package org.onap.policy.guard;
-import com.att.research.xacml.api.DataTypeException;
-import com.att.research.xacml.api.pdp.PDPEngine;
-import com.att.research.xacml.std.annotations.RequestParser;
-
import java.util.UUID;
import org.drools.core.WorkingMemory;
+import org.onap.policy.drools.system.PolicyEngine;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import com.att.research.xacml.api.DataTypeException;
+import com.att.research.xacml.std.annotations.RequestParser;
+
public class CallGuardTask implements Runnable {
private static final Logger logger = LoggerFactory.getLogger(CallGuardTask.class);
WorkingMemory workingMemory;
- PDPEngine embeddedPdpEngine;
String restfulPdpUrl;
String clname;
String actor;
String target;
String requestId;
- public CallGuardTask(PDPEngine engine, String url, WorkingMemory wm, String cl, String act, String rec, String tar, String reqId) {
+ public CallGuardTask(String guardUrl, WorkingMemory wm, String cl, String act, String rec, String tar, String reqId) {
- embeddedPdpEngine = engine;
- restfulPdpUrl = url;
+ restfulPdpUrl = guardUrl;
workingMemory = wm;
clname = cl;
actor = act;
logger.debug("{}", request);
logger.debug("********** XACML REQUEST END ********\n");
- com.att.research.xacml.api.Response xacmlResponse = PolicyGuardXacmlHelper.callPDP(embeddedPdpEngine, "", request, false);
+ String guardUrl = PolicyEngine.manager.getEnvironmentProperty("guard.url");
+ String guardDecision = null;
+ //
+ // Check if guard url property exists
+ //
+ if(guardUrl != null){
+ guardDecision = PolicyGuardXacmlHelper.callPDP(guardUrl, xacmlReq);
+ }
+
logger.debug("\n********** XACML RESPONSE START ********");
- logger.debug("{}", xacmlResponse);
+ logger.debug("{}", guardDecision);
logger.debug("********** XACML RESPONSE END ********\n");
-
- PolicyGuardResponse guardResponse = PolicyGuardXacmlHelper.ParseXacmlPdpResponse(xacmlResponse);
+
+ //
+ // Check if the restful call was unsuccessful or property doesn't exist
+ //
+ if(guardDecision == null){
+ logger.error("********** XACML FAILED TO CONNECT ********");
+ guardDecision = "Indeterminate";
+ }
+
+ PolicyGuardResponse guardResponse = new PolicyGuardResponse(guardDecision, UUID.fromString(this.requestId), this.recipe);
+
//
//Create an artificial Guard response in case we didn't get a clear Permit or Deny
package org.onap.policy.guard;
+import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
+import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import org.apache.commons.io.IOUtils;
import org.apache.http.entity.ContentType;
+import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.att.research.xacml.api.AttributeCategory;
import com.att.research.xacml.api.AttributeValue;
import com.att.research.xacml.api.Result;
-import com.att.research.xacml.api.pdp.PDPEngine;
-import com.att.research.xacml.api.pdp.PDPException;
-import com.att.research.xacml.std.dom.DOMResponse;
-import com.att.research.xacml.std.json.JSONRequest;
-import com.att.research.xacml.std.json.JSONResponse;
public class PolicyGuardXacmlHelper {
private static final Logger logger = LoggerFactory.getLogger(PolicyGuardXacmlHelper.class);
- public static com.att.research.xacml.api.Response callPDP(PDPEngine xacmlEmbeddedPdpEngine, String restfulPdpUrl, com.att.research.xacml.api.Request request, boolean isREST) {
+ public static String callPDP(String restfulPdpUrl, PolicyGuardXacmlRequestAttributes xacmlReq) {
//
// Send it to the PDP
//
- com.att.research.xacml.api.Response response = null;
- if (isREST) {
- try {
- String jsonString = JSONRequest.toString((com.att.research.xacml.api.Request) request, false);
- //
- // Call RESTful PDP
- //
- response = (com.att.research.xacml.api.Response) callRESTfulPDP(new ByteArrayInputStream(jsonString.getBytes()), new URL(restfulPdpUrl/*"https://localhost:8443/pdp/"*/));
- } catch (Exception e) {
- logger.error("Error in sending RESTful request: ", e);
- }
- } else if(xacmlEmbeddedPdpEngine != null){
+// com.att.research.xacml.api.Response response = null;
+ String response = null;
+
+ JSONObject attributes = new JSONObject();
+ attributes.put("actor", xacmlReq.getActor_id());
+ attributes.put("recipe", xacmlReq.getOperation_id());
+ attributes.put("target", xacmlReq.getTarget_id());
+ if (xacmlReq.getClname_id() != null){
+ attributes.put("clname", xacmlReq.getClname_id());
+ }
+ JSONObject jsonReq = new JSONObject();
+ jsonReq.put("decisionAttributes", attributes);
+ jsonReq.put("onapName", "PDPD");
+
+ try {
//
- // Embedded call to PDP
+ // Call RESTful PDP
//
- long lTimeStart = System.currentTimeMillis();
- try {
- response = (com.att.research.xacml.api.Response) xacmlEmbeddedPdpEngine.decide((com.att.research.xacml.api.Request) request);
- } catch (PDPException e) {
- logger.error(e.getMessage(), e);
- }
- long lTimeEnd = System.currentTimeMillis();
- logger.debug("Elapsed Time: {} ms", (lTimeEnd - lTimeStart));
+ response = callRESTfulPDP(new ByteArrayInputStream(jsonReq.toString().getBytes()), new URL(restfulPdpUrl/*"https://localhost:8443/pdp/"*/));
+ } catch (Exception e) {
+ logger.error("Error in sending RESTful request: ", e);
}
+
+
return response;
}
* This makes an HTTP POST call to a running PDP RESTful servlet to get a decision.
*
* @param file
- * @return
+ * @return response from guard which contains "Permit" or "Deny"
*/
- private static com.att.research.xacml.api.Response callRESTfulPDP(InputStream is, URL restURL) {
- com.att.research.xacml.api.Response response = null;
+ private static String callRESTfulPDP(InputStream is, URL restURL) {
+// com.att.research.xacml.api.Response response = null;
+ String response = null;
+ String rawDecision = null;
HttpURLConnection connection = null;
try {
contentType = ContentType.parse(connection.getContentType());
if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_JSON.getMimeType())) {
- response = (com.att.research.xacml.api.Response) JSONResponse.load(connection.getInputStream());
- } else if (contentType.getMimeType().equalsIgnoreCase(ContentType.APPLICATION_XML.getMimeType()) ||
- contentType.getMimeType().equalsIgnoreCase("application/xacml+xml") ) {
- response = (com.att.research.xacml.api.Response) DOMResponse.load(connection.getInputStream());
+ InputStream iStream = connection.getInputStream();
+ int contentLength = connection.getContentLength();
+
+ // if content length is -1, respose is chunked, and
+ // TCP connection will be dropped at the end
+ byte[] buf =
+ new byte[contentLength < 0 ? 1024 : contentLength];
+ int offset = 0;
+ for ( ; ; )
+ {
+ if (offset == contentLength)
+ {
+ // all expected bytes have been read
+ response = new String(buf);
+ break;
+ }
+ int size = iStream.read(buf, offset,
+ buf.length - offset);
+ if (size < 0)
+ {
+ if (contentLength > 0)
+ {
+ logger.error("partial input stream");
+ }
+ else
+ {
+ // chunked response --
+ // dropped connection is expected
+ response = new String(buf, 0, offset);
+ }
+ break;
+ }
+ offset += size;
+ }
} else {
- logger.error("{}: unknown content-type: ", contentType);
+ logger.error("unknown content-type: " + contentType);
}
} catch (Exception e) {
- String message = "Parsing Content-Type: " + connection.getContentType() + ", error=" + e.getMessage();
- logger.error("{}: callRESTfulPDP threw: ", message, e);
+ String message = "Parsing Content-Type: " + connection.getContentType();
+ logger.error(message, e);
}
} else {
- logger.error("unknown content-type: {} {}", connection.getResponseCode(), connection.getResponseMessage() );
+ logger.error(connection.getResponseCode() + " " + connection.getResponseMessage());
}
} catch (Exception e) {
-
- logger.error("callRESTfulPDP threw: ", e);
+ logger.error("Exception in 'PolicyGuardXacmlHelper.callRESTfulPDP'", e);
}
+
+ rawDecision = new JSONObject(response).getString("decision");
- return response;
+ return rawDecision;
}
}
-
-
-
return new PolicyGuardResponse(decision_from_xacml_response, req_id_from_xacml_response, operation_from_xacml_response);
}
import org.onap.policy.controlloop.VirtualControlLoopNotification;
import org.onap.policy.controlloop.policy.ControlLoopPolicy;
import org.onap.policy.controlloop.policy.TargetType;
+import org.onap.policy.drools.system.PolicyEngine;
import org.onap.policy.drools.http.server.HttpServletServer;
import org.onap.policy.drools.impl.PolicyEngineJUnitImpl;
import org.onap.policy.guard.PolicyGuard;
@BeforeClass
public static void setPUProp(){
System.setProperty(OPSHISTPUPROP, "TestOperationsHistoryPU");
+ PolicyEngine.manager.setEnvironmentProperty("guard.url", "http://127.0.0.1:8443/pdp");
}
@AfterClass
public static void restorePUProp(){
assertTrue(obj instanceof VirtualControlLoopNotification);
assertTrue(((VirtualControlLoopNotification)obj).notification.equals(ControlLoopNotificationType.OPERATION));
- Thread.sleep(4000);
+ Thread.sleep(2*4000);
// "Response from Guard" notification
obj = engine.subscribe("UEB", "POLICY-CL-MGT");
assertNotNull(obj);
assertTrue(obj instanceof VirtualControlLoopNotification);
assertTrue(((VirtualControlLoopNotification)obj).notification.equals(ControlLoopNotificationType.OPERATION));
- Thread.sleep(4000);
+ Thread.sleep(2*4000);
// "Response from Guard" notification
obj = engine.subscribe("UEB", "POLICY-CL-MGT");
assertTrue(obj instanceof VirtualControlLoopNotification);
assertTrue(((VirtualControlLoopNotification)obj).notification.equals(ControlLoopNotificationType.OPERATION));
- Thread.sleep(1000);
+ Thread.sleep(2*1000);
obj = engine.subscribe("UEB", "APPC-CL");
assertNotNull(obj);
//
// now wait for it to finish
//
- Thread.sleep(15000);
+ Thread.sleep(2*15000);
//
// Ensure they released the lock
//
Code Review / policy / drools-applications.git / commitdiff