2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
20 package org.openecomp.policy.pdp.rest.api.services;
22 import java.io.ByteArrayInputStream;
23 import java.io.IOException;
24 import java.io.InputStream;
25 import java.io.ObjectInputStream;
26 import java.io.OutputStream;
27 import java.net.HttpURLConnection;
29 import java.nio.charset.StandardCharsets;
30 import java.util.Arrays;
31 import java.util.Base64;
32 import java.util.Collections;
33 import java.util.List;
35 import java.util.UUID;
37 import org.apache.commons.io.IOUtils;
38 import org.openecomp.policy.api.PolicyException;
39 import org.openecomp.policy.common.logging.flexlogger.FlexLogger;
40 import org.openecomp.policy.common.logging.flexlogger.Logger;
41 import org.openecomp.policy.pdp.rest.config.PDPApiAuth;
42 import org.openecomp.policy.rest.XACMLRestProperties;
43 import org.openecomp.policy.xacml.api.XACMLErrorConstants;
44 import org.openecomp.policy.xacml.std.pap.StdPDPPolicy;
46 import com.att.research.xacml.util.XACMLProperties;
47 import com.fasterxml.jackson.databind.ObjectMapper;
49 public class PAPServices {
50 private static final String SUCCESS = "success";
51 private static Logger LOGGER = FlexLogger.getLogger(PAPServices.class
54 private int responseCode = 0;
55 private static String environment = "DEVL";
56 private static Boolean junit = false;
57 private static List<String> paps = null;
58 private static final Object papResourceLock = new Object();
59 private String operation = null;
60 private String requestMethod = null;
61 private String encoding = null;
63 public PAPServices() {
64 environment = PDPApiAuth.getEnvironment();
66 synchronized (papResourceLock) {
67 String urlList = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_URLS);
69 urlList = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_URL);
71 paps = Arrays.asList(urlList.split(","));
76 private String getPAPEncoding(){
78 String userID = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_USERID);
79 String pass = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_PASS);
80 Base64.Encoder encoder = Base64.getEncoder();
81 encoding = encoder.encodeToString((userID+":"+pass).getBytes(StandardCharsets.UTF_8));
86 private void rotatePAPList(){
87 synchronized (papResourceLock) {
88 Collections.rotate(paps, -1);
92 private String getPAP(){
94 synchronized (papResourceLock) {
100 public int getResponseCode() {
104 public Object callPAP(Object content, String[] parameters, UUID requestID,
105 String clientScope) throws PolicyException {
106 String response = null;
107 HttpURLConnection connection = null;
109 // Checking for the available PAPs is done during the first Request and
110 // the List is going to have the connected PAP as first element.
111 // This makes it Real-Time to change the list depending on their
113 if (paps == null || paps.isEmpty()) {
114 String message = XACMLErrorConstants.ERROR_DATA_ISSUE + "PAPs List is Empty.";
115 LOGGER.error(message);
116 throw new PolicyException(message);
119 boolean connected = false;
120 while (papsCount < paps.size()) {
122 String fullURL = getPAP();
123 fullURL = checkParameter(parameters, fullURL);
124 URL url = new URL(fullURL);
125 LOGGER.debug("--- Sending Request to PAP : "+ url.toString() + " ---");
126 // Open the connection
127 connection = (HttpURLConnection) url.openConnection();
128 // Setting Content-Type
129 connection.setRequestProperty("Content-Type","application/json");
130 // Adding Authorization
131 connection.setRequestProperty("Authorization", "Basic "+ getPAPEncoding());
132 connection.setRequestProperty("Environment", environment);
133 connection.setRequestProperty("ClientScope", clientScope);
134 // set the method and headers
135 connection.setRequestMethod(requestMethod);
136 connection.setUseCaches(false);
137 connection.setInstanceFollowRedirects(false);
138 connection.setDoOutput(true);
139 connection.setDoInput(true);
141 if (requestID == null) {
142 requestID = UUID.randomUUID();
143 LOGGER.info("No request ID provided, sending generated ID: "
144 + requestID.toString());
146 LOGGER.info("Using provided request ID: "
147 + requestID.toString());
149 connection.setRequestProperty("X-ECOMP-RequestID",
150 requestID.toString());
151 if (content != null && (content instanceof InputStream)) {
152 // send current configuration
153 try (OutputStream os = connection.getOutputStream()) {
154 int count = IOUtils.copy((InputStream) content, os);
155 if (LOGGER.isDebugEnabled()) {
156 LOGGER.debug("copied to output, bytes=" + count);
159 } else if(content != null){
160 // the content is an object to be encoded in JSON
161 ObjectMapper mapper = new ObjectMapper();
163 mapper.writeValue(connection.getOutputStream(),
168 connection.connect();
169 responseCode = connection.getResponseCode();
170 // If Connected to PAP then break from the loop and continue
172 if (connection.getResponseCode() > 0 || junit) {
176 LOGGER.debug(XACMLErrorConstants.ERROR_PERMISSIONS+ "PAP Response Code : " + connection.getResponseCode());
179 } catch (Exception e) {
180 // This means that the PAP is not working
185 LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR
186 + "PAP connection Error : " + e);
193 LOGGER.debug("connected to the PAP : " + getPAP());
194 LOGGER.debug("--- Response: ---");
195 if(connection != null){
196 Map<String, List<String>> headers = connection.getHeaderFields();
197 for (String key : headers.keySet()) {
198 LOGGER.debug("Header :" + key + " Value: " + headers.get(key));
202 response = checkResponse(connection, requestID);
203 } catch (IOException e) {
204 LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + e);
205 response = XACMLErrorConstants.ERROR_SYSTEM_ERROR + e;
206 throw new PolicyException(
207 XACMLErrorConstants.ERROR_SYSTEM_ERROR
208 + "Decoding the result ", e);
214 response = XACMLErrorConstants.ERROR_SYSTEM_ERROR + "connection is null";
218 response = XACMLErrorConstants.ERROR_SYSTEM_ERROR
219 + "Unable to get valid response from PAP(s) " + paps;
224 public String getActiveVersion(String policyScope, String filePrefix, String policyName, String clientScope, UUID requestID) {
225 String version = null;
226 HttpURLConnection connection = null;
227 String [] parameters = {"apiflag=version","policyScope="+policyScope, "filePrefix="+filePrefix, "policyName="+policyName};
228 if (paps == null || paps.isEmpty()) {
229 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "PAPs List is Empty.");
231 throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"PAPs List is empty.");
232 } catch (Exception e) {
233 LOGGER.error(e.getMessage());
237 boolean connected = false;
238 while (papsCount < paps.size()) {
240 String fullURL = getPAP();
241 if (parameters != null && parameters.length > 0) {
242 String queryString = "";
243 for (String p : parameters) {
244 queryString += "&" + p;
246 fullURL += "?" + queryString.substring(1);
249 URL url = new URL (fullURL);
251 //Open the connection
252 connection = (HttpURLConnection)url.openConnection();
254 // Setting Content-Type
255 connection.setRequestProperty("Content-Type",
258 // Adding Authorization
259 connection.setRequestProperty("Authorization", "Basic "
262 connection.setRequestProperty("Environment", environment);
263 connection.setRequestProperty("ClientScope", clientScope);
266 //set the method and headers
267 connection.setRequestMethod("GET");
268 connection.setUseCaches(false);
269 connection.setInstanceFollowRedirects(false);
270 connection.setDoOutput(true);
271 connection.setDoInput(true);
272 connection.setRequestProperty("X-ECOMP-RequestID", requestID.toString());
275 connection.connect();
277 // If Connected to PAP then break from the loop and continue with the Request
278 if (connection.getResponseCode() > 0) {
283 LOGGER.debug(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP connection Error");
285 } catch (Exception e) {
286 // This means that the PAP is not working
287 LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "PAP connection Error : " + e);
295 LOGGER.debug("connected to the PAP : " + getPAP());
296 LOGGER.debug("--- Response: ---");
297 Map<String, List<String>> headers = connection.getHeaderFields();
298 for (String key : headers.keySet()) {
299 LOGGER.debug("Header :" + key + " Value: " + headers.get(key));
302 if (connection.getResponseCode() == 200) {
303 // Check for successful creation of policy
304 version = connection.getHeaderField("version");
305 LOGGER.debug("ActiveVersion from the Header: " + version);
306 } else if (connection.getResponseCode() == 403) {
307 LOGGER.error(XACMLErrorConstants.ERROR_PERMISSIONS + "response code of the URL is "
308 + connection.getResponseCode() + ". PEP is not Authorized for making this Request!! \n Contact Administrator for this Scope. ");
310 } else if (connection.getResponseCode() == 404) {
311 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "response code of the URL is "
312 + connection.getResponseCode() + ". This indicates a problem with getting the version from the PAP");
315 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + "BAD REQUEST: Error occured while getting the version from the PAP. The request may be incorrect.");
317 } catch (IOException e) {
318 LOGGER.error(XACMLErrorConstants.ERROR_DATA_ISSUE + e);
320 throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"ERROR in connecting to the PAP ", e);
321 } catch (Exception e1) {
322 LOGGER.error(e1.getMessage());
327 LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "Unable to get valid response from PAP(s) " + paps);
329 throw new Exception(XACMLErrorConstants.ERROR_DATA_ISSUE +"ERROR in connecting to the PAP ");
330 } catch (Exception e) {
331 LOGGER.error(e.getMessage());
338 private String checkResponse(HttpURLConnection connection, UUID requestID) throws IOException {
339 String response = null;
340 if (responseCode == 200 || junit) {
341 // Check for successful creation of policy
342 String isSuccess = null;
343 if (!junit) { // is this a junit test?
344 isSuccess = connection.getHeaderField("successMapKey");
345 operation = connection.getHeaderField("operation");
349 if (SUCCESS.equals(isSuccess)) {
350 if ("update".equals(operation)) {
351 response = "Transaction ID: " + requestID + " --Policy with the name "+ connection.getHeaderField("policyName")
352 + " was successfully updated. ";
353 if (connection.getHeaderField("safetyChecker")!=null) {
355 + "\n\nPolicy Safety Checker Warning: This closedLoopControlName "
356 + "is potentially in conflict with " + connection.getHeaderField("conflictCLName")
357 + " that already exists." + " See detailed information on ClosedLoop Pairs below: "
358 +"\n\n"+connection.getHeaderField("safetyChecker");
360 } else if ("create".equals(operation)) {
361 response = "Transaction ID: " + requestID + " --Policy with the name "+ connection.getHeaderField("policyName")
362 + " was successfully created.";
363 if (connection.getHeaderField("safetyChecker")!=null) {
365 + "\n\nPolicy Safety Checker Warning: This closedLoopControlName "
366 + "is potentially in conflict with " + connection.getHeaderField("conflictCLName")
367 + " that already exists. " + "See detailed information on ClosedLoop Pairs below: "
368 +"\n\n"+connection.getHeaderField("safetyChecker");
370 } else if ("delete".equals(operation)) {
371 response = "Transaction ID: " + requestID + " --The policy was successfully deleted.";
372 } else if ("import".equals(operation)) {
373 response = "Transaction ID: " + requestID + " --The policy engine import for "+ connection.getHeaderField("service")
374 + " was successfull.";
375 } else if ("createDictionary".equals(operation)) {
376 response = "Transaction ID: " + requestID + " --Dictionary Item was added successfully!";
377 } else if ("updateDictionary".equals(operation)) {
378 response = "Transaction ID: " + requestID + " --Dictionary Item was updated successfully!";
379 } else if ("getDictionary".equals(operation)) {
383 //get the json string from the response
384 InputStream is = connection.getInputStream();
386 // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file)
387 java.util.Scanner scanner = new java.util.Scanner(is);
388 scanner.useDelimiter("\\A");
389 json = scanner.hasNext() ? scanner.next() : "";
392 } catch (IOException e1) {
393 LOGGER.error(e1.getMessage());
395 response = "Transaction ID: " + requestID + " --Dictionary Items Retrieved " + json;
396 } else if ("getMetrics".equals(operation)) {
397 response = "Transaction ID: " + requestID + " --Policy Metrics Retrieved " + connection.getHeaderField("metrics");
399 LOGGER.info(response);
401 String message = XACMLErrorConstants.ERROR_DATA_ISSUE
402 + "Operation unsuccessful, unable to complete the request!";
403 LOGGER.error(message);
406 } else if (connection.getResponseCode() == 202) {
407 if ("delete".equalsIgnoreCase(connection.getHeaderField("operation")) &&
408 "true".equals(connection.getHeaderField("lockdown"))) {
409 response = "Transaction ID: "
411 + " --Policies are locked down, please try again later.";
412 LOGGER.warn(response);
414 } else if (connection.getResponseCode() == 204) {
415 if ("push".equals(connection.getHeaderField("operation"))) {
416 response = "Transaction ID: "
419 + connection.getHeaderField("policyId")
420 + "' was successfully pushed to the PDP group '"
421 + connection.getHeaderField("groupId") + "'.";
422 LOGGER.info(response);
424 } else if (connection.getResponseCode() == 400 && connection.getHeaderField("error") != null) {
425 response = connection.getHeaderField("error");
426 LOGGER.error(response);
427 } else if (connection.getResponseCode() == 403) {
428 response = XACMLErrorConstants.ERROR_PERMISSIONS
429 + "response code of the URL is "
430 + connection.getResponseCode()
431 + ". PEP is not Authorized for making this Request!! \n Contact Administrator for this Scope. ";
432 LOGGER.error(response);
433 } else if (connection.getResponseCode() == 404 && connection.getHeaderField("error") != null) {
434 if ("unknownGroupId".equals(connection.getHeaderField("error"))) {
435 response = XACMLErrorConstants.ERROR_DATA_ISSUE
436 + connection.getHeaderField("message")
437 + " Please check the pdpGroup you are requesting to move the policy to.";
438 LOGGER.error(response);
440 } else if (connection.getResponseCode() == 409 && connection.getHeaderField("error") != null) {
441 if ("modelExistsDB".equals(connection.getHeaderField("error"))) {
442 response = XACMLErrorConstants.ERROR_DATA_ISSUE
443 + "Import Value Exist Error: The import value "
444 + connection.getHeaderField("service")
445 + " already exist on the PAP. "
446 + "Please create a new import value.";
447 } else if ("policyExists".equals(connection.getHeaderField("error"))) {
448 response = XACMLErrorConstants.ERROR_DATA_ISSUE
449 + "Policy Exist Error: The Policy "
450 + connection.getHeaderField("policyName")
451 + " already exist on the PAP. "
452 + "Please create a new policy or use the update API to modify the existing one.";
453 } else if ("dictionaryItemExists".equals(connection.getHeaderField("error"))) {
454 response = XACMLErrorConstants.ERROR_DATA_ISSUE
455 + "Dictionary Item Exist Error: The Dictionary Item already exist in the database. "
456 + "Please create a new Dictionary Item or use the update API to modify the existing one.";
457 } else if ("duplicateGroup".equals(connection.getHeaderField("error"))) {
458 response = XACMLErrorConstants.ERROR_DATA_ISSUE
459 + "Group Policy Scope List Exist Error: The Group Policy Scope List for this Dictionary Item already exist in the database. "
460 + "Duplicate Group Policy Scope Lists for multiple groupNames is not allowed. "
461 + "Please review the request and verify that the groupPolicyScopeListData1 is unique compared to existing groups.";
463 LOGGER.error(response);
464 } else if (connection.getResponseCode() == 500 && connection.getHeaderField("error") != null) {
465 if ("jpautils".equals(connection.getHeaderField("error"))) {
466 response = XACMLErrorConstants.ERROR_SYSTEM_ERROR
467 + "Could not create JPAUtils instance on the PAP";
468 } else if ("deleteDB".equals(connection.getHeaderField("error"))) {
469 response = XACMLErrorConstants.ERROR_SYSTEM_ERROR
470 + "Failed to delete Policy from database.";
471 } else if ("deleteFile".equals(connection.getHeaderField("error"))) {
472 response = XACMLErrorConstants.ERROR_DATA_ISSUE
473 + "Cannot delete the policy file";
474 } else if ("groupUpdate".equals(connection.getHeaderField("error"))) {
475 response = connection.getHeaderField("message");
476 } else if ("unknown".equals(connection.getHeaderField("error"))) {
477 response = XACMLErrorConstants.ERROR_UNKNOWN
478 + "Failed to delete the policy for an unknown reason. Check the file system and other logs for further information.";
479 } else if ("deleteConfig".equals(connection.getHeaderField("error"))) {
480 response = XACMLErrorConstants.ERROR_DATA_ISSUE
481 + "Cannot delete the configuration or action body file in specified location.";
482 } else if ("missing".equals(connection.getHeaderField("error"))) {
483 response = XACMLErrorConstants.ERROR_DATA_ISSUE
484 + "Failed to create value in database because service does match a value in file";
485 } else if ("importDB".equals(connection.getHeaderField("error"))) {
486 response = XACMLErrorConstants.ERROR_DATA_ISSUE
487 + "Database errors during policy engine import";
488 } else if ("policyCopyError".equals(connection.getHeaderField("error"))) {
489 response = XACMLErrorConstants.ERROR_PROCESS_FLOW
490 + connection.getHeaderField("message");
491 } else if ("addGroupError".equals(connection.getHeaderField("error"))) {
492 response = connection.getHeaderField("message");
493 } else if ("validation".equals(connection.getHeaderField("error"))){
494 response = XACMLErrorConstants.ERROR_DATA_ISSUE
495 + "Validation errors during policy engine " + connection.getHeaderField("operation") +
496 " for " + connection.getHeaderField("service");
497 } else if ("error".equals(connection.getHeaderField("error"))) {
498 response = XACMLErrorConstants.ERROR_UNKNOWN
499 + "Could not create or update the policy for and unknown reason";
501 response = XACMLErrorConstants.ERROR_DATA_ISSUE
502 + "BAD REQUEST: Error occured while attempting perform this operation.. the request may be incorrect.";
504 LOGGER.error(response);
506 response = XACMLErrorConstants.ERROR_DATA_ISSUE
507 + "BAD REQUEST: Error occured while attempting perform this operation.. the request may be incorrect.";
508 LOGGER.error(response);
513 private String checkParameter(String[] parameters, String fullURL) {
514 if (parameters != null && parameters.length > 0) {
515 String queryString = "";
516 for (String p : parameters) {
517 queryString += "&" + p;
518 if (p.equalsIgnoreCase("operation=post")) {
519 requestMethod = "POST";
520 } else if (p.equalsIgnoreCase("operation=delete")) {
521 requestMethod = "DELETE";
522 operation = "delete";
523 } else if (p.equalsIgnoreCase("operation=get")) {
524 requestMethod = "GET";
526 } else if (p.equalsIgnoreCase("operation=put")||p.equalsIgnoreCase("operation=create")
527 ||p.equalsIgnoreCase("operation=update")||p.equalsIgnoreCase("operation=createDictionary")){
528 requestMethod = "PUT";
529 if (p.equalsIgnoreCase("operation=create")) {
530 operation = "create";
531 } else if (p.equalsIgnoreCase("operation=update")) {
532 operation = "update";
533 } else if (p.equalsIgnoreCase("operation=createDictionary")){
534 operation = "createDictionary";
536 }else if (p.equalsIgnoreCase("importService=MICROSERVICE")||p.equalsIgnoreCase("importService=BRMSPARAM")){
537 requestMethod = "PUT";
540 fullURL += "?" + queryString.substring(1);
545 public StdPDPPolicy pushPolicy(String policyScope, String filePrefix,
546 String policyName, String clientScope, String pdpGroup,
547 UUID requestID) throws PolicyException {
549 + "\"apiflag\": \"api\","
550 + "\"policyScope\": \""+policyScope+"\","
551 + "\"filePrefix\": \""+filePrefix+"\","
552 + "\"policyName\": \""+policyName+"\","
553 + "\"clientScope\": \""+clientScope+"\","
554 + "\"pdpGroup\": \""+pdpGroup+"\"}";
555 //String response = null;
556 HttpURLConnection connection = null;
558 if (paps == null || paps.isEmpty()) {
559 String message = XACMLErrorConstants.ERROR_DATA_ISSUE + "PAPs List is Empty.";
560 LOGGER.error(message);
561 throw new PolicyException(message);
564 boolean connected = false;
565 while (papsCount < paps.size()) {
567 String fullURL = getPAP();
568 fullURL = (fullURL.endsWith("/"))? fullURL+"ecomp/pushPolicy" : fullURL+"/ecomp/pushPolicy";
569 URL url = new URL(fullURL);
570 LOGGER.debug("--- Sending Request to PAP : "+ url.toString() + " ---");
571 // Open the connection
572 connection = (HttpURLConnection) url.openConnection();
573 // Setting Content-Type
574 connection.setRequestProperty("Content-Type","application/json");
575 // Adding Authorization
576 connection.setRequestProperty("Authorization", "Basic "+ getPAPEncoding());
577 connection.setRequestProperty("Environment", environment);
578 connection.setRequestProperty("ClientScope", clientScope);
579 // set the method and headers
580 connection.setRequestMethod("POST");
581 connection.setUseCaches(false);
582 connection.setInstanceFollowRedirects(false);
583 connection.setDoOutput(true);
585 if (requestID == null) {
586 requestID = UUID.randomUUID();
587 LOGGER.info("No request ID provided, sending generated ID: "
588 + requestID.toString());
590 LOGGER.info("Using provided request ID: "
591 + requestID.toString());
593 connection.setRequestProperty("X-ECOMP-RequestID",
594 requestID.toString());
596 try (OutputStream os = connection.getOutputStream()) {
597 int count = IOUtils.copy(new ByteArrayInputStream(json.getBytes(StandardCharsets.UTF_8)), os);
598 if (LOGGER.isDebugEnabled()) {
599 LOGGER.debug("copied to output, bytes=" + count);
602 connection.connect();
603 responseCode = connection.getResponseCode();
604 // If Connected to PAP then break from the loop and continue
606 if (connection.getResponseCode() > 0 || junit) {
610 LOGGER.debug(XACMLErrorConstants.ERROR_PERMISSIONS+ "PAP Response Code : " + connection.getResponseCode());
613 } catch (Exception e) {
614 // This means that the PAP is not working
619 LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR
620 + "PAP connection Error : " + e);
627 LOGGER.debug("connected to the PAP : " + getPAP());
628 LOGGER.debug("--- Response: ---");
629 if(connection != null){
630 Map<String, List<String>> headers = connection.getHeaderFields();
631 for (String key : headers.keySet()) {
632 LOGGER.debug("Header :" + key + " Value: " + headers.get(key));
635 if(responseCode==202){
636 StdPDPPolicy policy = (StdPDPPolicy) new ObjectInputStream(connection.getInputStream()).readObject();
639 } catch (IOException | ClassNotFoundException e) {
640 LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + e);
641 throw new PolicyException(
642 XACMLErrorConstants.ERROR_SYSTEM_ERROR
643 + "Decoding the result ", e);
Code Review / policy / engine.git / blob