2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2019, 2021 AT&T Intellectual Property. All rights reserved.
6 * Modifications Copyright (C) 2020-2021 Nordix Foundation.
7 * Modifications Copyright (C) 2021 Bell Canada. All rights reserved.
8 * ================================================================================
9 * Licensed under the Apache License, Version 2.0 (the "License");
10 * you may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 * ============LICENSE_END=========================================================
23 package org.onap.policy.pap.main.rest;
25 import com.google.gson.annotations.SerializedName;
26 import java.util.ArrayList;
27 import java.util.HashMap;
28 import java.util.HashSet;
29 import java.util.LinkedHashSet;
30 import java.util.List;
33 import java.util.stream.Collectors;
34 import javax.ws.rs.core.Response.Status;
36 import org.onap.policy.common.parameters.BeanValidationResult;
37 import org.onap.policy.common.parameters.BeanValidator;
38 import org.onap.policy.common.parameters.ValidationResult;
39 import org.onap.policy.common.parameters.ValidationStatus;
40 import org.onap.policy.common.parameters.annotations.NotNull;
41 import org.onap.policy.common.parameters.annotations.Pattern;
42 import org.onap.policy.common.parameters.annotations.Valid;
43 import org.onap.policy.common.utils.coder.CoderException;
44 import org.onap.policy.common.utils.coder.StandardCoder;
45 import org.onap.policy.common.utils.services.Registry;
46 import org.onap.policy.models.base.PfKey;
47 import org.onap.policy.models.base.PfModelException;
48 import org.onap.policy.models.base.PfModelRuntimeException;
49 import org.onap.policy.models.pap.concepts.PdpDeployPolicies;
50 import org.onap.policy.models.pdp.concepts.DeploymentGroup;
51 import org.onap.policy.models.pdp.concepts.DeploymentGroups;
52 import org.onap.policy.models.pdp.concepts.DeploymentSubGroup;
53 import org.onap.policy.models.pdp.concepts.Pdp;
54 import org.onap.policy.models.pdp.concepts.PdpGroup;
55 import org.onap.policy.models.pdp.concepts.PdpSubGroup;
56 import org.onap.policy.models.tosca.authorative.concepts.ToscaConceptIdentifier;
57 import org.onap.policy.models.tosca.authorative.concepts.ToscaConceptIdentifierOptVersion;
58 import org.onap.policy.models.tosca.authorative.concepts.ToscaPolicy;
59 import org.slf4j.Logger;
60 import org.slf4j.LoggerFactory;
61 import org.springframework.stereotype.Service;
64 * Provider for PAP component to deploy PDP groups. The following items must be in the
67 * <li>PDP Modification Lock</li>
68 * <li>PDP Modify Request Map</li>
69 * <li>PAP DAO Factory</li>
73 public class PdpGroupDeployProvider extends ProviderBase {
74 private static final Logger logger = LoggerFactory.getLogger(PdpGroupDeployProvider.class);
75 private static final StandardCoder coder = new StandardCoder();
77 private static final String POLICY_RESULT_NAME = "policy";
80 * Updates policies in specific PDP groups.
82 * @param groups PDP group deployments to be updated
83 * @param user user triggering deployment
84 * @throws PfModelException if an error occurred
86 public void updateGroupPolicies(DeploymentGroups groups, String user) throws PfModelException {
87 ValidationResult result = groups.validatePapRest();
88 if (!result.isValid()) {
89 String msg = result.getResult().trim();
90 throw new PfModelException(Status.BAD_REQUEST, msg);
93 process(user, groups, this::updateGroups);
97 * Updates policies in specific PDP groups. This is the method that does the actual work.
99 * @param data session data
100 * @param groups PDP group deployments
101 * @throws PfModelException if an error occurred
103 private void updateGroups(SessionData data, DeploymentGroups groups) throws PfModelException {
104 var result = new BeanValidationResult("groups", groups);
106 for (DeploymentGroup group : groups.getGroups()) {
107 PdpGroup dbgroup = data.getGroup(group.getName());
109 if (dbgroup == null) {
110 result.addResult(group.getName(), group, ValidationStatus.INVALID, "unknown group");
113 result.addResult(updateGroup(data, dbgroup, group));
117 if (!result.isValid()) {
118 throw new PfModelException(Status.BAD_REQUEST, result.getResult().trim());
123 * Updates an existing group.
125 * @param data session data
126 * @param dbgroup the group, as it appears within the DB
127 * @param group the group to be added
128 * @return the validation result
129 * @throws PfModelException if an error occurred
131 private ValidationResult updateGroup(SessionData data, PdpGroup dbgroup, DeploymentGroup group)
132 throws PfModelException {
134 var result = new BeanValidationResult(group.getName(), group);
136 boolean updated = updateSubGroups(data, dbgroup, group, result);
138 if (result.isValid() && updated) {
139 data.update(dbgroup);
146 * Adds or updates subgroups within the group.
148 * @param data session data
149 * @param dbgroup the group, as it appears within the DB
150 * @param group the group to be added
151 * @param result the validation result
152 * @return {@code true} if the DB group was modified, {@code false} otherwise
153 * @throws PfModelException if an error occurred
155 private boolean updateSubGroups(SessionData data, PdpGroup dbgroup, DeploymentGroup group,
156 BeanValidationResult result) throws PfModelException {
158 // create a map of existing subgroups
159 Map<String, PdpSubGroup> type2sub = new HashMap<>();
160 dbgroup.getPdpSubgroups().forEach(subgrp -> type2sub.put(subgrp.getPdpType(), subgrp));
164 for (DeploymentSubGroup subgrp : group.getDeploymentSubgroups()) {
165 PdpSubGroup dbsub = type2sub.get(subgrp.getPdpType());
166 var subResult = new BeanValidationResult(subgrp.getPdpType(), subgrp);
169 subResult.addResult(subgrp.getPdpType(), subgrp, ValidationStatus.INVALID, "unknown subgroup");
172 updated = updateSubGroup(data, dbgroup, dbsub, subgrp, subResult) || updated;
175 result.addResult(subResult);
182 * Updates an existing subgroup.
184 * @param data session data
185 * @param dbgroup the group, from the DB, containing the subgroup
186 * @param dbsub the subgroup, from the DB
187 * @param subgrp the subgroup to be updated, updated to fully qualified versions upon
189 * @param container container for additional validation results
190 * @return {@code true} if the subgroup content was changed, {@code false} if there
192 * @throws PfModelException if an error occurred
194 private boolean updateSubGroup(SessionData data, PdpGroup dbgroup, PdpSubGroup dbsub, DeploymentSubGroup subgrp,
195 BeanValidationResult container) throws PfModelException {
197 // perform additional validations first
198 if (!validateSubGroup(data, dbsub, subgrp, container)) {
204 switch (subgrp.getAction()) {
206 updated = addPolicies(data, dbgroup.getName(), dbsub, subgrp);
209 updated = deletePolicies(data, dbgroup.getName(), dbsub, subgrp);
213 updated = updatePolicies(data, dbgroup.getName(), dbsub, subgrp);
218 // publish any changes to the PDPs
219 makeUpdates(data, dbgroup, dbsub);
226 private boolean addPolicies(SessionData data, String pdpGroup, PdpSubGroup dbsub, DeploymentSubGroup subgrp)
227 throws PfModelException {
229 Set<ToscaConceptIdentifier> policies = new LinkedHashSet<>(dbsub.getPolicies());
230 policies.addAll(subgrp.getPolicies());
232 var subgrp2 = new DeploymentSubGroup(subgrp);
233 subgrp2.getPolicies().clear();
234 subgrp2.getPolicies().addAll(policies);
236 return updatePolicies(data, pdpGroup, dbsub, subgrp2);
239 private boolean deletePolicies(SessionData data, String pdpGroup, PdpSubGroup dbsub, DeploymentSubGroup subgrp)
240 throws PfModelException {
242 Set<ToscaConceptIdentifier> policies = new LinkedHashSet<>(dbsub.getPolicies());
243 policies.removeAll(subgrp.getPolicies());
245 var subgrp2 = new DeploymentSubGroup(subgrp);
246 subgrp2.getPolicies().clear();
247 subgrp2.getPolicies().addAll(policies);
249 return updatePolicies(data, pdpGroup, dbsub, subgrp2);
252 private boolean updatePolicies(SessionData data, String pdpGroup, PdpSubGroup dbsub, DeploymentSubGroup subgrp)
253 throws PfModelException {
255 Set<ToscaConceptIdentifier> undeployed = new HashSet<>(dbsub.getPolicies());
256 undeployed.removeAll(subgrp.getPolicies());
258 Set<ToscaConceptIdentifier> deployed = new HashSet<>(subgrp.getPolicies());
259 deployed.removeAll(dbsub.getPolicies());
261 if (deployed.isEmpty() && undeployed.isEmpty()) {
262 // lists are identical
266 Set<String> pdps = dbsub.getPdpInstances().stream().map(Pdp::getInstanceId).collect(Collectors.toSet());
268 for (ToscaConceptIdentifier policyId : deployed) {
269 ToscaPolicy policyToBeDeployed = data.getPolicy(new ToscaConceptIdentifierOptVersion(policyId));
270 data.trackDeploy(policyToBeDeployed, pdps, pdpGroup, dbsub.getPdpType());
273 for (ToscaConceptIdentifier policyId : undeployed) {
274 data.trackUndeploy(policyId, pdps, pdpGroup, dbsub.getPdpType());
277 dbsub.setPolicies(new ArrayList<>(subgrp.getPolicies()));
282 * Performs additional validations of a subgroup.
284 * @param data session data
285 * @param dbsub the subgroup, from the DB
286 * @param subgrp the subgroup to be validated, updated to fully qualified versions
288 * @param container container for additional validation results
289 * @return {@code true} if the subgroup is valid, {@code false} otherwise
290 * @throws PfModelException if an error occurred
292 private boolean validateSubGroup(SessionData data, PdpSubGroup dbsub, DeploymentSubGroup subgrp,
293 BeanValidationResult container) throws PfModelException {
295 var result = new BeanValidationResult(subgrp.getPdpType(), subgrp);
297 result.addResult(validatePolicies(data, dbsub, subgrp));
298 container.addResult(result);
300 return result.isValid();
304 * Performs additional validations of the policies within a subgroup.
306 * @param data session data
307 * @param dbsub subgroup from the DB, or {@code null} if this is a new subgroup
308 * @param subgrp the subgroup whose policies are to be validated, updated to fully
309 * qualified versions upon return
310 * @return the validation result
311 * @throws PfModelException if an error occurred
313 private ValidationResult validatePolicies(SessionData data, PdpSubGroup dbsub, DeploymentSubGroup subgrp)
314 throws PfModelException {
316 // build a map of the DB data, from policy name to (fully qualified) policy
318 Map<String, String> dbname2vers = new HashMap<>();
319 dbsub.getPolicies().forEach(ident -> dbname2vers.put(ident.getName(), ident.getVersion()));
321 var result = new BeanValidationResult(subgrp.getPdpType(), subgrp);
323 for (ToscaConceptIdentifier ident : subgrp.getPolicies()) {
324 // note: "ident" may not have a fully qualified version
326 String expectedVersion = dbname2vers.get(ident.getName());
327 if (expectedVersion != null) {
328 // policy exists in the DB list - compare the versions
329 validateVersion(expectedVersion, ident, result);
330 ident.setVersion(expectedVersion);
334 // policy doesn't appear in the DB's policy list - look it up
336 ToscaPolicy policy = data.getPolicy(new ToscaConceptIdentifierOptVersion(ident));
337 if (policy == null) {
338 result.addResult(POLICY_RESULT_NAME, ident, ValidationStatus.INVALID, "unknown policy");
340 } else if (!isPolicySupported(dbsub.getSupportedPolicyTypes(), policy.getTypeIdentifier())) {
341 result.addResult(POLICY_RESULT_NAME, ident, ValidationStatus.INVALID,
342 "not a supported policy for the subgroup");
345 // replace version with the fully qualified version from the policy
346 ident.setVersion(policy.getVersion());
354 * Determines if the new version matches the version in the DB.
356 * @param dbvers fully qualified version from the DB
357 * @param ident identifier whose version is to be validated; the version need not be
359 * @param result the validation result
361 private void validateVersion(String dbvers, ToscaConceptIdentifier ident, BeanValidationResult result) {
362 String idvers = ident.getVersion();
363 if (dbvers.equals(idvers)) {
367 // did not match - see if it's a prefix
369 if (SessionData.isVersionPrefix(idvers) && dbvers.startsWith(idvers + ".")) {
370 // ident has a prefix of this version
374 result.addResult(POLICY_RESULT_NAME, ident, ValidationStatus.INVALID,
375 "different version already deployed: " + dbvers);
379 * Deploys or updates PDP policies using the simple API.
381 * @param policies PDP policies
382 * @param user user triggering deployment
383 * @throws PfModelException if an error occurred
385 public void deployPolicies(PdpDeployPolicies policies, String user) throws PfModelException {
387 MyPdpDeployPolicies checked = coder.convert(policies, MyPdpDeployPolicies.class);
388 ValidationResult result = new BeanValidator().validateTop(PdpDeployPolicies.class.getSimpleName(), checked);
389 if (!result.isValid()) {
390 String msg = result.getResult().trim();
391 throw new PfModelException(Status.BAD_REQUEST, msg);
393 } catch (CoderException e) {
394 throw new PfModelException(Status.INTERNAL_SERVER_ERROR, "cannot decode request", e);
397 process(user, policies, this::deploySimplePolicies);
401 * Deploys or updates PDP policies using the simple API. This is the method that does
404 * @param data session data
405 * @param policies external PDP policies
406 * @throws PfModelException if an error occurred
408 private void deploySimplePolicies(SessionData data, PdpDeployPolicies policies) throws PfModelException {
410 for (ToscaConceptIdentifierOptVersion desiredPolicy : policies.getPolicies()) {
412 processPolicy(data, desiredPolicy);
414 } catch (PfModelException | RuntimeException e) {
415 // no need to log the error here, as it will be logged by the invoker
416 logger.warn("failed to deploy policy: {}", desiredPolicy);
423 * Adds a policy to a subgroup, if it isn't there already.
426 protected Updater makeUpdater(SessionData data, ToscaPolicy policy,
427 ToscaConceptIdentifierOptVersion requestedIdent) {
429 ToscaConceptIdentifier desiredIdent = policy.getIdentifier();
430 ToscaConceptIdentifier desiredType = policy.getTypeIdentifier();
432 return (group, subgroup) -> {
434 if (!isPolicySupported(subgroup.getSupportedPolicyTypes(), desiredType)) {
435 // doesn't support the desired policy type
439 if (containsPolicy(group, subgroup, desiredIdent)) {
443 if (subgroup.getPdpInstances().isEmpty()) {
444 throw new PfModelRuntimeException(Status.BAD_REQUEST, "group " + group.getName() + " subgroup "
445 + subgroup.getPdpType() + " has no active PDPs");
449 // add the policy to the subgroup
450 subgroup.getPolicies().add(desiredIdent);
452 logger.info("add policy {} to subgroup {} {} count={}", desiredIdent, group.getName(),
453 subgroup.getPdpType(), subgroup.getPolicies().size());
455 Set<String> pdps = subgroup.getPdpInstances().stream().map(Pdp::getInstanceId).collect(Collectors.toSet());
456 ToscaPolicy policyToBeDeployed = data.getPolicy(new ToscaConceptIdentifierOptVersion(desiredIdent));
457 data.trackDeploy(policyToBeDeployed, pdps, group.getName(), subgroup.getPdpType());
464 * Determines if a policy type is supported.
466 * @param supportedTypes supported policy types, any of which may end with ".*"
467 * @param desiredType policy type of interest
468 * @return {@code true} if the policy type is supported, {@code false} otherwise
470 private boolean isPolicySupported(List<ToscaConceptIdentifier> supportedTypes,
471 ToscaConceptIdentifier desiredType) {
473 if (supportedTypes.contains(desiredType)) {
477 String desiredTypeName = desiredType.getName();
478 for (ToscaConceptIdentifier type : supportedTypes) {
479 String supType = type.getName();
480 if (supType.endsWith(".*") && desiredTypeName.startsWith(supType.substring(0, supType.length() - 1))) {
481 // matches everything up to, AND INCLUDING, the "."
490 * Determines if a subgroup already contains the desired policy.
492 * @param group group that contains the subgroup
493 * @param subgroup subgroup of interest
494 * @param desiredIdent identifier of the desired policy
495 * @return {@code true} if the subgroup contains the desired policy, {@code false}
497 * @throws PfModelRuntimeException if the subgroup contains a different version of the
500 private boolean containsPolicy(PdpGroup group, PdpSubGroup subgroup, ToscaConceptIdentifier desiredIdent) {
501 String desnm = desiredIdent.getName();
502 String desvers = desiredIdent.getVersion();
504 for (ToscaConceptIdentifier actualIdent : subgroup.getPolicies()) {
505 if (!actualIdent.getName().equals(desnm)) {
509 // found the policy - ensure the version matches
510 if (!actualIdent.getVersion().equals(desvers)) {
511 throw new PfModelRuntimeException(Status.BAD_REQUEST,
512 "group " + group.getName() + " subgroup " + subgroup.getPdpType() + " policy " + desnm
513 + " " + desvers + " different version already deployed: "
514 + actualIdent.getVersion());
517 // already has the desired policy & version
518 logger.info("subgroup {} {} already contains policy {}", group.getName(), subgroup.getPdpType(),
527 * These are only used to validate the incoming request.
531 public static class MyPdpDeployPolicies {
533 private List<@NotNull @Valid PolicyIdent> policies;
537 public static class PolicyIdent {
538 @SerializedName("policy-id")
540 @Pattern(regexp = PfKey.NAME_REGEXP)
543 @SerializedName("policy-version")
544 @Pattern(regexp = "\\d+([.]\\d+[.]\\d+)?")
545 private String version;
Code Review / policy / pap.git / blob