From: uj426b Date: Fri, 22 Mar 2019 02:02:04 +0000 (-0400) Subject: Auditing User Operations Push or Delete Policies. X-Git-Tag: 1.4.0~25^2 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=policy%2Fengine.git;a=commitdiff_plain;h=e1fe7fcff0568f6376c3392ddf761b3aa0601587 Auditing User Operations Push or Delete Policies. Change-Id: I39d5fc01e68e9d711c5dd09790dc34beb68783c3 Issue-ID: POLICY-1421 Signed-off-by: uj426b --- diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java index f2e038721..b5951d823 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/XACMLPapServlet.java @@ -1453,7 +1453,7 @@ public class XACMLPapServlet extends HttpServlet implements StdItemSetChangeList // Assume that this is an update of an existing PDP Group loggingContext.setServiceName("PolicyEngineAPI:PAP.updateGroup"); try { - acPutTransaction.updateGroup(group, "XACMLPapServlet.doACPut", null); + acPutTransaction.updateGroup(group, "XACMLPapServlet.doACPut", userId); } catch (Exception e) { PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XACMLPapServlet", " Error while updating group in the database: " + "group=" + group.getId()); diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDaoTransaction.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDaoTransaction.java index 3cfe24524..dbb2fa830 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDaoTransaction.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDBDaoTransaction.java @@ -33,17 +33,17 @@ import org.onap.policy.xacml.std.pap.StdPDPGroup; public interface PolicyDBDaoTransaction { /** - * Commits (makes permanent) the current transaction. Also, notifies other PolicyDBDao instances - * on other PAP servers of the update. + * Commits (makes permanent) the current transaction. Also, notifies other PolicyDBDao instances on other PAP + * servers of the update. * - * @throws IllegalStateException if the PolicyDBDao transaction has not been used or has been - * committed already. + * @throws IllegalStateException if the PolicyDBDao transaction has not been used or has been committed already. * @throws PersistenceException if the commit fails for some reason */ public void commitTransaction(); /** * Create or update a policy + * * @param policy A Policy object representing the policy to store or update * @param username A string of the username you want to be stored for doing this operation * @throws IllegalStateException If a transaction is open that has not yet been committed @@ -55,8 +55,7 @@ public interface PolicyDBDaoTransaction { /** * Check if the PolicyDBDaoTransaction is currently open * - * @return False if the PolicyDBDao transaction has not been used or has been committed already, - * true if it is open. + * @return False if the PolicyDBDao transaction has not been used or has been committed already, true if it is open. */ public boolean isTransactionOpen(); @@ -66,14 +65,15 @@ public interface PolicyDBDaoTransaction { public void rollbackTransaction(); /** - * Close the PolicyDBDaoTransaction without rolling back or doing anything. Just used to close - * the Hibernate session. + * Close the PolicyDBDaoTransaction without rolling back or doing anything. Just used to close the Hibernate + * session. */ public void close(); /** * Create a new PDP group in the database + * * @param groupID The ID to name the new group (use PolicyDBDao.createNewPDPGroupId) * @param groupName The name to use for the new group * @param groupDescription Description of the new group (optional) @@ -87,16 +87,20 @@ public interface PolicyDBDaoTransaction { /** * Updates a group in the database with a new name of description - * @param group The group with updated information. The id must match an existing group, but the name and description can be changed. + * + * @param group The group with updated information. The id must match an existing group, but the name and + * description can be changed. * @param username Username of the user performing the operation + * @param userId needed to store user information in policyAuditlog table during transaction. * @throws IllegalArgumentException If non-optional parameters are null or empty strings * @throws IllegalStateException If a transaction is already open * @throws PersistenceException If a database error occurs or if the group can not be found */ - public void updateGroup(OnapPDPGroup group, String requestType, String username) throws PolicyDBException; + public void updateGroup(OnapPDPGroup group, String requestType, String userId) throws PolicyDBException; /** * Updates a PDP in the database with new information + * * @param pdp The PDP to update * @param username Username of the user performing the operation * @throws IllegalArgumentException If non-optional parameters are null or empty strings @@ -107,6 +111,7 @@ public interface PolicyDBDaoTransaction { /** * Change the default group in the database to the group provided. + * * @param group The new group which should be set as default in the database * @param username Username of the user performing the operation * @throws IllegalArgumentException If non-optional parameters are null or empty strings @@ -117,6 +122,7 @@ public interface PolicyDBDaoTransaction { /** * Moves a PDP to a new group. + * * @param pdp The PDP which is to be moved to a new group * @param group The new group which the PDP should be added to * @param username Username of the user performing the operation @@ -128,6 +134,7 @@ public interface PolicyDBDaoTransaction { /** * Add a new PDP to an existing group + * * @param pdpID The ID to name the new PDP * @param groupID The ID of the existing group to add the PDP to * @param pdpName The name to use for the new PDP @@ -138,10 +145,12 @@ public interface PolicyDBDaoTransaction { * @throws IllegalStateException If a transaction is already open * @throws PersistenceException If a database error occurs */ - public void addPdpToGroup(String pdpID, String groupID, String pdpName, String pdpDescription, int pdpJmxPort, String username) throws PolicyDBException; + public void addPdpToGroup(String pdpID, String groupID, String pdpName, String pdpDescription, int pdpJmxPort, + String username) throws PolicyDBException; /** * Add an existing policy to an existing group + * * @param group The ID of the existing group to add the policy to * @param policyID The ID of an existing policy * @return @@ -156,8 +165,10 @@ public interface PolicyDBDaoTransaction { /** * Delete an existing PDP groupPolicyDBException + * * @param group A PDPGroup object representing the group to delete - * @param moveToGroup A PDPGroup object representing another existing group which PDPs in the group being deleted should be moved to + * @param moveToGroup A PDPGroup object representing another existing group which PDPs in the group being deleted + * should be moved to * @throws IllegalArgumentException If non-optional parameters are null or empty strings * @throws IllegalStateException If a transaction is already open * @throws PersistenceException If a database error occurs @@ -167,6 +178,7 @@ public interface PolicyDBDaoTransaction { /** * Removes an existing PDP from its group and deletes it. + * * @param pdpID The ID of the existing PDP which should be deleted * @throws IllegalArgumentException If non-optional parameters are null or empty strings * @throws IllegalStateException If a transaction is already open @@ -175,7 +187,10 @@ public interface PolicyDBDaoTransaction { public void removePdpFromGroup(String pdpID, String username) throws PolicyDBException; public GroupEntity getGroup(long groupKey); + public GroupEntity getGroup(String groupId); + public List getPdpsInGroup(long groupKey); + public PdpEntity getPdp(long pdpKey); } diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDbDaoTransactionInstance.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDbDaoTransactionInstance.java index a9d785169..f63649ddc 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDbDaoTransactionInstance.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/components/PolicyDbDaoTransactionInstance.java @@ -60,6 +60,7 @@ import org.onap.policy.rest.jpa.ActionBodyEntity; import org.onap.policy.rest.jpa.ConfigurationDataEntity; import org.onap.policy.rest.jpa.GroupEntity; import org.onap.policy.rest.jpa.PdpEntity; +import org.onap.policy.rest.jpa.PolicyAuditlog; import org.onap.policy.rest.jpa.PolicyEntity; import org.onap.policy.xacml.api.pap.OnapPDP; import org.onap.policy.xacml.api.pap.OnapPDPGroup; @@ -99,10 +100,8 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { */ public PolicyDbDaoTransactionInstance(String test) { // call the constructor with arguments - this(Integer - .parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_TIMEOUT)), - Integer.parseInt( - XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_WAIT))); + this(Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_TIMEOUT)), + Integer.parseInt(XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_TRANS_WAIT))); } public PolicyDbDaoTransactionInstance() { @@ -120,16 +119,13 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { /** * Instantiates a new policy DB dao transaction instance. * - * @param transactionTimeout the transaction timeout is how long the transaction can sit before - * rolling back - * @param transactionWaitTime the transaction wait time is how long to wait for the transaction - * to start before + * @param transactionTimeout the transaction timeout is how long the transaction can sit before rolling back + * @param transactionWaitTime the transaction wait time is how long to wait for the transaction to start before */ public PolicyDbDaoTransactionInstance(int transactionTimeout, int transactionWaitTime) { - logger.info( - "\n\nPolicyDBDaoTransactionInstance() as PolicyDBDaoTransactionInstance() called:" - + "\n transactionTimeout = " + transactionTimeout - + "\n transactionWaitTime = " + transactionWaitTime + "\n\n"); + logger.info("\n\nPolicyDBDaoTransactionInstance() as PolicyDBDaoTransactionInstance() called:" + + "\n transactionTimeout = " + transactionTimeout + "\n transactionWaitTime = " + + transactionWaitTime + "\n\n"); policyId = -1; groupId = -1; @@ -138,13 +134,11 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { synchronized (emLock) { session = sessionfactory.openSession(); try { - PolicyDBDao.getPolicyDBDaoInstance().startTransactionSynced(session, - transactionWaitTime); + PolicyDBDao.getPolicyDBDaoInstance().startTransactionSynced(session, transactionWaitTime); } catch (Exception e) { - logger.error("Could not lock transaction within " + transactionWaitTime - + " milliseconds" + e); - throw new PersistenceException("Could not lock transaction within " - + transactionWaitTime + " milliseconds"); + logger.error("Could not lock transaction within " + transactionWaitTime + " milliseconds" + e); + throw new PersistenceException( + "Could not lock transaction within " + transactionWaitTime + " milliseconds"); } } class TransactionTimer implements Runnable { @@ -159,9 +153,8 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { public void run() { if (logger.isDebugEnabled()) { Date date = new java.util.Date(); - logger.debug( - "\n\nTransactionTimer.run() - SLEEPING: " + "\n sleepTime (ms) = " - + sleepTime + "\n TimeStamp = " + date.getTime() + "\n\n"); + logger.debug("\n\nTransactionTimer.run() - SLEEPING: " + "\n sleepTime (ms) = " + sleepTime + + "\n TimeStamp = " + date.getTime() + "\n\n"); } try { Thread.sleep(sleepTime); @@ -170,26 +163,24 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { // we want to do is roll back if (logger.isDebugEnabled()) { Date date = new java.util.Date(); - logger.debug("\n\nTransactionTimer.run() - WAKE Interrupt: " - + "\n TimeStamp = " + date.getTime() + "\n\n"); + logger.debug("\n\nTransactionTimer.run() - WAKE Interrupt: " + "\n TimeStamp = " + + date.getTime() + "\n\n"); } Thread.currentThread().interrupt(); return; } if (logger.isDebugEnabled()) { Date date = new java.util.Date(); - logger.debug("\n\nTransactionTimer.run() - WAKE Timeout: " + "\n TimeStamp = " - + date.getTime() + "\n\n"); + logger.debug("\n\nTransactionTimer.run() - WAKE Timeout: " + "\n TimeStamp = " + date.getTime() + + "\n\n"); } - logger.warn( - "PolicyDBDaoTransactionInstance - TransactionTimer - Rolling back transaction."); + logger.warn("PolicyDBDaoTransactionInstance - TransactionTimer - Rolling back transaction."); rollbackTransaction(); } } - transactionTimer = - new Thread(new TransactionTimer(transactionTimeout), "transactionTimerThread"); + transactionTimer = new Thread(new TransactionTimer(transactionTimeout), "transactionTimerThread"); transactionTimer.start(); } @@ -218,8 +209,8 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { NotifyOtherPaps otherPaps = new NotifyOtherPaps(); logger.debug("commitTransaction() as commitTransaction() called"); if (!isTransactionOpen()) { - logger.warn("There is no open transaction to commit - PolicyId - " + policyId - + ", GroupId - " + groupId); + logger.warn( + "There is no open transaction to commit - PolicyId - " + policyId + ", GroupId - " + groupId); try { session.close(); } catch (Exception e) { @@ -241,18 +232,16 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { try { otherPaps.notifyOthers(policyId, POLICY_NOTIFICATION, newGroupId); } catch (Exception e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, - PolicyDBDao.POLICYDBDAO_VAR, - "Caught Exception on notifyOthers(" + policyId + "," - + POLICY_NOTIFICATION + "," + newGroupId + ")"); + PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, PolicyDBDao.POLICYDBDAO_VAR, + "Caught Exception on notifyOthers(" + policyId + "," + POLICY_NOTIFICATION + "," + + newGroupId + ")"); } } else { try { otherPaps.notifyOthers(policyId, POLICY_NOTIFICATION); } catch (Exception e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, - PolicyDBDao.POLICYDBDAO_VAR, "Caught Exception on notifyOthers(" - + policyId + "," + POLICY_NOTIFICATION + ")"); + PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, PolicyDBDao.POLICYDBDAO_VAR, + "Caught Exception on notifyOthers(" + policyId + "," + POLICY_NOTIFICATION + ")"); } } } @@ -262,18 +251,16 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { try { otherPaps.notifyOthers(groupId, GROUP_NOTIFICATION, newGroupId); } catch (Exception e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, - PolicyDBDao.POLICYDBDAO_VAR, - "Caught Exception on notifyOthers(" + groupId + "," - + GROUP_NOTIFICATION + "," + newGroupId + ")"); + PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, PolicyDBDao.POLICYDBDAO_VAR, + "Caught Exception on notifyOthers(" + groupId + "," + GROUP_NOTIFICATION + "," + + newGroupId + ")"); } } else { try { otherPaps.notifyOthers(groupId, GROUP_NOTIFICATION); } catch (Exception e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, - PolicyDBDao.POLICYDBDAO_VAR, "Caught Exception on notifyOthers(" - + groupId + "," + GROUP_NOTIFICATION + ")"); + PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, PolicyDBDao.POLICYDBDAO_VAR, + "Caught Exception on notifyOthers(" + groupId + "," + GROUP_NOTIFICATION + ")"); } } } @@ -283,8 +270,7 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { otherPaps.notifyOthers(pdpId, PDP_NOTIFICATION); } catch (Exception e) { PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, PolicyDBDao.POLICYDBDAO_VAR, - "Caught Exception on notifyOthers(" + pdpId + "," + PDP_NOTIFICATION - + ")"); + "Caught Exception on notifyOthers(" + pdpId + "," + PDP_NOTIFICATION + ")"); } } } @@ -324,13 +310,12 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { } } - private void createPolicy(PolicyRestAdapter policy, String username, String policyScope, - String inputPolicyName, String policyDataString) { + private void createPolicy(PolicyRestAdapter policy, String username, String policyScope, String inputPolicyName, + String policyDataString) { String policyName = inputPolicyName; logger.debug("createPolicy(PolicyRestAdapter policy, String username, String policyScope," - + " String policyName, String policyDataString) as createPolicy(" + policy + ", " - + username + ", " + policyScope + ", " + policyName + ", " + policyDataString - + ") called"); + + " String policyName, String policyDataString) as createPolicy(" + policy + ", " + username + ", " + + policyScope + ", " + policyName + ", " + policyDataString + ") called"); synchronized (emLock) { PolicyDBDao policyDbDao = new PolicyDBDao(); checkBeforeOperationRun(); @@ -345,8 +330,8 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { policyName = policyName.replace(".Decision_", ":Decision_"); } policyName = policyName.split(":")[1]; - Query createPolicyQuery = session.createQuery( - "SELECT p FROM PolicyEntity p WHERE p.scope=:scope AND p.policyName=:policyName"); + Query createPolicyQuery = session + .createQuery("SELECT p FROM PolicyEntity p WHERE p.scope=:scope AND p.policyName=:policyName"); createPolicyQuery.setParameter(PolicyDBDao.SCOPE, policyScope); createPolicyQuery.setParameter("policyName", policyName); List createPolicyQueryList = createPolicyQuery.list(); @@ -395,17 +380,14 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { newActionBodyEntity.setCreatedBy("PolicyDBDao.createPolicy()"); } if (logger.isDebugEnabled()) { - logger.debug("\nPolicyDBDao.createPolicy" - + "\n newActionBodyEntity.getActionBody() = " + logger.debug("\nPolicyDBDao.createPolicy" + "\n newActionBodyEntity.getActionBody() = " + newActionBodyEntity.getActionBody() + "\n newActionBodyEntity.getActionBodyName() = " + newActionBodyEntity.getActionBodyName() - + "\n newActionBodyEntity.getModifiedBy() = " - + newActionBodyEntity.getModifiedBy() - + "\n newActionBodyEntity.getCreatedBy() = " - + newActionBodyEntity.getCreatedBy() - + "\n newActionBodyEntity.isDeleted() = " - + newActionBodyEntity.isDeleted() + "\n FLUSHING to DB"); + + "\n newActionBodyEntity.getModifiedBy() = " + newActionBodyEntity.getModifiedBy() + + "\n newActionBodyEntity.getCreatedBy() = " + newActionBodyEntity.getCreatedBy() + + "\n newActionBodyEntity.isDeleted() = " + newActionBodyEntity.isDeleted() + + "\n FLUSHING to DB"); } // push the actionBodyEntity to the DB if (isJunit) { @@ -419,13 +401,10 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { // We have a actionBody in the policy but we found no // actionBody in the DB String msg = "\n\nPolicyDBDao.createPolicy - Incoming Action policy had an " - + "actionBody, but it could not be found in the DB for update." - + "\n policyScope = " + policyScope + "\n policyName = " + policyName - + "\n\n"; - PolicyLogger.error( - "PolicyDBDao.createPolicy - Incoming Action policy had an actionBody, " - + "but it could not be found in the DB for update: policyName = " - + policyName); + + "actionBody, but it could not be found in the DB for update." + "\n policyScope = " + + policyScope + "\n policyName = " + policyName + "\n\n"; + PolicyLogger.error("PolicyDBDao.createPolicy - Incoming Action policy had an actionBody, " + + "but it could not be found in the DB for update: policyName = " + policyName); throw new IllegalArgumentException(msg); } } @@ -438,8 +417,7 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { newConfigurationDataEntity = new ConfigurationDataEntity(); configUpdate = false; } else { - newConfigurationDataEntity = (ConfigurationDataEntity) session.get( - ConfigurationDataEntity.class, + newConfigurationDataEntity = (ConfigurationDataEntity) session.get(ConfigurationDataEntity.class, newPolicyEntity.getConfigurationData().getConfigurationDataId()); configUpdate = true; } @@ -447,12 +425,10 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { if (newConfigurationDataEntity != null) { if (!PolicyDBDao.stringEquals(newConfigurationDataEntity.getConfigurationName(), policyDbDao.getConfigFile(configName, policy))) { - newConfigurationDataEntity.setConfigurationName( - policyDbDao.getConfigFile(configName, policy)); + newConfigurationDataEntity.setConfigurationName(policyDbDao.getConfigFile(configName, policy)); } if (newConfigurationDataEntity.getConfigType() == null - || !newConfigurationDataEntity.getConfigType() - .equals(policy.getConfigType())) { + || !newConfigurationDataEntity.getConfigType().equals(policy.getConfigType())) { newConfigurationDataEntity.setConfigType(policy.getConfigType()); } if (!configUpdate) { @@ -468,11 +444,9 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { } if (newConfigurationDataEntity.getConfigBody() == null || newConfigurationDataEntity.getConfigBody().isEmpty() - || (!newConfigurationDataEntity.getConfigBody() - .equals(policy.getConfigBodyData()))) { + || (!newConfigurationDataEntity.getConfigBody().equals(policy.getConfigBodyData()))) { // hopefully one of these won't be null - if (policy.getConfigBodyData() == null - || policy.getConfigBodyData().isEmpty()) { + if (policy.getConfigBodyData() == null || policy.getConfigBodyData().isEmpty()) { newConfigurationDataEntity.setConfigBody(policy.getJsonBody()); } else { newConfigurationDataEntity.setConfigBody(policy.getConfigBodyData()); @@ -492,12 +466,10 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { // found no configurationData body in the DB String msg = "\n\nPolicyDBDao.createPolicy - Incoming Config policy had a " + "configurationData body, but it could not be found in the DB for update." - + "\n policyScope = " + policyScope + "\n policyName = " + policyName - + "\n\n"; - PolicyLogger.error( - "PolicyDBDao.createPolicy - Incoming Config policy had a configurationData body, " - + "but it could not be found in the DB for update: policyName = " - + policyName); + + "\n policyScope = " + policyScope + "\n policyName = " + policyName + "\n\n"; + PolicyLogger + .error("PolicyDBDao.createPolicy - Incoming Config policy had a configurationData body, " + + "but it could not be found in the DB for update: policyName = " + policyName); throw new IllegalArgumentException(msg); } @@ -512,8 +484,7 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { if (!PolicyDBDao.stringEquals(newPolicyEntity.getCreatedBy(), username)) { newPolicyEntity.setCreatedBy(username); } - if (!PolicyDBDao.stringEquals(newPolicyEntity.getDescription(), - policy.getPolicyDescription())) { + if (!PolicyDBDao.stringEquals(newPolicyEntity.getDescription(), policy.getPolicyDescription())) { newPolicyEntity.setDescription(policy.getPolicyDescription()); } if (!PolicyDBDao.stringEquals(newPolicyEntity.getModifiedBy(), username)) { @@ -546,8 +517,8 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { public void createPolicy(Policy policy, String username) { InputStream policyXmlStream = null; try { - logger.debug("createPolicy(PolicyRestAdapter policy, String username) as createPolicy(" - + policy + "," + username + ") called"); + logger.debug("createPolicy(PolicyRestAdapter policy, String username) as createPolicy(" + policy + "," + + username + ") called"); String policyScope = policy.policyAdapter.getDomainDir().replace(File.separator, "."); // Does not need to be XACMLPolicyWriterWithPapNotify since it is // already in the PAP @@ -556,19 +527,17 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { try { if (policy.policyAdapter.getData() instanceof PolicySetType) { - policyXmlStream = XACMLPolicyWriter.getPolicySetXmlAsInputStream( - (PolicySetType) policy.getCorrectPolicyDataObject()); - } else { policyXmlStream = XACMLPolicyWriter - .getXmlAsInputStream(policy.getCorrectPolicyDataObject()); + .getPolicySetXmlAsInputStream((PolicySetType) policy.getCorrectPolicyDataObject()); + } else { + policyXmlStream = XACMLPolicyWriter.getXmlAsInputStream(policy.getCorrectPolicyDataObject()); } policyDataString = IOUtils.toString(policyXmlStream); } catch (IOException e) { policyDataString = "could not read"; PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, PolicyDBDao.POLICYDBDAO_VAR, "Caught IOException on IOUtils.toString(" + policyXmlStream + ")"); - throw new IllegalArgumentException( - "Cannot parse the policy xml from the PolicyRestAdapter."); + throw new IllegalArgumentException("Cannot parse the policy xml from the PolicyRestAdapter."); } IOUtils.closeQuietly(policyXmlStream); @@ -596,8 +565,7 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { String prefix = null; if (PolicyDBDao.CONFIG.equalsIgnoreCase(policy.policyAdapter.getPolicyType()) || DECISIONMS_MODEL.equalsIgnoreCase(policy.policyAdapter.getRuleProvider())) { - prefix = configPath.substring( - configPath.indexOf(policyScope + ".") + policyScope.concat(".").length(), + prefix = configPath.substring(configPath.indexOf(policyScope + ".") + policyScope.concat(".").length(), configPath.lastIndexOf(policy.policyAdapter.getPolicyName())); if (PolicyDBDao.isNullOrEmpty(policy.policyAdapter.getConfigBodyData())) { String configData = ""; @@ -623,13 +591,11 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { if (!(policy.policyAdapter.getData() instanceof PolicyType) && !(policy.policyAdapter.getData() instanceof PolicySetType)) { PolicyLogger.error("The data field is not an instance of PolicyType"); - throw new IllegalArgumentException( - "The data field is not an instance of PolicyType"); + throw new IllegalArgumentException("The data field is not an instance of PolicyType"); } - String finalName = policyScope + "." + prefix + policy.policyAdapter.getPolicyName() - + "." + policy.policyAdapter.getHighestVersion() + ".xml"; - if (policy.policyAdapter.getConfigType() == null - || "".equals(policy.policyAdapter.getConfigType())) { + String finalName = policyScope + "." + prefix + policy.policyAdapter.getPolicyName() + "." + + policy.policyAdapter.getHighestVersion() + ".xml"; + if (policy.policyAdapter.getConfigType() == null || "".equals(policy.policyAdapter.getConfigType())) { // get the config file extension String ext = ""; if (configPath != null && !"".equalsIgnoreCase(configPath)) { @@ -673,11 +639,10 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { } private PolicyEntity getPolicy(int policyIdVar, String policyName, String scope) { - logger.debug("getPolicy(int policyId, String policyName) as " + " getPolicy(" + policyIdVar - + "," + policyName + ") called"); + logger.debug("getPolicy(int policyId, String policyName) as " + " getPolicy(" + policyIdVar + "," + policyName + + ") called"); if (policyIdVar < 0 && PolicyDBDao.isNullOrEmpty(policyName, scope)) { - throw new IllegalArgumentException( - "policyID must be at least 0 or policyName must be not null or blank"); + throw new IllegalArgumentException("policyID must be at least 0 or policyName must be not null or blank"); } synchronized (emLock) { @@ -687,8 +652,8 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { Query policyQuery; if (!PolicyDBDao.isNullOrEmpty(policyName, scope)) { policyId = policyName; - policyQuery = session.createQuery( - "SELECT p FROM PolicyEntity p WHERE p.policyName=:name AND p.scope=:scope"); + policyQuery = + session.createQuery("SELECT p FROM PolicyEntity p WHERE p.policyName=:name AND p.scope=:scope"); policyQuery.setParameter("name", policyId); policyQuery.setParameter("scope", scope); } else { @@ -707,12 +672,10 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { if (policyQueryList.isEmpty()) { PolicyLogger.error("Policy does not exist with id " + policyId); - throw new PersistenceException( - "Group policy is being added to does not exist with id " + policyId); + throw new PersistenceException("Group policy is being added to does not exist with id " + policyId); } else if (policyQueryList.size() > 1) { PolicyLogger.error(PolicyDBDao.DUP_POLICYID + policyId + PolicyDBDao.FOUND_IN_DB); - throw new PersistenceException( - PolicyDBDao.DUP_POLICYID + policyId + PolicyDBDao.FOUND_IN_DB); + throw new PersistenceException(PolicyDBDao.DUP_POLICYID + policyId + PolicyDBDao.FOUND_IN_DB); } return (PolicyEntity) policyQueryList.get(0); } @@ -727,8 +690,7 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { synchronized (emLock) { checkBeforeOperationRun(true); // check if group exists - Query groupQuery = - session.createQuery("SELECT g FROM GroupEntity g WHERE g.groupKey=:groupKey"); + Query groupQuery = session.createQuery("SELECT g FROM GroupEntity g WHERE g.groupKey=:groupKey"); groupQuery.setParameter("groupKey", groupKey); List groupQueryList; try { @@ -742,10 +704,10 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { PolicyLogger.error("Group does not exist with groupKey " + groupKey); throw new PersistenceException("Group does not exist with groupKey " + groupKey); } else if (groupQueryList.size() > 1) { - PolicyLogger.error("Somehow, more than one group with the groupKey " + groupKey - + PolicyDBDao.FOUND_IN_DB); - throw new PersistenceException("Somehow, more than one group with the groupKey " - + groupKey + PolicyDBDao.FOUND_IN_DB); + PolicyLogger + .error("Somehow, more than one group with the groupKey " + groupKey + PolicyDBDao.FOUND_IN_DB); + throw new PersistenceException( + "Somehow, more than one group with the groupKey " + groupKey + PolicyDBDao.FOUND_IN_DB); } return (GroupEntity) groupQueryList.get(0); } @@ -760,8 +722,7 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { synchronized (emLock) { checkBeforeOperationRun(true); // check if group exists - Query groupQuery = - session.createQuery("SELECT g FROM GroupEntity g WHERE g.groupId=:groupId"); + Query groupQuery = session.createQuery("SELECT g FROM GroupEntity g WHERE g.groupId=:groupId"); groupQuery.setParameter(PolicyDBDao.GROUP_ID, groupId); List groupQueryList; try { @@ -775,10 +736,8 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { PolicyLogger.error("Group does not exist with id " + groupId); throw new PersistenceException("Group does not exist with id " + groupId); } else if (groupQueryList.size() > 1) { - PolicyLogger - .error(PolicyDBDao.DUPLICATE_GROUPID + groupId + PolicyDBDao.FOUND_IN_DB); - throw new PersistenceException( - PolicyDBDao.DUPLICATE_GROUPID + groupId + PolicyDBDao.FOUND_IN_DB); + PolicyLogger.error(PolicyDBDao.DUPLICATE_GROUPID + groupId + PolicyDBDao.FOUND_IN_DB); + throw new PersistenceException(PolicyDBDao.DUPLICATE_GROUPID + groupId + PolicyDBDao.FOUND_IN_DB); } return (GroupEntity) groupQueryList.get(0); } @@ -792,8 +751,7 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { } synchronized (emLock) { checkBeforeOperationRun(true); - Query pdpsQuery = - session.createQuery("SELECT p FROM PdpEntity p WHERE p.groupEntity=:group"); + Query pdpsQuery = session.createQuery("SELECT p FROM PdpEntity p WHERE p.groupEntity=:group"); pdpsQuery.setParameter("group", getGroup(groupKey)); return pdpsQuery.list(); } @@ -808,8 +766,7 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { synchronized (emLock) { checkBeforeOperationRun(true); // check if group exists - Query pdpQuery = - session.createQuery("SELECT p FROM PdpEntity p WHERE p.pdpKey=:pdpKey"); + Query pdpQuery = session.createQuery("SELECT p FROM PdpEntity p WHERE p.pdpKey=:pdpKey"); pdpQuery.setParameter("pdpKey", pdpKey); List pdpQueryList; try { @@ -823,10 +780,9 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { PolicyLogger.error("Pdp does not exist with pdpKey " + pdpKey); throw new PersistenceException("Pdp does not exist with pdpKey " + pdpKey); } else if (pdpQueryList.size() > 1) { - PolicyLogger.error("Somehow, more than one pdp with the pdpKey " + pdpKey - + PolicyDBDao.FOUND_IN_DB); - throw new PersistenceException("Somehow, more than one pdp with the pdpKey " - + pdpKey + PolicyDBDao.FOUND_IN_DB); + PolicyLogger.error("Somehow, more than one pdp with the pdpKey " + pdpKey + PolicyDBDao.FOUND_IN_DB); + throw new PersistenceException( + "Somehow, more than one pdp with the pdpKey " + pdpKey + PolicyDBDao.FOUND_IN_DB); } return (PdpEntity) pdpQueryList.get(0); } @@ -865,12 +821,10 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { configContentStream = new FileInputStream(configPath); configDataString = IOUtils.toString(configContentStream); } catch (FileNotFoundException e) { - logger.error("Caught FileNotFoundException on new FileInputStream(" + configPath + ")", - e); + logger.error("Caught FileNotFoundException on new FileInputStream(" + configPath + ")", e); throw new IllegalArgumentException("The config file path does not exist"); } catch (IOException e2) { - logger.error("Caught IOException on newIOUtils.toString(" + configContentStream + ")", - e2); + logger.error("Caught IOException on newIOUtils.toString(" + configContentStream + ")", e2); throw new IllegalArgumentException("The config file path cannot be read"); } finally { IOUtils.closeQuietly(configContentStream); @@ -898,14 +852,12 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { } @Override - public void createGroup(String groupId, String groupName, String inputGroupDescription, - String username) { + public void createGroup(String groupId, String groupName, String inputGroupDescription, String username) { String groupDescription = inputGroupDescription; - logger.debug("deletePolicy(String policyToDeletes) as createGroup(" + groupId + ", " - + groupName + ", " + groupDescription + ") called"); + logger.debug("deletePolicy(String policyToDeletes) as createGroup(" + groupId + ", " + groupName + ", " + + groupDescription + ") called"); if (PolicyDBDao.isNullOrEmpty(groupId, groupName, username)) { - throw new IllegalArgumentException( - "groupId, groupName, and username must not be null or empty"); + throw new IllegalArgumentException("groupId, groupName, and username must not be null or empty"); } if (groupDescription == null) { groupDescription = ""; @@ -926,8 +878,7 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { } if (!checkGroupQueryList.isEmpty()) { PolicyLogger.error("The group being added already exists with id " + groupId); - throw new PersistenceException( - "The group being added already exists with id " + groupId); + throw new PersistenceException("The group being added already exists with id " + groupId); } GroupEntity newGroup = new GroupEntity(); newGroup.setCreatedBy(username); @@ -946,14 +897,13 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { @Override public void updateGroup(OnapPDPGroup group, String requestType, String username) { - logger.info("PolicyDBDao: updateGroup(PDPGroup group) as updateGroup(" + group + "," - + requestType + "," + username + ") called"); + logger.info("PolicyDBDao: updateGroup(PDPGroup group) as updateGroup(" + group + "," + requestType + "," + + username + ") called"); if (group == null) { throw new IllegalArgumentException("PDPGroup group must not be null"); } if (PolicyDBDao.isNullOrEmpty(group.getId(), requestType)) { - throw new IllegalArgumentException( - "group.getId() and username must not be null or empty"); + throw new IllegalArgumentException("group.getId() and username must not be null or empty"); } synchronized (emLock) { @@ -968,32 +918,28 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { } catch (Exception e) { PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, PolicyDBDao.POLICYDBDAO_VAR, "Caught Exception on getGroupQuery.getResultList()"); - throw new PersistenceException( - PolicyDBDao.QUERY_FAILED_GET_GROUP + group.getId() + " for editing"); + throw new PersistenceException(PolicyDBDao.QUERY_FAILED_GET_GROUP + group.getId() + " for editing"); } if (getGroupQueryList.isEmpty()) { PolicyLogger.error("The group cannot be found to update with id " + group.getId()); - throw new PersistenceException( - "The group cannot be found to update with id " + group.getId()); + throw new PersistenceException("The group cannot be found to update with id " + group.getId()); } else if (getGroupQueryList.size() > 1) { - PolicyLogger.error(PolicyDBDao.DUPLICATE_GROUPID + group.getId() - + PolicyDBDao.DELETED_STATUS_FOUND); - throw new PersistenceException(PolicyDBDao.DUPLICATE_GROUPID + group.getId() - + PolicyDBDao.DELETED_STATUS_FOUND); + PolicyLogger.error(PolicyDBDao.DUPLICATE_GROUPID + group.getId() + PolicyDBDao.DELETED_STATUS_FOUND); + throw new PersistenceException( + PolicyDBDao.DUPLICATE_GROUPID + group.getId() + PolicyDBDao.DELETED_STATUS_FOUND); } GroupEntity groupToUpdateInDb = (GroupEntity) getGroupQueryList.get(0); if (!PolicyDBDao.stringEquals(groupToUpdateInDb.getModifiedBy(), requestType)) { groupToUpdateInDb.setModifiedBy(requestType); } - if (group.getDescription() != null && !PolicyDBDao.stringEquals(group.getDescription(), - groupToUpdateInDb.getDescription())) { + if (group.getDescription() != null + && !PolicyDBDao.stringEquals(group.getDescription(), groupToUpdateInDb.getDescription())) { groupToUpdateInDb.setDescription(group.getDescription()); } // let's find out what policies have been deleted StdPDPGroup oldGroup = null; try { - oldGroup = (StdPDPGroup) PolicyDBDao.getPolicyDBDaoInstance().getPapEngine() - .getGroup(group.getId()); + oldGroup = (StdPDPGroup) PolicyDBDao.getPolicyDBDaoInstance().getPapEngine().getGroup(group.getId()); } catch (PAPException e1) { PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e1, PolicyDBDao.POLICYDBDAO_VAR, "We cannot get the group from the papEngine to delete policies"); @@ -1011,61 +957,51 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { // should be fast since getPolicies uses a HashSet in // StdPDPGroup if (!newPolicySet.contains(pol.getId())) { - String[] scopeAndName = - policyDbDaoVar.getNameScopeAndVersionFromPdpPolicy(pol.getId()); + String[] scopeAndName = policyDbDaoVar.getNameScopeAndVersionFromPdpPolicy(pol.getId()); PolicyEntity policyToDelete = null; try { if (scopeAndName != null) { policyToDelete = getPolicy(scopeAndName[0], scopeAndName[1]); if ("XACMLPapServlet.doDelete".equals(requestType)) { - Iterator dbPolicyIt = - groupToUpdateInDb.getPolicies().iterator(); - String policyName = policyDbDaoVar - .getPolicyNameAndVersionFromPolicyFileName( - policyToDelete.getPolicyName())[0]; + Iterator dbPolicyIt = groupToUpdateInDb.getPolicies().iterator(); + String policyName = policyDbDaoVar.getPolicyNameAndVersionFromPolicyFileName( + policyToDelete.getPolicyName())[0]; logger.info("PolicyDBDao: delete policy from GroupEntity"); try { while (dbPolicyIt.hasNext()) { PolicyEntity dbpolicy = dbPolicyIt.next(); - if (policyToDelete.getScope() - .equals(dbpolicy.getScope()) - && policyDbDaoVar - .getPolicyNameAndVersionFromPolicyFileName( - dbpolicy.getPolicyName())[0] - .equals(policyName)) { + if (policyToDelete.getScope().equals(dbpolicy.getScope()) + && policyDbDaoVar.getPolicyNameAndVersionFromPolicyFileName( + dbpolicy.getPolicyName())[0].equals(policyName)) { dbPolicyIt.remove(); - logger.info( - "PolicyDBDao: deleting policy from the existing group:\n " - + "policyName is " - + policyToDelete.getScope() + "." - + policyToDelete.getPolicyName() - + "\n" + "group is " - + groupToUpdateInDb.getGroupId()); + auditPdpOperations(username, + dbpolicy.getScope() + "." + dbpolicy.getPolicyName(), "Delete"); + logger.info("PolicyDBDao: deleting policy from the existing group:\n " + + "policyName is " + policyToDelete.getScope() + "." + + policyToDelete.getPolicyName() + "\n" + "group is " + + groupToUpdateInDb.getGroupId()); } } } catch (Exception e) { logger.debug(e); PolicyLogger.error("Could not delete policy with name: " - + policyToDelete.getScope() + "." - + policyToDelete.getPolicyName() + "\n ID: " - + policyToDelete.getPolicyId()); + + policyToDelete.getScope() + "." + policyToDelete.getPolicyName() + + "\n ID: " + policyToDelete.getPolicyId()); } } } } catch (Exception e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, - PolicyDBDao.POLICYDBDAO_VAR, - "Could not get policy to remove: " + pol.getId()); - throw new PersistenceException( + PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, PolicyDBDao.POLICYDBDAO_VAR, "Could not get policy to remove: " + pol.getId()); + throw new PersistenceException("Could not get policy to remove: " + pol.getId()); } } } } - if (group.getName() != null && !PolicyDBDao.stringEquals(group.getName(), - groupToUpdateInDb.getgroupName())) { + if (group.getName() != null + && !PolicyDBDao.stringEquals(group.getName(), groupToUpdateInDb.getgroupName())) { // we need to check if the new id exists in the database String newGrpId = PolicyDBDao.createNewPDPGroupId(group.getName()); Query checkGroupQuery = session.createQuery(PolicyDBDao.GROUPENTITY_SELECT); @@ -1081,8 +1017,7 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { } if (!checkGroupQueryList.isEmpty()) { PolicyLogger.error("The new group name already exists, group id " + newGrpId); - throw new PersistenceException( - "The new group name already exists, group id " + newGrpId); + throw new PersistenceException("The new group name already exists, group id " + newGrpId); } groupToUpdateInDb.setGroupId(newGrpId); groupToUpdateInDb.setGroupName(group.getName()); @@ -1094,15 +1029,14 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { } @Override - public void addPdpToGroup(String pdpId, String groupIdVar, String pdpName, - String pdpDescription, int pdpJmxPort, String username) { + public void addPdpToGroup(String pdpId, String groupIdVar, String pdpName, String pdpDescription, int pdpJmxPort, + String username) { logger.debug("addPdpToGroup(String pdpID, String groupID, String pdpName, " - + "String pdpDescription, int pdpJmxPort, String username) as addPdpToGroup(" - + pdpId + ", " + groupIdVar + ", " + pdpName + ", " + pdpDescription + ", " - + pdpJmxPort + ", " + username + ") called"); + + "String pdpDescription, int pdpJmxPort, String username) as addPdpToGroup(" + pdpId + ", " + + groupIdVar + ", " + pdpName + ", " + pdpDescription + ", " + pdpJmxPort + ", " + username + + ") called"); if (PolicyDBDao.isNullOrEmpty(pdpId, groupIdVar, pdpName, username)) { - throw new IllegalArgumentException( - "pdpID, groupID, pdpName, and username must not be null or empty"); + throw new IllegalArgumentException("pdpID, groupID, pdpName, and username must not be null or empty"); } synchronized (emLock) { checkBeforeOperationRun(); @@ -1131,8 +1065,7 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, PolicyDBDao.POLICYDBDAO_VAR, "Caught Exception trying to check for duplicate PDP " + pdpId + " on checkDuplicateQuery.getResultList()"); - throw new PersistenceException( - "Query failed trying to check for duplicate PDP " + pdpId); + throw new PersistenceException("Query failed trying to check for duplicate PDP " + pdpId); } PdpEntity newPdp; if (!checkDuplicateList.isEmpty()) { @@ -1161,14 +1094,12 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { @Override public void updatePdp(OnapPDP pdp, String username) { - logger.debug("updatePdp(PDP pdp, String username) as updatePdp(" + pdp + "," + username - + ") called"); + logger.debug("updatePdp(PDP pdp, String username) as updatePdp(" + pdp + "," + username + ") called"); if (pdp == null) { throw new IllegalArgumentException("PDP pdp must not be null"); } if (PolicyDBDao.isNullOrEmpty(pdp.getId(), username)) { - throw new IllegalArgumentException( - "pdp.getId() and username must not be null or empty"); + throw new IllegalArgumentException("pdp.getId() and username must not be null or empty"); } synchronized (emLock) { @@ -1186,24 +1117,21 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { } if (getPdpQueryList.isEmpty()) { PolicyLogger.error("The pdp cannot be found to update with id " + pdp.getId()); - throw new PersistenceException( - "The pdp cannot be found to update with id " + pdp.getId()); + throw new PersistenceException("The pdp cannot be found to update with id " + pdp.getId()); } else if (getPdpQueryList.size() > 1) { - PolicyLogger.error(PolicyDBDao.MORE_THAN_ONE_PDP + pdp.getId() - + PolicyDBDao.DELETED_STATUS_FOUND); - throw new PersistenceException(PolicyDBDao.MORE_THAN_ONE_PDP + pdp.getId() - + PolicyDBDao.DELETED_STATUS_FOUND); + PolicyLogger.error(PolicyDBDao.MORE_THAN_ONE_PDP + pdp.getId() + PolicyDBDao.DELETED_STATUS_FOUND); + throw new PersistenceException( + PolicyDBDao.MORE_THAN_ONE_PDP + pdp.getId() + PolicyDBDao.DELETED_STATUS_FOUND); } PdpEntity pdpToUpdate = (PdpEntity) getPdpQueryList.get(0); if (!PolicyDBDao.stringEquals(pdpToUpdate.getModifiedBy(), username)) { pdpToUpdate.setModifiedBy(username); } - if (pdp.getDescription() != null && !PolicyDBDao.stringEquals(pdp.getDescription(), - pdpToUpdate.getDescription())) { + if (pdp.getDescription() != null + && !PolicyDBDao.stringEquals(pdp.getDescription(), pdpToUpdate.getDescription())) { pdpToUpdate.setDescription(pdp.getDescription()); } - if (pdp.getName() != null - && !PolicyDBDao.stringEquals(pdp.getName(), pdpToUpdate.getPdpName())) { + if (pdp.getName() != null && !PolicyDBDao.stringEquals(pdp.getName(), pdpToUpdate.getPdpName())) { pdpToUpdate.setPdpName(pdp.getName()); } if (pdp.getJmxPort() != null && !pdp.getJmxPort().equals(pdpToUpdate.getJmxPort())) { @@ -1217,14 +1145,13 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { @Override public void movePdp(OnapPDP pdp, OnapPDPGroup group, String username) { - logger.debug("movePdp(PDP pdp, PDPGroup group, String username) as movePdp(" + pdp + "," - + group + "," + username + ") called"); + logger.debug("movePdp(PDP pdp, PDPGroup group, String username) as movePdp(" + pdp + "," + group + "," + + username + ") called"); if (pdp == null || group == null) { throw new IllegalArgumentException("PDP pdp and PDPGroup group must not be null"); } if (PolicyDBDao.isNullOrEmpty(username, pdp.getId(), group.getId())) { - throw new IllegalArgumentException( - "pdp.getId(), group.getId(), and username must not be null or empty"); + throw new IllegalArgumentException("pdp.getId(), group.getId(), and username must not be null or empty"); } synchronized (emLock) { @@ -1239,18 +1166,15 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { } catch (Exception e) { PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, PolicyDBDao.POLICYDBDAO_VAR, "Caught Exception on getPdpQuery.getResultList()"); - throw new PersistenceException( - "Query failed trying to get pdp to move with id " + pdp.getId()); + throw new PersistenceException("Query failed trying to get pdp to move with id " + pdp.getId()); } if (getPdpQueryList.isEmpty()) { PolicyLogger.error("The pdp cannot be found to move with id " + pdp.getId()); - throw new PersistenceException( - "The pdp cannot be found to move with id " + pdp.getId()); + throw new PersistenceException("The pdp cannot be found to move with id " + pdp.getId()); } else if (getPdpQueryList.size() > 1) { - PolicyLogger.error(PolicyDBDao.MORE_THAN_ONE_PDP + pdp.getId() - + PolicyDBDao.DELETED_STATUS_FOUND); - throw new PersistenceException(PolicyDBDao.MORE_THAN_ONE_PDP + pdp.getId() - + PolicyDBDao.DELETED_STATUS_FOUND); + PolicyLogger.error(PolicyDBDao.MORE_THAN_ONE_PDP + pdp.getId() + PolicyDBDao.DELETED_STATUS_FOUND); + throw new PersistenceException( + PolicyDBDao.MORE_THAN_ONE_PDP + pdp.getId() + PolicyDBDao.DELETED_STATUS_FOUND); } // check if new group exists @@ -1263,8 +1187,7 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { } catch (Exception e) { PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, PolicyDBDao.POLICYDBDAO_VAR, "Caught Exception trying to get group on checkGroupQuery.getResultList()"); - throw new PersistenceException( - "Query failed trying to get new group " + group.getId()); + throw new PersistenceException("Query failed trying to get new group " + group.getId()); } if (checkGroupQueryList.size() != 1) { PolicyLogger.error("The group " + group.getId() + " does not exist"); @@ -1284,14 +1207,13 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { @Override public void changeDefaultGroup(OnapPDPGroup group, String username) { - logger.debug("changeDefaultGroup(PDPGroup group, String username) as changeDefaultGroup(" - + group + "," + username + ") called"); + logger.debug("changeDefaultGroup(PDPGroup group, String username) as changeDefaultGroup(" + group + "," + + username + ") called"); if (group == null) { throw new IllegalArgumentException("PDPGroup group must not be null"); } if (PolicyDBDao.isNullOrEmpty(group.getId(), username)) { - throw new IllegalArgumentException( - "group.getId() and username must not be null or empty"); + throw new IllegalArgumentException("group.getId() and username must not be null or empty"); } synchronized (emLock) { @@ -1308,15 +1230,12 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { throw new PersistenceException(PolicyDBDao.QUERY_FAILED_GET_GROUP + group.getId()); } if (getGroupQueryList.isEmpty()) { - PolicyLogger - .error("The group cannot be found to set default with id " + group.getId()); - throw new PersistenceException( - "The group cannot be found to set default with id " + group.getId()); + PolicyLogger.error("The group cannot be found to set default with id " + group.getId()); + throw new PersistenceException("The group cannot be found to set default with id " + group.getId()); } else if (getGroupQueryList.size() > 1) { - PolicyLogger.error(PolicyDBDao.DUPLICATE_GROUPID + group.getId() - + PolicyDBDao.DELETED_STATUS_FOUND); - throw new PersistenceException(PolicyDBDao.DUPLICATE_GROUPID + group.getId() - + PolicyDBDao.DELETED_STATUS_FOUND); + PolicyLogger.error(PolicyDBDao.DUPLICATE_GROUPID + group.getId() + PolicyDBDao.DELETED_STATUS_FOUND); + throw new PersistenceException( + PolicyDBDao.DUPLICATE_GROUPID + group.getId() + PolicyDBDao.DELETED_STATUS_FOUND); } GroupEntity newDefaultGroup = (GroupEntity) getGroupQueryList.get(0); newDefaultGroup.setDefaultGroup(true); @@ -1326,16 +1245,14 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { session.flush(); this.groupId = newDefaultGroup.getGroupKey(); - Query setAllGroupsNotDefault = - session.createQuery("UPDATE GroupEntity g SET g.defaultGroup=:defaultGroup " - + "WHERE g.deleted=:deleted AND g.groupKey<>:groupKey"); + Query setAllGroupsNotDefault = session.createQuery("UPDATE GroupEntity g SET g.defaultGroup=:defaultGroup " + + "WHERE g.deleted=:deleted AND g.groupKey<>:groupKey"); // not going to set modified by for all groups setAllGroupsNotDefault.setParameter("defaultGroup", false); setAllGroupsNotDefault.setParameter(PolicyDBDao.DELETED, false); setAllGroupsNotDefault.setParameter("groupKey", newDefaultGroup.getGroupKey()); try { - logger.info( - "set " + setAllGroupsNotDefault.executeUpdate() + " groups as not default"); + logger.info("set " + setAllGroupsNotDefault.executeUpdate() + " groups as not default"); } catch (Exception e) { PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, PolicyDBDao.POLICYDBDAO_VAR, "Caught Exception on setAllGroupsNotDefault.executeUpdate()"); @@ -1346,22 +1263,18 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { } @Override - public void deleteGroup(OnapPDPGroup group, OnapPDPGroup moveToGroup, String username) - throws PolicyDBException { - logger.debug( - "deleteGroup(PDPGroup group, PDPGroup moveToGroup, String username) as deleteGroup(" - + group + ", " + moveToGroup + "," + username + ") called"); + public void deleteGroup(OnapPDPGroup group, OnapPDPGroup moveToGroup, String username) throws PolicyDBException { + logger.debug("deleteGroup(PDPGroup group, PDPGroup moveToGroup, String username) as deleteGroup(" + group + ", " + + moveToGroup + "," + username + ") called"); if (group == null) { throw new IllegalArgumentException("PDPGroup group cannot be null"); } if (PolicyDBDao.isNullOrEmpty(username, group.getId())) { - throw new IllegalArgumentException( - "group.getId() and and username must not be null or empty"); + throw new IllegalArgumentException("group.getId() and and username must not be null or empty"); } if (group.isDefaultGroup()) { - PolicyLogger.error("The default group " + group.getId() - + " was attempted to be deleted. It cannot be."); + PolicyLogger.error("The default group " + group.getId() + " was attempted to be deleted. It cannot be."); throw new PolicyDBException("You cannot delete the default group."); } synchronized (emLock) { @@ -1381,14 +1294,13 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { logger.warn(PolicyDBDao.GROUP_NOT_FOUND + group.getId()); return; } else if (deleteGroupQueryList.size() > 1) { - PolicyLogger.error(PolicyDBDao.DUPLICATE_GROUPID + group.getId() - + PolicyDBDao.FOUND_IN_DB_NOT_DEL); - throw new PersistenceException(PolicyDBDao.DUPLICATE_GROUPID + group.getId() - + PolicyDBDao.FOUND_IN_DB_NOT_DEL); + PolicyLogger.error(PolicyDBDao.DUPLICATE_GROUPID + group.getId() + PolicyDBDao.FOUND_IN_DB_NOT_DEL); + throw new PersistenceException( + PolicyDBDao.DUPLICATE_GROUPID + group.getId() + PolicyDBDao.FOUND_IN_DB_NOT_DEL); } - Query pdpsInGroupQuery = session.createQuery( - "SELECT p FROM PdpEntity p WHERE p.groupEntity=:group and p.deleted=:deleted"); + Query pdpsInGroupQuery = + session.createQuery("SELECT p FROM PdpEntity p WHERE p.groupEntity=:group and p.deleted=:deleted"); pdpsInGroupQuery.setParameter("group", (deleteGroupQueryList.get(0))); pdpsInGroupQuery.setParameter(PolicyDBDao.DELETED, false); List pdpsInGroupList; @@ -1401,29 +1313,26 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { } if (!pdpsInGroupList.isEmpty()) { if (moveToGroup != null) { - Query checkMoveToGroupQuery = session.createQuery( - "SELECT o FROM GroupEntity o WHERE o.groupId=:groupId AND o.deleted=:deleted"); + Query checkMoveToGroupQuery = session + .createQuery("SELECT o FROM GroupEntity o WHERE o.groupId=:groupId AND o.deleted=:deleted"); checkMoveToGroupQuery.setParameter(PolicyDBDao.GROUP_ID, moveToGroup.getId()); checkMoveToGroupQuery.setParameter(PolicyDBDao.DELETED, false); List checkMoveToGroupList; try { checkMoveToGroupList = checkMoveToGroupQuery.list(); } catch (Exception e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, - PolicyDBDao.POLICYDBDAO_VAR, + PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, PolicyDBDao.POLICYDBDAO_VAR, "Caught Exception trying to check if group exists checkMoveToGroupQuery.getResultList"); - throw new PersistenceException( - "Query failed trying to check if group exists"); + throw new PersistenceException("Query failed trying to check if group exists"); } if (checkMoveToGroupList.isEmpty()) { PolicyLogger.error(PolicyDBDao.GROUP_NOT_FOUND + moveToGroup.getId()); - throw new PersistenceException( - PolicyDBDao.GROUP_NOT_FOUND + moveToGroup.getId()); + throw new PersistenceException(PolicyDBDao.GROUP_NOT_FOUND + moveToGroup.getId()); } else if (checkMoveToGroupList.size() > 1) { - PolicyLogger.error(PolicyDBDao.DUPLICATE_GROUPID + moveToGroup.getId() - + PolicyDBDao.FOUND_IN_DB_NOT_DEL); - throw new PersistenceException(PolicyDBDao.DUPLICATE_GROUPID - + moveToGroup.getId() + PolicyDBDao.FOUND_IN_DB_NOT_DEL); + PolicyLogger.error( + PolicyDBDao.DUPLICATE_GROUPID + moveToGroup.getId() + PolicyDBDao.FOUND_IN_DB_NOT_DEL); + throw new PersistenceException( + PolicyDBDao.DUPLICATE_GROUPID + moveToGroup.getId() + PolicyDBDao.FOUND_IN_DB_NOT_DEL); } else { GroupEntity newGroup = (GroupEntity) checkMoveToGroupList.get(0); for (Object pdpObject : pdpsInGroupList) { @@ -1436,19 +1345,16 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { session.flush(); this.newGroupId = newGroup.getGroupId(); } catch (PersistenceException e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, - PolicyDBDao.POLICYDBDAO_VAR, + PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, PolicyDBDao.POLICYDBDAO_VAR, "Caught PersistenceException trying to set pdp group to null on em.flush()"); - throw new PersistenceException( - "Query failed trying to set pdp group to "); + throw new PersistenceException("Query failed trying to set pdp group to "); } } } } else { PolicyLogger.error("Group " + group.getId() + " is trying to be delted with PDPs. No group was provided to move them to"); - throw new PolicyDBException( - "Group has PDPs. Must provide a group for them to move to"); + throw new PolicyDBException("Group has PDPs. Must provide a group for them to move to"); } } @@ -1464,15 +1370,13 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { } @Override - public StdPDPGroup addPolicyToGroup(String groupIdVar, String policyIdVar, String requestType, - String username) throws PolicyDBException { + public StdPDPGroup addPolicyToGroup(String groupIdVar, String policyIdVar, String requestType, String username) + throws PolicyDBException { logger.info( "PolicyDBDao: addPolicyToGroup(String groupID, String policyID, String username) as addPolicyToGroup(" - + groupIdVar + ", " + policyIdVar + "," + requestType + "," + username - + ") called"); + + groupIdVar + ", " + policyIdVar + "," + requestType + "," + username + ") called"); if (PolicyDBDao.isNullOrEmpty(groupIdVar, policyIdVar, requestType)) { - throw new IllegalArgumentException( - "groupID, policyID, and username must not be null or empty"); + throw new IllegalArgumentException("groupID, policyID, and username must not be null or empty"); } synchronized (emLock) { checkBeforeOperationRun(); @@ -1486,34 +1390,27 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { } catch (Exception e) { PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, PolicyDBDao.POLICYDBDAO_VAR, "Caught Exception trying to check if group exists groupQuery.getResultList()"); - throw new PersistenceException( - "Query failed trying to check if group " + groupIdVar + " exists"); + throw new PersistenceException("Query failed trying to check if group " + groupIdVar + " exists"); } if (groupQueryList.isEmpty()) { - PolicyLogger.error( - "Group policy is being added to does not exist with id " + groupIdVar); - throw new PersistenceException( - "Group policy is being added to does not exist with id " + groupIdVar); + PolicyLogger.error("Group policy is being added to does not exist with id " + groupIdVar); + throw new PersistenceException("Group policy is being added to does not exist with id " + groupIdVar); } else if (groupQueryList.size() > 1) { - PolicyLogger.error(PolicyDBDao.DUPLICATE_GROUPID + groupIdVar - + PolicyDBDao.FOUND_IN_DB_NOT_DEL); - throw new PersistenceException(PolicyDBDao.DUPLICATE_GROUPID + groupIdVar - + PolicyDBDao.FOUND_IN_DB_NOT_DEL); + PolicyLogger.error(PolicyDBDao.DUPLICATE_GROUPID + groupIdVar + PolicyDBDao.FOUND_IN_DB_NOT_DEL); + throw new PersistenceException( + PolicyDBDao.DUPLICATE_GROUPID + groupIdVar + PolicyDBDao.FOUND_IN_DB_NOT_DEL); } // we need to convert the form of the policy id that is used groups // into the form that is used // for the database. (com.Config_mypol.1.xml) to (Config_mypol.xml) PolicyDBDao policyDbDao = new PolicyDBDao(); - String[] policyNameScopeAndVersion = - policyDbDao.getNameScopeAndVersionFromPdpPolicy(policyIdVar); + String[] policyNameScopeAndVersion = policyDbDao.getNameScopeAndVersionFromPdpPolicy(policyIdVar); if (policyNameScopeAndVersion == null) { - throw new IllegalArgumentException( - "Invalid input - policyID must contain name, scope and version"); + throw new IllegalArgumentException("Invalid input - policyID must contain name, scope and version"); } - Query policyQuery = session - .createQuery("SELECT p FROM PolicyEntity p WHERE p.policyName=:policyName " - + "AND p.scope=:scope AND p.deleted=:deleted"); + Query policyQuery = session.createQuery("SELECT p FROM PolicyEntity p WHERE p.policyName=:policyName " + + "AND p.scope=:scope AND p.deleted=:deleted"); policyQuery.setParameter("policyName", policyNameScopeAndVersion[0]); policyQuery.setParameter(PolicyDBDao.SCOPE, policyNameScopeAndVersion[1]); policyQuery.setParameter(PolicyDBDao.DELETED, false); @@ -1524,57 +1421,55 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { logger.debug(e); PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, PolicyDBDao.POLICYDBDAO_VAR, "Caught Exception trying to check if policy exists policyQuery.getResultList()"); - throw new PersistenceException("Query failed trying to check if policy " - + policyNameScopeAndVersion[0] + " exists"); + throw new PersistenceException( + "Query failed trying to check if policy " + policyNameScopeAndVersion[0] + " exists"); } if (policyQueryList.isEmpty()) { PolicyLogger.error("Policy being added to the group does not exist with policy id " + policyNameScopeAndVersion[0]); - throw new PersistenceException( - "Policy being added to the group does not exist with policy id " - + policyNameScopeAndVersion[0]); + throw new PersistenceException("Policy being added to the group does not exist with policy id " + + policyNameScopeAndVersion[0]); } else if (policyQueryList.size() > 1) { - PolicyLogger.error(PolicyDBDao.DUP_POLICYID + policyNameScopeAndVersion[0] - + PolicyDBDao.FOUND_IN_DB_NOT_DEL); - throw new PersistenceException(PolicyDBDao.DUPLICATE_GROUPID - + policyNameScopeAndVersion[0] + PolicyDBDao.FOUND_IN_DB_NOT_DEL); + PolicyLogger.error( + PolicyDBDao.DUP_POLICYID + policyNameScopeAndVersion[0] + PolicyDBDao.FOUND_IN_DB_NOT_DEL); + throw new PersistenceException( + PolicyDBDao.DUPLICATE_GROUPID + policyNameScopeAndVersion[0] + PolicyDBDao.FOUND_IN_DB_NOT_DEL); } logger.info("PolicyDBDao: Getting group and policy from database"); GroupEntity group = (GroupEntity) groupQueryList.get(0); PolicyEntity policy = (PolicyEntity) policyQueryList.get(0); Iterator policyIt = group.getPolicies().iterator(); - String policyName = policyDbDao - .getPolicyNameAndVersionFromPolicyFileName(policy.getPolicyName())[0]; + String policyName = policyDbDao.getPolicyNameAndVersionFromPolicyFileName(policy.getPolicyName())[0]; logger.info("PolicyDBDao: policyName retrieved is " + policyName); try { while (policyIt.hasNext()) { PolicyEntity pol = policyIt.next(); - if (policy.getScope().equals(pol.getScope()) && policyDbDao - .getPolicyNameAndVersionFromPolicyFileName(pol.getPolicyName())[0] + if (policy.getScope().equals(pol.getScope()) + && policyDbDao.getPolicyNameAndVersionFromPolicyFileName(pol.getPolicyName())[0] .equals(policyName)) { policyIt.remove(); } } } catch (Exception e) { logger.debug(e); - PolicyLogger.error("Could not delete old versions for policy " - + policy.getPolicyName() + ", ID: " + policy.getPolicyId()); + PolicyLogger.error("Could not delete old versions for policy " + policy.getPolicyName() + ", ID: " + + policy.getPolicyId()); } group.addPolicyToGroup(policy); + auditPdpOperations(username, policy.getScope() + "." + policy.getPolicyName(), "Push"); session.flush(); // After adding policy to the db group we need to make sure the // filesytem group is in sync with the db group try { - StdPDPGroup pdpGroup = (StdPDPGroup) PolicyDBDao.getPolicyDBDaoInstance() - .getPapEngine().getGroup(group.getGroupId()); + StdPDPGroup pdpGroup = + (StdPDPGroup) PolicyDBDao.getPolicyDBDaoInstance().getPapEngine().getGroup(group.getGroupId()); return policyDbDao.synchronizeGroupPoliciesInFileSystem(pdpGroup, group); } catch (PAPException e) { logger.debug(e); - PolicyLogger.error( - "PolicyDBDao: Could not synchronize the filesystem group with the database group. " - + e.getMessage()); + PolicyLogger.error("PolicyDBDao: Could not synchronize the filesystem group with the database group. " + + e.getMessage()); } return null; } @@ -1583,8 +1478,8 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { // this means delete pdp not just remove from group @Override public void removePdpFromGroup(String pdpId, String username) { - logger.debug("removePdpFromGroup(String pdpID, String username) as removePdpFromGroup(" - + pdpId + "," + username + ") called"); + logger.debug("removePdpFromGroup(String pdpID, String username) as removePdpFromGroup(" + pdpId + "," + username + + ") called"); if (PolicyDBDao.isNullOrEmpty(pdpId, username)) { throw new IllegalArgumentException("pdpID and username must not be null or empty"); } @@ -1599,14 +1494,12 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { } catch (Exception e) { PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, PolicyDBDao.POLICYDBDAO_VAR, "Caught Exception trying to check if pdp exists pdpQuery.getResultList()"); - throw new PersistenceException( - "Query failed trying to check if pdp " + pdpId + " exists"); + throw new PersistenceException("Query failed trying to check if pdp " + pdpId + " exists"); } if (pdpList.size() > 1) { - PolicyLogger.error("Somehow, more than one pdp with the id " + pdpId - + PolicyDBDao.FOUND_IN_DB_NOT_DEL); - throw new PersistenceException("Somehow, more than one pdp with the id " + pdpId - + PolicyDBDao.FOUND_IN_DB_NOT_DEL); + PolicyLogger.error("Somehow, more than one pdp with the id " + pdpId + PolicyDBDao.FOUND_IN_DB_NOT_DEL); + throw new PersistenceException( + "Somehow, more than one pdp with the id " + pdpId + PolicyDBDao.FOUND_IN_DB_NOT_DEL); } else if (pdpList.isEmpty()) { PolicyLogger.error("Pdp being removed does not exist with id " + pdpId); return; @@ -1652,4 +1545,20 @@ public class PolicyDbDaoTransactionInstance implements PolicyDBDaoTransaction { public static void setJunit(boolean isJunit) { PolicyDbDaoTransactionInstance.isJunit = isJunit; } + + /** + * Audit pdp operations. + * + * @param username the username + * @param policyID the policy ID + * @param action the action + */ + public void auditPdpOperations(String username, String policyID, String action) { + PolicyAuditlog log = new PolicyAuditlog(); + log.setUserName(username); + log.setActions(action); + log.setPolicyName(policyID); + log.setDateAndTime(new Date()); + session.save(log); + } } diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/handler/DeleteHandler.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/handler/DeleteHandler.java index 4e7874260..92e43c62f 100644 --- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/handler/DeleteHandler.java +++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/rest/handler/DeleteHandler.java @@ -353,6 +353,7 @@ public class DeleteHandler { */ public void doApiDeleteFromPdp(HttpServletRequest request, HttpServletResponse response, ONAPLoggingContext loggingContext) throws IOException { + String groupId = request.getParameter("groupId"); if (groupId != null && !groupId.matches(REGEX)) { diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/DeletePolicyService.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/DeletePolicyService.java index ff0ac826f..4f7384b3d 100644 --- a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/DeletePolicyService.java +++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/api/services/DeletePolicyService.java @@ -173,7 +173,7 @@ public class DeletePolicyService extends PdpApiService { */ private boolean populateFullPolicyName(final PAPServices papServices) { for (PolicyNameType policyData : policyList) { - if (policyData.getPolicyName().contains("xml")) { + if (policyData.getPolicyName().endsWith("xml")) { policyData.setFullPolicyName(policyData.getPolicyName()); continue; } @@ -251,7 +251,7 @@ public class DeletePolicyService extends PdpApiService { if ("PAP".equalsIgnoreCase(deletePolicyParameters.getPolicyComponent()) && (deletePolicyParameters.getDeleteCondition() == null - || deletePolicyParameters.getDeleteCondition().toString().trim().isEmpty())) { + || StringUtils.isBlank(deletePolicyParameters.getDeleteCondition().toString()))) { message = XACMLErrorConstants.ERROR_DATA_ISSUE + "No Delete Condition given."; LOGGER.warn(message + PRINT_REQUESTID + requestId); return false; diff --git a/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/PolicyAuditlog.java b/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/PolicyAuditlog.java new file mode 100644 index 000000000..bfd7769b4 --- /dev/null +++ b/ONAP-REST/src/main/java/org/onap/policy/rest/jpa/PolicyAuditlog.java @@ -0,0 +1,93 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP-PAP-REST + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.rest.jpa; + +import java.util.Date; +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.NamedQuery; +import javax.persistence.Table; + +@Entity +@Table(name = "policyAuditlog") +@NamedQuery(name = "policyAuditlog.findAll", query = "SELECT v FROM PolicyAuditlog v ") +public class PolicyAuditlog { + private static final long serialVersionUID = 1L; + @Id + @GeneratedValue(strategy = GenerationType.AUTO) + @Column(name = "id", nullable = false, unique = true) + private int id; + + @Column(name = "userName", nullable = false, length = 100) + private String userName; + + @Column(name = "policyName", nullable = false, length = 255) + private String policyName; + + @Column(name = "actions", nullable = false, length = 50) + private String actions; + + @Column(name = "dateAndTime", nullable = false) + private Date dateAndTime; + + public int getId() { + return id; + } + + public void setId(int id) { + this.id = id; + } + + public String getUserName() { + return userName; + } + + public void setUserName(String userName) { + this.userName = userName; + } + + public String getPolicyName() { + return policyName; + } + + public void setPolicyName(String policyName) { + this.policyName = policyName; + } + + public String getActions() { + return actions; + } + + public void setActions(String actions) { + this.actions = actions; + } + + public Date getDateAndTime() { + return dateAndTime; + } + + public void setDateAndTime(Date dateAndTime) { + this.dateAndTime = dateAndTime; + } +} diff --git a/ONAP-REST/src/test/java/org/onap/policy/rest/jpa/PolicyAuditlogTest.java b/ONAP-REST/src/test/java/org/onap/policy/rest/jpa/PolicyAuditlogTest.java new file mode 100644 index 000000000..15e28b142 --- /dev/null +++ b/ONAP-REST/src/test/java/org/onap/policy/rest/jpa/PolicyAuditlogTest.java @@ -0,0 +1,45 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP-REST + * ================================================================================ + * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.rest.jpa; + +import static org.junit.Assert.assertEquals; +import java.text.ParseException; +import org.junit.Test; + +public class PolicyAuditlogTest { + + @Test + public void test() throws ParseException { + PolicyAuditlog auditLog; + auditLog = new PolicyAuditlog(); + String value = "testData1"; + auditLog.setId(1); + auditLog.setPolicyName(value); + auditLog.setUserName(value); + auditLog.setActions(value); + + // Test gets + assertEquals(1, auditLog.getId()); + assertEquals(value, auditLog.getPolicyName()); + assertEquals(value, auditLog.getUserName()); + assertEquals(value, auditLog.getActions()); + } +} diff --git a/ONAP-XACML/src/main/java/org/onap/policy/xacml/api/pap/PAPPolicyEngine.java b/ONAP-XACML/src/main/java/org/onap/policy/xacml/api/pap/PAPPolicyEngine.java index 805293ec4..cae7456bc 100644 --- a/ONAP-XACML/src/main/java/org/onap/policy/xacml/api/pap/PAPPolicyEngine.java +++ b/ONAP-XACML/src/main/java/org/onap/policy/xacml/api/pap/PAPPolicyEngine.java @@ -2,14 +2,14 @@ * ============LICENSE_START======================================================= * ONAP-XACML * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017, 2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -17,50 +17,53 @@ * limitations under the License. * ============LICENSE_END========================================================= */ -package org.onap.policy.xacml.api.pap; -import java.io.InputStream; -import java.util.Set; +package org.onap.policy.xacml.api.pap; import com.att.research.xacml.api.pap.PAPException; import com.att.research.xacml.api.pap.PDPPolicy; import com.att.research.xacml.api.pap.PDPStatus; +import java.io.InputStream; +import java.util.Set; + +public interface PAPPolicyEngine { + + public OnapPDPGroup getDefaultGroup() throws PAPException; + + public void setDefaultGroup(OnapPDPGroup group) throws PAPException; + + public void newPDP(String id, OnapPDPGroup group, String name, String description, int jmxport) throws PAPException; + + public void newGroup(String name, String description) throws PAPException; + + public OnapPDPGroup getGroup(String id) throws PAPException; + + public Set getOnapPDPGroups() throws PAPException; + + public OnapPDPGroup getPDPGroup(OnapPDP pdp) throws PAPException; + + public PDPStatus getStatus(OnapPDP pdp) throws PAPException; + + public void movePDP(OnapPDP pdp, OnapPDPGroup newGroup) throws PAPException; + + public void updatePDP(OnapPDP pdp) throws PAPException; + + public void removePDP(OnapPDP pdp) throws PAPException; + + public OnapPDP getPDP(String pdpId) throws PAPException; + + public void updateGroup(OnapPDPGroup group) throws PAPException; + + public void removeGroup(OnapPDPGroup group, OnapPDPGroup newGroup) throws PAPException; + + public void publishPolicy(String id, String name, boolean isRoot, InputStream policy, OnapPDPGroup group) + throws PAPException; + + // copy the given policy file into the group's directory, but do not include the policy in the group's policy set + public void copyPolicy(PDPPolicy policy, OnapPDPGroup group) throws PAPException; + + public void removePolicy(PDPPolicy policy, OnapPDPGroup group) throws PAPException; + + public void updateGroup(OnapPDPGroup group, String userName) throws PAPException; -public interface PAPPolicyEngine{ - - public OnapPDPGroup getDefaultGroup() throws PAPException; - - public void setDefaultGroup(OnapPDPGroup group) throws PAPException; - - public void newPDP(String id, OnapPDPGroup group, String name, String description, int jmxport) throws PAPException; - - public void newGroup(String name, String description) throws PAPException; - - public OnapPDPGroup getGroup(String id) throws PAPException; - - public Set getOnapPDPGroups() throws PAPException; - - public OnapPDPGroup getPDPGroup(OnapPDP pdp) throws PAPException; - - public PDPStatus getStatus(OnapPDP pdp) throws PAPException; - - public void movePDP(OnapPDP pdp, OnapPDPGroup newGroup) throws PAPException; - - public void updatePDP(OnapPDP pdp) throws PAPException; - - public void removePDP(OnapPDP pdp) throws PAPException; - - public OnapPDP getPDP(String pdpId) throws PAPException; - - public void updateGroup(OnapPDPGroup group) throws PAPException; - - public void removeGroup(OnapPDPGroup group, OnapPDPGroup newGroup) throws PAPException; - -public void publishPolicy(String id, String name, boolean isRoot, InputStream policy, OnapPDPGroup group) throws PAPException; - - // copy the given policy file into the group's directory, but do not include the policy in the group's policy set - public void copyPolicy(PDPPolicy policy, OnapPDPGroup group) throws PAPException; - - public void removePolicy(PDPPolicy policy, OnapPDPGroup group) throws PAPException; - } diff --git a/ONAP-XACML/src/main/java/org/onap/policy/xacml/std/pap/StdEngine.java b/ONAP-XACML/src/main/java/org/onap/policy/xacml/std/pap/StdEngine.java index d3dc7ae18..8e55300b1 100644 --- a/ONAP-XACML/src/main/java/org/onap/policy/xacml/std/pap/StdEngine.java +++ b/ONAP-XACML/src/main/java/org/onap/policy/xacml/std/pap/StdEngine.java @@ -2,14 +2,14 @@ * ============LICENSE_START======================================================= * ONAP-XACML * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -17,8 +17,19 @@ * limitations under the License. * ============LICENSE_END========================================================= */ + package org.onap.policy.xacml.std.pap; +import com.att.research.xacml.api.pap.PAPException; +import com.att.research.xacml.api.pap.PDP; +import com.att.research.xacml.api.pap.PDPGroup; +import com.att.research.xacml.api.pap.PDPPIPConfig; +import com.att.research.xacml.api.pap.PDPPolicy; +import com.att.research.xacml.api.pap.PDPStatus; +import com.att.research.xacml.util.XACMLProperties; +import com.google.common.base.Joiner; +import com.google.common.base.Splitter; +import com.google.common.collect.Sets; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; @@ -37,7 +48,6 @@ import java.util.List; import java.util.Properties; import java.util.Set; import java.util.TreeSet; - import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.onap.policy.common.logging.eelf.MessageCodes; @@ -47,328 +57,321 @@ import org.onap.policy.xacml.api.pap.OnapPDP; import org.onap.policy.xacml.api.pap.OnapPDPGroup; import org.onap.policy.xacml.api.pap.PAPPolicyEngine; -import com.att.research.xacml.api.pap.PAPException; -import com.att.research.xacml.api.pap.PDP; -import com.att.research.xacml.api.pap.PDPGroup; -import com.att.research.xacml.api.pap.PDPPIPConfig; -import com.att.research.xacml.api.pap.PDPPolicy; -import com.att.research.xacml.api.pap.PDPStatus; -import com.att.research.xacml.util.XACMLProperties; -import com.google.common.base.Joiner; -import com.google.common.base.Splitter; -import com.google.common.collect.Sets; - /** - * This is a simple PAP engine that uses some property files and a simple directory - * structure in the file system to manage a policy repository and set of PDP nodes. - * + * This is a simple PAP engine that uses some property files and a simple directory structure in the file system to + * manage a policy repository and set of PDP nodes. + * * */ public class StdEngine extends StdPDPItemSetChangeNotifier implements PAPPolicyEngine { - public static final String pipPropertyFile = "pip.properties"; - - private static final String addGroup = "addGroup "; + public static final String pipPropertyFile = "pip.properties"; + + private static final String addGroup = "addGroup "; - private static Log logger = LogFactory.getLog(StdEngine.class); + private static Log logger = LogFactory.getLog(StdEngine.class); - public static final String PROP_PAP_REPO = "xacml.pap.pdps"; - public static final String PROP_PAP_GROUPS = "xacml.pap.groups"; - public static final String PROP_PAP_GROUPS_DEFAULT = "xacml.pap.groups.default"; - public static final String PROP_PAP_GROUPS_DEFAULT_NAME = "default"; - //this value will be accessed from XacmlPapServlet so that we know if a default group did not exist - //and was just added. This way, we can add the new group to the database. - public boolean wasDefaultGroupJustAdded = false; + public static final String PROP_PAP_REPO = "xacml.pap.pdps"; + public static final String PROP_PAP_GROUPS = "xacml.pap.groups"; + public static final String PROP_PAP_GROUPS_DEFAULT = "xacml.pap.groups.default"; + public static final String PROP_PAP_GROUPS_DEFAULT_NAME = "default"; + // this value will be accessed from XacmlPapServlet so that we know if a default group did not exist + // and was just added. This way, we can add the new group to the database. + public boolean wasDefaultGroupJustAdded = false; protected final Path repository; - protected Set groups; - - public StdEngine() throws PAPException, IOException { - // - // Get the location in the file system of our repository - // - this.repository = Paths.get(XACMLProperties.getProperty(PROP_PAP_REPO)); - // - // Initialize - // - this.intialize(); - } - - public StdEngine(Properties properties) throws PAPException, IOException { - // - // Get the location in the file system of our repository - // - this.repository = Paths.get(properties.getProperty(PROP_PAP_REPO)); - // - // Initialize - // - this.intialize(); - } - - public StdEngine(Path repository) throws PAPException, IOException { - // - // Save our location - // - this.repository = repository; - // - // Initialize - // - this.intialize(); - } - - private void intialize() throws PAPException, IOException { - // - // Sanity check the repository path - // - if (this.repository == null) { - throw new PAPException ("No repository specified."); - } - if (Files.notExists(this.repository)) { - Files.createDirectory(repository); - } - if (!Files.isDirectory(this.repository)) { - throw new PAPException ("Repository is NOT a directory: " + this.repository.toAbsolutePath()); - } - if (!Files.isWritable(this.repository)) { - throw new PAPException ("Repository is NOT writable: " + this.repository.toAbsolutePath()); - } - // - // Load our groups - // - this.loadGroups(); - } - - private void loadGroups() throws PAPException { - // - // Create a properties object - // - Properties properties = new Properties(); - Path file = Paths.get(this.repository.toString(), XACMLProperties.XACML_PROPERTIES_NAME); - try { - // - // Load the properties - // - try (InputStream is = new FileInputStream(file.toFile())) { - properties.load(is); - } - - // - // Parse it - // - this.groups = this.readProperties(this.repository, properties); - } catch (IOException e) { - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "StdEngine", "Failed to load properties file"); - this.groups = new HashSet<>(); - } - // - // Initialize the default group - // - PDPGroup defaultGroup = this.initializeDefaultGroup(file, properties); - logger.info("Default group is: " + defaultGroup.getId() + "=" + defaultGroup.getName()); - } - - private PDPGroup initializeDefaultGroup(Path file, Properties properties) throws PAPException { - wasDefaultGroupJustAdded = false; - // - // Make sure we have the default group - // - PDPGroup group = this.getDefaultGroup(); - if (group != null) { - wasDefaultGroupJustAdded = true; - return group; - } - // - // We don't have the default group, create it - // - String defaultId = properties.getProperty(PROP_PAP_GROUPS_DEFAULT, PROP_PAP_GROUPS_DEFAULT_NAME); - if("".equals(defaultId)){ - defaultId = PROP_PAP_GROUPS_DEFAULT_NAME; - } - logger.warn("Default group does NOT exist, creating " + defaultId); - Path defaultPath = Paths.get(this.repository.toString(), defaultId); - try { - // - // Does it exist? - // - if (Files.notExists(defaultPath)) { - // - // Create its directory - // - Files.createDirectory(defaultPath); - // - // Create property files - // - { - Properties props = new Properties(); - props.setProperty(XACMLProperties.PROP_REFERENCEDPOLICIES, ""); - props.setProperty(XACMLProperties.PROP_ROOTPOLICIES, ""); - Path policyPath = Paths.get(defaultPath.toAbsolutePath().toString(), "xacml.policy.properties"); - Files.createFile(policyPath); - try (OutputStream os = Files.newOutputStream(policyPath)) { - props.store(os, ""); - } catch (IOException e) { - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "StdEngine", "Failed to write default policy properties"); - } - } - { - Properties props = new Properties(); - props = setPIPProperties(props); - Path pipPath = Paths.get(defaultPath.toAbsolutePath().toString(), "xacml.pip.properties"); - Files.createFile(pipPath); - try (OutputStream os = Files.newOutputStream(pipPath)) { - props.store(os, ""); - } catch (IOException e) { - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "StdEngine", "Failed to write default pip properties"); - } - } - } - // - // Create the default group - // - StdPDPGroup newDefault = new StdPDPGroup(defaultId, true, "default", "The default group where new PDP's are put.", defaultPath); - // - // Add it to our list - // - this.groups.add(newDefault); - // - // Save our properties out since we have - // a new default group. - // - StdEngine.setGroupProperties(newDefault, properties); - // - // Save it to disk - // - try { - try (OutputStream os = Files.newOutputStream(file)) { - properties.store(os, ""); - } - } catch (IOException e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "StdEngine", "Failed to save properties with new default group information."); - } - // - // Return it - // - wasDefaultGroupJustAdded = true; - return newDefault; - } catch (IOException e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "StdEngine", "Failed to create default group"); - throw new PAPException("Failed to create default group"); - } - } - - @Override - public OnapPDPGroup getDefaultGroup() throws PAPException{ - for (OnapPDPGroup group : this.groups) { - if (group.isDefaultGroup()) { - return group; - } - } - // - // Default group doesn't exist - // - return null; - } - - @Override - public OnapPDPGroup getGroup(String id) throws PAPException { - for (OnapPDPGroup g: this.groups) { - if (g.getId().equals(id)) { - return g; - } - } - return null; - } - - @Override - public void newGroup(String name, String description) throws PAPException, NullPointerException{ - // - // Null check - // - if (name == null) { - throw new NullPointerException(); - } - // - // Do we already have this group? - // - for (PDPGroup group : this.groups) { - if (group.getName().equals(name)) { - throw new PAPException("Group with this name=" + name + " already exists."); - } - } - - - // create an Id that can be used as a file name and a properties file key. - // Ids must not contain \/:*?"<>|=,; - // The ID must also be unique within the current set of PDPGroups. - String id = createNewPDPGroupId(name); - - - // - // Construct the directory path - // - Path groupPath = Paths.get(this.repository.toString(), id); - // - // If it exists already - // - if (Files.exists(groupPath)) { - logger.warn(addGroup + id + " directory exists"); - } else { - try { - // - // Create the directory - // - Files.createDirectory(groupPath); - } catch (IOException e) { - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "StdEngine", "Failed to create " + groupPath); - throw new PAPException("Failed to create " + id); - } - } - // - // Create the Policies - // - - Path policyProperties = Paths.get(groupPath.toString(), "xacml.policy.properties"); - if (Files.exists(policyProperties)) { - logger.warn(addGroup + id + " file exists"); - } else { - Properties props = new Properties(); - props.setProperty(XACMLProperties.PROP_REFERENCEDPOLICIES, ""); - props.setProperty(XACMLProperties.PROP_ROOTPOLICIES, ""); - try { - Files.createFile(policyProperties); - try (OutputStream os = Files.newOutputStream(policyProperties)) { - props.store(os, ""); - } - } catch (IOException e) { - PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "StdEngine", "Failed to create policyProperties"); - throw new PAPException("Failed to create " + id); - } - } - // - // Create the PIP config - // - Path pipProperties = Paths.get(groupPath.toString(), "xacml.pip.properties"); - Properties props = new Properties(); - if (Files.exists(pipProperties)) { - logger.warn(addGroup + id + " file exists."); - } else { - try { - props = setPIPProperties(props); - Files.createFile(pipProperties); - try (OutputStream os = Files.newOutputStream(pipProperties)) { - props.store(os, ""); - } - } catch (IOException e) { - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "StdEngine", "Failed to create pipProperties"); - throw new PAPException("Failed to create " + id); - } - - } - // - // Ok now add it - // - StdPDPGroup newGroup = new StdPDPGroup(id, name, description, groupPath); - // Add the default PIP configuration. - String list = props.getProperty(XACMLProperties.PROP_PIP_ENGINES); + protected Set groups; + + public StdEngine() throws PAPException, IOException { + // + // Get the location in the file system of our repository + // + this.repository = Paths.get(XACMLProperties.getProperty(PROP_PAP_REPO)); + // + // Initialize + // + this.intialize(); + } + + public StdEngine(Properties properties) throws PAPException, IOException { + // + // Get the location in the file system of our repository + // + this.repository = Paths.get(properties.getProperty(PROP_PAP_REPO)); + // + // Initialize + // + this.intialize(); + } + + public StdEngine(Path repository) throws PAPException, IOException { + // + // Save our location + // + this.repository = repository; + // + // Initialize + // + this.intialize(); + } + + private void intialize() throws PAPException, IOException { + // + // Sanity check the repository path + // + if (this.repository == null) { + throw new PAPException("No repository specified."); + } + if (Files.notExists(this.repository)) { + Files.createDirectory(repository); + } + if (!Files.isDirectory(this.repository)) { + throw new PAPException("Repository is NOT a directory: " + this.repository.toAbsolutePath()); + } + if (!Files.isWritable(this.repository)) { + throw new PAPException("Repository is NOT writable: " + this.repository.toAbsolutePath()); + } + // + // Load our groups + // + this.loadGroups(); + } + + private void loadGroups() throws PAPException { + // + // Create a properties object + // + Properties properties = new Properties(); + Path file = Paths.get(this.repository.toString(), XACMLProperties.XACML_PROPERTIES_NAME); + try { + // + // Load the properties + // + try (InputStream is = new FileInputStream(file.toFile())) { + properties.load(is); + } + + // + // Parse it + // + this.groups = this.readProperties(this.repository, properties); + } catch (IOException e) { + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "StdEngine", "Failed to load properties file"); + this.groups = new HashSet<>(); + } + // + // Initialize the default group + // + PDPGroup defaultGroup = this.initializeDefaultGroup(file, properties); + logger.info("Default group is: " + defaultGroup.getId() + "=" + defaultGroup.getName()); + } + + private PDPGroup initializeDefaultGroup(Path file, Properties properties) throws PAPException { + wasDefaultGroupJustAdded = false; + // + // Make sure we have the default group + // + PDPGroup group = this.getDefaultGroup(); + if (group != null) { + wasDefaultGroupJustAdded = true; + return group; + } + // + // We don't have the default group, create it + // + String defaultId = properties.getProperty(PROP_PAP_GROUPS_DEFAULT, PROP_PAP_GROUPS_DEFAULT_NAME); + if ("".equals(defaultId)) { + defaultId = PROP_PAP_GROUPS_DEFAULT_NAME; + } + logger.warn("Default group does NOT exist, creating " + defaultId); + Path defaultPath = Paths.get(this.repository.toString(), defaultId); + try { + // + // Does it exist? + // + if (Files.notExists(defaultPath)) { + // + // Create its directory + // + Files.createDirectory(defaultPath); + // + // Create property files + // + { + Properties props = new Properties(); + props.setProperty(XACMLProperties.PROP_REFERENCEDPOLICIES, ""); + props.setProperty(XACMLProperties.PROP_ROOTPOLICIES, ""); + Path policyPath = Paths.get(defaultPath.toAbsolutePath().toString(), "xacml.policy.properties"); + Files.createFile(policyPath); + try (OutputStream os = Files.newOutputStream(policyPath)) { + props.store(os, ""); + } catch (IOException e) { + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "StdEngine", + "Failed to write default policy properties"); + } + } + { + Properties props = new Properties(); + props = setPIPProperties(props); + Path pipPath = Paths.get(defaultPath.toAbsolutePath().toString(), "xacml.pip.properties"); + Files.createFile(pipPath); + try (OutputStream os = Files.newOutputStream(pipPath)) { + props.store(os, ""); + } catch (IOException e) { + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "StdEngine", + "Failed to write default pip properties"); + } + } + } + // + // Create the default group + // + StdPDPGroup newDefault = new StdPDPGroup(defaultId, true, "default", + "The default group where new PDP's are put.", defaultPath); + // + // Add it to our list + // + this.groups.add(newDefault); + // + // Save our properties out since we have + // a new default group. + // + StdEngine.setGroupProperties(newDefault, properties); + // + // Save it to disk + // + try { + try (OutputStream os = Files.newOutputStream(file)) { + properties.store(os, ""); + } + } catch (IOException e) { + PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "StdEngine", + "Failed to save properties with new default group information."); + } + // + // Return it + // + wasDefaultGroupJustAdded = true; + return newDefault; + } catch (IOException e) { + PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "StdEngine", "Failed to create default group"); + throw new PAPException("Failed to create default group"); + } + } + + @Override + public OnapPDPGroup getDefaultGroup() throws PAPException { + for (OnapPDPGroup group : this.groups) { + if (group.isDefaultGroup()) { + return group; + } + } + // + // Default group doesn't exist + // + return null; + } + + @Override + public OnapPDPGroup getGroup(String id) throws PAPException { + for (OnapPDPGroup g : this.groups) { + if (g.getId().equals(id)) { + return g; + } + } + return null; + } + + @Override + public void newGroup(String name, String description) throws PAPException, NullPointerException { + // + // Null check + // + if (name == null) { + throw new NullPointerException(); + } + // + // Do we already have this group? + // + for (PDPGroup group : this.groups) { + if (group.getName().equals(name)) { + throw new PAPException("Group with this name=" + name + " already exists."); + } + } + + + // create an Id that can be used as a file name and a properties file key. + // Ids must not contain \/:*?"<>|=,; + // The ID must also be unique within the current set of PDPGroups. + String id = createNewPDPGroupId(name); + + + // + // Construct the directory path + // + Path groupPath = Paths.get(this.repository.toString(), id); + // + // If it exists already + // + if (Files.exists(groupPath)) { + logger.warn(addGroup + id + " directory exists"); + } else { + try { + // + // Create the directory + // + Files.createDirectory(groupPath); + } catch (IOException e) { + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "StdEngine", "Failed to create " + groupPath); + throw new PAPException("Failed to create " + id); + } + } + // + // Create the Policies + // + + Path policyProperties = Paths.get(groupPath.toString(), "xacml.policy.properties"); + if (Files.exists(policyProperties)) { + logger.warn(addGroup + id + " file exists"); + } else { + Properties props = new Properties(); + props.setProperty(XACMLProperties.PROP_REFERENCEDPOLICIES, ""); + props.setProperty(XACMLProperties.PROP_ROOTPOLICIES, ""); + try { + Files.createFile(policyProperties); + try (OutputStream os = Files.newOutputStream(policyProperties)) { + props.store(os, ""); + } + } catch (IOException e) { + PolicyLogger.error(MessageCodes.EXCEPTION_ERROR, e, "StdEngine", "Failed to create policyProperties"); + throw new PAPException("Failed to create " + id); + } + } + // + // Create the PIP config + // + Path pipProperties = Paths.get(groupPath.toString(), "xacml.pip.properties"); + Properties props = new Properties(); + if (Files.exists(pipProperties)) { + logger.warn(addGroup + id + " file exists."); + } else { + try { + props = setPIPProperties(props); + Files.createFile(pipProperties); + try (OutputStream os = Files.newOutputStream(pipProperties)) { + props.store(os, ""); + } + } catch (IOException e) { + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "StdEngine", "Failed to create pipProperties"); + throw new PAPException("Failed to create " + id); + } + + } + // + // Ok now add it + // + StdPDPGroup newGroup = new StdPDPGroup(id, name, description, groupPath); + // Add the default PIP configuration. + String list = props.getProperty(XACMLProperties.PROP_PIP_ENGINES); if (list != null && list.length() > 0) { Set pipConfigs = new HashSet<>(); for (String pipID : list.split("[,]")) { @@ -379,652 +382,668 @@ public class StdEngine extends StdPDPItemSetChangeNotifier implements PAPPolicyE } newGroup.setPipConfigs(pipConfigs); } - if (this.groups.add(newGroup)) { - // save the new group in our properties and notify any listeners of the change - groupChanged(newGroup); - } - - } - - - - - /** - * Helper to create a new Group ID. - * Use the Name field to create the Id. - * The Name is expected to not be null; if it is then this method throws an exception. - * The name is supposed to be unique within the current set of groups, - * so creating the ID based on the name will create a unique string. - * - * @param name - * @return - */ - private String createNewPDPGroupId(String name) { - String id = name; - // replace "bad" characters with sequences that will be ok for file names and properties keys. - id = id.replace(" ", "_sp_"); - id = id.replace("\t", "_tab_"); - id = id.replace("\\", "_bksl_"); - id = id.replace("/", "_sl_"); - id = id.replace(":", "_col_"); - id = id.replace("*", "_ast_"); - id = id.replace("?", "_q_"); - id = id.replace("\"", "_quo_"); - id = id.replace("<", "_lt_"); - id = id.replace(">", "_gt_"); - id = id.replace("|", "_bar_"); - id = id.replace("=", "_eq_"); - id = id.replace(",", "_com_"); - id = id.replace(";", "_scom_"); - - return id; - } - - - @Override - public OnapPDP getPDP(String pdpId) throws PAPException { - for (OnapPDPGroup group : this.groups) { - for (OnapPDP pdp : group.getOnapPdps()) { - if (pdp.getId().equals(pdpId)) { - return pdp; - } - } - } - return null; - } - - - @Override - public void movePDP(OnapPDP pdp, OnapPDPGroup newGroup) throws PAPException { - if (newGroup == null) { - throw new NullPointerException("You must specify which group the PDP will belong to."); - } - PDPGroup currentGroup = this.getPDPGroup(pdp); - if (currentGroup == null) { - throw new PAPException("PDP must already belong to a group."); - } - if (currentGroup.equals(newGroup)) { - logger.warn("Already in that group."); - return; - } - if (currentGroup instanceof StdPDPGroup && newGroup instanceof StdPDPGroup) { - if (((StdPDPGroup) currentGroup).removePDP(pdp)) { - boolean result = ((StdPDPGroup) newGroup).addPDP(pdp); - if (result) { - // - // Save the configuration - // - this.doSave(); - } else { - PolicyLogger.error("Failed to add to new group, putting back into original group."); - if (!((StdPDPGroup) currentGroup).removePDP(pdp)) { - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + "Failed to put PDP back into original group."); - } - } - } - } else { - String message = "Unknown PDP group class: " + newGroup.getClass().getCanonicalName() + " and " + currentGroup.getClass().getCanonicalName(); - logger.warn(message); - throw new PAPException(message); - } - } - - - @Override - public void updatePDP(OnapPDP pdp) throws PAPException { - PDP currentPDP = this.getPDP(pdp.getId()); - if (currentPDP == null) { - String message = "Unknown PDP id '" + pdp.getId() + "'"; - logger.warn(message); - throw new PAPException(message); - } - - // the only things that the user can change are name and description - currentPDP.setDescription(pdp.getDescription()); - currentPDP.setName(pdp.getName()); - if (currentPDP instanceof OnapPDP) { - ((OnapPDP)currentPDP).setJmxPort(pdp.getJmxPort()); - } - this.doSave(); - } - - @Override - public void removePDP(OnapPDP pdp) throws PAPException { - PDPGroup group = this.getPDPGroup(pdp); - if (group == null) { - throw new NullPointerException(); - } - if (group instanceof StdPDPGroup) { - boolean result = ((StdPDPGroup) group).removePDP(pdp); - if (result) { - this.doSave(); - } - return; - } - String message = "Unknown PDP group class: " + group.getClass().getCanonicalName(); - logger.warn(message); - throw new PAPException(message); - } - - - @Override - /** - * Should never be called - Detailed status is held on the PDP, not the PAP - */ - public PDPStatus getStatus(OnapPDP pdp) throws PAPException { - return getPDP(pdp.getId()).getStatus(); - } - - @Override - public void publishPolicy(String id, String name, boolean isRoot, InputStream policy, OnapPDPGroup group) throws PAPException { - if (group == null) { - throw new NullPointerException(); - } - if (group instanceof StdPDPGroup && this.groups.contains(group)) { - ((StdPDPGroup) group).publishPolicy(id, name, isRoot, policy); - return; - } - logger.warn("unknown PDP Group: " + group); - throw new PAPException("Unknown PDP Group: " + group.getId()); - } - - - @Override - public void copyPolicy(PDPPolicy policy, OnapPDPGroup group) - throws PAPException { - // - // Currently not used on the PAP side. This is done by ((StdPDPGroup) group).copyPolicyToFile - // - } - - - @Override - public void removePolicy(PDPPolicy policy, OnapPDPGroup group) throws PAPException { - if (group == null) { - throw new NullPointerException(); - } - if (group instanceof StdPDPGroup && this.groups.contains(group)) { - ((StdPDPGroup) group).removePolicy(policy); - return; - } - logger.warn("unknown PDP Group: " + group); - throw new PAPException("Unknown PDP Group: " + group.getId()); - } - - - // - // HELPER methods - // - - private Set readProperties(Path repository, Properties properties) throws PAPException { - Set pdpGroups = new HashSet<>(); - // - // See if there is a groups property - // - String groupList = properties.getProperty(PROP_PAP_GROUPS, ""); - if (groupList == null) { - logger.warn("null group list " + PROP_PAP_GROUPS); - groupList = ""; - } - if (logger.isDebugEnabled()) { - logger.debug("group list: " + groupList); - } - // - // Iterate the groups, converting to a set ensures we have unique groups. - // - for (String id : Splitter.on(',').trimResults().omitEmptyStrings().split(groupList)) { - // - // Add our Group Object - // - StdPDPGroup g = new StdPDPGroup(id.trim(), - id.equals(properties.getProperty(PROP_PAP_GROUPS_DEFAULT, PROP_PAP_GROUPS_DEFAULT_NAME)), - properties, - Paths.get(repository.toString(), id)); - - // - // Add it in - // - pdpGroups.add(g); - } - // - // Dump what we got - // - if (logger.isDebugEnabled()) { - logger.debug("PDP Group List: " + pdpGroups.toString()); - } - return pdpGroups; - } - - private void saveConfiguration() throws PAPException, IOException { - // - // Create our properties object - // - Properties properties = new Properties() { - private static final long serialVersionUID = 1L; - // For Debugging it is helpful for the file to be in a sorted order, - // any by returning the keys in the natural Alpha order for strings we get close enough. - // TreeSet is sorted, and this just overrides the normal Properties method to get the keys. - @Override - public synchronized Enumeration keys() { - return Collections.enumeration(new TreeSet(super.keySet())); - } - }; - // - // Iterate our groups - // - List ids = new ArrayList<>(); - for (PDPGroup group : this.groups) { - ids.add(group.getId()); - properties.setProperty(group.getId() + ".name", group.getName() == null ? "" : group.getName()); - properties.setProperty(group.getId() + ".description", group.getDescription() == null ? "" : group.getDescription()); - // - // Iterate its PDPs - // - List pdps = new ArrayList<>(); - for (PDP pdp : group.getPdps()) { - pdps.add(pdp.getId()); - properties.setProperty(pdp.getId() + ".name", pdp.getName() == null ? "" : pdp.getName()); - properties.setProperty(pdp.getId() + ".description", pdp.getDescription() == null ? "" : pdp.getDescription()); - if (pdp instanceof OnapPDP) { - properties.setProperty(pdp.getId() + ".jmxport", (((OnapPDP)pdp).getJmxPort()==0 ? "" : ((OnapPDP)pdp).getJmxPort()).toString()); - } - } - String pdpList = ""; - if (pdps.size() == 1) { - pdpList = pdps.get(0); - } else if (pdps.size() > 1) { - pdpList = Joiner.on(',').skipNulls().join(pdps); - } - if (logger.isDebugEnabled()) { - logger.debug("Group " + group.getId() + " PDPS: " + pdpList); - } - properties.setProperty(group.getId() + ".pdps", pdpList); - } - if (ids.isEmpty()) { - throw new PAPException("Inconsistency - we have NO groups. We should have at least one."); - } - String groupList = ""; - if (ids.size() == 1) { - groupList = ids.get(0); - } else if (ids.size() > 1){ - groupList = Joiner.on(',').skipNulls().join(ids); - } - logger.info("New Group List: " + groupList); - - properties.setProperty(PROP_PAP_GROUPS, groupList); - // - // Get the default group - // - PDPGroup defaultGroup = this.getDefaultGroup(); - if (defaultGroup == null) { - throw new PAPException("Invalid state - no default group."); - } - properties.setProperty(PROP_PAP_GROUPS_DEFAULT, defaultGroup.getId()); - // - // Now we can save the file - // - Path file = Paths.get(this.repository.toString(), "xacml.properties"); - try (OutputStream os = Files.newOutputStream(file)) { - properties.store(os, ""); - } - } - - public static void removeGroupProperties(String id, Properties properties) { - for (Object key : properties.keySet()) { - if (key.toString().startsWith(id + ".")) { - properties.remove(key); - } - } - } - - public static void setGroupProperties(PDPGroup group, Properties properties) { - // - // make sure its in the list of groups - // - Iterable groups = Splitter.on(',').trimResults().omitEmptyStrings().split( properties.getProperty(PROP_PAP_GROUPS, "")); - boolean inList = false; - for (String g : groups) { - if (g.equals(group.getId())) { - inList = true; - } - } - if (!inList) { - Set grps = Sets.newHashSet(groups); - grps.add(group.getId()); - String newGroupList; - if (grps.size() == 1) { - newGroupList = grps.iterator().next(); - } else if (grps.size() > 1) { - newGroupList = Joiner.on(',').skipNulls().join(grps); - } else { + if (this.groups.add(newGroup)) { + // save the new group in our properties and notify any listeners of the change + groupChanged(newGroup); + } + + } + + + + /** + * Helper to create a new Group ID. Use the Name field to create the Id. The Name is expected to not be null; if it + * is then this method throws an exception. The name is supposed to be unique within the current set of groups, so + * creating the ID based on the name will create a unique string. + * + * @param name + * @return + */ + private String createNewPDPGroupId(String name) { + String id = name; + // replace "bad" characters with sequences that will be ok for file names and properties keys. + id = id.replace(" ", "_sp_"); + id = id.replace("\t", "_tab_"); + id = id.replace("\\", "_bksl_"); + id = id.replace("/", "_sl_"); + id = id.replace(":", "_col_"); + id = id.replace("*", "_ast_"); + id = id.replace("?", "_q_"); + id = id.replace("\"", "_quo_"); + id = id.replace("<", "_lt_"); + id = id.replace(">", "_gt_"); + id = id.replace("|", "_bar_"); + id = id.replace("=", "_eq_"); + id = id.replace(",", "_com_"); + id = id.replace(";", "_scom_"); + + return id; + } + + + @Override + public OnapPDP getPDP(String pdpId) throws PAPException { + for (OnapPDPGroup group : this.groups) { + for (OnapPDP pdp : group.getOnapPdps()) { + if (pdp.getId().equals(pdpId)) { + return pdp; + } + } + } + return null; + } + + + @Override + public void movePDP(OnapPDP pdp, OnapPDPGroup newGroup) throws PAPException { + if (newGroup == null) { + throw new NullPointerException("You must specify which group the PDP will belong to."); + } + PDPGroup currentGroup = this.getPDPGroup(pdp); + if (currentGroup == null) { + throw new PAPException("PDP must already belong to a group."); + } + if (currentGroup.equals(newGroup)) { + logger.warn("Already in that group."); + return; + } + if (currentGroup instanceof StdPDPGroup && newGroup instanceof StdPDPGroup) { + if (((StdPDPGroup) currentGroup).removePDP(pdp)) { + boolean result = ((StdPDPGroup) newGroup).addPDP(pdp); + if (result) { + // + // Save the configuration + // + this.doSave(); + } else { + PolicyLogger.error("Failed to add to new group, putting back into original group."); + if (!((StdPDPGroup) currentGroup).removePDP(pdp)) { + PolicyLogger + .error(MessageCodes.ERROR_DATA_ISSUE + "Failed to put PDP back into original group."); + } + } + } + } else { + String message = "Unknown PDP group class: " + newGroup.getClass().getCanonicalName() + " and " + + currentGroup.getClass().getCanonicalName(); + logger.warn(message); + throw new PAPException(message); + } + } + + + @Override + public void updatePDP(OnapPDP pdp) throws PAPException { + PDP currentPDP = this.getPDP(pdp.getId()); + if (currentPDP == null) { + String message = "Unknown PDP id '" + pdp.getId() + "'"; + logger.warn(message); + throw new PAPException(message); + } + + // the only things that the user can change are name and description + currentPDP.setDescription(pdp.getDescription()); + currentPDP.setName(pdp.getName()); + if (currentPDP instanceof OnapPDP) { + ((OnapPDP) currentPDP).setJmxPort(pdp.getJmxPort()); + } + this.doSave(); + } + + @Override + public void removePDP(OnapPDP pdp) throws PAPException { + PDPGroup group = this.getPDPGroup(pdp); + if (group == null) { + throw new NullPointerException(); + } + if (group instanceof StdPDPGroup) { + boolean result = ((StdPDPGroup) group).removePDP(pdp); + if (result) { + this.doSave(); + } + return; + } + String message = "Unknown PDP group class: " + group.getClass().getCanonicalName(); + logger.warn(message); + throw new PAPException(message); + } + + + @Override + /** + * Should never be called - Detailed status is held on the PDP, not the PAP + */ + public PDPStatus getStatus(OnapPDP pdp) throws PAPException { + return getPDP(pdp.getId()).getStatus(); + } + + @Override + public void publishPolicy(String id, String name, boolean isRoot, InputStream policy, OnapPDPGroup group) + throws PAPException { + if (group == null) { + throw new NullPointerException(); + } + if (group instanceof StdPDPGroup && this.groups.contains(group)) { + ((StdPDPGroup) group).publishPolicy(id, name, isRoot, policy); + return; + } + logger.warn("unknown PDP Group: " + group); + throw new PAPException("Unknown PDP Group: " + group.getId()); + } + + + @Override + public void copyPolicy(PDPPolicy policy, OnapPDPGroup group) throws PAPException { + // + // Currently not used on the PAP side. This is done by ((StdPDPGroup) group).copyPolicyToFile + // + } + + + @Override + public void removePolicy(PDPPolicy policy, OnapPDPGroup group) throws PAPException { + if (group == null) { + throw new NullPointerException(); + } + if (group instanceof StdPDPGroup && this.groups.contains(group)) { + ((StdPDPGroup) group).removePolicy(policy); + return; + } + logger.warn("unknown PDP Group: " + group); + throw new PAPException("Unknown PDP Group: " + group.getId()); + } + + + // + // HELPER methods + // + + private Set readProperties(Path repository, Properties properties) throws PAPException { + Set pdpGroups = new HashSet<>(); + // + // See if there is a groups property + // + String groupList = properties.getProperty(PROP_PAP_GROUPS, ""); + if (groupList == null) { + logger.warn("null group list " + PROP_PAP_GROUPS); + groupList = ""; + } + if (logger.isDebugEnabled()) { + logger.debug("group list: " + groupList); + } + // + // Iterate the groups, converting to a set ensures we have unique groups. + // + for (String id : Splitter.on(',').trimResults().omitEmptyStrings().split(groupList)) { + // + // Add our Group Object + // + StdPDPGroup g = new StdPDPGroup(id.trim(), + id.equals(properties.getProperty(PROP_PAP_GROUPS_DEFAULT, PROP_PAP_GROUPS_DEFAULT_NAME)), + properties, Paths.get(repository.toString(), id)); + + // + // Add it in + // + pdpGroups.add(g); + } + // + // Dump what we got + // + if (logger.isDebugEnabled()) { + logger.debug("PDP Group List: " + pdpGroups.toString()); + } + return pdpGroups; + } + + private void saveConfiguration() throws PAPException, IOException { + // + // Create our properties object + // + Properties properties = new Properties() { + private static final long serialVersionUID = 1L; + + // For Debugging it is helpful for the file to be in a sorted order, + // any by returning the keys in the natural Alpha order for strings we get close enough. + // TreeSet is sorted, and this just overrides the normal Properties method to get the keys. + @Override + public synchronized Enumeration keys() { + return Collections.enumeration(new TreeSet(super.keySet())); + } + }; + // + // Iterate our groups + // + List ids = new ArrayList<>(); + for (PDPGroup group : this.groups) { + ids.add(group.getId()); + properties.setProperty(group.getId() + ".name", group.getName() == null ? "" : group.getName()); + properties.setProperty(group.getId() + ".description", + group.getDescription() == null ? "" : group.getDescription()); + // + // Iterate its PDPs + // + List pdps = new ArrayList<>(); + for (PDP pdp : group.getPdps()) { + pdps.add(pdp.getId()); + properties.setProperty(pdp.getId() + ".name", pdp.getName() == null ? "" : pdp.getName()); + properties.setProperty(pdp.getId() + ".description", + pdp.getDescription() == null ? "" : pdp.getDescription()); + if (pdp instanceof OnapPDP) { + properties.setProperty(pdp.getId() + ".jmxport", + (((OnapPDP) pdp).getJmxPort() == 0 ? "" : ((OnapPDP) pdp).getJmxPort()).toString()); + } + } + String pdpList = ""; + if (pdps.size() == 1) { + pdpList = pdps.get(0); + } else if (pdps.size() > 1) { + pdpList = Joiner.on(',').skipNulls().join(pdps); + } + if (logger.isDebugEnabled()) { + logger.debug("Group " + group.getId() + " PDPS: " + pdpList); + } + properties.setProperty(group.getId() + ".pdps", pdpList); + } + if (ids.isEmpty()) { + throw new PAPException("Inconsistency - we have NO groups. We should have at least one."); + } + String groupList = ""; + if (ids.size() == 1) { + groupList = ids.get(0); + } else if (ids.size() > 1) { + groupList = Joiner.on(',').skipNulls().join(ids); + } + logger.info("New Group List: " + groupList); + + properties.setProperty(PROP_PAP_GROUPS, groupList); + // + // Get the default group + // + PDPGroup defaultGroup = this.getDefaultGroup(); + if (defaultGroup == null) { + throw new PAPException("Invalid state - no default group."); + } + properties.setProperty(PROP_PAP_GROUPS_DEFAULT, defaultGroup.getId()); + // + // Now we can save the file + // + Path file = Paths.get(this.repository.toString(), "xacml.properties"); + try (OutputStream os = Files.newOutputStream(file)) { + properties.store(os, ""); + } + } + + public static void removeGroupProperties(String id, Properties properties) { + for (Object key : properties.keySet()) { + if (key.toString().startsWith(id + ".")) { + properties.remove(key); + } + } + } + + public static void setGroupProperties(PDPGroup group, Properties properties) { + // + // make sure its in the list of groups + // + Iterable groups = + Splitter.on(',').trimResults().omitEmptyStrings().split(properties.getProperty(PROP_PAP_GROUPS, "")); + boolean inList = false; + for (String g : groups) { + if (g.equals(group.getId())) { + inList = true; + } + } + if (!inList) { + Set grps = Sets.newHashSet(groups); + grps.add(group.getId()); + String newGroupList; + if (grps.size() == 1) { + newGroupList = grps.iterator().next(); + } else if (grps.size() > 1) { + newGroupList = Joiner.on(',').skipNulls().join(grps); + } else { newGroupList = ""; } - logger.info("New Group List: " + newGroupList); - properties.setProperty(PROP_PAP_GROUPS, newGroupList); - } - // - // Set its properties - // - properties.setProperty(group.getId() + ".name", group.getName()); - properties.setProperty(group.getId() + ".description", group.getDescription()); - // - // Set its PDP list - // - if (!group.getPdps().isEmpty()) { - String pdpList = ""; - if (group.getPdps().size() == 1) { - pdpList = group.getPdps().iterator().next().getId(); - } else if (group.getPdps().size() > 1) { - Set ids = new HashSet<>(); - for (PDP pdp : group.getPdps()) { - ids.add(pdp.getId()); - } - pdpList = Joiner.on(',').skipNulls().join(ids); - } - properties.setProperty(group.getId() + ".pdps", pdpList); - } else { - properties.setProperty(group.getId() + ".pdps", ""); - } - } - - - public void changed() { - if (logger.isDebugEnabled()) { - logger.debug("changed"); - } - this.doSave(); - this.fireChanged(); - } - - public void groupChanged(OnapPDPGroup group) { - if (logger.isDebugEnabled()) { - logger.debug("groupChanged: " + group); - } - this.doSave(); - this.firePDPGroupChanged(group); - } - - - public void pdpChanged(OnapPDP pdp) { - if (logger.isDebugEnabled()) { - logger.debug("pdpChanged: " + pdp); - } - this.doSave(); - this.firePDPChanged(pdp); - } - - private void doSave() { - try { - // - // Save the configuration - // - this.saveConfiguration(); - } catch (IOException|PAPException e) { - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "StdEngine", "Failed to save configuration"); - } - } - - private Properties setPIPProperties(Properties props){ - props.setProperty(XACMLProperties.PROP_PIP_ENGINES, "AAF"); - props.setProperty("AAF.name", "AAFEngine"); - props.setProperty("AAF.description", "AAFEngine to communicate with AAF to take decisions"); - props.setProperty("AAF.classname","org.onap.policy.xacml.std.pip.engines.aaf.AAFEngine"); - // read from PIP properties file. - Path file = Paths.get(pipPropertyFile); - if (!Files.notExists(file)) { - InputStream in; - Properties prop = new Properties(); - try { - in = new FileInputStream(file.toFile()); - prop.load(in); - } catch (IOException e) { - PolicyLogger.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "can not load the pip properties from file" +e); - } + logger.info("New Group List: " + newGroupList); + properties.setProperty(PROP_PAP_GROUPS, newGroupList); + } + // + // Set its properties + // + properties.setProperty(group.getId() + ".name", group.getName()); + properties.setProperty(group.getId() + ".description", group.getDescription()); + // + // Set its PDP list + // + if (!group.getPdps().isEmpty()) { + String pdpList = ""; + if (group.getPdps().size() == 1) { + pdpList = group.getPdps().iterator().next().getId(); + } else if (group.getPdps().size() > 1) { + Set ids = new HashSet<>(); + for (PDP pdp : group.getPdps()) { + ids.add(pdp.getId()); + } + pdpList = Joiner.on(',').skipNulls().join(ids); + } + properties.setProperty(group.getId() + ".pdps", pdpList); + } else { + properties.setProperty(group.getId() + ".pdps", ""); + } + } + + + public void changed() { + if (logger.isDebugEnabled()) { + logger.debug("changed"); + } + this.doSave(); + this.fireChanged(); + } + + public void groupChanged(OnapPDPGroup group) { + if (logger.isDebugEnabled()) { + logger.debug("groupChanged: " + group); + } + this.doSave(); + this.firePDPGroupChanged(group); + } + + + public void pdpChanged(OnapPDP pdp) { + if (logger.isDebugEnabled()) { + logger.debug("pdpChanged: " + pdp); + } + this.doSave(); + this.firePDPChanged(pdp); + } + + private void doSave() { + try { + // + // Save the configuration + // + this.saveConfiguration(); + } catch (IOException | PAPException e) { + PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "StdEngine", "Failed to save configuration"); + } + } + + private Properties setPIPProperties(Properties props) { + props.setProperty(XACMLProperties.PROP_PIP_ENGINES, "AAF"); + props.setProperty("AAF.name", "AAFEngine"); + props.setProperty("AAF.description", "AAFEngine to communicate with AAF to take decisions"); + props.setProperty("AAF.classname", "org.onap.policy.xacml.std.pip.engines.aaf.AAFEngine"); + // read from PIP properties file. + Path file = Paths.get(pipPropertyFile); + if (!Files.notExists(file)) { + InputStream in; + Properties prop = new Properties(); + try { + in = new FileInputStream(file.toFile()); + prop.load(in); + } catch (IOException e) { + PolicyLogger.error( + XACMLErrorConstants.ERROR_SYSTEM_ERROR + "can not load the pip properties from file" + e); + } props = prop; - } - return props; - } - - - @Override - public Set getOnapPDPGroups() throws PAPException { - final Set grps = new HashSet<>(); - for (OnapPDPGroup g : this.groups) { - grps.add(g); - } - return Collections.unmodifiableSet(grps); - } - - @Override - public OnapPDPGroup getPDPGroup(OnapPDP pdp) throws PAPException { - for (OnapPDPGroup group : this.groups) { - if (group.getPdps().contains(pdp)) { - return group; - } - } - return null; - } - - @Override - public void setDefaultGroup(OnapPDPGroup group) throws PAPException { - boolean changesMade = false; - for (OnapPDPGroup aGroup : groups) { - if (aGroup.getId().equals(group.getId())) { - if ( ! aGroup.isDefaultGroup()) { - if (aGroup instanceof StdPDPGroup) { - ((StdPDPGroup) aGroup).setDefault(true); - changesMade = true; - } else { - throw new IllegalArgumentException("Group in groups of unknown type '" + aGroup.getClass().getName() + "'"); - } - } - } else { - // not the new default group - if (aGroup.isDefaultGroup()) { - if (aGroup instanceof StdPDPGroup) { - ((StdPDPGroup) aGroup).setDefault(false); - changesMade = true; - } else { - throw new IllegalArgumentException("Group in groups of unknown type '" + aGroup.getClass().getName() + "'"); - } - } - } - } - if (changesMade) { - this.doSave(); - } - - return; - - } - - @Override - public void newPDP(String id, OnapPDPGroup group, String name, String description, int jmxport) - throws PAPException, NullPointerException { - if (group == null) { - throw new PAPException("You must specify which group the PDP will belong to."); - } - if (!this.groups.contains(group)) { - throw new PAPException("Unknown group, not in our list."); - } - for (OnapPDP p : group.getOnapPdps()) { - if (p.getId().equals(id)) { - throw new PAPException("A PDP with this ID exists."); - } - } - if (group instanceof StdPDPGroup) { - StdPDP pdp = new StdPDP(id, name, description, jmxport); - if (((StdPDPGroup) group).addPDP(pdp)) { - // - // Save the properties and notify any listeners - // - pdpChanged(pdp); - return; - } - } - return; - - } - - @Override - public void updateGroup(OnapPDPGroup group) throws PAPException { - if (group == null || group.getId() == null) { - throw new PAPException("Group or id is null"); - } - if (group.getName() == null || group.getName().trim().length() == 0) { - throw new PAPException("New name for group cannot be null or blank"); - } - StdPDPGroup existingGroup = (StdPDPGroup)getGroup(group.getId()); - if (existingGroup == null) { - throw new PAPException("Update found no existing group with id '" + group.getId() + "'"); - } - - - // We do dramatically different things when the Name changes - // because the Name is essentially the identity of the group (as the User knows it) so when the Identity changes we have to change the group ID. - if (group.getName().equals(existingGroup.getName())) { - - // update the disk - try { - ((StdPDPGroup)group).saveGroupConfiguration(); - } catch (IOException e) { - throw new PAPException("Unable to save new configuration for '" + group.getName() + "': " + e.getMessage(), e); - } - // update the group in the set by simply replacing the old instance with the new one - this.groups.remove(existingGroup); - this.groups.add((StdPDPGroup)group); - - } else { - // the name/identity of the group has changed - // generate the new id - String newId = createNewPDPGroupId(group.getName()); - - // make sure no other group uses the new id - for (OnapPDPGroup g : groups) { - if (g.getId().equals(newId)) { - throw new PAPException("Replacement name maps to ID '" + newId + "' which is already in use"); - } - } - ((StdPDPGroup)group).setId(newId); - - // rename the existing directory to the new id - Path oldPath = existingGroup.getDirectory(); - Path newPath = Paths.get(oldPath.getParent().toString(), newId); - ((StdPDPGroup)group).setDirectory(newPath); - - try { - boolean success = oldPath.toFile().renameTo(newPath.toFile()); - if ( ! success) { - throw new PAPException("Unable to rename directory; reason unknown"); - } - } catch (Exception e) { - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "StdEngine", "Unable to rename directory"); - throw new PAPException("Unable to move directory from '" + oldPath + "' to '" + newPath + "': " + e.getMessage(),e); - } - // update the disk - try { - ((StdPDPGroup)group).saveGroupConfiguration(); - } catch (IOException e) { - throw new PAPException("Unable to save new configuration for '" + group.getName() + "': " + e.getMessage(), e); - } - - // save the new group into the Set - groups.remove(existingGroup); - groups.add((StdPDPGroup)group); - - } - - // perhaps only the group changed, but if the name/id changed it may look to a listener like more than one group - changed(); - - - } - - @Override - public void removeGroup(OnapPDPGroup group, OnapPDPGroup newGroup) throws PAPException, NullPointerException { - if (group == null) { - throw new NullPointerException(); - } - // - // Does this group exist? - // - if (!this.groups.contains(group)) { - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + "This group doesn't exist."); - throw new PAPException("The group '" + group.getId() + "' does not exist"); - } - // - // Is it the default group? - // - if (group.isDefaultGroup()) { - throw new PAPException("You cannot delete the default group."); - } - Set pdps = group.getOnapPdps(); - // - // Are there PDPs? If so, then we need a target group - // - if (!pdps.isEmpty() && newGroup == null) { - throw new NullPointerException("Group targeted for deletion has PDPs, you must provide a new group for them."); - } - // - // Move the PDPs - // - if (!pdps.isEmpty()) { - if (! (newGroup instanceof StdPDPGroup)) { - throw new PAPException("Unexpected class for newGroup: " + newGroup.getClass().getCanonicalName()); - } - // The movePDP function will modify the set of PDPs in the group. - // To avoid concurrent modification exceptions we need to duplicate the list before calling that function. - List pdpList = new ArrayList<>(); - for (OnapPDP pdp : pdps) { - pdpList.add(pdp); - } - // now we can use the PDPs from the list without having ConcurrentAccessExceptions - for (OnapPDP pdp : pdpList) { - this.movePDP(pdp, newGroup); - } - } - // - // remove the directory for the group - // - String id = group.getId(); - Path groupPath = Paths.get(this.repository.toString(), id); - // - // If it exists already - // - if ( ! Files.exists(groupPath)) { - logger.warn("removeGroup " + id + " directory does not exist" + groupPath.toString()); - } else { - try { - Files.walkFileTree(groupPath, new SimpleFileVisitor() { - - @Override - public FileVisitResult visitFile(Path file, - BasicFileAttributes attrs) throws IOException { - Files.delete(file); - return super.visitFile(file, attrs); - } - - }); - // - // delete the directory - // - Files.delete(groupPath); - } catch (IOException e) { - PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "StdEngine", "Failed to delete " + groupPath); - throw new PAPException("Failed to delete " + id); - } - } - - // remove the group from the set of all groups - groups.remove(group); - - // - // Save changes - // - changed(); - this.doSave(); - return; - - } + } + return props; + } + + + @Override + public Set getOnapPDPGroups() throws PAPException { + final Set grps = new HashSet<>(); + for (OnapPDPGroup g : this.groups) { + grps.add(g); + } + return Collections.unmodifiableSet(grps); + } + + @Override + public OnapPDPGroup getPDPGroup(OnapPDP pdp) throws PAPException { + for (OnapPDPGroup group : this.groups) { + if (group.getPdps().contains(pdp)) { + return group; + } + } + return null; + } + + @Override + public void setDefaultGroup(OnapPDPGroup group) throws PAPException { + boolean changesMade = false; + for (OnapPDPGroup aGroup : groups) { + if (aGroup.getId().equals(group.getId())) { + if (!aGroup.isDefaultGroup()) { + if (aGroup instanceof StdPDPGroup) { + ((StdPDPGroup) aGroup).setDefault(true); + changesMade = true; + } else { + throw new IllegalArgumentException( + "Group in groups of unknown type '" + aGroup.getClass().getName() + "'"); + } + } + } else { + // not the new default group + if (aGroup.isDefaultGroup()) { + if (aGroup instanceof StdPDPGroup) { + ((StdPDPGroup) aGroup).setDefault(false); + changesMade = true; + } else { + throw new IllegalArgumentException( + "Group in groups of unknown type '" + aGroup.getClass().getName() + "'"); + } + } + } + } + if (changesMade) { + this.doSave(); + } + + return; + + } + + @Override + public void newPDP(String id, OnapPDPGroup group, String name, String description, int jmxport) + throws PAPException, NullPointerException { + if (group == null) { + throw new PAPException("You must specify which group the PDP will belong to."); + } + if (!this.groups.contains(group)) { + throw new PAPException("Unknown group, not in our list."); + } + for (OnapPDP p : group.getOnapPdps()) { + if (p.getId().equals(id)) { + throw new PAPException("A PDP with this ID exists."); + } + } + if (group instanceof StdPDPGroup) { + StdPDP pdp = new StdPDP(id, name, description, jmxport); + if (((StdPDPGroup) group).addPDP(pdp)) { + // + // Save the properties and notify any listeners + // + pdpChanged(pdp); + return; + } + } + return; + + } + + @Override + public void updateGroup(OnapPDPGroup group) throws PAPException { + if (group == null || group.getId() == null) { + throw new PAPException("Group or id is null"); + } + if (group.getName() == null || group.getName().trim().length() == 0) { + throw new PAPException("New name for group cannot be null or blank"); + } + StdPDPGroup existingGroup = (StdPDPGroup) getGroup(group.getId()); + if (existingGroup == null) { + throw new PAPException("Update found no existing group with id '" + group.getId() + "'"); + } + + + // We do dramatically different things when the Name changes + // because the Name is essentially the identity of the group (as the User knows it) so when the Identity changes + // we have to change the group ID. + if (group.getName().equals(existingGroup.getName())) { + + // update the disk + try { + ((StdPDPGroup) group).saveGroupConfiguration(); + } catch (IOException e) { + throw new PAPException( + "Unable to save new configuration for '" + group.getName() + "': " + e.getMessage(), e); + } + // update the group in the set by simply replacing the old instance with the new one + this.groups.remove(existingGroup); + this.groups.add((StdPDPGroup) group); + + } else { + // the name/identity of the group has changed + // generate the new id + String newId = createNewPDPGroupId(group.getName()); + + // make sure no other group uses the new id + for (OnapPDPGroup g : groups) { + if (g.getId().equals(newId)) { + throw new PAPException("Replacement name maps to ID '" + newId + "' which is already in use"); + } + } + ((StdPDPGroup) group).setId(newId); + + // rename the existing directory to the new id + Path oldPath = existingGroup.getDirectory(); + Path newPath = Paths.get(oldPath.getParent().toString(), newId); + ((StdPDPGroup) group).setDirectory(newPath); + + try { + boolean success = oldPath.toFile().renameTo(newPath.toFile()); + if (!success) { + throw new PAPException("Unable to rename directory; reason unknown"); + } + } catch (Exception e) { + PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "StdEngine", "Unable to rename directory"); + throw new PAPException( + "Unable to move directory from '" + oldPath + "' to '" + newPath + "': " + e.getMessage(), e); + } + // update the disk + try { + ((StdPDPGroup) group).saveGroupConfiguration(); + } catch (IOException e) { + throw new PAPException( + "Unable to save new configuration for '" + group.getName() + "': " + e.getMessage(), e); + } + + // save the new group into the Set + groups.remove(existingGroup); + groups.add((StdPDPGroup) group); + + } + + // perhaps only the group changed, but if the name/id changed it may look to a listener like more than one group + changed(); + + + } + + @Override + public void removeGroup(OnapPDPGroup group, OnapPDPGroup newGroup) throws PAPException, NullPointerException { + if (group == null) { + throw new NullPointerException(); + } + // + // Does this group exist? + // + if (!this.groups.contains(group)) { + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE + "This group doesn't exist."); + throw new PAPException("The group '" + group.getId() + "' does not exist"); + } + // + // Is it the default group? + // + if (group.isDefaultGroup()) { + throw new PAPException("You cannot delete the default group."); + } + Set pdps = group.getOnapPdps(); + // + // Are there PDPs? If so, then we need a target group + // + if (!pdps.isEmpty() && newGroup == null) { + throw new NullPointerException( + "Group targeted for deletion has PDPs, you must provide a new group for them."); + } + // + // Move the PDPs + // + if (!pdps.isEmpty()) { + if (!(newGroup instanceof StdPDPGroup)) { + throw new PAPException("Unexpected class for newGroup: " + newGroup.getClass().getCanonicalName()); + } + // The movePDP function will modify the set of PDPs in the group. + // To avoid concurrent modification exceptions we need to duplicate the list before calling that function. + List pdpList = new ArrayList<>(); + for (OnapPDP pdp : pdps) { + pdpList.add(pdp); + } + // now we can use the PDPs from the list without having ConcurrentAccessExceptions + for (OnapPDP pdp : pdpList) { + this.movePDP(pdp, newGroup); + } + } + // + // remove the directory for the group + // + String id = group.getId(); + Path groupPath = Paths.get(this.repository.toString(), id); + // + // If it exists already + // + if (!Files.exists(groupPath)) { + logger.warn("removeGroup " + id + " directory does not exist" + groupPath.toString()); + } else { + try { + Files.walkFileTree(groupPath, new SimpleFileVisitor() { + + @Override + public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IOException { + Files.delete(file); + return super.visitFile(file, attrs); + } + + }); + // + // delete the directory + // + Files.delete(groupPath); + } catch (IOException e) { + PolicyLogger.error(MessageCodes.ERROR_DATA_ISSUE, e, "StdEngine", "Failed to delete " + groupPath); + throw new PAPException("Failed to delete " + id); + } + } + + // remove the group from the set of all groups + groups.remove(group); + + // + // Save changes + // + changed(); + this.doSave(); + return; + + } + + @Override + public void updateGroup(OnapPDPGroup group, String userName) throws PAPException { + // To pass the userId for PDP Audit log maintenance. + + } } diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/RESTfulPAPEngine.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/RESTfulPAPEngine.java index 91bdc772b..a500c1dbe 100644 --- a/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/RESTfulPAPEngine.java +++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/admin/RESTfulPAPEngine.java @@ -9,9 +9,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -22,6 +22,13 @@ package org.onap.policy.admin; +import com.att.research.xacml.api.pap.PAPException; +import com.att.research.xacml.api.pap.PDPPolicy; +import com.att.research.xacml.api.pap.PDPStatus; +import com.att.research.xacml.util.XACMLProperties; +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.type.CollectionType; import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -38,8 +45,9 @@ import java.util.Collections; import java.util.HashMap; import java.util.Map; import java.util.Set; - import org.apache.commons.io.IOUtils; +import org.onap.policy.common.logging.flexlogger.FlexLogger; +import org.onap.policy.common.logging.flexlogger.Logger; import org.onap.policy.rest.XACMLRestProperties; import org.onap.policy.rest.adapter.PolicyRestAdapter; import org.onap.policy.utils.PeCryptoUtils; @@ -54,25 +62,14 @@ import org.onap.policy.xacml.std.pap.StdPDPItemSetChangeNotifier; import org.onap.policy.xacml.std.pap.StdPDPPolicy; import org.onap.policy.xacml.std.pap.StdPDPStatus; -import com.att.research.xacml.api.pap.PAPException; -import com.att.research.xacml.api.pap.PDPPolicy; -import com.att.research.xacml.api.pap.PDPStatus; -import com.att.research.xacml.util.XACMLProperties; -import com.fasterxml.jackson.databind.DeserializationFeature; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.type.CollectionType; - -import org.onap.policy.common.logging.flexlogger.FlexLogger; -import org.onap.policy.common.logging.flexlogger.Logger; - /** - * Implementation of the PAPEngine interface that communicates with a PAP engine in a remote servlet - * through a RESTful interface - * + * Implementation of the PAPEngine interface that communicates with a PAP engine in a remote servlet through a RESTful + * interface + * * */ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAPPolicyEngine { - private static final Logger LOGGER = FlexLogger.getLogger(RESTfulPAPEngine.class); + private static final Logger LOGGER = FlexLogger.getLogger(RESTfulPAPEngine.class); private static final String GROUP_ID = "groupId="; @@ -83,15 +80,17 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP /** * Set up link with PAP Servlet and get our initial set of Groups + * * @throws PAPException When failing to register with PAP */ - public RESTfulPAPEngine (String myURLString) throws PAPException { + public RESTfulPAPEngine(String myURLString) throws PAPException { // // Get our URL to the PAP servlet // this.papServletURLString = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_URL); if (this.papServletURLString == null || this.papServletURLString.length() == 0) { - String message = "The property 'POLICYENGINE_ADMIN_ACTIVE' was not set during installation. Admin Console cannot call PAP."; + String message = + "The property 'POLICYENGINE_ADMIN_ACTIVE' was not set during installation. Admin Console cannot call PAP."; LOGGER.error(message); throw new PAPException(message); } @@ -103,7 +102,7 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP if (newURL != null) { // assume this was a re-direct and try again LOGGER.warn("Redirecting to '" + newURL + "'"); - this.papServletURLString = (String)newURL; + this.papServletURLString = (String) newURL; newURL = sendToPAP("PUT", null, null, null, "adminConsoleURL=" + myURLString); if (newURL != null) { LOGGER.error("Failed to redirect to " + this.papServletURLString); @@ -118,7 +117,7 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP @Override public OnapPDPGroup getDefaultGroup() throws PAPException { - return (OnapPDPGroup)sendToPAP("GET", null, null, StdPDPGroup.class, GROUP_ID, "default="); + return (OnapPDPGroup) sendToPAP("GET", null, null, StdPDPGroup.class, GROUP_ID, "default="); } @Override @@ -136,22 +135,22 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP @Override public OnapPDPGroup getGroup(String id) throws PAPException { - return (OnapPDPGroup)sendToPAP("GET", null, null, StdPDPGroup.class, GROUP_ID + id); + return (OnapPDPGroup) sendToPAP("GET", null, null, StdPDPGroup.class, GROUP_ID + id); } @Override - public void newGroup(String name, String description) - throws PAPException { + public void newGroup(String name, String description) throws PAPException { String escapedName; String escapedDescription; try { escapedName = URLEncoder.encode(name, "UTF-8"); escapedDescription = URLEncoder.encode(description, "UTF-8"); } catch (UnsupportedEncodingException e) { - throw new PAPException("Unable to send name or description to PAP: " + e.getMessage() +e); + throw new PAPException("Unable to send name or description to PAP: " + e.getMessage() + e); } - this.sendToPAP("POST", null, null, null, GROUP_ID, "groupName="+escapedName, "groupDescription=" + escapedDescription); + this.sendToPAP("POST", null, null, null, GROUP_ID, "groupName=" + escapedName, + "groupDescription=" + escapedDescription); } /** @@ -165,13 +164,16 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP public void updateGroup(OnapPDPGroup group) throws PAPException { try { // - // ASSUME that all of the policies mentioned in this group are already located in the correct directory on the PAP! + // ASSUME that all of the policies mentioned in this group are already located in the correct directory on + // the PAP! // - // Whenever a Policy is added to the group, that file must be automatically copied to the PAP from the Workspace. + // Whenever a Policy is added to the group, that file must be automatically copied to the PAP from the + // Workspace. // // Copy all policies from the local machine's workspace to the PAP's PDPGroup directory. // This is not efficient since most of the policies will already exist there. - // However, the policy files are (probably!) not too huge, and this is a good way to ensure that any corrupted files on the PAP get refreshed. + // However, the policy files are (probably!) not too huge, and this is a good way to ensure that any + // corrupted files on the PAP get refreshed. // now update the group object on the PAP sendToPAP("PUT", group, null, null, GROUP_ID + group.getId()); } catch (Exception e) { @@ -181,6 +183,23 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP } } + /* + * Passing UserName to PAP Rest for Audit Logging. + * + * @see org.onap.policy.xacml.api.pap.PAPPolicyEngine#updateGroup(org.onap.policy.xacml.api.pap.OnapPDPGroup, + * java.lang.String) + */ + @Override + public void updateGroup(OnapPDPGroup group, String userName) throws PAPException { + try { + sendToPAP("PUT", group, null, null, GROUP_ID + group.getId(), "userId=" + userName); + } catch (Exception e) { + String message = "Unable to PUT policy '" + group.getId() + "', e:" + e; + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + message, e); + throw new PAPException(message); + } + } + @Override public void removeGroup(OnapPDPGroup group, OnapPDPGroup newGroup) throws PAPException { String moveToGroupString = null; @@ -196,16 +215,18 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP } public OnapPDPGroup getPDPGroup(String pdpId) throws PAPException { - return (OnapPDPGroup)sendToPAP("GET", null, null, StdPDPGroup.class, GROUP_ID, "pdpId=" + pdpId, "getPDPGroup="); + return (OnapPDPGroup) sendToPAP("GET", null, null, StdPDPGroup.class, GROUP_ID, "pdpId=" + pdpId, + "getPDPGroup="); } @Override public OnapPDP getPDP(String pdpId) throws PAPException { - return (OnapPDP)sendToPAP("GET", null, null, StdPDP.class, GROUP_ID, "pdpId=" + pdpId); + return (OnapPDP) sendToPAP("GET", null, null, StdPDP.class, GROUP_ID, "pdpId=" + pdpId); } @Override - public void newPDP(String id, OnapPDPGroup group, String name, String description, int jmxport) throws PAPException { + public void newPDP(String id, OnapPDPGroup group, String name, String description, int jmxport) + throws PAPException { StdPDP newPDP = new StdPDP(id, name, description, jmxport); sendToPAP("PUT", newPDP, null, null, GROUP_ID + group.getId(), "pdpId=" + id); } @@ -227,19 +248,21 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP sendToPAP("DELETE", null, null, null, GROUP_ID + group.getId(), "pdpId=" + pdp.getId()); } - //Validate the Policy Data + // Validate the Policy Data public boolean validatePolicyRequest(PolicyRestAdapter policyAdapter, String policyType) throws PAPException { - StdPAPPolicy newPAPPolicy = new StdPAPPolicy(policyAdapter.getPolicyName(), policyAdapter.getConfigBodyData(), policyAdapter.getConfigType(), "Base"); + StdPAPPolicy newPAPPolicy = new StdPAPPolicy(policyAdapter.getPolicyName(), policyAdapter.getConfigBodyData(), + policyAdapter.getConfigType(), "Base"); - //send JSON object to PAP - return (Boolean) sendToPAP("PUT", newPAPPolicy, null, null, "operation=validate", "apiflag=admin", "policyType=" + policyType); + // send JSON object to PAP + return (Boolean) sendToPAP("PUT", newPAPPolicy, null, null, "operation=validate", "apiflag=admin", + "policyType=" + policyType); } @Override - public void publishPolicy(String id, String name, boolean isRoot, - InputStream policy, OnapPDPGroup group) throws PAPException { + public void publishPolicy(String id, String name, boolean isRoot, InputStream policy, OnapPDPGroup group) + throws PAPException { // copy the (one) file into the target directory on the PAP servlet copyFile(id, group, policy); @@ -252,8 +275,8 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP } /** - * Copy a single Policy file from the input stream to the PAP Servlet. - * Either this works (silently) or it throws an exception. + * Copy a single Policy file from the input stream to the PAP Servlet. Either this works (silently) or it throws an + * exception. * * @param policyId * @param group @@ -264,7 +287,7 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP public void copyFile(String policyId, OnapPDPGroup group, InputStream policy) throws PAPException { // send the policy file to the PAP Servlet try { - sendToPAP("POST", policy, null, null, GROUP_ID + group.getId(), "policyId="+policyId); + sendToPAP("POST", policy, null, null, GROUP_ID + group.getId(), "policyId=" + policyId); } catch (Exception e) { String message = "Unable to PUT policy '" + policyId + "', e:" + e; LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + message, e); @@ -275,10 +298,10 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP @Override public void copyPolicy(PDPPolicy policy, OnapPDPGroup group) throws PAPException { if (policy == null || group == null) { - throw new PAPException("Null input policy="+policy+" group="+group); + throw new PAPException("Null input policy=" + policy + " group=" + group); } - try (InputStream is = new FileInputStream(new File(policy.getLocation())) ) { - copyFile(policy.getId(), group, is ); + try (InputStream is = new FileInputStream(new File(policy.getLocation()))) { + copyFile(policy.getId(), group, is); } catch (Exception e) { String message = "Unable to PUT policy '" + policy.getId() + "', e:" + e; LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + message, e); @@ -292,8 +315,8 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP } /** - * Special operation - Similar to the normal PAP operations but this one contacts the PDP directly - * to get detailed status info. + * Special operation - Similar to the normal PAP operations but this one contacts the PDP directly to get detailed + * status info. * * @param pdp * @return @@ -301,7 +324,7 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP */ @Override public PDPStatus getStatus(OnapPDP pdp) throws PAPException { - return (StdPDPStatus)sendToPAP("GET", pdp, null, StdPDPStatus.class); + return (StdPDPStatus) sendToPAP("GET", pdp, null, StdPDPStatus.class); } // @@ -311,21 +334,22 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP /** * Send a request to the PAP Servlet and get the response. * - * The content is either an InputStream to be copied to the Request OutputStream - * OR it is an object that is to be encoded into JSON and pushed into the Request OutputStream. + * The content is either an InputStream to be copied to the Request OutputStream OR it is an object that is to be + * encoded into JSON and pushed into the Request OutputStream. * * The Request parameters may be encoded in multiple "name=value" sets, or parameters may be combined by the caller. * * @param method - * @param content - EITHER an InputStream OR an Object to be encoded in JSON + * @param content - EITHER an InputStream OR an Object to be encoded in JSON * @param collectionTypeClass * @param responseContentClass * @param parameters * @return * @throws PAPException */ - @SuppressWarnings({ "rawtypes", "unchecked" }) - private Object sendToPAP(String method, Object content, Class collectionTypeClass, Class responseContentClass, String... parameters ) throws PAPException { + @SuppressWarnings({"rawtypes", "unchecked"}) + private Object sendToPAP(String method, Object content, Class collectionTypeClass, Class responseContentClass, + String... parameters) throws PAPException { HttpURLConnection connection = null; String papID = XACMLProperties.getProperty(XACMLRestProperties.PROP_PAP_USERID); LOGGER.info("User Id is " + papID); @@ -423,8 +447,8 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP mapper.disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES); if (collectionTypeClass != null) { // collection of objects expected - final CollectionType javaType = - mapper.getTypeFactory().constructCollectionType(collectionTypeClass, responseContentClass); + final CollectionType javaType = mapper.getTypeFactory() + .constructCollectionType(collectionTypeClass, responseContentClass); return mapper.readValue(json, javaType); } else { // single value object expected @@ -435,10 +459,10 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP // redirection String newURL = connection.getHeaderField("Location"); if (newURL == null) { - LOGGER - .error("No Location header to redirect to when response code=" + connection.getResponseCode()); + LOGGER.error( + "No Location header to redirect to when response code=" + connection.getResponseCode()); throw new IOException( - "No redirect Location header when response code=" + connection.getResponseCode()); + "No redirect Location header when response code=" + connection.getResponseCode()); } int qIndex = newURL.indexOf('?'); if (qIndex > 0) { @@ -447,10 +471,10 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP LOGGER.info("Redirect seen. Redirecting " + fullURL + " to " + newURL); return newURL; } else { - LOGGER.warn("Unexpected response code: " + connection.getResponseCode() + " message: " + connection - .getResponseMessage()); + LOGGER.warn("Unexpected response code: " + connection.getResponseCode() + " message: " + + connection.getResponseMessage()); throw new IOException( - "Server Response: " + connection.getResponseCode() + ": " + connection.getResponseMessage()); + "Server Response: " + connection.getResponseCode() + ": " + connection.getResponseMessage()); } } catch (Exception e) { LOGGER.error(XACMLErrorConstants.ERROR_SYSTEM_ERROR + "HTTP Request/Response to PAP: " + e, e); @@ -479,9 +503,9 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP // Send our current policy configuration // try (OutputStream os = connection.getOutputStream()) { - int count = IOUtils.copy(contentObj, os); + int count = IOUtils.copy(contentObj, os); if (LOGGER.isDebugEnabled()) { - LOGGER.debug("copied to output, bytes="+count); + LOGGER.debug("copied to output, bytes=" + count); } } } catch (Exception e) { @@ -492,11 +516,12 @@ public class RESTfulPAPEngine extends StdPDPItemSetChangeNotifier implements PAP private String getJsonString(final HttpURLConnection connection) throws IOException { String json; // read the inputStream into a buffer (trick found online scans entire input looking for end-of-file) - try(java.util.Scanner scanner = new java.util.Scanner(connection.getInputStream())) { + try (java.util.Scanner scanner = new java.util.Scanner(connection.getInputStream())) { scanner.useDelimiter("\\A"); json = scanner.hasNext() ? scanner.next() : ""; - } catch (Exception e){ - LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to read inputStream from connection: " + e, e); + } catch (Exception e) { + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to read inputStream from connection: " + e, + e); throw e; } LOGGER.info("JSON response from PAP: " + json); diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/AutoPushController.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/AutoPushController.java index 3af430f45..44a133068 100644 --- a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/AutoPushController.java +++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/AutoPushController.java @@ -8,9 +8,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -21,6 +21,11 @@ package org.onap.policy.controller; +import com.att.research.xacml.api.pap.PAPException; +import com.att.research.xacml.api.pap.PDPPolicy; +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; import java.io.BufferedWriter; import java.io.File; import java.io.FileWriter; @@ -37,14 +42,12 @@ import java.util.LinkedHashMap; import java.util.List; import java.util.Map; import java.util.Set; - import java.util.stream.Collectors; import java.util.stream.IntStream; import java.util.stream.Stream; import javax.script.SimpleBindings; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - import org.json.JSONObject; import org.onap.policy.common.logging.flexlogger.FlexLogger; import org.onap.policy.common.logging.flexlogger.Logger; @@ -70,14 +73,8 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.servlet.ModelAndView; -import com.att.research.xacml.api.pap.PAPException; -import com.att.research.xacml.api.pap.PDPPolicy; -import com.fasterxml.jackson.databind.DeserializationFeature; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; - @Controller -@RequestMapping({ "/" }) +@RequestMapping({"/"}) public class AutoPushController extends RestrictedBaseController { private static final Logger logger = FlexLogger.getLogger(AutoPushController.class); @@ -117,8 +114,8 @@ public class AutoPushController extends RestrictedBaseController { return policyController != null ? getPolicyController() : new PolicyController(); } - @RequestMapping(value = {"/get_AutoPushPoliciesContainerData"}, method = { - RequestMethod.GET}, produces = MediaType.APPLICATION_JSON_VALUE) + @RequestMapping(value = {"/get_AutoPushPoliciesContainerData"}, method = {RequestMethod.GET}, + produces = MediaType.APPLICATION_JSON_VALUE) public void getPolicyGroupContainerData(HttpServletRequest request, HttpServletResponse response) { try { Set scopes = new HashSet<>(); @@ -133,10 +130,7 @@ public class AutoPushController extends RestrictedBaseController { for (Object role : userRoles) { Roles userRole = (Roles) role; roles.add(userRole.getRole()); - scopes.addAll(Stream.of(userRole.getScope().split(",")) - .map(String::new) - .collect(Collectors.toSet()) - ); + scopes.addAll(Stream.of(userRole.getScope().split(",")).collect(Collectors.toSet())); } if (roles.contains("super-admin") || roles.contains("super-editor") || roles.contains("super-guest")) { data = commonClassDao.getData(PolicyVersion.class); @@ -155,7 +149,7 @@ public class AutoPushController extends RestrictedBaseController { } else { PolicyVersion emptyPolicyName = new PolicyVersion(); emptyPolicyName - .setPolicyName("Please Contact Policy Super Admin, There are no scopes assigned to you"); + .setPolicyName("Please Contact Policy Super Admin, There are no scopes assigned to you"); data.add(emptyPolicyName); } } @@ -169,7 +163,7 @@ public class AutoPushController extends RestrictedBaseController { } } - @RequestMapping(value = { "/auto_Push/PushPolicyToPDP.htm" }, method = { RequestMethod.POST }) + @RequestMapping(value = {"/auto_Push/PushPolicyToPDP.htm"}, method = {RequestMethod.POST}) public ModelAndView pushPolicyToPDPGroup(HttpServletRequest request, HttpServletResponse response) throws IOException { try { @@ -201,8 +195,8 @@ public class AutoPushController extends RestrictedBaseController { for (Object policyId : adapter.getPolicyDatas()) { LinkedHashMap selected = (LinkedHashMap) policyId; - String policyName = selected.get("policyName").toString() + "." - + selected.get("activeVersion").toString() + ".xml"; + String policyName = + selected.get("policyName").toString() + "." + selected.get("activeVersion").toString() + ".xml"; selectedPoliciesInUI.add(policyName); } @@ -312,7 +306,7 @@ public class AutoPushController extends RestrictedBaseController { currentPoliciesInGroup.addAll(selectedPolicies); updatedGroupObject.setPolicies(currentPoliciesInGroup); - this.container.updateGroup(updatedGroupObject); + this.container.updateGroup(updatedGroupObject, userId); response.setCharacterEncoding(UTF8); response.setContentType("application / json"); @@ -340,7 +334,7 @@ public class AutoPushController extends RestrictedBaseController { } @SuppressWarnings("unchecked") - @RequestMapping(value = { "/auto_Push/remove_GroupPolicies.htm" }, method = { RequestMethod.POST }) + @RequestMapping(value = {"/auto_Push/remove_GroupPolicies.htm"}, method = {RequestMethod.POST}) public ModelAndView removePDPGroup(HttpServletRequest request, HttpServletResponse response) throws IOException { try { PolicyController controller = getPolicyControllerInstance(); @@ -362,9 +356,9 @@ public class AutoPushController extends RestrictedBaseController { policyContainer = new PDPPolicyContainer(group); if (removePolicyData.size() > 0) { IntStream.range(0, removePolicyData.size()).mapToObj(i -> removePolicyData.get(i).toString()) - .forEach(polData -> this.policyContainer.removeItem(polData)); - Set changedPolicies = new HashSet<>( - (Collection) this.policyContainer.getItemIds()); + .forEach(polData -> this.policyContainer.removeItem(polData)); + Set changedPolicies = + new HashSet<>((Collection) this.policyContainer.getItemIds()); StdPDPGroup updatedGroupObject = new StdPDPGroup(group.getId(), group.isDefaultGroup(), group.getName(), group.getDescription(), null); updatedGroupObject.setPolicies(changedPolicies); diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/model/PDPGroupContainer.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/model/PDPGroupContainer.java index c751c472b..e6c375808 100644 --- a/POLICY-SDK-APP/src/main/java/org/onap/policy/model/PDPGroupContainer.java +++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/model/PDPGroupContainer.java @@ -2,14 +2,14 @@ * ============LICENSE_START======================================================= * ONAP Policy Engine * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -21,6 +21,7 @@ package org.onap.policy.model; +import com.att.research.xacml.api.pap.PAPException; import java.awt.Checkbox; import java.util.ArrayList; import java.util.Collection; @@ -28,7 +29,6 @@ import java.util.Collections; import java.util.LinkedList; import java.util.List; import java.util.Set; - import org.onap.policy.common.logging.flexlogger.FlexLogger; import org.onap.policy.common.logging.flexlogger.Logger; import org.onap.policy.rest.util.PolicyContainer; @@ -38,175 +38,185 @@ import org.onap.policy.xacml.api.pap.OnapPDP; import org.onap.policy.xacml.api.pap.OnapPDPGroup; import org.onap.policy.xacml.api.pap.PAPPolicyEngine; -import com.att.research.xacml.api.pap.PAPException; -import com.att.research.xacml.api.pap.PDP; -import com.att.research.xacml.api.pap.PDPPIPConfig; -import com.att.research.xacml.api.pap.PDPPolicy; - -public class PDPGroupContainer extends PolicyItemSetChangeNotifier implements PolicyContainer.Indexed, PolicyContainer.ItemSetChangeNotifier { - private static final long serialVersionUID = 1L; - private static final Logger LOGGER = FlexLogger.getLogger(PDPGroupContainer.class); - +public class PDPGroupContainer extends PolicyItemSetChangeNotifier + implements PolicyContainer.Indexed, PolicyContainer.ItemSetChangeNotifier { + private static final long serialVersionUID = 1L; + private static final Logger LOGGER = FlexLogger.getLogger(PDPGroupContainer.class); + /** * String identifier of a file's "Id" property. */ - private static final String PROPERTY_ID = "Id"; + private static final String PROPERTY_ID = "Id"; - /** + /** * String identifier of a file's "name" property. */ - private static final String PROPERTY_NAME = "Name"; + private static final String PROPERTY_NAME = "Name"; /** * String identifier of a file's "Description" property. */ - private static final String PROPERTY_DESCRIPTION = "Description"; + private static final String PROPERTY_DESCRIPTION = "Description"; /** * String identifier of a file's "Default" property. */ - private static final String PROPERTY_DEFAULT = "Default"; + private static final String PROPERTY_DEFAULT = "Default"; /** * String identifier of a file's "Status" property. */ - private static final String PROPERTY_STATUS = "Status"; + private static final String PROPERTY_STATUS = "Status"; /** * String identifier of a file's "PDPs" property. */ - private static final String PROPERTY_PDPS = "PDPs"; + private static final String PROPERTY_PDPS = "PDPs"; /** * String identifier of a file's "Policies" property. */ - private static final String PROPERTY_POLICIES = "Policies"; + private static final String PROPERTY_POLICIES = "Policies"; /** * String identifier of a file's "PIP Configurations" property. */ - private static final String PROPERTY_PIPCONFIG = "PIP Configurations"; - + private static final String PROPERTY_PIPCONFIG = "PIP Configurations"; + /** * String identifier of a file's "Selected" property. */ - private static final String PROPERTY_SELECTED = "Selected"; + private static final String PROPERTY_SELECTED = "Selected"; /** * List of the string identifiers for the available properties. */ - private static Collection pDPProperties; + private static Collection pDPProperties; + + private transient PAPPolicyEngine papEngine = null; + protected transient List groups = Collections.synchronizedList(new ArrayList()); - private transient PAPPolicyEngine papEngine = null; - protected transient List groups = Collections.synchronizedList(new ArrayList()); - public PDPGroupContainer(PAPPolicyEngine papPolicyEngine) { - super(); - this.setContainer(this); - // - // - // - this.papEngine = papPolicyEngine; - // - // - // - this.refreshGroups(); - } - + super(); + this.setContainer(this); + // + // + // + this.papEngine = papPolicyEngine; + // + // + // + this.refreshGroups(); + } + public boolean isSupported(Object itemId) { - return itemId instanceof OnapPDPGroup; - } - - public synchronized void refreshGroups() { - synchronized(this.groups) { - this.groups.clear(); - try { - this.groups.addAll(this.papEngine.getOnapPDPGroups()); - } catch (PAPException e) { - String message = "Unable to retrieve Groups from server: " + e; - LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + message, e); - } - LOGGER.info("refreshGroups"); - } - // - // Notify that we have changed - // - this.fireItemSetChange(); - } - - public List getGroups() { - return Collections.unmodifiableList(this.groups); - } - - public void makeDefault(OnapPDPGroup group) { - try { - this.papEngine.setDefaultGroup(group); - } catch (PAPException e) { - String message = "Unable to set Default Group on server: " + e; - LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + message, e); - } - return; - } - - public void removeGroup(OnapPDPGroup group, OnapPDPGroup newGroup) throws PAPException { - if (LOGGER.isTraceEnabled()) { - LOGGER.trace("removeGroup: " + group + " new group for PDPs: " + newGroup); - } - if (group.isDefaultGroup()) { - throw new UnsupportedOperationException("You can't remove the Default Group."); - } - try { - this.papEngine.removeGroup(group, newGroup); - } catch (NullPointerException | PAPException e) { - LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to removeGroup " + group.getId(), e); - throw new PAPException("Failed to remove group '" + group.getId()+ "'", e); - } - } - - public void removePDP(OnapPDP pdp, OnapPDPGroup group) throws PAPException { - if (LOGGER.isTraceEnabled()) { - LOGGER.trace("removePDP: " + pdp + " from group: " + group); - } - try { - this.papEngine.removePDP(pdp); - } catch (PAPException e) { - LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to removePDP " + pdp.getId(), e); - throw new PAPException("Failed to remove pdp '" + pdp.getId()+ "'", e); - } - } - - public void updatePDP(OnapPDP pdp) { - try { - papEngine.updatePDP(pdp); - } catch (PAPException e) { - LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + e); - } - } - - public void updateGroup(OnapPDPGroup group) { - try { - papEngine.updateGroup(group); - } catch (PAPException e) { - LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + e); - } - } - - @Override - public Collection getContainerPropertyIds() { - return pDPProperties; - } - - @Override - public Collection getItemIds() { - final Collection items = new ArrayList<>(); - items.addAll(this.groups); - if (LOGGER.isTraceEnabled()) { - LOGGER.trace("getItemIds: " + items); - } - return Collections.unmodifiableCollection(items); - } - - @Override - public Class getType(Object propertyId) { + return itemId instanceof OnapPDPGroup; + } + + public synchronized void refreshGroups() { + synchronized (this.groups) { + this.groups.clear(); + try { + this.groups.addAll(this.papEngine.getOnapPDPGroups()); + } catch (PAPException e) { + String message = "Unable to retrieve Groups from server: " + e; + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + message, e); + } + LOGGER.info("refreshGroups"); + } + // + // Notify that we have changed + // + this.fireItemSetChange(); + } + + public List getGroups() { + return Collections.unmodifiableList(this.groups); + } + + public void makeDefault(OnapPDPGroup group) { + try { + this.papEngine.setDefaultGroup(group); + } catch (PAPException e) { + String message = "Unable to set Default Group on server: " + e; + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + message, e); + } + return; + } + + public void removeGroup(OnapPDPGroup group, OnapPDPGroup newGroup) throws PAPException { + if (LOGGER.isTraceEnabled()) { + LOGGER.trace("removeGroup: " + group + " new group for PDPs: " + newGroup); + } + if (group.isDefaultGroup()) { + throw new UnsupportedOperationException("You can't remove the Default Group."); + } + try { + this.papEngine.removeGroup(group, newGroup); + } catch (NullPointerException | PAPException e) { + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to removeGroup " + group.getId(), e); + throw new PAPException("Failed to remove group '" + group.getId() + "'", e); + } + } + + public void removePDP(OnapPDP pdp, OnapPDPGroup group) throws PAPException { + if (LOGGER.isTraceEnabled()) { + LOGGER.trace("removePDP: " + pdp + " from group: " + group); + } + try { + this.papEngine.removePDP(pdp); + } catch (PAPException e) { + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to removePDP " + pdp.getId(), e); + throw new PAPException("Failed to remove pdp '" + pdp.getId() + "'", e); + } + } + + public void updatePDP(OnapPDP pdp) { + try { + papEngine.updatePDP(pdp); + } catch (PAPException e) { + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + e); + } + } + + public void updateGroup(OnapPDPGroup group) { + try { + papEngine.updateGroup(group); + } catch (PAPException e) { + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + e); + } + } + + /** + * Update group. + * + * @param group the group + * @param userName the user name + */ + public void updateGroup(OnapPDPGroup group, String userName) { + try { + papEngine.updateGroup(group, userName); + } catch (PAPException e) { + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + e); + } + } + + @Override + public Collection getContainerPropertyIds() { + return pDPProperties; + } + + @Override + public Collection getItemIds() { + final Collection items = new ArrayList<>(); + items.addAll(this.groups); + if (LOGGER.isTraceEnabled()) { + LOGGER.trace("getItemIds: " + items); + } + return Collections.unmodifiableCollection(items); + } + + @Override + public Class getType(Object propertyId) { if (propertyId.equals(PROPERTY_ID)) { return String.class; } @@ -235,224 +245,226 @@ public class PDPGroupContainer extends PolicyItemSetChangeNotifier implements Po return Checkbox.class; } return null; - } - - @Override - public int size() { - return this.groups.size(); - } - - @Override - public boolean containsId(Object itemId) { - if (LOGGER.isTraceEnabled()) { - LOGGER.trace("containsId: " + itemId); - } - if (! this.isSupported(itemId)) { - return false; - } - return this.groups.contains(itemId); - } - - @Override - public Object addItem() { - throw new UnsupportedOperationException("PDP Container cannot add a given item."); - } - - public void addNewGroup(String name, String description) throws PAPException { - if (LOGGER.isTraceEnabled()) { - LOGGER.trace("addNewGroup " + name + " " + description); - } - this.papEngine.newGroup(name, description); - } - - public void addNewPDP(String id, OnapPDPGroup group, String name, String description, int jmxport) throws PAPException { - if (LOGGER.isTraceEnabled()) { - LOGGER.trace("addNewPDP " + id + " " + name + " " + description + " " + jmxport); - } - this.papEngine.newPDP(id, group, name, description, jmxport); - } - - public void movePDP(OnapPDP pdp, OnapPDPGroup group) { - try { - this.papEngine.movePDP(pdp, group); - } catch (PAPException e) { - String message = "Unable to move PDP to new group on server: " + e; - LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + message, e); - } - return; - } - - @Override - public boolean addContainerProperty(Object propertyId, Class type, Object defaultValue) { - throw new UnsupportedOperationException("Cannot add a container property."); - } - - @Override - public boolean removeContainerProperty(Object propertyId) { - throw new UnsupportedOperationException("Cannot remove a container property."); - } - - @Override - public boolean removeAllItems() { - throw new UnsupportedOperationException("PDP Container cannot remove all items. You must have at least the Default group."); - } - - @Override - public void addItemSetChangeListener(ItemSetChangeListener listener) { + } + + @Override + public int size() { + return this.groups.size(); + } + + @Override + public boolean containsId(Object itemId) { + if (LOGGER.isTraceEnabled()) { + LOGGER.trace("containsId: " + itemId); + } + if (!this.isSupported(itemId)) { + return false; + } + return this.groups.contains(itemId); + } + + @Override + public Object addItem() { + throw new UnsupportedOperationException("PDP Container cannot add a given item."); + } + + public void addNewGroup(String name, String description) throws PAPException { + if (LOGGER.isTraceEnabled()) { + LOGGER.trace("addNewGroup " + name + " " + description); + } + this.papEngine.newGroup(name, description); + } + + public void addNewPDP(String id, OnapPDPGroup group, String name, String description, int jmxport) + throws PAPException { + if (LOGGER.isTraceEnabled()) { + LOGGER.trace("addNewPDP " + id + " " + name + " " + description + " " + jmxport); + } + this.papEngine.newPDP(id, group, name, description, jmxport); + } + + public void movePDP(OnapPDP pdp, OnapPDPGroup group) { + try { + this.papEngine.movePDP(pdp, group); + } catch (PAPException e) { + String message = "Unable to move PDP to new group on server: " + e; + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + message, e); + } + return; + } + + @Override + public boolean addContainerProperty(Object propertyId, Class type, Object defaultValue) { + throw new UnsupportedOperationException("Cannot add a container property."); + } + + @Override + public boolean removeContainerProperty(Object propertyId) { + throw new UnsupportedOperationException("Cannot remove a container property."); + } + + @Override + public boolean removeAllItems() { + throw new UnsupportedOperationException( + "PDP Container cannot remove all items. You must have at least the Default group."); + } + + @Override + public void addItemSetChangeListener(ItemSetChangeListener listener) { if (getItemSetChangeListeners() == null) { setItemSetChangeListeners(new LinkedList()); } - getItemSetChangeListeners().add(listener); - } - - @Override - public Object nextItemId(Object itemId) { - if (! this.isSupported(itemId)) { - return null; - } - int index = this.groups.indexOf(itemId); - if (index == -1) { - // - // We don't know this group - // - return null; - } - // - // Is it the last one? - // - if (index == this.groups.size() - 1) { - // - // Yes - // - return null; - } - // - // Return the next one - // - return this.groups.get(index + 1); - } - - @Override - public Object prevItemId(Object itemId) { - if (! this.isSupported(itemId)) { - return null; - } - int index = this.groups.indexOf(itemId); - if (index == -1) { - // - // We don't know this group - // - return null; - } - // - // Is it the first one? - // - if (index == 0) { - // - // Yes - // - return null; - } - // - // Return the previous one - // - return this.groups.get(index - 1); - } - - @Override - public Object firstItemId() { - synchronized (this.groups) { - if (!this.groups.isEmpty()) { - return this.groups.get(0); - } - } - return null; - } - - @Override - public Object lastItemId() { - synchronized (this.groups) { - if (!this.groups.isEmpty()) { - return this.groups.get(this.groups.size() - 1); - } - } - return null; - } - - @Override - public boolean isFirstId(Object itemId) { - synchronized (this.groups) { - if (!this.groups.isEmpty()) { - return this.groups.get(0).equals(itemId); - } - } - return false; - } - - @Override - public boolean isLastId(Object itemId) { - synchronized (this.groups) { - if (!this.groups.isEmpty()) { - return this.groups.get(this.groups.size() - 1).equals(itemId); - } - } - return false; - } - - @Override - public Object addItemAfter(Object previousItemId) { - throw new UnsupportedOperationException("Cannot addItemAfter, there really is no real ordering."); - } - - @Override - public int indexOfId(Object itemId) { - return this.groups.indexOf(itemId); - } - - @Override - public Object getIdByIndex(int index) { - return this.groups.get(index); - } - - @Override - public List getItemIds(int startIndex, int numberOfItems) { - synchronized (this.groups) { - int endIndex = startIndex + numberOfItems; - if (endIndex > this.groups.size()) { - endIndex = this.groups.size() - 1; - } - return this.groups.subList(startIndex, endIndex); - } - } - - @Override - public Object addItemAt(int index) { - throw new UnsupportedOperationException("Cannot addItemAt"); - } - - @Override - public boolean removeItem(Object itemId) { - if (LOGGER.isTraceEnabled()) { - LOGGER.trace("removeItem: " + itemId); - } - if (! this.isSupported(itemId)) { - return false; - } - // - // You cannot remove the default group - // - if (PROPERTY_DEFAULT.equals(((OnapPDPGroup) itemId).getId())) { - throw new UnsupportedOperationException("You can't remove the Default Group."); - } - // - // Remove PDPGroup and move any PDP's in it into the default group - // - try { - this.papEngine.removeGroup((OnapPDPGroup) itemId, this.papEngine.getDefaultGroup()); - return true; - } catch (NullPointerException | PAPException e) { - LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to remove group", e); - } - return false; - } + getItemSetChangeListeners().add(listener); + } + + @Override + public Object nextItemId(Object itemId) { + if (!this.isSupported(itemId)) { + return null; + } + int index = this.groups.indexOf(itemId); + if (index == -1) { + // + // We don't know this group + // + return null; + } + // + // Is it the last one? + // + if (index == this.groups.size() - 1) { + // + // Yes + // + return null; + } + // + // Return the next one + // + return this.groups.get(index + 1); + } + + @Override + public Object prevItemId(Object itemId) { + if (!this.isSupported(itemId)) { + return null; + } + int index = this.groups.indexOf(itemId); + if (index == -1) { + // + // We don't know this group + // + return null; + } + // + // Is it the first one? + // + if (index == 0) { + // + // Yes + // + return null; + } + // + // Return the previous one + // + return this.groups.get(index - 1); + } + + @Override + public Object firstItemId() { + synchronized (this.groups) { + if (!this.groups.isEmpty()) { + return this.groups.get(0); + } + } + return null; + } + + @Override + public Object lastItemId() { + synchronized (this.groups) { + if (!this.groups.isEmpty()) { + return this.groups.get(this.groups.size() - 1); + } + } + return null; + } + + @Override + public boolean isFirstId(Object itemId) { + synchronized (this.groups) { + if (!this.groups.isEmpty()) { + return this.groups.get(0).equals(itemId); + } + } + return false; + } + + @Override + public boolean isLastId(Object itemId) { + synchronized (this.groups) { + if (!this.groups.isEmpty()) { + return this.groups.get(this.groups.size() - 1).equals(itemId); + } + } + return false; + } + + @Override + public Object addItemAfter(Object previousItemId) { + throw new UnsupportedOperationException("Cannot addItemAfter, there really is no real ordering."); + } + + @Override + public int indexOfId(Object itemId) { + return this.groups.indexOf(itemId); + } + + @Override + public Object getIdByIndex(int index) { + return this.groups.get(index); + } + + @Override + public List getItemIds(int startIndex, int numberOfItems) { + synchronized (this.groups) { + int endIndex = startIndex + numberOfItems; + if (endIndex > this.groups.size()) { + endIndex = this.groups.size() - 1; + } + return this.groups.subList(startIndex, endIndex); + } + } + + @Override + public Object addItemAt(int index) { + throw new UnsupportedOperationException("Cannot addItemAt"); + } + + @Override + public boolean removeItem(Object itemId) { + if (LOGGER.isTraceEnabled()) { + LOGGER.trace("removeItem: " + itemId); + } + if (!this.isSupported(itemId)) { + return false; + } + // + // You cannot remove the default group + // + if (PROPERTY_DEFAULT.equals(((OnapPDPGroup) itemId).getId())) { + throw new UnsupportedOperationException("You can't remove the Default Group."); + } + // + // Remove PDPGroup and move any PDP's in it into the default group + // + try { + this.papEngine.removeGroup((OnapPDPGroup) itemId, this.papEngine.getDefaultGroup()); + return true; + } catch (NullPointerException | PAPException e) { + LOGGER.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to remove group", e); + } + return false; + } } diff --git a/packages/base/src/files/install/mysql/data/190202_downgrade_script.sql b/packages/base/src/files/install/mysql/data/190202_downgrade_script.sql new file mode 100644 index 000000000..2c0917428 --- /dev/null +++ b/packages/base/src/files/install/mysql/data/190202_downgrade_script.sql @@ -0,0 +1,20 @@ +-- ============LICENSE_START======================================================= +-- ONAP Policy Engine +-- ================================================================================ +-- Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +-- ================================================================================ +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- ============LICENSE_END========================================================= + +use onap_sdk; +drop table if exists policyAuditlog; \ No newline at end of file diff --git a/packages/base/src/files/install/mysql/data/190202_upgrade_script.sql b/packages/base/src/files/install/mysql/data/190202_upgrade_script.sql new file mode 100644 index 000000000..2b44c331f --- /dev/null +++ b/packages/base/src/files/install/mysql/data/190202_upgrade_script.sql @@ -0,0 +1,27 @@ +-- ============LICENSE_START======================================================= +-- ONAP Policy Engine +-- ================================================================================ +-- Copyright (C) 2019 AT&T Intellectual Property. All rights reserved. +-- ================================================================================ +-- Licensed under the Apache License, Version 2.0 (the "License"); +-- you may not use this file except in compliance with the License. +-- You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. +-- ============LICENSE_END========================================================= + +use onap_sdk; +CREATE TABLE policyAuditlog ( + id int auto_increment NOT NULL, + userName varchar(100) NOT NULL, + policyName varchar(255) NOT NULL, + actions varchar(50) NOT NULL, + dateAndTime datetime NOT NULL, + PRIMARY KEY (id) +); \ No newline at end of file