNullOrEmpty(clname)) clname = ".*";
+ xacmlFileContent = m.replaceAll(clname);
+
+ p = Pattern.compile("\\$\\{actor\\}");
+ m = p.matcher(xacmlFileContent);
+ if(isNullOrEmpty(actor)) actor = ".*";
xacmlFileContent = m.replaceAll(actor);
p = Pattern.compile("\\$\\{recipe\\}");
m = p.matcher(xacmlFileContent);
+ if(isNullOrEmpty(recipe)) recipe = ".*";
xacmlFileContent = m.replaceAll(recipe);
p = Pattern.compile("\\$\\{guardActiveStart\\}");
public class Constraint {
- public Integer num;
- //public String duration;
- public Map<String, String> duration;
- public Map<String, String> time_in_range;
+ public Integer freq_limit_per_target;
+ public Map<String, String> time_window;
+ public Map<String, String> active_time_range;
public LinkedList<String> blacklist;
}
- public Constraint(Integer num, Map<String, String> duration) {
- this.num = num;
- this.duration = duration;
+ public Constraint(Integer freq_limit_per_target, Map<String, String> time_window) {
+ this.freq_limit_per_target = freq_limit_per_target;
+ if (time_window != null) {
+ this.time_window = Collections.unmodifiableMap(time_window);
+ }
}
public Constraint(List<String> blacklist) {
}
- public Constraint(Integer num, Map<String, String> duration, List<String> blacklist) {
- this.num = num;
- this.duration = Collections.unmodifiableMap(duration);
+ public Constraint(Integer freq_limit_per_target, Map<String, String> time_window, List<String> blacklist) {
+ this.freq_limit_per_target = freq_limit_per_target;
+ this.time_window = Collections.unmodifiableMap(time_window);
this.blacklist = new LinkedList<String>(blacklist);
}
- public Constraint(Integer num, Map<String, String> duration, Map<String, String> time_in_range, List<String> blacklist) {
- //this(num, duration);
- if (duration != null) {
- this.duration = Collections.unmodifiableMap(duration);
- }
- if (time_in_range != null) {
- this.time_in_range = Collections.unmodifiableMap(time_in_range);
+ public Constraint(Integer freq_limit_per_target, Map<String, String> time_window, Map<String, String> active_time_range, List<String> blacklist) {
+ this(freq_limit_per_target, time_window);
+ if (active_time_range != null) {
+ this.active_time_range = Collections.unmodifiableMap(active_time_range);
}
this.blacklist = new LinkedList<String>(blacklist);
}
+ public Constraint(Integer freq_limit_per_target, Map<String, String> time_window, Map<String, String> active_time_range) {
+ this(freq_limit_per_target, time_window);
+ if (active_time_range != null) {
+ this.active_time_range = Collections.unmodifiableMap(active_time_range);
+ }
+ }
+
public Constraint(Constraint constraint) {
- this.num = constraint.num;
- this.duration = constraint.duration;
- if (constraint.time_in_range != null) {
- this.time_in_range = Collections.unmodifiableMap(constraint.time_in_range);
+ this.freq_limit_per_target = constraint.freq_limit_per_target;
+ this.time_window = constraint.time_window;
+ if (constraint.active_time_range != null) {
+ this.active_time_range = Collections.unmodifiableMap(constraint.active_time_range);
}
this.blacklist = new LinkedList<String>(constraint.blacklist);
}
public boolean isValid() {
+ //System.out.println("freq_limit_per_target: " + freq_limit_per_target + " time_window" + time_window );
try {
- if (num == null && duration != null) {
+ if (freq_limit_per_target == null && time_window != null) {
throw new NullPointerException();
}
- if (duration == null && num != null) {
+ if (time_window == null && freq_limit_per_target != null) {
throw new NullPointerException();
}
} catch (Exception e) {
@Override
public String toString() {
- return "Constraint [num=" + num + ", duration=" + duration + ", time_in_range=" + time_in_range + ", blacklist=" + blacklist + "]";
+ return "Constraint [freq_limit_per_target=" + freq_limit_per_target + ", time_window=" + time_window + ", active_time_range=" + active_time_range + ", blacklist=" + blacklist + "]";
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
- result = prime * result + ((num == null) ? 0 : num.hashCode());
- result = prime * result + ((duration == null) ? 0 : duration.hashCode());
- result = prime * result + ((time_in_range == null) ? 0 : time_in_range.hashCode());
+ result = prime * result + ((freq_limit_per_target == null) ? 0 : freq_limit_per_target.hashCode());
+ result = prime * result + ((time_window == null) ? 0 : time_window.hashCode());
+ result = prime * result + ((active_time_range == null) ? 0 : active_time_range.hashCode());
result = prime * result + ((blacklist == null) ? 0 : blacklist.hashCode());
return result;
}
if (getClass() != obj.getClass())
return false;
Constraint other = (Constraint) obj;
- if (num == null) {
- if (other.num != null)
+ if (freq_limit_per_target == null) {
+ if (other.freq_limit_per_target != null)
return false;
- } else if (!num.equals(other.num))
+ } else if (!freq_limit_per_target.equals(other.freq_limit_per_target))
return false;
- if (duration == null) {
- if (other.duration != null)
+ if (time_window == null) {
+ if (other.time_window != null)
return false;
- } else if (!duration.equals(other.duration))
+ } else if (!time_window.equals(other.time_window))
return false;
- if (time_in_range == null) {
- if (other.time_in_range != null)
+ if (active_time_range == null) {
+ if (other.active_time_range != null)
return false;
- } else if (!time_in_range.equals(other.time_in_range))
+ } else if (!active_time_range.equals(other.active_time_range))
return false;
if (blacklist == null) {
if (other.blacklist != null)
public String id = UUID.randomUUID().toString();
public String name;
public String description;
- public String actor;
- public String recipe;
+ public MatchParameters match_parameters;
public LinkedList<Constraint> limit_constraints;
- public GuardPolicy() {
+
+public GuardPolicy() {
}
this.id = id;
}
- public GuardPolicy(String name, String actor, String recipe) {
+ public GuardPolicy(String name, MatchParameters match_parameters) {
this.name = name;
- this.actor = actor;
- this.recipe = recipe;
+ System.out.println("match_parameters: " + match_parameters);
+ this.match_parameters = new MatchParameters(match_parameters);
}
- public GuardPolicy(String id, String name, String description, String actor, String recipe) {
- this(name, actor, recipe);
+ public GuardPolicy(String id, String name, String description, MatchParameters match_parameters) {
+ this(name, match_parameters);
this.id = id;
this.description = description;
}
- public GuardPolicy(String name, String actor, String recipe, List<Constraint> limit_constraints) {
- this(name, actor, recipe);
+ public GuardPolicy(String name, MatchParameters match_parameters, List<Constraint> limit_constraints) {
+ this(name, match_parameters);
if (limit_constraints != null) {
this.limit_constraints = (LinkedList<Constraint>) Collections.unmodifiableList(limit_constraints);
}
}
- public GuardPolicy(String name, String description, String actor, String recipe, List<Constraint> limit_constraints) {
- this(name, actor, recipe, limit_constraints);
+ public GuardPolicy(String name, String description, MatchParameters match_parameters, List<Constraint> limit_constraints) {
+ this(name, match_parameters, limit_constraints);
this.description = description;
}
- public GuardPolicy(String id, String name, String description, String actor, String recipe, List<Constraint> limit_constraints) {
- this(name, description, actor, recipe, limit_constraints);
+ public GuardPolicy(String id, String name, String description, MatchParameters match_parameters, List<Constraint> limit_constraints) {
+ this(name, description, match_parameters, limit_constraints);
this.id = id;
}
+
+
+
+
+
public GuardPolicy(GuardPolicy policy) {
this.id = policy.id;
this.name = policy.name;
this.description = policy.description;
- this.actor = policy.actor;
- this.recipe = policy.recipe;
+ this.match_parameters = new MatchParameters(policy.match_parameters);
if (policy.limit_constraints != null) {
this.limit_constraints = (LinkedList<Constraint>) Collections.unmodifiableList(policy.limit_constraints);
}
if (name == null) {
throw new NullPointerException();
}
- if (actor == null) {
- throw new NullPointerException();
- }
- if (recipe == null) {
- throw new NullPointerException();
- }
+
} catch (Exception e) {
return false;
}
@Override
public String toString() {
- return "Policy [id=" + id + ", name=" + name + ", description=" + description + ", actor=" + actor + ", recipe="
- + recipe + ", limit_constraints=" + limit_constraints + "]";
+ return "GuardPolicy [id=" + id + ", name=" + name + ", description=" + description + ", match_parameters="
+ + match_parameters + ", limit_constraints=" + limit_constraints + "]";
}
@Override
public int hashCode() {
final int prime = 31;
int result = 1;
- result = prime * result + ((actor == null) ? 0 : actor.hashCode());
result = prime * result + ((description == null) ? 0 : description.hashCode());
result = prime * result + ((id == null) ? 0 : id.hashCode());
- result = prime * result + ((name == null) ? 0 : name.hashCode());
result = prime * result + ((limit_constraints == null) ? 0 : limit_constraints.hashCode());
- result = prime * result + ((recipe == null) ? 0 : recipe.hashCode());
+ result = prime * result + ((match_parameters == null) ? 0 : match_parameters.hashCode());
+ result = prime * result + ((name == null) ? 0 : name.hashCode());
return result;
}
if (getClass() != obj.getClass())
return false;
GuardPolicy other = (GuardPolicy) obj;
- if (actor == null) {
- if (other.actor != null)
- return false;
- } else if (!actor.equals(other.actor))
- return false;
if (description == null) {
if (other.description != null)
return false;
return false;
} else if (!id.equals(other.id))
return false;
- if (name == null) {
- if (other.name != null)
- return false;
- } else if (!name.equals(other.name))
- return false;
if (limit_constraints == null) {
if (other.limit_constraints != null)
return false;
} else if (!limit_constraints.equals(other.limit_constraints))
return false;
- if (recipe == null) {
- if (other.recipe != null)
+ if (match_parameters == null) {
+ if (other.match_parameters != null)
+ return false;
+ } else if (!match_parameters.equals(other.match_parameters))
+ return false;
+ if (name == null) {
+ if (other.name != null)
return false;
- } else if (!recipe.equals(other.recipe))
+ } else if (!name.equals(other.name))
return false;
return true;
}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * policy-yaml
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.controlloop.policy.guard;
+
+import java.util.LinkedList;
+
+
+public class MatchParameters {
+
+ //public ControlLoopParameter controlLoop;
+ public String controlLoopName;
+ public String actor;
+ public String recipe;
+ public LinkedList<String> targets;
+
+
+ public MatchParameters() {
+
+ }
+
+ public MatchParameters(String actor, String recipe) {
+ this.actor = actor;
+ this.recipe = recipe;
+ }
+
+ public MatchParameters(String actor, String recipe, LinkedList<String> targets) {
+ this(actor, recipe);
+ if (targets != null) {
+ this.targets = new LinkedList<String>(targets);
+ }
+ }
+
+
+ public MatchParameters(String controlLoopName, String actor, String recipe, LinkedList<String> targets) {
+ this(actor, recipe, targets);
+ this.controlLoopName = controlLoopName;
+ }
+
+
+
+
+
+ public MatchParameters(MatchParameters matchParameters) {
+
+ this.controlLoopName = matchParameters.controlLoopName;
+ this.actor = matchParameters.actor;
+ this.recipe = matchParameters.recipe;
+ if (matchParameters.targets != null) {
+ //this.targets = (LinkedList<String>) Collections.unmodifiableList(matchParameters.targets);
+ this.targets = new LinkedList<String>(matchParameters.targets);
+ }
+ }
+
+ /*
+ public boolean isValid() {
+ try {
+ if (actor == null) {
+ throw new NullPointerException();
+ }
+ if (recipe == null) {
+ throw new NullPointerException();
+ }
+ } catch (Exception e) {
+ return false;
+ }
+ return true;
+ }
+ */
+
+ @Override
+ public String toString() {
+ return "MatchParameters [controlLoopName=" + controlLoopName + ", actor=" + actor + ", recipe=" + recipe
+ + ", targets=" + targets + "]";
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((actor == null) ? 0 : actor.hashCode());
+ result = prime * result + ((controlLoopName == null) ? 0 : controlLoopName.hashCode());
+ result = prime * result + ((recipe == null) ? 0 : recipe.hashCode());
+ result = prime * result + ((targets == null) ? 0 : targets.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ MatchParameters other = (MatchParameters) obj;
+ if (actor == null) {
+ if (other.actor != null)
+ return false;
+ } else if (!actor.equals(other.actor))
+ return false;
+ if (controlLoopName == null) {
+ if (other.controlLoopName != null)
+ return false;
+ } else if (!controlLoopName.equals(other.controlLoopName))
+ return false;
+ if (recipe == null) {
+ if (other.recipe != null)
+ return false;
+ } else if (!recipe.equals(other.recipe))
+ return false;
+ if (targets == null) {
+ if (other.targets != null)
+ return false;
+ } else if (!targets.equals(other.targets))
+ return false;
+ return true;
+ }
+
+
+}
import org.onap.policy.controlloop.guard.compiler.ControlLoopGuardCompiler;
public class ControlLoopGuardCompilerTest {
-
+
@Test
public void testTest1() {
try {
- this.test("src/test/resources/v2.0.0-guard/policy_guard_vUSP_1707_appc.yaml");
+ this.test("src/test/resources/v2.0.0-guard/policy_guard_ONAP_demo_vDNS.yaml");
+ } catch (Exception e) {
+ fail(e.getMessage());
+ }
+ }
+
+ @Test
+ public void testTest2() {
+ try {
+ this.test("src/test/resources/v2.0.0-guard/policy_guard_appc_restart.yaml");
} catch (Exception e) {
fail(e.getMessage());
}
package org.onap.policy.controlloop.policy.guard;
-import org.junit.Ignore;
import org.junit.Test;
import org.yaml.snakeyaml.Yaml;
import org.yaml.snakeyaml.constructor.Constructor;
public class ControlLoopGuardBuilderTest {
- @Ignore
@Test
public void testControlLoopGuard() {
try {
//
// Add a guard policy without limit constraint
//
- GuardPolicy policy1 = new GuardPolicy("1111", "guardpolicy1", "guardpolicy1", "APPC", "restart");
+ String clname = "CL_vUSP123";
+ LinkedList<String> targets = new LinkedList<String>();
+ targets.add("s1");
+ targets.add("s2");
+ targets.add("s3");
+ MatchParameters matchParameters = new MatchParameters(clname, "APPC", "Restart", targets);
+ GuardPolicy policy1 = new GuardPolicy("id123", "guardpolicy1", "description aaa", matchParameters);
builder = builder.addGuardPolicy(policy1);
//
// Assert there is no limit constraint associated with the only guard policy
//
// Add a constraint to policy1
//
- Map<String, String> time_in_range = new HashMap<String, String>();
- time_in_range.put("arg2", "PT5H");
- time_in_range.put("arg3", "PT24H");
+ Map<String, String> active_time_range = new HashMap<String, String>();
+ active_time_range.put("start", "00:00:00-05:00");
+ active_time_range.put("end", "23:59:59-05:00");
List<String> blacklist = new LinkedList<String>();
blacklist.add("eNodeB_common_id1");
blacklist.add("eNodeB_common_id2");
- Map<String, String> duration = new HashMap<String, String>();
- duration.put("value", "10");
- duration.put("units", "minute");
- Constraint cons = new Constraint(5, duration, time_in_range, blacklist);
+ Map<String, String> time_window = new HashMap<String, String>();
+ time_window.put("value", "10");
+ time_window.put("units", "minute");
+ Constraint cons = new Constraint(5, time_window, active_time_range, blacklist);
builder = builder.addLimitConstraint(policy1.id, cons);
//
// Add a duplicate constraint to policy1
@Test
public void test1() {
- this.test("src/test/resources/v2.0.0-guard/policy_guard_vUSP_1707_appc.yaml");
+ this.test("src/test/resources/v2.0.0-guard/policy_guard_ONAP_demo_vDNS.yaml");
+ }
+
+ @Test
+ public void test2() {
+ this.test("src/test/resources/v2.0.0-guard/policy_guard_appc_restart.yaml");
}
public void test(String testFile) {
@Test
public void testGuardvDNS() {
- this.test("src/test/resources/v2.0.0-guard/policy_guard_OpenECOMP_demo_vDNS.yaml");
+ this.test("src/test/resources/v2.0.0-guard/policy_guard_ONAP_demo_vDNS.yaml");
}
@Test
public void testGuardvUSP() {
- this.test("src/test/resources/v2.0.0-guard/policy_guard_vUSP_1707_appc.yaml");
+ this.test("src/test/resources/v2.0.0-guard/policy_guard_appc_restart.yaml");
}
--- /dev/null
+guard:
+ version: 2.0.0
+
+guards:
+ - id: unique_guard_ONAP_vDNS_1
+ name: MSO Spinup
+ description: We only spin up 1 instance over a 10 minute window
+ match_parameters:
+ actor: MSO
+ recipe: VF Module Create
+ limit_constraints:
+ - freq_limit_per_target: 1
+ #
+ # https://www.w3.org/TR/xmlschema-2/#duration
+ #
+ time_window:
+ value: 10
+ units: hour
+
\ No newline at end of file
+++ /dev/null
-guard:
- version: 2.0.0
-
-guards:
- - id: unique_guard_ONAP_vDNS_1
- name: MSO Spinup
- description: We only spin up 1 instance over a 10 minute window
- actor: MSO
- recipe: VF Module Create
- limit_constraints:
- - num: 1
- duration:
- value: 15
- units: minute
+++ /dev/null
-guard:
- version: 2.0.0
-
-guards:
- - id: unique_guard_ONAP_vDNS_1
- name: MSO Spinup
- description: We only spin up 1 instance over a 10 minute window
- actor: MSO
- recipe: VF Module Create
- limit_constraints:
- - num: 1
- duration: PT10M
--- /dev/null
+guard:
+ version: 2.0.0
+
+guards:
+ - id: unique_guard_1
+ name: APPC 5 Restart
+ description:
+ We only allow 5 restarts over 15 minute window during the day time hours (i.e. avoid midnight to 5am)
+ match_parameters:
+ controlLoopName: CL_NAME_ABC_123
+ actor: APPC
+ recipe: Restart
+ targets:
+ - s1
+ s2
+ s3
+ limit_constraints:
+ - freq_limit_per_target: 5
+ time_window:
+ value: 15
+ units: minute
+ active_time_range:
+ start: 00:00:00-05:00
+ end: 23:59:59-05:00
\ No newline at end of file
+++ /dev/null
-guard:
- version: 2.0.0
-
-guards:
- - id: unique_guard_vUSP_1
- name: APPC 5 Restart
- description:
- We only allow 5 restarts over 15 minute window during the day time hours (i.e. avoid midnight to 5am)
- actor: APPC
- recipe: Restart
- limit_constraints:
- - num: 5
- #
- # https://www.w3.org/TR/xmlschema-2/#duration
- #
- duration:
- value: 15
- units: minute
- #
- # XACML function time-in-range
- #
- # Assumption is that the "current time" is the 1st argument
- #
- time_in_range:
- arg2: PT5H
- arg3: PT24H
\ No newline at end of file
* limitations under the License.
* ============LICENSE_END=========================================================
*/
-
-package com.att.ecomp.policy.controlloop;
+
+package org.onap.policy.controlloop;
import org.onap.policy.controlloop.VirtualControlLoopEvent;
import org.onap.policy.controlloop.VirtualControlLoopNotification;
Logger.metrics($lock);
-
-
//
// We are starting the operation but the actor won't be contacted until Guard is queried and permitted.
//
Thread t = new Thread(new org.onap.policy.guard.CallGuardTask(
XacmlPdpEngine,
"",
- drools.getWorkingMemory(),
+ drools.getWorkingMemory(),
+ $event.closedLoopControlName,
$operation.policy.actor.toString(),
$operation.policy.recipe,
$manager.getTargetInstance($operation.policy),
<Target>
<AnyOf>
<AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+ <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*</AttributeValue>-->
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:clname:clname-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+
+ <!-- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">-->
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:operation:operation-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
<Target>
<AnyOf>
<AllOf>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+ <!-- <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">.*</AttributeValue>-->
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${clname}</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:clname:clname-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+
+ <!-- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">-->
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${actor}</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" AttributeId="urn:oasis:names:tc:xacml:1.0:actor:actor-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
- <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${recipe}</AttributeValue>
<AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" AttributeId="urn:oasis:names:tc:xacml:1.0:operation:operation-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
</Match>
+
+ <Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-regexp-match">
+ <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">${targets}</AttributeValue>
+ <AttributeDesignator Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" AttributeId="urn:oasis:names:tc:xacml:1.0:target:target-id" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+ </Match>
+
</AllOf>
</AnyOf>
</Target>
* ============LICENSE_END=========================================================
*/
-package org.onap.policy.controlloop.processor;
+package org.onap.policy.template.demo;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import com.att.research.xacml.util.FactoryException;
import com.att.research.xacml.util.XACMLProperties;
-import org.onap.policy.controlloop.policy.guard.ControlLoopGuard;
+//import org.onap.policy.controlloop.policy.guard.ControlLoopGuard;
public class ControlLoopXacmlGuardTest {
-
@Ignore
@Test
public void test() {
try {
- this.runTest("src/main/resources/ControlLoop_Template_1707_xacml_guard.drl",
- "src/test/resources/yaml/policy_ControlLoop_vUSP_1707.yaml",
- "service=vUSP;resource=vCTS;type=operational",
- "CL_VUSP_8888",
- "com.att.ecomp.closed_loop.vUSP:VNFS:0.0.1");
+ this.runTest("src/main/resources/ControlLoop_Template_xacml_guard.drl",
+ "src/test/resources/yaml/policy_ControlLoop_Service123.yaml",
+ "service=Service123;resource=Res123;type=operational",
+ "CL_SERV123_8888",
+ "org.onap.closed_loop.Service123:VNFS:0.0.1");
} catch (IOException e) {
e.printStackTrace();
fail(e.getMessage());
// Create XACML Guard policy from YAML
// We prepare 4 Guards. Notice that Rebuilds recipe has two Guards (for checking policy combining algorithm)
//
- fromYamlToXacml("src/test/resources/yaml/policy_guard_vUSP_1707_appc_restart.yaml",
+ PolicyGuardYamlToXacml.fromYamlToXacml("src/test/resources/yaml/policy_guard_appc_restart.yaml",
"src/main/resources/frequency_limiter_template.xml",
"src/test/resources/xacml/autogenerated_frequency_limiter_restart.xml");
- fromYamlToXacml("src/test/resources/yaml/policy_guard_vUSP_1707_appc_rebuild.yaml",
+ PolicyGuardYamlToXacml.fromYamlToXacml("src/test/resources/yaml/policy_guard_appc_rebuild.yaml",
"src/main/resources/frequency_limiter_template.xml",
"src/test/resources/xacml/autogenerated_frequency_limiter_rebuild.xml");
- fromYamlToXacml("src/test/resources/yaml/policy_guard_vUSP_1707_appc_rebuild_1.yaml",
+ PolicyGuardYamlToXacml.fromYamlToXacml("src/test/resources/yaml/policy_guard_appc_rebuild_1.yaml",
"src/main/resources/frequency_limiter_template.xml",
"src/test/resources/xacml/autogenerated_frequency_limiter_rebuild_1.xml");
- fromYamlToXacml("src/test/resources/yaml/policy_guard_vUSP_1707_appc_migrate.yaml",
+ PolicyGuardYamlToXacml.fromYamlToXacml("src/test/resources/yaml/policy_guard_appc_migrate.yaml",
"src/main/resources/frequency_limiter_template.xml",
"src/test/resources/xacml/autogenerated_frequency_limiter_migrate.xml");
- PolicyGuardYamlToXacml.fromYamlToXacmlBlacklist("src/test/resources/yaml/policy_guard_vUSP_1707_appc_restart_blacklist.yaml",
+ PolicyGuardYamlToXacml.fromYamlToXacmlBlacklist("src/test/resources/yaml/policy_guard_appc_restart_blacklist.yaml",
"src/main/resources/blacklist_template.xml",
"src/test/resources/xacml/autogenerated_blacklist.xml");
for (FactHandle handle : kieSession.getFactHandles()) {
Object fact = kieSession.getObject(handle);
- assertEquals("", "com.att.ecomp.policy.controlloop.Params", fact.getClass().getName());
+ assertEquals("", "org.onap.policy.controlloop.Params", fact.getClass().getName());
}
}
event.closedLoopEventStatus = ControlLoopEventStatus.ONSET;
kieSession.insert(event);
Thread.sleep(1000);
-
- /*
- event = new ATTControlLoopEvent(event);
- event.triggerID = "107.250.169.145_f5BigIP" + Instant.now().toEpochMilli();
- kieSession.insert(event);
- Thread.sleep(1000);
-
- event = new ATTControlLoopEvent(event);
- event.triggerID = "107.250.169.145_f5BigIP" + Instant.now().toEpochMilli();
- kieSession.insert(event);
- Thread.sleep(1000);
-
- event = new ATTControlLoopEvent(event);
- event.triggerID = "107.250.169.145_f5BigIP" + Instant.now().toEpochMilli();
- kieSession.insert(event);
- Thread.sleep(1000);
- */
}
}
- public static void fromYamlToXacml(String yamlFile, String xacmlTemplate, String xacmlPolicyOutput){
-
- ControlLoopGuard yamlGuardObject = Util.loadYamlGuard(yamlFile);
- System.out.println("actor: " + yamlGuardObject.guards.getFirst().actor);
- System.out.println("recipe: " + yamlGuardObject.guards.getFirst().recipe);
- System.out.println("num: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().num);
- System.out.println("duration: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().duration);
- System.out.println("time_in_range: " + yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range);
-
- Path xacmlTemplatePath = Paths.get(xacmlTemplate);
- String xacmlTemplateContent;
-
- try {
- xacmlTemplateContent = new String(Files.readAllBytes(xacmlTemplatePath));
-
- String xacmlPolicyContent = PolicyGuardYamlToXacml.generateXacmlGuard(xacmlTemplateContent,
- yamlGuardObject.guards.getFirst().actor,
- yamlGuardObject.guards.getFirst().recipe,
- yamlGuardObject.guards.getFirst().limit_constraints.getFirst().num,
- yamlGuardObject.guards.getFirst().limit_constraints.getFirst().duration,
- yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range.get("arg2"),
- yamlGuardObject.guards.getFirst().limit_constraints.getFirst().time_in_range.get("arg3")
- );
-
- Files.write(Paths.get(xacmlPolicyOutput), xacmlPolicyContent.getBytes());
-
- } catch (IOException e) {
- e.printStackTrace();
- }
-
- }
-
-
public static String generatePolicy(String ruleContents,
String closedLoopControlName,
* ============LICENSE_END=========================================================
*/
-package org.onap.policy.controlloop.processor;
+package org.onap.policy.template.demo;
import static org.junit.Assert.fail;
+++ /dev/null
-#
-#
-# This files defines PIPs that will be used by XACML Guard Policies. One PIP per time window (5 min, 10min,...,1 month).
-#
-#
-#
-
-#
-# Default XACML Properties File
-# Standard API Factories
-#
-xacml.dataTypeFactory=com.att.research.xacml.std.StdDataTypeFactory
-xacml.pdpEngineFactory=com.att.research.xacmlatt.pdp.ATTPDPEngineFactory
-xacml.pepEngineFactory=com.att.research.xacml.std.pep.StdEngineFactory
-xacml.pipFinderFactory=com.att.research.xacml.std.pip.StdPIPFinderFactory
-xacml.traceEngineFactory=com.att.research.xacml.std.trace.LoggingTraceEngineFactory
-#
-# AT&T PDP Implementation Factories
-#
-xacml.att.evaluationContextFactory=com.att.research.xacmlatt.pdp.std.StdEvaluationContextFactory
-xacml.att.combiningAlgorithmFactory=com.att.research.xacmlatt.pdp.std.StdCombiningAlgorithmFactory
-xacml.att.functionDefinitionFactory=com.att.research.xacmlatt.pdp.std.StdFunctionDefinitionFactory
-xacml.att.policyFinderFactory=com.att.research.xacmlatt.pdp.std.StdPolicyFinderFactory
-
-
-#
-# NOTE: If you are testing against a RESTful PDP, then the PDP must be configured with the
-# policies and PIP configuration as defined below. Otherwise, this is the configuration that
-# the embedded PDP uses.
-#
-
-# In case we have multiple applicable Guard policies, we will deny if any of them denies.
-#xacml.att.policyFinderFactory.combineRootPolicies=urn:com:att:xacml:3.0:policy-combining-algorithm:combined-deny-overrides
-xacml.att.policyFinderFactory.combineRootPolicies=urn:oasis:names:tc:xacml:3.0:policy-combining-algorithm:permit-unless-deny
-
-
-# Policies to load
-#
-xacml.rootPolicies=p1,p2,p3,p4
-p1.file=src/test/resources/xacml/autogenerated_frequency_limiter_restart.xml
-p2.file=src/test/resources/xacml/autogenerated_frequency_limiter_rebuild.xml
-p3.file=src/test/resources/xacml/autogenerated_frequency_limiter_migrate.xml
-p4.file=src/test/resources/xacml/autogenerated_frequency_limiter_rebuild_1.xml
-#p5.file=src/test/resources/xacml/autogenerated_blacklist.xml
-#p6.file=src/test/resources/xacml/new_restart1.xml
-#p7.file=src/test/resources/xacml/new_restart2.xml
-#p8.file=src/test/resources/xacml/new_rebuild1.xml
-#p9.file=src/test/resources/xacml/new_rebuild2.xml
-#p10.file=src/test/resources/xacml/new_migrate1.xml
-#p11.file=src/test/resources/xacml/new_migrate2.xml
-
-# PIP Engine Definition
-#
-xacml.pip.engines=sql1,test1
-test1.classname=com.att.ecomp.policy.guard.PIPEngineGetHistory
-test1.issuer=com:att:research:xacml:guard:historydb
-
-
-sql1.classname=com.att.research.xacml.std.pip.engines.jdbc.JDBCEngine
-sql1.name=OperationsHistory
-sql1.description=Database of operations performed via closed loop.
-sql1.issuer=com:att:research:xacml:test:sql123
-sql1.type=jdbc
-sql1.jdbc.driver=org.mariadb.jdbc.Driver
-#sql1.jdbc.url=jdbc:mariadb://localhost:7779/policy
-sql1.jdbc.url=jdbc:mariadb://135.207.129.112:3306/policy
-sql1.jdbc.conn.user=root
-sql1.jdbc.conn.password=lmpg
-
-#Each of the following resolvers corresponds to a specific time window. The only difference between them is the "interval" in the "select" SQL query and the "issuer".
-sql1.resolvers=tw5min,tw10min,tw30min,tw1h,tw12h,tw1d,tw5d,tw1w,tw1mon
-
-
-
-##############################################
-sql1.resolver.tw5min.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 5 minute) and now()
-sql1.resolver.tw5min.field.count.issuer=com:att:research:xacml:test:sql:tw5min
-
-sql1.resolver.tw5min.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver
-sql1.resolver.tw5min.name=OperationsCount
-sql1.resolver.tw5min.description=This returns the number of previous operations within the given time window
-sql1.resolver.tw5min.fields=count
-sql1.resolver.tw5min.field.count.id=com:att:research:xacml:test:sql:resource:operations:count
-sql1.resolver.tw5min.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer
-sql1.resolver.tw5min.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-sql1.resolver.tw5min.parameters=actor,operation,target
-sql1.resolver.tw5min.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id
-sql1.resolver.tw5min.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw5min.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
-sql1.resolver.tw5min.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id
-sql1.resolver.tw5min.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw5min.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action
-sql1.resolver.tw5min.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id
-sql1.resolver.tw5min.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw5min.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-
-##############################################
-sql1.resolver.tw10min.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 10 minute) and now()
-sql1.resolver.tw10min.field.count.issuer=com:att:research:xacml:test:sql:tw10min
-
-sql1.resolver.tw10min.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver
-sql1.resolver.tw10min.name=OperationsCount
-sql1.resolver.tw10min.description=This returns the number of previous operations within the given time window
-sql1.resolver.tw10min.fields=count
-sql1.resolver.tw10min.field.count.id=com:att:research:xacml:test:sql:resource:operations:count
-sql1.resolver.tw10min.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer
-sql1.resolver.tw10min.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-sql1.resolver.tw10min.parameters=actor,operation,target
-sql1.resolver.tw10min.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id
-sql1.resolver.tw10min.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw10min.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
-sql1.resolver.tw10min.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id
-sql1.resolver.tw10min.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw10min.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action
-sql1.resolver.tw10min.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id
-sql1.resolver.tw10min.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw10min.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-
-##############################################
-sql1.resolver.tw30min.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 30 minute) and now()
-sql1.resolver.tw30min.field.count.issuer=com:att:research:xacml:test:sql:tw30min
-
-sql1.resolver.tw30min.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver
-sql1.resolver.tw30min.name=OperationsCount
-sql1.resolver.tw30min.description=This returns the number of previous operations within the given time window
-sql1.resolver.tw30min.fields=count
-sql1.resolver.tw30min.field.count.id=com:att:research:xacml:test:sql:resource:operations:count
-sql1.resolver.tw30min.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer
-sql1.resolver.tw30min.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-sql1.resolver.tw30min.parameters=actor,operation,target
-sql1.resolver.tw30min.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id
-sql1.resolver.tw30min.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw30min.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
-sql1.resolver.tw30min.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id
-sql1.resolver.tw30min.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw30min.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action
-sql1.resolver.tw30min.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id
-sql1.resolver.tw30min.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw30min.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-
-##############################################
-sql1.resolver.tw1h.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 1 hour) and now()
-sql1.resolver.tw1h.field.count.issuer=com:att:research:xacml:test:sql:tw1h
-
-sql1.resolver.tw1h.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver
-sql1.resolver.tw1h.name=OperationsCount
-sql1.resolver.tw1h.description=This returns the number of previous operations within the given time window
-sql1.resolver.tw1h.fields=count
-sql1.resolver.tw1h.field.count.id=com:att:research:xacml:test:sql:resource:operations:count
-sql1.resolver.tw1h.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer
-sql1.resolver.tw1h.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-sql1.resolver.tw1h.parameters=actor,operation,target
-sql1.resolver.tw1h.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id
-sql1.resolver.tw1h.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw1h.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
-sql1.resolver.tw1h.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id
-sql1.resolver.tw1h.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw1h.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action
-sql1.resolver.tw1h.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id
-sql1.resolver.tw1h.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw1h.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-
-
-##############################################
-sql1.resolver.tw12h.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 12 hour) and now()
-sql1.resolver.tw12h.field.count.issuer=com:att:research:xacml:test:sql:tw12h
-
-sql1.resolver.tw12h.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver
-sql1.resolver.tw12h.name=OperationsCount
-sql1.resolver.tw12h.description=This returns the number of previous operations within the given time window
-sql1.resolver.tw12h.fields=count
-sql1.resolver.tw12h.field.count.id=com:att:research:xacml:test:sql:resource:operations:count
-sql1.resolver.tw12h.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer
-sql1.resolver.tw12h.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-sql1.resolver.tw12h.parameters=actor,operation,target
-sql1.resolver.tw12h.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id
-sql1.resolver.tw12h.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw12h.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
-sql1.resolver.tw12h.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id
-sql1.resolver.tw12h.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw12h.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action
-sql1.resolver.tw12h.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id
-sql1.resolver.tw12h.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw12h.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-
-
-#############################
-sql1.resolver.tw1d.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 1 day) and now()
-sql1.resolver.tw1d.field.count.issuer=com:att:research:xacml:test:sql:tw1d
-
-sql1.resolver.tw1d.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver
-sql1.resolver.tw1d.name=OperationsCount
-sql1.resolver.tw1d.description=This returns the number of previous operations within the given time window
-sql1.resolver.tw1d.fields=count
-sql1.resolver.tw1d.field.count.id=com:att:research:xacml:test:sql:resource:operations:count
-sql1.resolver.tw1d.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer
-sql1.resolver.tw1d.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-sql1.resolver.tw1d.parameters=actor,operation,target
-sql1.resolver.tw1d.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id
-sql1.resolver.tw1d.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw1d.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
-sql1.resolver.tw1d.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id
-sql1.resolver.tw1d.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw1d.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action
-sql1.resolver.tw1d.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id
-sql1.resolver.tw1d.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw1d.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-
-
-#############################
-sql1.resolver.tw5d.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 5 day) and now()
-sql1.resolver.tw5d.field.count.issuer=com:att:research:xacml:test:sql:tw5d
-
-sql1.resolver.tw5d.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver
-sql1.resolver.tw5d.name=OperationsCount
-sql1.resolver.tw5d.description=This returns the number of previous operations within the given time window
-sql1.resolver.tw5d.fields=count
-sql1.resolver.tw5d.field.count.id=com:att:research:xacml:test:sql:resource:operations:count
-sql1.resolver.tw5d.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer
-sql1.resolver.tw5d.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-sql1.resolver.tw5d.parameters=actor,operation,target
-sql1.resolver.tw5d.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id
-sql1.resolver.tw5d.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw5d.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
-sql1.resolver.tw5d.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id
-sql1.resolver.tw5d.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw5d.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action
-sql1.resolver.tw5d.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id
-sql1.resolver.tw5d.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw5d.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-
-
-#############################
-sql1.resolver.tw1w.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 1 week) and now()
-sql1.resolver.tw1w.field.count.issuer=com:att:research:xacml:test:sql:tw1w
-
-sql1.resolver.tw1w.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver
-sql1.resolver.tw1w.name=OperationsCount
-sql1.resolver.tw1w.description=This returns the number of previous operations within the given time window
-sql1.resolver.tw1w.fields=count
-sql1.resolver.tw1w.field.count.id=com:att:research:xacml:test:sql:resource:operations:count
-sql1.resolver.tw1w.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer
-sql1.resolver.tw1w.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-sql1.resolver.tw1w.parameters=actor,operation,target
-sql1.resolver.tw1w.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id
-sql1.resolver.tw1w.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw1w.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
-sql1.resolver.tw1w.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id
-sql1.resolver.tw1w.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw1w.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action
-sql1.resolver.tw1w.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id
-sql1.resolver.tw1w.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw1w.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-
-#############################
-sql1.resolver.tw1mon.select=select count(*) as count from operationshistory10 where outcome<>'Failure_Guard' and actor=? and operation=? and target=? and endtime between date_sub(now(),interval 1 month) and now()
-sql1.resolver.tw1mon.field.count.issuer=com:att:research:xacml:test:sql:tw1mon
-
-sql1.resolver.tw1mon.classname=com.att.research.xacml.std.pip.engines.jdbc.ConfigurableJDBCResolver
-sql1.resolver.tw1mon.name=OperationsCount
-sql1.resolver.tw1mon.description=This returns the number of previous operations within the given time window
-sql1.resolver.tw1mon.fields=count
-sql1.resolver.tw1mon.field.count.id=com:att:research:xacml:test:sql:resource:operations:count
-sql1.resolver.tw1mon.field.count.datatype=http://www.w3.org/2001/XMLSchema#integer
-sql1.resolver.tw1mon.field.count.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-sql1.resolver.tw1mon.parameters=actor,operation,target
-sql1.resolver.tw1mon.parameter.actor.id=urn:oasis:names:tc:xacml:1.0:actor:actor-id
-sql1.resolver.tw1mon.parameter.actor.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw1mon.parameter.actor.category=urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
-sql1.resolver.tw1mon.parameter.operation.id=urn:oasis:names:tc:xacml:1.0:operation:operation-id
-sql1.resolver.tw1mon.parameter.operation.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw1mon.parameter.operation.category=urn:oasis:names:tc:xacml:3.0:attribute-category:action
-sql1.resolver.tw1mon.parameter.target.id=urn:oasis:names:tc:xacml:1.0:target:target-id
-sql1.resolver.tw1mon.parameter.target.datatype=http://www.w3.org/2001/XMLSchema#string
-sql1.resolver.tw1mon.parameter.target.category=urn:oasis:names:tc:xacml:3.0:attribute-category:resource
-
-
controlLoop:
- version: 1.0.0
- controlLoopName: ControlLoop-vUSP-vCTS-cbed919f-2212-4ef7-8051-fe6308da1bda
+ version: 2.0.0
+ controlLoopName: ControlLoop-Service123-cbed919f-2212-4ef7-8051-fe6308da1bda
services:
- - serviceName: vUSP
+ - serviceName: Service123
resources:
- - resourceName: vCTS
- resourceType: VF
- - resourceName: vCOM
- resourceType: VF
- - resourceName: vRAR
- resourceType: VF
- - resourceName: vLCS
- resourceType: VF
- - resourceName: v3CB
- resourceType: VF
+ - resourceName: res1
+ resourceType: VFC
+ - resourceName: res2
+ resourceType: VFC
trigger_policy: unique-policy-id-1-restart
timeout: 60
abatement: true
--- /dev/null
+guard:
+ version: 2.0.0
+
+guards:
+ - id: unique_guard_1
+ name: APPC 5 Migrate
+ description: |
+ We only allow 2 restarts over 10 minute window during the day time hours (avoid midnight to 5am)
+ match_parameters:
+ #controlLoopName: ControlLoop-Service123-cbed919f-2212-4ef7-8051-fe6308da1bda
+ actor: APPC
+ recipe: Migrate
+ limit_constraints:
+ - freq_limit_per_target: 1
+ time_window:
+ value: 10
+ units: minute
+ active_time_range:
+ start: 00:00:00-05:00
+ end: 23:59:59-05:00
+
+
+
+
+
+
\ No newline at end of file
--- /dev/null
+guard:
+ version: 2.0.0
+
+guards:
+ - id: unique_guard_3
+ name: APPC 5 Rebuild
+ description: |
+ We only allow 2 restarts over 10 minute window during the day time hours (avoid midnight to 5am)
+ match_parameters:
+ controlLoopName: ControlLoop-Service123-cbed919f-2212-4ef7-8051-fe6308da1bda
+ actor: APPC
+ recipe: Rebuild
+ limit_constraints:
+ - freq_limit_per_target: 2
+ time_window:
+ value: 10
+ units: minute
+ active_time_range:
+ start: 00:00:00-05:00
+ end: 23:59:59-05:00
+
+
+
+
+
+
\ No newline at end of file
--- /dev/null
+guard:
+ version: 2.0.0
+
+guards:
+ - id: unique_guard_2
+ name: APPC 5 Rebuild
+ description: |
+ We only allow 2 restarts over 10 minute window during the day time hours (avoid midnight to 5am)
+ match_parameters:
+ controlLoopName: ControlLoop-Service123-cbed919f-2212-4ef7-8051-fe6308da1bda
+ actor:
+ recipe: Rebuild
+ limit_constraints:
+ - freq_limit_per_target: 25
+ time_window:
+ value: 1
+ units: week
+ active_time_range:
+ start: 00:00:00-05:00
+ end: 23:59:59-05:00
+
+
+
+
+
+
\ No newline at end of file
--- /dev/null
+guard:
+ version: 2.0.0
+
+guards:
+ - id: unique_guard_5
+ name: APPC 5 Restart
+ description: |
+ We only allow 2 restarts over 10 minute window during the day time hours (avoid midnight to 5am)
+ match_parameters:
+ controlLoopName: ControlLoop-Service123-cbed919f-2212-4ef7-8051-fe6308da1bda
+ actor: APPC
+ recipe: Restart
+ targets:
+ - s1
+ - s2
+ - foobartriggersource36
+ - s3
+ - testGenericVnfName
+ limit_constraints:
+ - freq_limit_per_target: 1
+ time_window:
+ value: 10
+ units: minute
+ active_time_range:
+ start: 00:00:00-05:00
+ end: 23:59:59-05:00
+
version: 2.0.0
guards:
- - id: unique_guard_vUSP_1_Blacklist
+ - id: unique_guard_4_Blacklist
name: APPC Restart Blacklist
description: |
We deny restart of the blacklisted targets (avoid midnight to 5am)
- actor: APPC
- recipe: Restart
+ match_parameters:
+ actor: APPC
+ recipe: Restart
limit_constraints:
- blacklist:
- server123
- vserver.vserver-name22
- aaabbbccc
- foobartriggersource35
- time_in_range:
- arg2: 00:00:00-05:00
- arg3: 23:59:59-05:00
+ active_time_range:
+ start: 00:00:00-05:00
+ end: 23:59:59-05:00
+++ /dev/null
-guard:
- version: 2.0.0
-
-guards:
- - id: unique_guard_vUSP_1
- name: APPC 5 Migrate
- description: |
- We only allow 2 restarts over 10 minute window during the day time hours (avoid midnight to 5am)
- actor: APPC
- recipe: Migrate
- limit_constraints:
- - num: 1
- duration:
- value: 10
- units: minute
- time_in_range:
- arg2: 00:00:00-05:00
- arg3: 23:59:59-05:00
-
-
-
-
-
-
\ No newline at end of file
+++ /dev/null
-guard:
- version: 2.0.0
-
-guards:
- - id: unique_guard_vUSP_1
- name: APPC 5 Rebuild
- description: |
- We only allow 2 restarts over 10 minute window during the day time hours (avoid midnight to 5am)
- actor: APPC
- recipe: Rebuild
- limit_constraints:
- - num: 2
- duration:
- value: 10
- units: minute
- time_in_range:
- arg2: 00:00:00-05:00
- arg3: 23:59:59-05:00
-
-
-
-
-
-
\ No newline at end of file
+++ /dev/null
-guard:
- version: 2.0.0
-
-guards:
- - id: unique_guard_vUSP_1
- name: APPC 5 Rebuild
- description: |
- We only allow 2 restarts over 10 minute window during the day time hours (avoid midnight to 5am)
- actor: APPC
- recipe: Rebuild
- limit_constraints:
- - num: 25
- duration:
- value: 1
- units: week
- time_in_range:
- arg2: 00:00:00-05:00
- arg3: 23:59:59-05:00
-
-
-
-
-
-
\ No newline at end of file
+++ /dev/null
-guard:
- version: 2.0.0
-
-guards:
- - id: unique_guard_vUSP_1
- name: APPC 5 Restart
- description: |
- We only allow 2 restarts over 10 minute window during the day time hours (avoid midnight to 5am)
- actor: APPC
- recipe: Restart
- limit_constraints:
- - num: 2
- duration:
- value: 10
- units: minute
- time_in_range:
- arg2: 00:00:00-05:00
- arg3: 23:59:59-05:00
-
-
-
-
-
-
\ No newline at end of file
Code Review / policy / drools-applications.git / commitdiff